5G Service Communication Proxy (SCP)

Optimizing 5G Core Network Traffic with Advanced 5G SCP Solutions

With the growing number of 5G SA deployments, addressing the increased usage of 5G SA services and, consequently, the surge in traffic within the 5G core has made centralizing traffic control one of the key points of discussion. The initial version of the 3GPP standards for 5G (R15) outlined a fully-meshed service-based architecture, promoting direct communication among network functions. Consequently, this blueprint influenced the implementation of 5G core network products by various suppliers. However, the evolution to the next 3GPP release (R16) introduced a groundbreaking enhancement – the 5G Service Communication Proxy (SCP). This innovation brings a paradigm shift by facilitating indirect communication among network functions, positioning the 5G SCP as a central hub component all 5G core signaling traffic is routed through.

The utilization of a star (or hub-and-spoke) topology is a familiar concept in telco networks, where centralized components such as the Signal Transfer Point (STP) in 2G/3G networks and the Diameter Routing Agent (DRA) in 4G/LTE networks have historically played crucial roles in routing. Therefore, the introduction of the 5G SCP as a centralized component for signaling and routing in the 5G core naturally represents a logical architectural progression. It's important to acknowledge that centralized routing in legacy networks was necessitated partly by the use of the stream control transmission protocol, which demanded a highly granular (endpoint-level) configuration of the network components. However, with the advent of HTTP/2 in 5G core networks, this complexity diminishes significantly. HTTP/2 inherently supports full-mesh service topologies through the combination of the domain name system, TCP/TLS transport protocol and network address translation providing for virtually unlimited web-scale networking widely adopted by the IT industry. Yet, despite this shift, the prospect of routing all 5G core traffic through a centralized component like the 5G SCP remains highly appealing due to the myriad benefits it offers. Examples of the benefits include, but are not limited to:

Serving as a single point of contact for all consumer network functions within the 5G core.
Acting as a single PLMN-ingress/-egress point (in conjunction with local or outsourced SEPP).
Providing access to the unencrypted content of all messages within the 5G core.
Centralizing the execution of service discovery and retrieval of service access tokens.
Facilitating centralized routing and re-routing across network function producer sets.
Enabling routing to/from chained SCPs between different SCP domains or data centers.
Implementing centralized prioritization of traffic.
Managing load, overload, and congestion centrally.
Enforcing security policies centrally.
Introducing and removing network functions transparently to external PLMNs.
Concealing the 5G core configuration from the external PLMNs.

Centralizing service delivery at the 5G SCP eliminates the necessity of implementing these services separately across all network functions within the 5G core, thus obviating the need to synchronize the product roadmaps of multiple suppliers for each new discovery, routing, or security policy feature. Together with the 5G SEPP, the 5G SCP assumes a pivotal role in enhancing the performance, scalability, security, and manageability of 5G core networks, establishing itself as a critical component in unlocking the full potential of 5G technology.

Titan.ium 5G Service Communication Proxy (SCP)

Titan.ium is a leader in signaling, routing, subscriber data management, and security software and services. Its portfolio encompasses a variety of 2G/3G, 4G and 5G core network functions, including the 5G Service Communication Proxy (SCP), Security Edge Protection Proxy (SEPP), Network Repository Function (NRF), Binding Support Function (BSF) and Network Slice Selection Function (NSSF). All Titan.ium’s 5G products are designed following the best practices for cloud-native microservices-based architectures and associated processes such as continuous integration, testing, delivery, and deployment. Titan.ium's 5G SCP boasts auto-scaling capabilities, ensuring efficient handling of fluctuations in traffic volume while maintaining optimal performance and reliability. Additionally, it employs caching mechanisms for discovered network function profiles, reducing the number of delegated discovery requests sent to the NRF. Leveraging consumer/producer bindings further enhances the benefits provided in conjunction with the Titan.ium's SCP, ultimately outweighing any potential increase in latency associated with routing all 5G core traffic through a centralized component.

blog1

Another distinctive feature of Titan.ium’s 5G SCP is the ability to screen any parameter within received messages and alter their content, providing for seamless integration and interoperability with the network functions inside the 5G core. The ability to append content to messages holds particular significance in facilitating information exchange between PLMNs, enabling Security Edge Protection Proxies (SEPPs) to authenticate both the source and destination PLMN IDs, as well as the intended purpose of the connection between the PLMNs. Similarly, the SCP can augment network slice, location, or SCP domain-specific information to the network function profiles registered in the 5G Network Repository Function (NRF), thereby enabling a more refined approach to service discovery.

Robust security and operational efficiency are crucial in the successful delivery of 5G Stand-Alone (SA) services. Titan.ium’s SCP ensures interoperability by strictly adhering to 3GPP standards and by undergoing rigorous module and systems tests. As a cloud-native implementation, Titan.ium’s SCP leverages the inherent robustness and resiliency of the underlying container orchestration platform. Comprising of individual components (containers) deployed across distributed compute nodes, each component is continuously screened for its liveness and readiness ensuring that the communication service is always delivered at required resiliency level. Self-healing, auto-scaling, canary roll-outs and rolling updates enhance the operational experience driven by fully automated rollouts leveraging GitOps and continuous deployment best practices.

A critical aspect of delivering telco services is ensuring uninterrupted service even in the event of a complete site failure. This challenge can be effectively addressed by extending the Container as a Service (CaaS) layer across multiple availability zones at the infrastructure level. In such a setup, the failure of one availability zone doesn't disrupt the deployed solution. However, if the underlying CaaS layer lacks this capability or introduces unacceptable latency to the service, Titan.ium's SCP, like the other 5G products in the Titan.ium’s portfolio, can be deployed across multiple geographically dispersed data centers, each with its own CaaS layer. In this scenario, 5G Network Repository Functions (NRFs) can efficiently share the information about the registered network functions via a high-throughput, low-latency data replication service inherent in Titan.ium's cloud-native platform while the service discovery at Titan.ium’s SCP will prioritize locally registered network functions, ensuring optimal performance. This combination positions the Titan.ium’s SCP as a robust solution for meeting the stringent requirements of the telco industry.

Screenshot 2024-03-13 at 14.22.46

Summary

As the telecommunications industry evolves, the 5G Service Communication Proxy (SCP) stands out as a central hub component, facilitating indirect communication among network functions, thereby optimizing network traffic control within 5G core networks. The 5G SCP streamlines service delivery by consolidating critical functions such as service discovery, routing, and policy enforcement. By serving as a single point of contact for all consumer network functions within the 5G core and facilitating centralized load, overload, and congestion management, it eliminates the need for separate implementations across multiple network functions. With this, the 5G SCP assumes a pivotal role in unlocking the full potential of 5G technology, empowering Communications Service Providers (CSP) to deliver superior services to their customers.

Titan.ium's Service Communication Proxy (SCP) offers a myriad of benefits tailored for Communications Service Providers (CSP), distinguishing it as a leading solution in controlling the 5G Stand-Alone (SA) core network traffic. Leveraging its cloud-native architecture, Titan.ium's SCP ensures scalability, resilience, and security during fluctuations in traffic volume and in the event of a complete site failure. In 5G core deployments, where all traffic is TLS-encrypted, the Titan.ium's SCP mirrors the routed traffic to external traffic monitoring and network data analytics systems, enabling services that can no longer be delivered using traditional probing solutions. Its ability to screen and modify message parameters enhances interoperability and facilitates seamless integration with network functions, ensuring optimal and uninterrupted delivery of 5G SA services. Examples of real-life use cases include:

Advanced selection and re-selection of the producer network functions following customer-specific (i.e., user-defined) routing policies applied centrally at the Titan.ium’s SCP.
Immediate mitigation of implementation gaps on the consumer network functions to enable delegated service discovery by adding any missing mandatory headers at the Titan.ium’s SCP.
Inserting information (HTTP header) on the Titan.ium's SCP to enable the validation of the source PLMN ID by the Security Edge Protection Proxy (SEPP) in situations where the consumer network functions of the 5G core do not comply with or implement 3GPP R17.
Override of the URL of the discovered producer network functions, e.g., based on the UE ID, by utilizing override data provisioned on the Titan.ium’s SCP to send traffic across distributed producer network functions that do not register their network function profiles at the required granularity level.

TITAN.IUM PRODUCT

Service Communication Proxy (SCP) Overview

The Service Communication Proxy is one of the most important elements of the 3GPP Service-Based Architecture (SBA) for 5G Core networks. The Service Communication Proxy is functionality similar to the Diameter Routing Agent (DRA) in 4G, functioning as a central control point in the signaling network core.

The SCP performs multiple key functions, simplifying core network routing topology & offloading the Network Repository Function (NRF) from service discovery, thus enabling greater 5G core network geo-distributed scalability. Key functions include

Message routing, load balancing & distribution
Traffic prioritization & overload handling
5G Service Delegated Discovery
Optional message manipulation & transformation

5G SCP Business Benefits

Central element of the 5G Core service-based signaling network providing secure message routing, load-balancing, overload protection & traffic visibility.
Greatly reduces the complexity of managing large geo-distributed 5G Core signaling networks.
Incorporates powerful award-winning Dissector-based Rules Engine enabling flexible customer programmability.
Part of the Titan.ium InterGENerational^TM Cloud-Native Ecosystem interworking of HTTP2, Diameter, SS7 & SIP signaling.
“Deploy anywhere” installation on premises or in the cloud via Containers.

The Titan.ium 5G SCP Solution

All Titan.ium’s 5G products are designed following the best practices for cloud-native microservices-based architectures and associated processes such as continuous integration, testing, delivery, and deployment. Titan.ium's 5G SCP boasts auto-scaling capabilities, ensuring efficient handling of fluctuations in traffic volume while maintaining optimal performance and reliability. Additionally, it employs caching mechanisms for discovered network function profiles, reducing the number of delegated discovery requests sent to the NRF. Leveraging consumer/producer bindings further enhances the benefits provided in conjunction with the Titan.ium's Service Communication Proxy, ultimately outweighing any potential increase in latency associated with routing all 5G core traffic through a centralized component.

Another distinctive feature of Titan.ium’s Service Communication Proxy is the ability to screen any parameter within received messages and alter their content, providing for seamless integration and interoperability with the network functions inside the 5G core. The ability to append content to messages holds particular significance in facilitating information exchange between PLMNs, enabling Security Edge Protection Proxies (SEPPs) to authenticate both the source and destination PLMN IDs, as well as the intended purpose of the connection between the PLMNs.

Similarly, the Service Communication Proxy can augment network slice, location, or SCP domain-specific information to the network function profiles registered in the 5G Network Repository Function (NRF), thereby enabling a more refined approach to service discovery.

Robust security and operational efficiency are crucial in the successful delivery of 5G Stan-Alone (SA) services. Titan.ium’s SCP ensures interoperability by strictly adhering to 3GPP standards and by undergoing rigorous module and systems tests. As a cloud-native implementation, Titan.ium’s SCP leverages the inherent robustness and resiliency of the underlying container orchestration platform.
Comprising of individual components (containers) deployed across distributed compute nodes, each component is continuously screened for its liveness and readiness ensuring that the communication service is always delivered at required resiliency level. Self-healing, auto-scaling, canary roll-outs and rolling updates enhance the operational experience driven by fully automated rollouts leveraging GitOps and continuous deployment best practices.

5G SCP Key Capabilities

Secure Indirect Communications

The Service Communication Proxy provides secure indirect communications between service NF-Consumers and NF-Producers, or between SCPs, with TLS mutual authentication, Server Name Indication (SNI) support, and TLSv1.2 / TLSv1.3.

High Performance HTTP/2 Stack

The SCP relies on a high-performance HTTP stack with rich configuration options, including settings related to connections, buffers, traffic classes, and TLS.

Delegated Discovery / Discovery Caching

“On the fly” NF-Producer service discovery & selection on behalf of the NF-Consumer. The SCP caches NRF NF-Profile information, subscribing to NRF status changes to ensure that cached NF-Profiles are kept up to date with latest service discovery information.

HTTP Proxy

Message routing function that routes to the destination NF-Producer service directly, or via the next hop Proxy/SCP.

Consumer-Producer Binding

Caching of binding indication and relevant NF profiles for routing of subsequent requests based on routing binding indication. Cached binding indications and NF profiles are automatically removed after
expiration of their configurable lifetime.

Multi-Service & Multi-Slice Support

Each service instance is associated with a combination of HTTP IP address + port and URI path prefix. This allows different service logic & routing decisions for different traffic profiles, e.g., different network slices.

Dissectors

The Titan.ium Dissector facility includes Predefined & User-defined HTTP2 dissectors allowing retrieval of any information contained in an HTTP2 message, which can then be used for routing or service logic.

Dissector-based Rules Engine

Routing & Service logic processing is supported by Titan.ium’s powerful Rules Engine allowing programmable logical expressions (And/Or/Not) on different Dissector parameters as needed. Also
provided are pre-defined functions that can be applied to optimize User programmable processing logic.

Configurable Actions

The programmable Rules Engine also allows the user to configure context-specific actions. For example, programmable logic may invoke an NRF discovery request, make an NF selection, generate an Event, among other capabilities.

Flexible Routing

Create rules as matching criteria for routing table entries, which means that any information contained in an HTTP request can be used for a routing decision. Static information like priority/weight, or dynamic information like load, latency and/or endpoint health may be referenced for a matched route entry that may be used to affect routing decisions.

Events and Tracing

Raise Event actions when defined situations occur or disappear, for example with the onset of a certain load level or when it abates. You can also enable tracing for a certain service instance for diagnostics purposes.

Overload Protection

SCP replicas & instances monitor their traffic load interacting with the Service Router to throttle traffic and/or auto-scale SCP services as needed to handle overload.

Statistics and Key Performance Indicators (KPI)

The SCP generates Statistics and KPIs so that external servers can retrieve them for performance & health tracking purposes (e.g., the number of inbound & outbound requests per unit time). SCP service logic also uses these statistics for congestion control and for routing decisions based on load/latency of route entries.

5G SCP Optional Features

The following features may optionally be added to the Service Communication Proxy deployment as needed.

HTTP2 Message Transformation

This feature enables the operator to invoke configurable message Dissectors and Rules-based Actions to transform message content as needed, for example to aid in 5G to 3G/4G interworking.

HTTP2 Traffic Mirroring

Traffic mirroring interface towards external Probing/Monitoring/Analytics system via gRPC protocol. It provides observability over alarms, events and statistics.

Additional Related Products

Titan.ium also offers an Element Management System (EMS) system which may be used for centralized configuration, performance and fault management of distributed SCPs as needed.

5G Container-Native Architecture

The SCP is implemented as a set of containerized micro-services, decomposed into a Service-Router function, SCP compute front-end functions, and back-end Data Store micro-service for persistent storage. All component micro-services may be replicated within a Kubernetes (K8S) Cluster for both resiliency & scalability purposes. In addition, two or more K8S Clusters may comprise a single Titan.ium system deployment to achieve multi-site system geo-redundancy, with cross-site Datastore replication to ensure a common view of SCP persistent data.

The Service-Router provides HTTP1/2 routing services and securely exposes SBI interfaces to external IP networks. All Titan.ium, 5G NFs share a common “Network Function Control Agent” (NFCA) microservice, responsible for common NF management, e.g., to handle Registration of NF-Profiles to their assigned NRF(s) and keep these NF-Profile registrations up to date via heart-beats.