Building a

new world
A guide to evolving
from EPC to 5G Core

October 2020
2 Ericsson  |  Building a new world

Let’s get to the core

We are moving toward a platform economy, where collaboration and agility across
verticals are key. The evolution from Evolved Packet Core (EPC) to 5G Core (5GC) is
central in creating a powerful platform for communications service providers (CSPs)
to extract value and become contributors in existing and emerging ecosystems.

5GC architecture and radio will open
up a new universe of possibilities for
differentiation and business. Each CSP
will need to define their comprehensive
strategy, based on current conditions and
future objectives. New use cases,
for both consumers and enterprises,
have different requirements and will
ultimately define the strategy that
each CSP chooses to follow.
Through collaboration with leading
CSPs around the world, we have learned
the increased importance of working
across traditional silos. As shown
in Figure 1, business, network and
operational plans need to be developed
in parallel to achieve a successful
end-to-end strategy, where network
evolution and efficient operations
support the business goals.
In this paper, we will closely examine
some key areas, or steps without order,
that are more akin to “building blocks”.
These are key areas that every CSP will
need to address to become successful in
the future business landscape.
Figure 1: The interdependence of
business, network and operations
Business
We explore the challenges faced in
defining the best possible core evolution
path while meeting aggressive time to
market (TTM), agility and opex reduction
objectives. We’ll identify how your
evolution path can be simplified, even
if your starting point is not from a
complete Ericsson 4G core.
Logical steps on the journey to 5GC
Your journey from EPC to 5GC relies
on multiple logical steps, including:
• virtualization of core network
functions for Packet Core, IMS
and subscription management
• separation of control and user
plane functions
• introduction of network slicing,
enabling multiple logical networks
to be supported over one
network platform
• distribution of cloud infrastructure
closer to users
• consolidation of user plane functions
for mobile, fixed wireless and
fixed access
These steps are interlinked and important
in achieving your target 5GC network
and a service-based architecture (SBA).
This architecture represents a shift from
telecom-type interfaces to web-based
APIs for the control functions, facilitating
the creation of new services where
network functions can register themselves
and subscribe to other services without
changing interfaces. Additionally, we
now see that the focus of 3GPP for the
development of standards is changing,
where innovation will be concentrated
toward the new 5GC and very little will
be done on the old EPC.
The evolution journey can be completed
in many ways, and the order in which
you approach the building blocks can
be optimized for your requirements.
However, this high level of flexibility
creates both opportunities and challenges,
especially as business drivers call for a
strong focus on increased agility and
opex reductions through automation,
which affect network solutions, the
transformation of processes and
operations. So, what is the correct way
to approach this challenge?
We believe in adopting a holistic
approach to core network evolution to
reduce time, risk and cost in your 5G
program. Follow us on the evolution
journey as we share our ideas, knowledge
and hands-on expertise, to show how we
can make a significant difference to your
journey, even when starting with only a
portion of your core network.

Network Operations
3 Ericsson  |  Building a new world
The journey to 5GC requires full flexibility so CSPs can take their preferred path
The best evolution journey is not
visible in the rear-view mirror
Your target destination will shape the
evolution journey. The 4G core network
has supported a rapid growth in traffic
with declining average revenue per user
and expansions of capacity and capability,
implemented with well-established
routines. While this model has served the
current journey well, we see a few changes
for the core evolution going forward.
• Increased agility where your core
network will be continuously evolving,
with software upgrades taking place in
order of magnitude more frequently.
• Reduced opex for initial deployment and
life cycle management (LCM) of core
network functions, enabled by a higher
degree of automation.
• Increased flexibility in serving industry
verticals, where the demand can be both One core, endless possibilities
higher and lower when compared to the Across CSPs and markets, the
mobile broadband base, depending on starting points will vary greatly.
the use case. This calls for innovation We offer a holistic view of the
of network solutions as well as evolution journey with full flexibility
business models. to choose your path, based on your
• Improved TTM by eliminating specific needs and plans. We hold
unnecessary system integration steps, the capabilities to support you in
positively affecting cost and time evolving 4G and 5G into a dual-mode
budgets. A central theme for the future 5G Core network.
core network is to enable an instant
economy for a larger ecosystem.
• Ensuring customer experience during
the transition to 5GC with, for example,
new challenges for traditional
probing solutions.
These business drivers have shaped our
thinking on how to best architect the
evolution journey.
4 Ericsson  |  Building a new world

The building blocks to 5G

The evolution of the core network to 5G involves a few vital areas to consider
– we call these building blocks. The target is clear, with the launch date for 5G
New Radio (NR) being an important milestone, and the challenge for CSPs is
now to identify the best approach to get from A to B.

There are several paths to reach a 5GC
network. Each will include different
objectives in terms of new technology
introduction, use cases and time frames.
3GPP has defined two core
network alternatives to support 5G
NR in Release 15. The first is based
on an enhanced EPC supporting
option 3, NR Non-Standalone (NSA),
which was developed to support the
early introduction of 5G NR.
The second alternative is the new
5GC architecture supporting option 2, Implementing the new 5GC will give
NR Standalone (SA), as well as the access to capabilities that address
potential options (4, 5 and 7). During 2020, new use cases.
pioneering CSPs around the world started
to implement the new 5GC, supporting
option 2 for connecting 5G NR. The
main driver is access to capabilities that
address new use cases, in particular for
the enterprise segment.This is shown in
Figure 2.

Figure 2: 5G architecture overview – the architecture tracks in 3GPP Release 15

5G EPC 5GC
3GPP Q4-17 3GPP target Q2-18

S1 based N2/N3
(new interface)

Option 1 Option 3
Option 5 Option 2

Option 7

Option 4

LTE LTE NR LTE NR NR

LTE/EPC LTE/EPC LTE/5GC

LTE/EPC
NR/EPC NR/EPC NR/5GC
5 Ericsson  |  Building a new world
Evolution from EPC to
dual-mode 5G Core
The transformation to a true 5G network
that serves as a powerful platform in
the new business landscape is a huge
endeavor. This paper focuses on the
evolution to 5GC and the experiences
we have had while working with leading
CSPs around the world. However, this
transformation has to be seen in a larger
context, where different building blocks
have to be broken down and managed in
order to make your 5G project a success.
No journey to 5GC will be the same,
depending on the starting point, market
conditions and strategic goals.
The starting point can differ based
on where you are on the virtualization
journey, level of distribution, plans to
introduce 5G, and more.
No journey to 5GC will be the same
In this paper, we want to show how we
can support you in your journey towards
5GC, even if you have a very limited
installed Ericsson base today. Based on
our learnings, we suggest you should
divide your 5G project into the following
sub-projects, all of which are important
and should be worked on in parallel
depending on your specific priorities.
Building blocks
• Native virtualized cloud native
• Early 5G NR introduction
with good customer
experience management
• Optimize with distributed cloud
• Explore network slicing
• Expand automation
• Explore exposure
• Security
6 Ericsson  |  Building a new world
A smooth evolution journey
We can support your core network evolution journey, whether you
have a complete Ericsson core today or use only certain elements.
For the latter, there are three ways we can simplify your journey.
Firstly, our global core network presence
has given us great exposure to different
evolution challenges, so you can expect
us to be familiar with your situation. To
approach the evolution scenario from
scratch, without the leverage of global
insights, will increase costs and slow
down your progress.
Secondly, with a broad core network
portfolio, we can suggest suitable
evolution steps for your particular
needs. The first wave of core network
virtualization was built around the same
entities as physical network functions.
Our dual-mode 5G Core today also offers
a fully cloud native platform to support
your journey to the target architecture
of a containerized and cloud native
dual‑mode 5G Core, supporting 5G as
well as previous generations, with one
common operations and maintenance
(O&M) platform. For the journey ahead,
we envision both larger and smaller steps,
where network functions can be grouped
to simplify LCM of the network.
Thirdly, core evolution journeys will
vary between CSPs, driven by differences
Figure 3: Ericsson dual-mode 5G Core
Quick path to 5G NR NSA
SW upgrade only
EPC 5G EPC
Legacy Legacy
Dual-mode 5G Core deployment
alternatives – cloud native applications
EPC 5GC EPC + 5GC
Interworking with legacy – including
multi-vendor scenarios
Interworking
EPC EPC + 5GC
Legacy Cloud native
in business objectives and starting points.
We offer flexibility in the order in which
the building blocks are introduced,
enabled by a complete suite of core
products that are designed to work
well together, with a holistic approach
to LCM across network functions.
Cut to the core: the evolution to 5GC
In designing our dual-mode 5G Core
platform, we put our customers’ challenges
first and focused on creating the most
value and flexibility. We have redesigned
our software, based on microservices, to
be fully cloud native while maintaining
feature parity toward the installed base.
The aim was to create a platform that
supports a smooth migration to 5GC for
the different needs of any CSP around
the world (see Figure 3).
This includes ensuring a safe and
time-independent path, avoiding service
disruptions and minimizing migration
costs during the transition period where
both 5G EPC and 5GC need to coexist.
To structure the 5GC evolution journey,
we recommend dividing your 5G project
Gradual introduction of NFs
Example:
Packet Core Controller Packet Core Controller
AMF SMF AMF SMF
SGW-C PGW-C MME SGW-C
User Plane Gi LAN consolidation
UPF SF1
UPF SF1 SF2 SFn SF2 SFn
Vendor a Vendor b Vendor c Packet Core Gateway
into seven key building blocks. Their order
is not chronological, but they are important
areas to consider in parallel or in a
different order, depending on your
needs and strategy.
From native, to virtual, to cloud native
The target architecture for 5GC networks
is cloud native and fully virtualized.
The degree of EPC virtualization and
near‑term implementation plans shape
your options. One or more of the following
will apply to your current EPC network:
• virtualization has not started
• partially virtualized, with virtualized
and physical core network functions
in a hybrid model for each network
function
• the degree of virtualization varies and
has reached different penetration levels
for different network functions
• a centralized cloud infrastructure with
co-located physical and virtualized
network functions
• partly complete internal process
transformation, with semi-automated
continuous delivery and integration
Domain independent evolution paths
Subscription Data Management
Policy Control
Packet Core – User Plane
SMS
Packet Core – Control Plane
PGW-C
Deployment alternatives
PNFs VNFs CNFs
CaaS
IaaS CaaS
HW
7 Ericsson  |  Building a new world
• separate EPC platforms for mass market
mobile broadband and IoT niches
• limited vertical integration synergies
with peer CSPs, where combined
network functions virtualization (NFV)
infrastructure and network functions
define the integration efforts
The nature of your virtualization maturity
is an important factor in articulating
the starting point for your 5GC journey.
We can offer a mature platform,
independent of your starting point.
One of our key learnings from working
with leading CSPs worldwide has been
the importance of a stable and well-tested
software stack. In hindsight, the journey
toward NFV maturity has taken much
longer than expected.
Today, actual traffic going over
virtual networks is still rather limited.
However, we expect this to grow to about
20–30 percent of the total mobile traffic
by the end of 2020 as we reach new
levels of maturity.
As real maturity around virtualization
approaches, there is a clear industry
consensus over the next target architecture
for the new 5GC, a cloud native system
based on microservices and running on
containers. This is the foundation for
achieving new efficiencies and an agile
platform for value creation.
During the second half of 2020, we are
carrying out the first implementations of
5GC SA with several leading global CSPs.
Our first experiences have been very
promising, with real learnings from live
implementations soon to follow.
Figure 4: Evolution paths for EPC and 5GC
EPC 5G EPC
• Native deployments
(SSR, EBS/BSP) 5G NR NSA
• Virtual deployments
(NFVI)
Cloud native
Core platform
EPC 5G EPC
• Native deployments
(SSR, EBS/BSP) 5G NR NSA
• Virtual deployments
(NFVI)
The evolution toward cloud native 5GC is
compelling when it comes to improving
total cost of ownership (TCO) and reducing
TTM for new services.
However, it does not come without
its challenges, and requires new
processes, skill sets and ways of working.
For example, it is based on continuous
integration and continuous deployment
(CI/CD), where new software is more
frequently delivered in order of magnitude
and in smaller packages, and individual
microservices can be upgraded without
affecting others. Ericsson dual-mode
5G Core fully supports CI/CD including
In-Service Software Upgrade (ISSU),
which allows for the upgrade of software
during normal operations and is not
confined to maintenance windows
(normally at night or during weekends).
Our first experiences of delivering software
packages more frequently to a Tier 1
CSP in Europe has reduced cost by up to
65 percent.
The core network will, for a long time,
be a hybrid network. Ericsson dual-mode
5G Core will support all deployments, all
the way to “bare metal” (see Figure 3)
to enable any CSP to choose their
preferred transformation path.
Every CSP’s journey to 5GC will be
different, depending on the individual
market conditions and the chosen strategy.
There are examples of Tier 1 CSPs that
have not come so far on their virtualization
journey, choosing to go directly to cloud
native. Other CSPs are accelerating
plans for 5GC SA as overlays, or
separate networks, to capture new
5G EPC
Interworking
5GC and EPC
5GC handling 5G Core Dual-mode 5GC
Opt1/3 UEs (5GC)
5G NR SA
5G EPC
Mixed mode
operation
Cloud native Dual-mode 5GC
5G EPC
Core platform
5G NR SA
opportunities with industry use cases
and dedicated networks.
As 3GPP Release 16 is now frozen
(as of early July 2020) we are working
with several leading Tier 1 CSPs around
the world to implement a new option in
the standard to connect user equipment
(UE) option 1 and 3 directly to the 5GC.
This would allow for an interim solution,
with gradual introduction of new network
functions, where CSPs can introduce
new mobile broadband services to reap
the benefits of cloud native and SBA in
5GC (as shown with the orange box
in Figure 4). It will also support the early
introduction of SBI offline-based charging
versus the traditional CDR generation in
the gateways. It is important to note that
in this solution VoLTE is still managed
over LTE.
The service continuity is secured by the
support of advanced 3GPP interworking
mechanisms, like UDICOM, in the
Subscription Management functions
present in both EPC and 5G Core
domains. These help CSPs to support
multi-vendor interworking procedures for
cross-domain authentication, handover,
IMS and SMS communications. The
migration efficiency is enabled by a
software-embedded mechanism within
Cloud Core Data-Storage Manager (CCDM)
for automated migration of subscription
data from legacy databases into the
dual-mode Unified Data Repository
(UDR), helping CSPs to avoid complex
and costly data migration projects.
5G EPC
Mixed mode
operation
Dual-mode 5GC
(EPC+5GC) (EPC+5GC)
5G NR NSA+SA 5G NR NSA+SA
5G EPC
Interworking
5GC and EPC
Dual-mode 5GC
(EPC+5GC) (EPC+5GC)
5G NR NSA+SA 5G NR NSA+SA
8 Ericsson  |  Building a new world
Figure 5: Possible migration steps for NR NSA option 3
Enhance EPC with new
split gateway, preparing for
5G architecture
EPC EPC
Opt 1 Opt 1
EPC
Opt 1
Early introduction of 5G NR and
managing end-user experience
Market and business conditions will
define how you implement a core network
to support 5G NR. Depending on your
existing EPC solution, this could be an
upgrade of your existing EPC and unified
data management (UDM) elements to
enable it to support NR using option 3.
This is what we call the 5G EPC, which
allows you to quickly deploy 5G NR for a
fast TTM, suited to CSPs that aspire to be
first movers. We believe this will be the
most common way for CSPs to introduce
5G NR and build coverage, even when
5GC is available.
Figure 5 shows how we can support
your 5G project, even without a substantial
installed base of our equipment today.
The first path demonstrates this when
you have an installed Ericsson base, by
creating a smooth journey to a dual-mode
5G Core. The second path identifies how
we can introduce an overlay that can then
evolve into a dual-mode 5G Core. If you
are using our equipment in your radio
network, the radios we have supplied
during the last couple of years only require
a software upgrade to 5G NR. This means
easy access to new technologies, like
dynamic spectrum sharing, which could
play a vital role.
With the introduction of 5G NR,
customer experience management is
important. Customers will initially drop
in and out of 5G coverage and it will be
critical to manage this. When introducing
5GC, traditional network probing will
become more difficult.
5G EPC
Path 1: Upgrade
existing EPC
Path 2: Introduce Add 5GC by upgrading
overlay 5G EPC to dual-mode 5G Core
5G EPC EPC 5G EPC
Opt 3
Not only is the new 3GPP standard based
on encryption, but the new required level
of distribution, covered in the next section,
will make it economically impossible to use
traditional standalone probing equipment.
To resolve this, our dual-mode 5G Core
introduces software probes, which supply
the necessary data to any consumer
(analytics tool) over standard interfaces
without jeopardizing the 3GPP 5GC
standard architecture’s in-built security.
In addition, Ericsson Expert Analytics
comes with pre-integrated analytics
solutions based on our market-leading
algorithms. This combined solution offers
a very fast TTM for your customer
experience management needs.
Optimize with distributed cloud
The distribution of network functions
closer to the user is a natural part of the
new 5GC. This could be for both cost and
performance reasons, as well as achieving
new capabilities like low latency and
supporting new use cases.
However, this distribution of capabilities
is not only related to telecoms and your
5G project. The move toward placing
capabilities at the network edge is a new
“melting pot” for many players across
different industries. There is a “race to the
edge”, where the convergence between
telecoms and IT is now becoming a reality.
Hyperscale players are meeting industry
vertical experts, all trying to support their
customers and the overall trend of
industry digitalization.
5G EPC 5GC
5GC
Connectivity’s value and importance
is clearly becoming a necessity in the
digital economy. During the widespread
outbreak of the novel coronavirus
disease 2019 (COVID-19), we see how
connectivity has played a pivotal role in
supporting millions of people working
from home instead of their normal offices,
allowing society and businesses to
continue serving their customers.
We see it as a golden opportunity for
CSPs and the industry to extract further
value, on top of the pure connectivity
business, by capitalizing on other core
assets and capabilities, such as distributed
real estate and local support.
It is of utmost importance to develop a
strategy for achieving the desired position
in existing and emerging value chains in
the new digital economy. This will be the
foundation for investment decisions and
network evolution, supporting the overall
business plan.
If you have not started or are in the early
stages of your 5G journey, we recommend
that you start with control and user plane
separation (CUPS) for increased flexibility
and improved scaling of capacity. It
will also prepare your network for 5GC,
where network functions distribution is
a key parameter.
Our CUPS solution offers the most
flexible relationship between CUPS
nodes, while a hybrid scaling of UP and CP
achieves more than two times lower cost,
as recognized by a Tier 1 CSP in the US.
9 Ericsson  |  Building a new world

Figure 6: The CUPS deployment and scaling evolution

West site East site

EPG EPG EPG EPG Without CUPS

EPG CP EPG CP EPG CP EPG CP

Initial CUPS

EPG UP EPG UP EPG UP EPG UP EPG UP EPG UP EPG UP EPG UP

EPG CP EPG CP

Initial CUPS phase 2

EPG UP EPG UP EPG UP EPGUP

We recognize that distribution is an
important part of your 5G project and
that a journey of exploration will be
required to determine the optimal
distribution for different use cases.
With this in mind, we have designed our
dual-mode 5G Core to support your journey
and reduce complexities. Distribution means
that the number of points of presence
increases dramatically, and the greater
the distribution, the greater the need to
minimize the footprint. Our common O&M
system supports flexible and automated
movement of different capabilities. We
have designed the user plane to support the
consolidation of Gi LAN and different service
functions to reduce cost and complexity with
unified LCM (see Figure 3).
Expanding automation With dual-mode 5G Core, we can supply
Automation is a key topic for any endeavor the basis for how you achieve a platform
in the future, where a “zero touch” network for automation. We have built our O&M
and instant service activation are the goal. solution to support a hybrid approach
Any human intervention needed must with the support of both MANO and ONAP.
be considered a loss if it is not adding The platform also includes tools for
value. The future of O&M is more about automated acceptance testing (AAT) to
the management of automation, where support CI/CD. Figure 7 shows how our
human intervention is based on adding dual-mode 5G Core supplies one common
intelligence without contributing to O&M platform.
latency in the system.
However, there are different levels
of automation, all eventually equally
important. Your 5G project has to consider
this and should be built based on gradual
improvement, giving priority to the areas
that are most important at any given time
in the project.

Figure 7: One unified O&M

Common services components i.e. O&M O&M North Bound Interface (NBI)

Fault Performance Configuration Other common

Logging Prometheus
Management Management Management microservices

Microservice communication (message bus, etc.)

Microservice Microservice Microservice Microservice

Type 1 Type 2 Type 3 Type N

Business logic components for VNF functionality

Container as a Service (CaaS)

10 Ericsson  |  Building a new world

Expanding network slicing
Our learnings around the first tools for
network slicing, like e-décor, are that they
have not been a huge market success.
Leading CSPs have instead implemented
overlay networks that simply address the
IoT segment. However, we are beginning
to receive feedback from our customers
about 5GC and how network slicing can
truly make a difference.
Figure 8: The network slicing journey – some guiding principles
At Ericsson, we use a completely
different road map for network slicing
than for other products, as it covers
end-to-end (E2E) capabilities. Our
suggested approach is shown in Figure 8.
It is critical to define your goals and
ambitions when it comes to supporting
customers. This means developing a
network and operational plan to support
your business goals.
The cornerstone of this journey is
to engage and understand your
existing and potential customers’
needs. This is a journey of building
partnerships for business development,
where your network and operational
plans are synchronized.
Dual-mode 5G Core supplies the
essential support for your slicing journey.
Truly based on an E2E view, our approach
ranges from advice to a complete solution.

• Define your goal/ambition

• Determine your transformational steps
• Work closely with potential customers/other industries
• Plan, execute and learn as you go

0 1 2 3

Current state Early introduction Grow the business/traffic Optimize business traffic Goal
• 4G/EPC • 5G SA or NSA • Automation to • Advanced services
• Limited orchestration • Adopt automation support growth • TCO optimization CSP for a wide range
of 5G customers
and use cases
Pre-packaged Soft SLA, less critical Monitored mid- Tight SLA,
offerings small scale critical medium scale critical large scale

Automation to drive Automation to Highly scalable

PNF or basic MANO
introduction support growth/scale optimization

Static/appliance Few life cycle Growing number Dynamic,

based managed slices of slices optimized slices

Exploring network exposure Figure 9: Foster business innovation

As mentioned earlier, there is the with network exposure capabilities
potential for new revenues through
exposure of capabilities toward Cloud Core Exposure Server
existing and new customers or new
in-house service development. Portal Security
As with automation, exposure is
Service APIs
a broad area, and can cover from API gateway and management
network exposure to service exposure.
To succeed in this area, it is key to Composition Application
take a stepwise approach based on function
continuous add-ons to address new 4G Ntw DMDC 5G Ntw
and complex B2B or B2B2C use cases. APIs APIs APIs
Ericsson dual-mode 5G Core
Device
supplies a strong platform for
SCEF management and NEF
exploring exposure, starting with 4G communication
and extending to the new capabilities
defined in the 3GPP 5G standard.
Figure 9 shows how our dual-mode Hiding 3G/4G Hiding device Hiding 5G network
network complexity complexity complexity
5G Core solution supports both EPC
and the new 5GC solutions, and the T4, S6t,
Rx T6a SGi Nnef
vital blocks added on around device SMPP S6m
management and control to address
areas of concern and security (this is EPC 5G Core
covered in the next section).

3G/4G 5G
devices devices
LWM2M
CoAP
MQTT
11
Security
The last, but not least important, building
block is security. When a network is
transforming into a platform, and more
devices are connected to enable new use
cases, the network will be exposed to more
security threats. This building block is an
overarching one, as security should be
taken into account throughout the whole
journey, ranging from the secure design
of network functions to dealing with
actual external threats.
5G use cases will open the core
network to millions of massive and critical
machine-type communication devices
and non-3GPP networks (for example
Wi-Fi), exposing mobile networks to
security threats.
While 3GPP security mechanisms mainly
support the control plane and signaling,
they do not protect against all possible
threats, for instance distributed denial of
service (DDoS) and radio jamming.
Protecting against these threats
is something that is left for vendor
implementation and deployment,
for example scaling mechanisms and
selective dropping/throttling in case of
DDoS. Therefore, standards will only
cover some security issues.
For context, DDoS attacks on mobile
networks rose by over 500 percent
between Q4 2019 and Q1 2020. Another
aggravator is the increase in international
interconnection roaming agreements.
With 5G deployment and an average of
28 percent year-on-year growth in
roaming subscribers, threats from
external networks will increase.
The mobile network security market
is highly fragmented, with enterprises
using up to 70 different security vendors
in each company. This is likely due to the
challenge of identifying each solution’s
functionality and interoperability.
“Dedicated” solutions require a
separate NF to operate. This impacts
TCO by increasing capex (hardware)
and opex (more NF to orchestrate and
maintain). Another consequence is the
degradation of 5G latency, which directly
impacts many low-latency-dependent
5G use cases.
Considering hardware capacity
limitations on the edge, scaling of
dedicated edge security solutions
to accommodate new 5G use cases
becomes cost-prohibitive.
We are supporting CSPs in the whole
spectrum of security challenges. However,
we are now taking particular actions
toward the user plane, which is one of
the key elements in the network that
will be exposed to security threats as
described above.
Ericsson  |  Building a new world
Figure 10: Fusion of UP security
and advanced security functions
EPC Network Function
as specified by 3GPP
5GC Network Function
Internet
as specified by 3GPP Subscriber threats
SGi-LAN Function Firewall
Security Function
Protected
IPv6
NAT Optimization migration
UPF
RAN
SGW-U PGW-U 3GPP
SEG IPUPS
Packet Core Gateway
Non-3GPP
Access Roaming
Access
Firewall Firewall Roaming
threats
threats
Packet Core Firewall
In our Packet Core User Plane Network Packet Core Firewall ensures better
Function, we have integrated leading TCO than any other Packet Core security
security technology from A10 Networks solution, with optimized 5G latency and
(see Figure 10). throughput. At its core is a single CNF
New security risks, driven by 5G solution with efficient user session
adoption and fragmented solutions in traffic management and no NFVI traffic
the security market, can be solved with steering, giving 50 percent-plus TCO
Ericsson’s all-in-one security offering savings in NFVI SDN compared to
with proactive protection against internet, dedicated security solutions.
roaming and access threats.
Packet Core Firewall is a cloud native
product, providing a fusion of UP
security and advanced security functions,
powered by technology from A10 Networks.
It addresses security use cases for core
network deployments in mobile broadband
and IoT segments, and leverages the
following functionalities:
• stateful zone-based firewall
policy enforcement and exposure to
E2E security components
(Ericsson Security Manager)
• roaming with integrated
inter-PLMN UPF security
• DMZ and non-3GPP access
asset protection with cloud
native deployment
• advanced threat and behavior change
recognition based on machine learning
• time-to-mitigation closer to 5G bandwidth
demands with inline mitigation
capabilities, and closed-loop automated
recognition with the most rapid, business
logic-aware decision to mitigate
• effective delegation of mitigation
toward transport equipment,
with coverage of 80 percent of
DDoS/DoS attacks toward UP
from internet and access directions
12 Ericsson  |  Building a new world

Building the foundations

Regardless of how you choose to evolve your core

network, there are several building blocks to consider
in order to reach the 5GC target.

Figure 11: The building blocks to evolution

Early 5G NR introduction
with good customer
experience management Optimize with
Native > Virtualized > Cloud native
distributed cloud

Expand Explore
automation exposure
Explore
network slicing

Security

Time

Native > Virtualized > Cloud native Expand automation

NFV is reaching maturity. However, the next step is This is a key building block to reduce cost
available and you need to define the best path based and create new competitive advantages.
on needs and capabilities.

Explore network slicing

Early 5G NR introduction with good One overall network supporting several logical networks
customer experience management is the basis for business development and growth,
Find the best way to introduce 5G NR and manage enabling new use cases.
your customer experience along this journey.

Optimize with distributed cloud
Emerging 5G and IoT applications are driving demand
for a new kind of programmable infrastructure with an
increased focus on data-centric processing, security,
response time, scalability and resilience. Distributed
cloud creates new possibilities to extract more value
from differentiated connectivity as well as the
capitalization of other core assets.
Explore exposure
The exposure of network capabilities is the foundation
for a new service offering or new value extraction from
ecosystems or partnerships.
Security
As networks are being exposed to more use cases
and devices, security is a key element for all parts
of the journey to a 5G Core.

Further resources
One core – the best of two worlds
The guide to capturing the 5G-IoT business potential
5G deployment considerations
Discover the cost reduction opportunities of dual-mode 5G Core

Ericsson
SE-164 80 Stockholm, Sweden
Telephone +46 10 719 0000
www.ericsson.com
Ericsson enables communications service providers
to capture the full value of connectivity. The company’s
portfolio spans Networks, Digital Services, Managed
Services, and Emerging Business and is designed to
help our customers go digital, increase efficiency and
find new revenue streams. Ericsson’s investments in
innovation have delivered the benefits of telephony
and mobile broadband to billions of people around
the world. The Ericsson stock is listed on Nasdaq
Stockholm and on Nasdaq New York.
www.ericsson.com
The content of this document is subject to 15/287 01-FGB 101 256 Rev C
revision without notice due to continued © Ericsson 2020
progress in methodology, design and
manufacturing. Ericsson shall have no
liability for any error or damage of any kind
resulting from the use of this document