By Patrick MeLampy
One of the most compelling aspects of the 5G Network architecture is called “Network Slicing”. This will allow edge connections to join a specific network for a specific purpose. The networks will be mobile and ad-hoc, allowing connections to come and go. This may change the entire concept of wide area networking with fixed 5G wireless branches and wireless 5G endpoints for corporate use. 5G network slicing could replace the need for VPNs for remote or home office workers. Probably most important is that each network slice can specify what the network capabilities should be. These capabilities can be defined to support low-latency low-loss applications like real time voice, and 2nd class bulk transport for copy data backup. Plus endpoints could connect to more than one slice at a time.
This type of network slicing is driven by virtual and real interface attachments and detachments. Once attached, the network of who is reachable is limited to just those permitted. This type of segmentation is logical, and has evolved from our concepts of virtual local area networks (VLANs) and MPLS-VPNs (VRFs). By logical, I mean that the networking is based on how you attach to the network, not where you attach. The 5G network operators will likely charge for each network slice, and network slicing could become a best current practice in securing wide area networks.
If each device and each user only used a network for one application, then a single slice would be sufficient. But most network connections are used for multiple applications. These applications have different requirements, and different network needs. It would be possible to have an endpoint connect to multiple networks, once for voice, one for regular traffic, and one for backup. But the cost of these slices, and the risks of intentional or accidental bridges between networks may pose problems.
The 5G network slice has no formally defined interoperation with any existing networking models. Instead, administrators map existing segmentation techniques such as VLAN’s and VRF’s to 5G interface slices to create segmentation schemes. This technique would require extensive provisioning, and result in large numbers of routing table entries and ACL’s. This would represent yet another type of segmentation which has manual mapping to other types of segmentation. We can add this to the pile of complexity that we currently have that includes MPLS-VPNs, VRF’s VxLANs, VLANs, Nested VLANs, and IPSEC Tunnels. This tower of Babel will limit the benefits of 5G slices to the lowest common denominator of segmentation technologies.
One of the really big differences though is the 5G Slices are mobile. Endpoints can attach to slices as they move around from one location to another. Internet of Thing devices that are in vehicles could stay connected to a slice while in transit. Internetworking with 5G Slices opens up a new possibility for advancing networking routing beyond the slew of 1990’s technologies in use today. The requirements for internetworking a 5G Slice should include:
- Support for semantic “named” slices and network attachment
- Mapping of Applications & Services to slices with semantic “names”
- Mapping of all existing network resources to named slices
- Simultaneous use of multiple slices and Internet access with no possibility of bridging except by policy controlled/distributed by slice owner and NOT 5G operator
- Support for semantic based segmentation models that are a superset of all others (i.e. tenancy models)
With the innovative wave of Software Defined Network functions, it is likely new ways of internetworking will emerge as 5G is deployed providing a network slicing technology that spans existing networks and 5G. This will allow networkers to take a giant step forward in WAN technology. At the center of the new technique will be semantic objects, named for human understanding. Absent will be limited numeric indexes, proliferation of routing tables, complex combinations of restrictive ACL’s and enabling reachable routes.
With new approaches, new levels of security and segmentation should emerge. The notion of segmentation that is nested and possibly overlapping may simplify our security definitions. For a hierarchical example consider an employee who is an engineer and on a cyber security team may need to be simultaneously in three segments:
- Cybersecurity team
For an overlapping example, consider a large number of centralized IoT collectors that must simultaneously interact with the IoT devices on one slice, and supply collected and aggregated results to another slice.
But probably the single greatest reason new internetworking will be required is to secure the routing infrastructure. Only authenticated sessions, and signed and secured policies must be interpreted. Stolen credentials to access a slice must be prevented.
Software networking will provide us with the capabilities we need. Embrace software and open your mind to new possibilities of integrating slices into our future networks.
Patrick MeLampy is the Co-Founder and Chief Operating Officer at 128 Technology.
The original post can be found here.