This section describes the 5G core support provided in this reference architecture.
Home > Communication Service Provider Solutions > Dell Private Wireless > Dell Private Wireless with Airspan and Expeto > 5G Private Wireless Solutions > Solution Guides > Reference Architecture Guide: Dell Private Wireless with Airspan and Expeto > 5G core (5GC) support
This section describes the 5G core support provided in this reference architecture.
5G is not simply a performance tweak resulting in a sequential bump from 4G. With 5G we get an evolutionary jump of technology; a cloud-native rethinking of the network itself which opens wide the door for enterprise innovation. While 4G LTE is still primarily cell phone focused, we've grown to expect more from our network, specifically with regards to IoT device support. A 5G network core has the low latency and capacity to enable fleets of vehicles to drive themselves, and acres of crops to tell you they need water. It allows mining operations to ensure worker safety through by monitoring hundreds of air quality sensors, doctors to perform surgery online, critical upgrades to be sent to industrial robots in factories around the world. 5G has everything it takes to ignite the IoT revolution.
The 5G SA network deployment has no reliance on legacy 4G LTE technology. 5G core elements are cloud-native services. This cloud-based architecture facilitates new network deployment, the scaling of existing networks, load distribution, and component failover. Your 5G network grows with you, expanding to support whatever direction your business takes.
The Dell Private Wireless with Airspan and Expeto 5G SA solution is based on Dell Technologies VxRail systems. This is a horizontal edge compute platform that enables modular platform services and applications. This platform includes centralized provisioning, cloud native management, and lifecycle management as listed below.
Expeto uniquely enables enterprise customers to converge their own private or public mobile network resources across multiple locations—yet manage them as one global corporate WAN. Expeto offers a single point of control with consistency and real-time management of all connected assets and policies. Expeto’s patented platform is the only enterprise-first solution that offers the functionality of carrier grade connectivity with the ease of use of Wi-Fi to deliver meaningful outcomes.
Mission-critical enterprise applications (for example, SCADA for energy utilities, Autonomous Vehicles, and industrial drones/robots) often require mobile networking far beyond enterprise facilities that might be served by a conventional Private Mobile Network (PMN). While Telco "Private APN" and "roaming SIM" type solutions are presented as an option for "wide area" use cases, many Enterprises require a level of networking control and visibility that these offerings lack. Enterprises are eager for EMN solutions that are as easy as Wi-Fi to operate and don’t require any upgrades to their existing private RANs or mobile devices.
Expeto recognized these needs and developed the NeXtworking platform to extend Enterprise IT systems (for example, subnets and policies), plus networking control and visibility, uniformly over any combination of public or private "Any-G/Any-Band" RANs needed to economically fulfill the coverage/QoS/bandwidth requirements of mission-critical applications. The NeXtworking platform provides Telcos with a scalable, repeatable approach to serving Enterprise mobility needs while fully monetizing their public RAN and MEC investments.
The Expeto NeXtworking EMN platform includes cloud-native mobile core components that can be deployed in Enterprise data centers and customer site-located Dell MECs co-located with Dell partner private RANs.
Networks can now be established in minutes, and enterprise customers can move further and faster through their Industry 4.0 journeys to drive the outcomes that are destined to change the world for the better.
The Expeto platform (shown in following figure) provides:
Expeto-installed network components are deployed behind a corporate firewall, in a private cloud, and at geographically remote sites according to your needs. Enterprise data is secured within the enterprise network, giving you full control of the mobile network. This control enables you to create segments, manage subscribers and device network policies, and monitor network usage and performance.
Expeto’s service-level agreements (SLAs) guarantee at least 99.999 per cent uptime and are designed to scale to thousands and thousands of devices for each deployed site.
The following table shows the Expeto Platform components:
Component | Description |
A configurable cloud-based service, Expeto xRouter manages connections to public mobile networks, ensuring secure routing and global data control while also enabling dynamic network segmentation. | |
A complete 3GPP-compliant mobile network core that supports 3G, 4G, and 5G standards, Expeto xCore is fully containerized for ease of deployment configurations. | |
A multi-tenant administration UI that provides a single control plane for all networks on the platform, Expeto xControl is your Enterprise First portal. All features can also be accessed by way of REST APIs. | |
A distributed Network Management & Monitoring service for partners and enterprise subscribers. xView provides real-time monitoring, reporting, and visualization to assist with rapid troubleshooting and service flow integration. |
The private Expeto xCore is always installed within the private network.
Expeto xCore is designed and built for Kubernetes, supporting all major Kubernetes cloud providers and on-premise platforms. A single command deploys and upgrades the entire Expeto 5G SA platform. One Helm chart provides simplified deployment configuration that is fully compatible with GitOps workflows.
The following figure shows the deployed containers within a Kubernetes cluster for a private xCore. A simple deployment has the standard containers shown in the figure, plus a container for each UPF. Each UPF serves as a gateway from the mobile core infrastructure into a segment of the enterprise data network.
In HA deployments, at least two hosts are deployed for load balancing and redundancy.
The following figure shows the logical design—xCore is running on every VxRail satellite edge node controlled by the VxRail manager in the VxRail central cluster.
Expeto xCore delivers important security and core features.
Network security is inherent to 5G SA standards (as defined by 3GPP).
In a Private RAN scenario, the data packets are protected, encrypted, and authenticated end-to-end, from a UE device to the Expeto xCore in the following ways:
Egress into the Corporate Business Network would typically enter via a protected "Trusted Business Partner"-type Demilitarized Zone (DMZ) network with all the expected perimeter and cybersecurity controls that any other external network would go through.
The result is that all the enterprise data is fully protected in a private mobile network from the device right to the UPF component of the Expeto xCore which is the egress into the Corporate TCP/IP network.
Since the customer controls the device SIM and network elements (Expeto xCore), only customer devices (SIMs) are allowed to attach to the network by confirming the SIM in each IoT device is unchanged.
The security protocols used between Expeto platform components include:
The following table lists recommended security measures:
Security measure | Description |
Implement Standard IT Security | Expeto recommends and expects customers to implement standard IT security practices for preventing and detecting threats such as:
|
Enhance Default Behavior with Defense-in-Depth | The Expeto Platform allows control of default behavior to improve the security posture of the entire network and system:
In addition to the default security profile, the following additional "defense in depth" measures can also be implemented:
|
Protect the Backhaul Connection | We recommend additional protection for the backhaul network connection between the gNodeB and the Expeto xCore. IP traffic managed by GTP and Stream Control Transmission Protocol (SCTP) tunneling protocols should be protected and encrypted. This can be established using a variety of methods from software encryption/tunneling to hardware encryption devices. The endpoint within the customer network (typically in a business/partner DMZ) is referred to as the Security Gateway. For a private RAN (P-RAN) deployment, the customer can decide if the underlying network infrastructure is sufficient, or if additional network security (AES/IPsec) is required. |
Enforce Multi-Factor Authentication (MFA) | Confirming that the connecting device is authenticated and is an enterprise asset can be accomplished by mapping the IMEI and IMSI number to the device in conjunction with any local device user authentication that the enterprise security policy enforces. The basic elements of MFA include:
|
The following figure shows multiple private network sites with roaming access between sites. Network management is performed centrally.
Expeto network solution use case:
The following figure shows xCore deployed as a Private RAN.
Dell VxRail cluster is a hyperscaler-hosted environment with connectivity to remote edge nodes.
Most of this reference architecture is focused on the on-premises deployment of xCore with private network on the VxRail satellite node and xCore with public network deployed on the VxRail management Cluster.
Where the packet core is deployed depends on the type of deployment. In a 5G SA deployment, private xCore is installed on the VxRail satellite node and connected to the xControl for configuration (which is running in the cloud). This creates the private 5G SA network.