1. Security Edge Protection Proxy (SEPP) Cloud Native User's Guide
  2. Overview

1 Overview

Oracle Communication Security Edge Protection Proxy (OCSEPP) is a proxy network functions (NF) which is used for secured communication between inter-Public Land Mobile Network (PLMN) messages. This document provides a brief overview of the recommended methods for configuring SEPP.

The OCSEPP supports the following functions:
  1. Supports inter PLMN traffic for both SEPP MNO and IPX Proxy modes.
  2. Supports containerized deployment based on micro service based architecture on cloud native environment.

Security Edge Protection Proxy (SEPP) Architecture

This section explains the Security Edge Protection Proxy (SEPP) architecture.

Oracle SEPP is deployed by both Mobile Network Operators (MNO) and Internetwork Packet Exchange (IPX) providers. MNOs deploy OCSEPP acting as 3GPP 5GC SEPP NEF which enables inter PLMN communication between two networks via N32 interface.

IPX providers deploy OCSEPP acting as IPX Proxy enabling inter PLMN communication between MNO's through N32 interface supporting Application Layer Security (ALS) as specified in TS 33.501. IPX provider is able to deploy OCSEPP in either of one mode i.e. functionality of 5GC SEPP NF or IPX proxy. IPX providers are able to host 5GC SEPP NF functionality for few of the MNO's and host IPX proxy functionality for rest of the MNOs.

Figure 1-1 Security Edge Protection Proxy Architecture

img/sepp1_architecture.png

The above architecture diagram shows an overview of SEPP deployment and functionality:

  • Ingress API Gateway : Access point for incoming traffic. Provides TLS.

    n32f : forwards changes done by mediation and jws.

    jws : Adds java web service. Reads JWS key from secrets. Reads JWS attributes from k8s config map

    mediation :Applies modification based on rules. Read rules from k8s config map

    Egress Gateway: Egress traffic origination point. Provides TLS.

For information on installing SEPP, see the OCSEPP Cloud Native Installation Guide.

Acronyms

The following table provides information about the acronyms used in the document.

Table 1-1 Acronyms

Fields Description
CNE Cloud Native Environment
DNS Domain Name System
FQDN Fully Qualified Domain Name
NF Network Function
OHC Oracle Help Center
OSDC Oracle Software Delivery Cloud
PLMN Public Land Mobile Network
SEPP Security Edge Protection Proxy
SVC Services
TLS Transport Layer Security

Reference

  • CNE Installation Document
  • Security Edge Protection Proxy (SEPP) Cloud Native Installation Guide