1 Introduction
This document provides information about the role of Oracle Communications Cloud Native Core, Security Edge Protection Proxy (SEPP) in 5G Service Based Architecture and how to configure and use SEPP services and managed objects.
1.1 Overview
Oracle Communications Security Edge Protection Proxy (SEPP) is a Cloud native solution based on microservice architecture, which acts as a non-transparent proxy sitting at the perimeter of the PLMN network enabling secured inter-NF communication across PLMN networks.
Note:
The performance and capacity of the SEPP system may vary based on the call model, Feature/Interface configuration, and underlying platform and hardware environment.
The SEPP installation is supported over the following platforms:
-
- Oracle Communications Cloud Native Core, Cloud Native Environment (CNE)
- Oracle Communications Cloud Native Core OCI Adaptor, NF Deployment in OCI
For more information, see Oracle Communications Cloud Native Core, Security Edge Protection Proxy Installation, Upgrade, and Fault Recovery Guide.
SEPP supports the following functionalities:
- Protects the application layer control plane messages and sensitive data between
two NFs belonging to different PLMNs that use the N32 interface to communicate with
each other. The N32 interface is used between the SEPPs of a Visitor PLMN (VPLMN)
and a Home PLMN (HPLMN) in roaming scenarios. 3GPP has specified N32 to be
considered as two separate interfaces: N32-c and N32-f.
- N32-c is the Control Plane interface between the SEPPs for performing the initial handshake and negotiating the parameters to be applied for the actual N32 message forwarding.
- N32-f is the Forwarding interface between the SEPPs, that is used for forwarding the communication between the Network Function (NF) service consumer and the NF service producer after applying the application level security protection.
- Provides secure communication of Inter PLMN messages from Consumer NF to Producer NF using TLS protection mode (HTTP over TLS)
- Supports configuration of Remote SEPPs using REST API
- Performs mutual authentication and negotiation of cipher suites with the SEPP in the Remote SEPP.
- Handles key management aspects that involve setting up the required cryptographic keys needed for securing messages on the N32 interface between two SEPPs
- Provides a single point of access and control to internal NFs
- Validates inbound traffic as to whether it is from an authorized external PLMN
- Supports cross-layer validation of source and destination addresses and identifiers to provide anti-spoofing capabilities
SEPP Availability
- Deploy on a Cloud Native Environment with at least 99.999% Availability.
- Deploy with n + k application redundancy, where k is greater than or equal to one.
- Maintain production software within n-3 software releases, where n is the current general availability release.
- Apply bug fixes, critical patches, and configuration recommendations provided by Oracle promptly.
- Maintain disaster recovery procedures external to the applications for the reconstruction of lost or altered files, data, programs, or Cloud Native environment.
- Install, configure, operate, and maintain SEPP as per Oracle’s applicable installation, operation, administration, and maintenance specifications.
- Maintain an active support contract and provide access to the deployed SEPP and your personnel to assist Oracle in addressing any outage.
Table 1-1 Measuring SEPP Availability
Availability | Description |
---|---|
Planned Product Availability | (Product available time in each month) less (Excluded Time (defined below) in each month). |
Actual Product Availability | (Planned Product Availability) less (any Unscheduled Outage) |
Product Availability Level | (Actual Product Availability across all Production instances divided by Planned Product Availability across all Production instances) x 100 |
Note:
- Scheduled maintenance time.
- Lack of power or backhaul connectivity, except to the extent that such lack of backhaul connectivity was caused directly by the CNC NF.
- Hardware failure.
- Issues arising out of configuration errors or omissions.
- Failures caused by third-party equipment or software not provided by Oracle.
- Occurrence of any event under Force Majeure.
- Any time associated with failure to maintain the recommended architecture and redundancy model requirements above.
1.2 References
Refer the following documents for more information about Security Edge Protection Proxy User Guide:
- Oracle Communications Cloud Native Core, Cloud Native Environment Installation, Upgrade, and Fault Recovery Guide
- Oracle Communications Cloud Native Core, cnDBTier User Guide
- Oracle Communications Cloud Native Core, cnDBTier Installation, Upgrade, and Fault Recovery Guide
- Oracle Communications Cloud Native Core, Operations Services Overlay Installation and Upgrade Guide
- Oracle Communications Cloud Native Core, Data Collector User Guide
- Oracle Communications Cloud Native Core, Security Edge Protection Proxy Installation, Upgrade, and Fault Recovery Guide
- Oracle Communications Cloud Native Core, Security Edge Protection Proxy REST Specification Guide
- Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide
- Oracle Communications Cloud Native Core, Security Edge Protection Proxy Network Impact Report
- Oracle Communications Cloud Native Configuration Console User Guide
- Oracle Communications Cloud Native Configuration Console Installation, Upgrade, and Fault Recovery Guide
- Oracle Communications Cloud Native Core, Automated Test Suite User Guide
- Oracle Communications Cloud Native Core, Certificate Management Installation, Upgrade, and Fault Recovery Guide
- Oracle Communications Cloud Native Core, Certificate Management User Guide
- Oracle Communications Cloud Native Core, OCI Deployment Guide
- Oracle Communications Cloud Native Core, OCI Adaptor User Guide
- Oracle Communications Network Analytics Data Director Installation, Upgrade, and Fault Recovery Guide
- Oracle Communications Cloud Native Core Release Notes
- Oracle Communications Cloud Native Core Licensing Information User Guide
- Oracle Communications Cloud Native Core Solution Upgrade Guide
- Oracle Communications Cloud Native Core Security Guide