1 Introduction

This document provides information about the role of Oracle Communications Cloud Native Core, Security Edge Protection Proxy (SEPP) in 5G Service Based Architecture and how to configure and use SEPP services and managed objects.

1.1 Overview

Oracle Communications Security Edge Protection Proxy (SEPP) is a Cloud native solution based on microservice architecture, which acts as a non-transparent proxy sitting at the perimeter of the PLMN network enabling secured inter-NF communication across PLMN networks.

Note:

The performance and capacity of the SEPP system may vary based on the call model, Feature/Interface configuration, and underlying platform and hardware environment.

The SEPP installation is supported over the following platforms:

    • Oracle Communications Cloud Native Core, Cloud Native Environment (CNE)
    • Oracle Communications Cloud Native Core OCI Adaptor, NF Deployment in OCI

For more information, see Oracle Communications Cloud Native Core, Security Edge Protection Proxy Installation, Upgrade, and Fault Recovery Guide.

SEPP supports the following functionalities:

  • Protects the application layer control plane messages and sensitive data between two NFs belonging to different PLMNs that use the N32 interface to communicate with each other. The N32 interface is used between the SEPPs of a Visitor PLMN (VPLMN) and a Home PLMN (HPLMN) in roaming scenarios. 3GPP has specified N32 to be considered as two separate interfaces: N32-c and N32-f.
    • N32-c is the Control Plane interface between the SEPPs for performing the initial handshake and negotiating the parameters to be applied for the actual N32 message forwarding.
    • N32-f is the Forwarding interface between the SEPPs, that is used for forwarding the communication between the Network Function (NF) service consumer and the NF service producer after applying the application level security protection.
  • Provides secure communication of Inter PLMN messages from Consumer NF to Producer NF using TLS protection mode (HTTP over TLS)
  • Supports configuration of Remote SEPPs using REST API
  • Performs mutual authentication and negotiation of cipher suites with the SEPP in the Remote SEPP.
  • Handles key management aspects that involve setting up the required cryptographic keys needed for securing messages on the N32 interface between two SEPPs
  • Provides a single point of access and control to internal NFs
  • Validates inbound traffic as to whether it is from an authorized external PLMN
  • Supports cross-layer validation of source and destination addresses and identifiers to provide anti-spoofing capabilities

SEPP Availability

Oracle Communications Cloud Native Core Security Edge Protection Proxy (SEPP) availability is dependent on many factors. SEPP applications are designed to achieve 99.999% availability, according to the applicable Telecommunications Industry Association TL9000 standards, with the following deployment requirements:
  • Deploy on a Cloud Native Environment with at least 99.999% Availability.
  • Deploy with n + k application redundancy, where k is greater than or equal to one.
  • Maintain production software within n-3 software releases, where n is the current general availability release.
  • Apply bug fixes, critical patches, and configuration recommendations provided by Oracle promptly.
  • Maintain disaster recovery procedures external to the applications for the reconstruction of lost or altered files, data, programs, or Cloud Native environment.
  • Install, configure, operate, and maintain SEPP as per Oracle’s applicable installation, operation, administration, and maintenance specifications.
  • Maintain an active support contract and provide access to the deployed SEPP and your personnel to assist Oracle in addressing any outage.
SEPP availability is measured for each calendar year and is calculated as follows:

Table 1-1 Measuring SEPP Availability

Availability Description
Planned Product Availability (Product available time in each month) less (Excluded Time (defined below) in each month).
Actual Product Availability (Planned Product Availability) less (any Unscheduled Outage)
Product Availability Level (Actual Product Availability across all Production instances divided by Planned Product Availability across all Production instances) x 100

Note:

Excluded Time means:
  • Scheduled maintenance time.
  • Lack of power or backhaul connectivity, except to the extent that such lack of backhaul connectivity was caused directly by the CNC NF.
  • Hardware failure.
  • Issues arising out of configuration errors or omissions.
  • Failures caused by third-party equipment or software not provided by Oracle.
  • Occurrence of any event under Force Majeure.
  • Any time associated with failure to maintain the recommended architecture and redundancy model requirements above.

1.2 References

Refer the following documents for more information about Security Edge Protection Proxy User Guide:

  • Oracle Communications Cloud Native Core, Cloud Native Environment Installation, Upgrade, and Fault Recovery Guide
  • Oracle Communications Cloud Native Core, cnDBTier User Guide
  • Oracle Communications Cloud Native Core, cnDBTier Installation, Upgrade, and Fault Recovery Guide
  • Oracle Communications Cloud Native Core, Operations Services Overlay Installation and Upgrade Guide
  • Oracle Communications Cloud Native Core, Data Collector User Guide
  • Oracle Communications Cloud Native Core, Security Edge Protection Proxy Installation, Upgrade, and Fault Recovery Guide
  • Oracle Communications Cloud Native Core, Security Edge Protection Proxy REST Specification Guide
  • Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide
  • Oracle Communications Cloud Native Core, Security Edge Protection Proxy Network Impact Report
  • Oracle Communications Cloud Native Configuration Console User Guide
  • Oracle Communications Cloud Native Configuration Console Installation, Upgrade, and Fault Recovery Guide
  • Oracle Communications Cloud Native Core, Automated Test Suite User Guide
  • Oracle Communications Cloud Native Core, Certificate Management Installation, Upgrade, and Fault Recovery Guide
  • Oracle Communications Cloud Native Core, Certificate Management User Guide
  • Oracle Communications Cloud Native Core, OCI Deployment Guide
  • Oracle Communications Cloud Native Core, OCI Adaptor User Guide
  • Oracle Communications Network Analytics Data Director Installation, Upgrade, and Fault Recovery Guide
  • Oracle Communications Cloud Native Core Release Notes
  • Oracle Communications Cloud Native Core Licensing Information User Guide
  • Oracle Communications Cloud Native Core Solution Upgrade Guide
  • Oracle Communications Cloud Native Core Security Guide