1 Introduction

This guide describes how to install or upgrade Oracle Communications Cloud Native Core, Security Edge Protection Proxy (SEPP) in a cloud native environment (OCCNE), Oracle Cloud Infrastructure (OCI), and general Kubernetes environment. It also includes information on performing fault recovery for SEPP.

Note:

• This guide covers the installation instructions when Podman is the container platform with Helm as the Packaging Manager. For any other container platform, the operator must use the commands based on their deployed container runtime environment.
• kubectl commands can vary based on the platform deployment. Replace kubectl with Kubernetes environment-specific command line tool to configure Kubernetes resources through kube-api server. The instructions provided in this document are as per the CNE version of kube-api server.

Caution:

User, computer and applications, and character encoding settings may cause an issue when copy-pasting commands or any content from PDF. PDF reader version also affects the copy-pasting functionality. It is recommended to verify the pasted content especially when the hyphens or any special characters are part of the copied content.

1.1 Overview

The Security Edge Protection Proxy (SEPP) is a critical network function in the 5G network designed to secure communication between different 5G network elements, particularly between the 5G core and external networks, such as in roaming scenarios. It is the key component of 5G Service Based Architecture (SBA). SEPP acts as a security gateway, enforcing security policies, performing traffic filtering, encryption, and ensuring that only authorized network functions can exchange sensitive information. It ensures the confidentiality, integrity, and availability of communication, mitigating threats like unauthorized access and data breaches.

SEPP supports the following functions:

• It provide an HTTP2 based RESTful interface and APIs to provision other Network Functions (NFs) data.
• Provides TLS protection for traffic between 5G networks, particularly for inter-PLMN (Public Land Mobile Network) communications.
• Acts as a proxy to ensure secure interactions between different Network Functions (NFs) across operators.
• Supports logging, monitoring, and alerting of security-related events.
• Facilitates secure roaming and inter-network communication by securing the edge.
  SEPP:
• leverages a common Oracle Communications Cloud Native Framework.
• uses MySQL NDB Cluster as the backend database in the Data Tier.
• registers with NRF in the 5G network, so the other NFs in the network can discover SEPP through NRF.
• has tiered architecture providing separation between the connectivity, business logic and data layers.

Note:

The performance and capacity of the SEPP system may vary based on the call model, Feature/Interface configuration, and underlying platform and hardware environment including but not limited to, the size of the json payload and traffic model.

For more information about the SEPP architecture, see Oracle Communications Cloud Native Core, Security Edge Protection Proxy User Guide.

1.2 References

Refer to the following documents while deploying :

• Oracle Communications Cloud Native Core, Cloud Native Environment Installation, Upgrade, and Fault Recovery Guide
• Oracle Communications Cloud Native Core, cnDBTier User Guide
• Oracle Communications Cloud Native Core, cnDBTier Installation, Upgrade, and Fault Recovery Guide
• Oracle Communications Cloud Native Core, Operations Services Overlay Installation and Upgrade Guide
• Oracle Communications Cloud Native Core, Data Collector User Guide
• Oracle Communications Cloud Native Core, Security Edge Protection Proxy User Guide
• Oracle Communications Cloud Native Core, Security Edge Protection Proxy REST Specification Guide
• Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide
• Oracle Communications Cloud Native Core, Security Edge Protection Proxy Network Impact Report
• Oracle Communications Cloud Native Configuration Console User Guide
• Oracle Communications Cloud Native Configuration Console Installation, Upgrade, and Fault Recovery Guide
• Oracle Communications Cloud Native Core, Automated Test Suite User Guide
• Oracle Communications Cloud Native Core, Certificate Management Installation, Upgrade, and Fault Recovery Guide
• Oracle Communications Cloud Native Core, Certificate Management User Guide
• Oracle Communications Cloud Native Core, OCI Deployment Guide
• Oracle Communications Cloud Native Core, OCI Adaptor User Guide
• Oracle Communications Network Analytics Data Director Installation, Upgrade, and Fault Recovery Guide
• Oracle Communications Cloud Native Core Release Notes
• Oracle Communications Cloud Native Core Licensing Information User Guide
• Oracle Communications Cloud Native Core Solution Upgrade Guide
• Oracle Communications Cloud Native Core Security Guide

1.3 Supported Deployment Models

The following deployment models are supported by SEPP:

• Single Cluster, Single Instance (Single SEPP instance on dedicated cnDBTier instance)
• Single Cluster, Multiple Instances (Multiple SEPP instances on shared cnDBTier instance)

1.3.1 Single Cluster, Single Instance (Single SEPP Instance on Dedicated cnDBTier Instance)

This deployment model has dedicated cnDBTier for each SEPP in a cluster.

Figure 1-1 Single Cluster, Single Instance (Single SEPP Instance on Dedicated cnDBTier Instance)

The deployment model has the following characteristics:

• Dedicated SEPP and cnDBTier. Only single instance of NF is supported.
• CNC Console shares the cnDBTier with NF.
• Any failure in cnDBTier impacts only that SEPP.
• SEPP and cnDBTier upgrade and rollback are seamless and easy to maintain.

1.3.2 Single Cluster, Multiple Instances (Multiple SEPP Instances on Shared cnDBTier Instance)

This deployment model allows multiple SEPP instances to be deployed on a shared cnDBTier instance.

Figure 1-2 Single Cluster, Multiple Instance (multiple SEPP instances on shared cnDBTier instance)

The deployment model has the following characteristics:

• This approach optimizes resource utilization and can lead to considerable resource efficiency.
• Data access for each SEPP instance is restricted through the use of distinct logins and credentials during deployment.
• 1+1 GR redundancy only is supported with not more than 4 SEPP instances in one cluster.
• This deployment model can only be used for SEPP instances deployed on the same CNE cluster.

1.4 Oracle Error Correction Policy

The table below outlines the key details for the current and past releases, their General Availability (GA) dates, and the end dates for the Error Correction Grace Period.

Table 1-1 Oracle Error Correction Policy

Cloud Native Core Release Number	General Availability (GA) Date	Error Correction Grace Period End Date
3.25.2.100.0	November 2025	November 2026
3.25.1.200.0	July 2025	July 2026
3.25.1.100.0	April 2025	April 2026
3.24.3	October 2024	October 2025

Note:

• For the latest patch releases, see their corresponding Oracle Communications Cloud Native Core Release Notes.
• For a release, Sev1 and Critical Patch Update (CPU) patches are supported for 12 months. For more information, see Oracle Communications Cloud Native Core and Network Analytics Error Correction Policy.

1.5 Oracle Open Source Support Policies

Oracle Communications Cloud Native Core uses open source technology governed by the Oracle Open Source Support Policies. For more information, see Oracle Open Source Support Policies.