Business & Technology

Fortinet’s NP7 is Key to Secure the Hyperscalability Mandatory in 5G

By Fortinet | February 24, 2020

As the availability of 5G begins what is likely to be known as the 5G era, a few daunting questions need to be addressed to ensure its ability to meet the very high expectations that businesses, industries, consumers, and operators have set for it. Its ability to enable change and foster innovation relies heavily on a number of factors, and two of these, often overlooked, are central to it achieving its full potential for transformation:

1. Hyperscalability

With 5G, we’re talking about unheard volumes of everything: A 10-fold increase in mobile broadband (eMBB), the support for a super high density of connected devices – up to 1 million devices per square kilometer (mMTC), and the ability to deliver ultra-reliability with ultra-low latency (URLLC). These new benchmarks, and more just like them, are redefining the term “scalability” in mobile networks. 

In these 5G mobile networks, simple scalability isn’t enough. 5G provides and requires hyperscalablilty. This goes far beyond simply providing faster 4G services. 5G has the potential to provide the foundation for global innovation across a wide variety of sectors in our society. But achieving that depends on Mobile Network Operators (MNOs) and technology vendors being able to intertwine highly complex technologies and architectures. 

If done right, the end result will be a set of scalable and consumable services and use cases that not only meet, but exceed their customers’ needs for digital evolution. Of course, this will not be easy to achieve given factors that are both qualitative (the introduction of technologies that were not present in previous generations of mobile solutions) and quantitative (the number of new technologies, architectures, and third-parties that may be required to deliver a service and/or use case).

Given that enhanced Mobile Broadband (eMBB), massive Machine Type Communications (mMTC), and Ultra Reliable Low Latency Communications (URLLC) serve as the building blocks of 5G use cases, the need for a mix of intertwined technologies and architectures to provide hyperscalability is imperative. From the staggering numbers of connected devices (machines, cars, humans, infrastructures, etc.), to the massive amounts of data being produced, communicated, stored, and analyzed, to the diversity and quantity of the distributed compute, storage, and network resources required to support all of this – the ability to provide and support hyperscalability is key for the success of 5G.

2. Security

Although 5G is, by default, more secure than any past mobile generation, security still has a much larger role to play in 5G environments than it ever did in anything that came before it. A critical aspect of this security is the safeguarding of the mobile infrastructure itself from cyberattacks, misuse, and related consequences. Although the securing of a mobile infrastructure’s signaling and user plane carries over from 4G implementations, the criticality of 5G-based services to enterprises, industries, and infrastructures now makes it an especially attractive target for threat actors. 

A second aspect, this one specific to 5G, is the safeguarding of the services and use cases powered by the technology. Their continued adoption, broad availability, and overall success will depend heavily on the end-to-end security of each use case’s complex ecosystem of technologies and partners. 

For both of these security scenarios, what is clear is that security solutions will need to be able to provide inspection, prevention, and detection at speeds that no security solution has ever been able to deliver before. But without the ability to protect hyperscale environments at the speeds required, security will become a bottleneck that will either gate the revolution that 5G is poised to provide, or organizations will have to forego critical security in order to meet business objectives. Neither of these is an acceptable option.

5G Requires the New NP7 Hyperscale-Capable Security Hardware 

Considering these two 5G requirements – hyperscalability and security – it quickly becomes apparent that a hyperscale-capable security infrastructure is an absolute requirement: one that not only spans the entire 5G infrastructure, but that can also be intertwined throughout the entire mix of technologies, ecosystems, and use cases. 

Which is why the recent announcement of Fortinet’s new Network Processor, the NP7, is so relevant and important for 5G security. 

Before explaining why, I can imagine some readers raising their fists to the sky and crying out, “An ASIC in 5G? A piece of hardware in what is supposed to be a virtualized/containerized environment? Blasphemy! Security should be a Virtual Network Function (VNF)!”

And yes, the cloud technologies used throughout the 5G infrastructure (New RAN [NR], 5G Core [5GC], Telco cloud, and Multi-Tenant Edge Computing [MEC]) serve as the fundamental building blocks that enable some of the unique capabilities 5G brings to bear. And to address this challenge, Fortinet has developed security VNFs that integrate into each of these environments to provide agile and scalable security that protects the different infrastructure components in the control and user planes, as well as secure various use cases and their ecosystems as may be required.

However, there are well-known areas where the constant availability of hyperscale security services are required throughout the 5G infrastructure. In these cases, VNFs might not be efficient – and therefore inadequate. Physical Network Function (PNF) security is required, at least for the short- to mid-term, due to considerations such as cost/performance, energy efficiency, physical footprint, and ease of implementation. These may include, but are not limited to, Security Gateways (SecGW) for backhaul connectivity (N3), massive Carrier Grade NAT (CGNAT), 5G Core to PDN security, and Roaming security.

So for the foreseeable future, especially as 5G scales and develops, hybrid security will need to be implemented with a mix of security VNFs (VMs and containers) and PNFs. And the NP7-powered, carrier-grade FortiGate PNFs from Fortinet will play a critical role in providing the hyperscale security performance, ultra-low latency, and efficiency that 5G demands, including:

  • 5G Radio Access Network (RAN) to the 4G/5G core backhaul is growing exponentially, and the enhanced broadband that comes with 5G will make a major contribution to this growth. Multi-operator RAN (RAN-sharing) and mission-critical traffic makes it mandatory to use encryption and authentication at the point of access. This means that massive, single-stream IPSec VPN will also become mandatory. The 65Gbps of IPSec throughput and the massive number of VPNs provided today by the NP7 processor is the first solution to efficiently meet that requirement. 
  • Massive CGNAT performance is also enabled with the over 100 GBs of throughput and 2 Million new sessions/second setup rate (with logging) provided by the NP7. And a FortiGate device armed with a multi-NP7 configuration can scale beyond 1TB of CGNAT to support the massive number of sessions required by external Packet Data Networks (PDNs). 
  • The NP7 is also user plane aware with GTP support (used both in 4G and 5G), providing hyperscale security for 5G user plane traffic – with multi-100Gbps of throughput in a single FortiGate PNF. 
  • The NP7 provides silicon-based QoS to maintain per-session and application traffic quality of service. This ensures that mission-critical and latency-sensitive data flows are not affected by lower priority/QoS sessions in case of congested interfaces.
  • The latency of each NP7 is also measured in single-digit microseconds, barely even a bump in the road, to ensure ultra-low latency and seamless availability.
  • DDoS mitigation is also embedded in the NP7’s HW, ensuring business continuity and service availability in case of a DDoS attack.
  • Energy efficient operations are also supported with an estimated 20W of power budget per NP7. 

Empowering 5G Starts with the Fortinet NP7 Network Processor

All of this goes to show both the power and benefits of the Fortinet NP7-powered FortiGate PNF for 5G. Imagine providing the same levels of performance with VNFs (where agility and frequent auto-scaling is not required) and you will understand why the new NP7 from Fortinet is key to providing the hyperscale security infrastructure needed for 5G.

Don’t miss Fortinet’s upcoming global virtual event for cybersecurity and networking professionals to learn more about our latest product announcements. Sign up here.

Engage in our Fortinet user community (Fuse). Share ideas and feedback, learn more about our products and technology, or connect with peers.

Click here for more information about the new FortiGate 1800F and here for more information about the next-generation Fortinet NP7 processor. The combination offers unprecedented performance and FortiGate’s wide range of market-leading security solutions and service.