End-to-End Network Slicing

Safeguarding Network Slices with a Rich Set of Security VNFs and Services

Network Slicing Security Requirements

Network slicing is expected to play a critical role in 5G networks because of the multitude of use cases and new services 5G will support. These new use cases and services will place different requirements on the network in terms of functionality, and their performance requirements may vary significantly in terms of throughput, QoS, latency, security, and more.

mobile-carrier-graphics-clouds.jpg

According to the 3rd Generation Partnership Project (3GPP), a network slice contains one or more network slice subnets, each of which in turn contains one or more network functions and can also contain other network slice subnets. These network functions can be implemented and managed as virtualized network functions (VNFs) and/or physical network functions (PNFs).

 

Each network slice must be able to deliver the following capabilities:

Network Slice Requirements

Corresponding Security Requirements

Deploy/instantiate required PNFs/VNFs to deliver network slice SLA

Appropriate set of security PNFs/VNFs for all use cases

Delivered from RAN (edge cloud) - through core (core cloud) - to Telco cloud/Internet

Dynamic-end-to-end deployment of security functions based on use case requirements

PNF/VNF service chaining

Integration of security functions (PNF/VNF) with SDN and NSH

Slice management and orchestration (3GPP NSMF/ETSI MANO)

Integration with management and network orchestration (MANO)

Network slices isolation

Multi-tenancy and micro-segmentation

Reliability of network slice instances

Dynamic auto scaling and high availability

Network Slicing - Secured by Fortinet

Fortinet security PNFs and VNFs provide a complete solution to the above network slicing security requirements as outlined in the following table:

Network Slice Security-Related Requirements

Fortinet Solution

Appropriate set of security PNFs/VNFs for all use cases

Fortinet delivers the richest and widest set of security PNFs and VNFs

Dynamic end-to-end deployment of security functions based on use case requirements

Small footprint, NFVI compatible security VNFs

Integration of security functions (PNF/VNF) with SDN and NSH

Integration with leading SDN platforms and NSH support

Integration with Management and Network Orchestration (MANO)

Integration with all generic NFVM and MANO platforms

Multi-tenancy and micro-segmentation

Native support for multi-tenancy and-micro segmentation in Fortinet PNFs and VNFs

Dynamic auto scaling and high availability

High availability architecture and massive auto scaling