The Paradigm Shift to Service-Based Architecture
The 5G Core (5GC) represents a fundamental departure from the point-to-point interface model used in the Evolved Packet Core (EPC). Instead of dedicated interfaces between network elements (e.g., S1-MME, S11, S5/S8 in EPC), the 5GC adopts a Service-Based Architecture (SBA) where Network Functions (NFs) expose services via RESTful APIs over HTTP/2, as specified in TS 23.501 Section 4.2.
This design philosophy — defined comprehensively in TS 23.502 (procedures) and TS 29.500 (framework) — enables cloud-native deployment, independent NF scaling, and the composability required for network slicing and edge computing.
5GC Network Functions: Complete Reference
The 5GC comprises over 15 distinct Network Functions. Each NF provides specific services consumed by other NFs via standardized APIs.
| Network Function | Abbreviation | Primary Role | Key Specification |
|---|---|---|---|
| Access and Mobility Management | AMF | Registration, connection, mobility, NAS security | TS 23.502, TS 24.501 |
| Session Management | SMF | PDU session establishment, QoS, IP allocation | TS 23.502, TS 29.502 |
| User Plane | UPF | Packet routing, forwarding, QoS enforcement, DPI | TS 23.501 Sec 6.2.3 |
| Policy Control | PCF | Policy decisions, charging rules, AM/SM policies | TS 23.503, TS 29.507 |
| Unified Data Management | UDM | Subscription data, authentication vectors | TS 23.502, TS 29.503 |
| Unified Data Repository | UDR | Persistent data storage for UDM, PCF, NEF | TS 29.504 |
| Authentication Server | AUSF | Authentication procedures (5G-AKA, EAP-AKA’) | TS 33.501, TS 29.509 |
| NF Repository | NRF | NF registration, discovery, and selection | TS 29.510 |
| Network Slice Selection | NSSF | Slice selection, AMF reallocation | TS 29.531 |
| Network Exposure | NEF | API exposure to external applications | TS 29.522 |
| Application Function | AF | Service-specific interaction (e.g., IMS, V2X) | TS 23.501 Sec 6.2.6 |
| Security Edge Protection Proxy | SEPP | Inter-PLMN security, message filtering | TS 33.501, TS 29.573 |
| Network Data Analytics | NWDAF | AI/ML-based analytics, load prediction | TS 23.288, TS 29.520 |
| Charging Function | CHF | Converged online/offline charging | TS 32.290, TS 32.291 |
| Binding Support Function | BSF | PCF binding discovery for re-selection | TS 29.521 |
| Short Message Service Function | SMSF | SMS over NAS transport | TS 29.540 |
| Location Management | LMF | UE positioning services | TS 23.273 |
SBA vs Point-to-Point: Architectural Comparison
| Aspect | EPC (Point-to-Point) | 5GC (SBA) |
|---|---|---|
| Communication model | Dedicated interfaces (GTP-C, Diameter) | RESTful HTTP/2 APIs (JSON) |
| Interface naming | Named pairs (S1, S5, S11, S6a) | Service-based (Namf, Nsmf, Nudm) |
| Scaling | Monolithic, coupled scaling | Independent NF microservice scaling |
| NF discovery | Static configuration | Dynamic via NRF |
| Deployment model | Appliance/VM | Cloud-native (Kubernetes, containers) |
| Protocol overhead | GTP-C: binary, efficient | HTTP/2: text-based, higher overhead |
| Extensibility | New interfaces require spec changes | New services registered dynamically |
Each NF exposes its services through a service-based interface prefixed with "N" followed by the NF abbreviation in lowercase. For example, the AMF exposes Namf services, the SMF exposes Nsmf services, and the UDM exposes Nudm services.
HTTP/2 Service Operations
NF-to-NF communication in the SBA follows the request-response and subscribe-notify patterns. Key operations are mapped to HTTP methods as defined in TS 29.500 Section 5.2:
| Operation Type | HTTP Method | Example | Description |
|---|---|---|---|
| Create | POST | POST /nsmf-pdusession/v1/sm-contexts | Create a new resource (PDU session) |
| Read | GET | GET /nudm-sdm/v2/imsi-{}/sm-data | Retrieve subscription data |
| Update | PUT / PATCH | PATCH /nsmf-pdusession/v1/sm-contexts/{id} | Modify existing session |
| Delete | DELETE | DELETE /nsmf-pdusession/v1/sm-contexts/{id} | Release a resource |
| Subscribe | POST | POST /nudm-ee/v1/subscriptions | Subscribe to event notifications |
| Notify | POST (callback) | Callback URI from subscription | Asynchronous event notification |
All messages use JSON encoding with TLS 1.2+ for transport security. Service-based discovery uses the NRF, where NFs register their profiles (IP, services, capacity, supported slices) and other NFs query for service endpoints.
UE Registration Procedure: Step-by-Step
The registration procedure is the foundational signaling flow in 5GC, defined in TS 23.502 Section 4.2.2.2. Here is the detailed sequence:
Initial Registration Flow (15 Steps)
- UE → gNB: RRC connection establishment (TS 38.331), UE sends RRCSetupRequest
- gNB → AMF: Initial UE Message (NGAP) containing the NAS Registration Request
- AMF → NSSF: Nssf_NSSelection_Get — the AMF queries NSSF for slice-specific AMF selection if the Requested NSSAI indicates a slice not served by this AMF
- AMF → AUSF: Nausf_UEAuthentication_Authenticate — initiates 5G-AKA or EAP-AKA’ authentication
- AUSF → UDM: Nudm_UEAuthentication_Get — retrieves authentication vectors from UDM (which reads from ARPF)
- UDM → AUSF: Returns authentication vector (RAND, AUTN, XRES*, KAUSF)
- AUSF → AMF: Authentication challenge with RAND and AUTN
- AMF → UE: NAS Authentication Request
- UE → AMF: NAS Authentication Response (RES*)
- AMF → AUSF: Nausf_UEAuthentication_Authenticate (RES) — AUSF verifies RES against XRES*
- AMF: Derives NAS security keys (KNASint, KNASenc) and initiates NAS Security Mode Command
- UE → AMF: NAS Security Mode Complete (ciphered and integrity protected)
- AMF → UDM: Nudm_UECM_Registration — registers the AMF serving this UE
- AMF → UDM: Nudm_SDM_Get — retrieves Access and Mobility subscription data
- AMF → UE: NAS Registration Accept (includes 5G-GUTI, Allowed NSSAI, Registration Area)
Worked Example: Registration Timer Budget
For a UE performing initial registration on a loaded network:
| Step | Description | Typical Duration |
|---|---|---|
| RRC setup (Steps 1–2) | Random access + RRC messaging | ~15 ms |
| Slice selection (Step 3) | NSSF query (if needed) | ~5 ms |
| Authentication (Steps 4–10) | Full 5G-AKA round-trip | ~40 ms |
| NAS SMC (Steps 11–12) | Key derivation + exchange | ~20 ms |
| Subscription fetch (Steps 13–14) | UDM queries | ~15 ms |
| Registration accept (Step 15) | Final NAS message | ~5 ms |
| Total | ~100 ms |
In practice, end-to-end registration typically completes in 80–150 ms depending on network load and whether the UDM data is cached at the AMF.
Real-World 5GC Deployments
Rakuten Mobile — Cloud-Native Pioneer
Rakuten Mobile launched the world’s first fully cloud-native 5GC in April 2020, running all NFs as Kubernetes pods on commodity x86 hardware. Key architecture decisions:
- All NFs deployed on a single Rakuten Communications Platform (RCP) across 15 regional data centers
- NRF-based discovery with sub-millisecond service lookup
- Achieved
99.999%availability through NF redundancy (N+2 for AMF, SMF) - Reported 40% lower OPEX compared to traditional EPC deployments
Dish Network — Greenfield SBA
Dish Network built the first greenfield 5G standalone network in the US, with 5GC from multiple vendors:
- AMF/SMF/UPF: Deployed from Nokia and Mavenir across AWS Outposts (edge) and centralized cloud
- Network slicing enabled from day one with three pre-configured slices: eMBB, enterprise IoT, and fixed wireless
- Covered over 70% of US population by Q4 2024 using n70 (600 MHz SUL) and n71 (600 MHz) for coverage, plus n77 for capacity
- UPF deployed at 120+ edge sites for local breakout with sub-
10 mslatency
Worked Example: NF Scaling Calculation
An operator dimensioning the AMF for 10 million subscribers:
- Each AMF instance handles
500,000concurrent registrations - Peak-hour simultaneous attached UEs:
60%of subscribers =6 million - Each AMF pod requires
4 vCPUs,8 GB RAM
`
Required AMF instances = 6,000,000 / 500,000 = 12 active instances
With N+2 redundancy: 14 AMF pods
Total compute: 14 × 4 = 56 vCPUs, 14 × 8 = 112 GB RAM
`
For SMF, handling 3 million concurrent PDU sessions at 200,000 sessions per instance: 15 + 2 = 17 SMF pods.
5GC Reference Points (Non-SBA Interfaces)
While SBA handles most NF communication, some interfaces retain reference-point models:
| Interface | Between | Protocol | Purpose |
|---|---|---|---|
| N1 | UE — AMF | NAS (TS 24.501) | Mobility, session management |
| N2 | gNB — AMF | NGAP (TS 38.413) | RAN control plane |
| N3 | gNB — UPF | GTP-U (TS 29.281) | User-plane data transport |
| N4 | SMF — UPF | PFCP (TS 29.244) | Session rules, forwarding policies |
| N6 | UPF — DN | IP | Data network connectivity |
| N9 | UPF — UPF | GTP-U | Inter-UPF forwarding |
The N4 interface uses the Packet Forwarding Control Protocol (PFCP), which is the only non-HTTP/2 control protocol in the 5GC. PFCP carries PDR (Packet Detection Rules), FAR (Forwarding Action Rules), QER (QoS Enforcement Rules), and URR (Usage Reporting Rules) from the SMF to the UPF.
Key Takeaway: The 5G Core's service-based architecture transforms the mobile core from a static, appliance-based network into a dynamic, cloud-native platform. Understanding the role of each NF, the HTTP/2 service framework, and the registration signaling flow is essential for anyone designing, deploying, or troubleshooting 5G networks. The shift to SBA is not just architectural; it changes how operators plan capacity, deploy updates, and deliver new services through network slicing and edge computing.