5G Network Architecture and Key Technologies

Foreword

 5G enables industries, which raise new requirements for network capabilities. The key
to implementing these capabilities lies in the network architecture and air interface.
 This course will discuss:
 The changes in the architecture and air interface of 5G networks as well as the key
technologies introduced
 5G wireless network security technologies

3 Huawei Confidential
 Objectives

 On completion of this course, you will be able to:

 Describe the 5G network architecture.
 List the key technologies of the 5G air interface.
 List 5G network security technologies.

4 Huawei Confidential
 Contents

1. 5G Network Architecture
 5G Networking Scenarios
 5G Core Network Architecture
 5G Transport Network Architecture
 5G Radio Access Network Architecture
 E2E Network Slicing

2. Key 5G Air Interface Technologies

3. 5G Network Security
5 Huawei Confidential
Network Evolution from 4G to 5G
4G/5G hybrid network 3 Transit network
gNodeB

U eNodeB EP
gNodeBs are introduced in the early E C
and middle stages of network The 5GC is introduced in the middle and
deployment. late stages of deployment.
eNodeBs and gNodeBs co-exist. eNodeBs gradually withdraw from the
network.

1 Legacy network 2 Target network

U eNodeB EP U gNodeB 5GC

E C E
6 Huawei Confidential
5G Networking Architecture

eNodeB

U 4G/5G
E gNodeB

U gNodeB 4G/5G
E

7 Huawei Confidential
NSA Network Architecture
EP EP Data split EP
anchor
C C C
Data split Data split
anchor
eNodeB gNodeB eNodeB gNodeB eNodeB gNodeB anchor

U U U
E E E
Option 3 Option 3a Option 3x

Data split
5GC 5GC anchor 5GC

Data split eLTE eLTE eLTE Data split

anchor eNodeB gNodeB eNodeB
gNodeB eNodeB gNodeB anchor

U U U
E E E
Option 7 Option 7a Option 7x

8 Huawei Confidential
NSA Network Architecture (Cont.)

5GC 5GC Data split

anchor

eLTE Data split eLTE

gNodeB gNodeB
eNodeB anchor eNodeB

Option 4 Option 4a

9 Huawei Confidential
SA Networking Architecture

EPC 5GC 5GC EPC

eLTE
eNodeB gNodeB gNodeB
eNodeB

UE UE UE UE

Option 1 Option 2 Option 5 Option 6

10 Huawei Confidential
5G Network Architecture Evolution

Evolution path 1
Option 1 Option 2
Evolution path 2
Option 3x
Evolution path 3
Option 3x Option 7x
Evolution path 4

Option 3x Option 4
Evolution path 5

Option 3x Option 7x Option 4

11 Huawei Confidential
 Contents

1. 5G Network Architecture
 5G Networking Scenarios
 5G Core Network Architecture
 5G Transport Network Architecture
 5G Radio Access Network Architecture
 E2E Network Slicing

2. Key 5G Air Interface Technologies

3. 5G Network Security
12 Huawei Confidential
Position and Main Functions of the Core Network

Core
Network Internet

Voice service flow Data service flow

13 Huawei Confidential
Evolution of the Core Network

Third wave:
Second wave:
First wave: 4G (LTE)
3G (IP)
2G/PSTN
4G core
2G/Fixed 3G core Fully connected
network
core network 5G
EPC/VoLTE/
network soft switching core network
NFV
1990–2005 2006–2013 2014–2018 2019–onwards

TDM core network All-IP core network Converged access Fully-connected core network
Network cloudification based on the cloud native architecture

14 Huawei Confidential
2G/3G/4G Core Network Architecture

RAN CN

IP Data
RNC SGSN GGSN
Network

2G/3G NodeB

BSC MSC/VLR PSTN

BTS

E-UTRAN EPC
MME

4G IP Data
S-GW P-GW Network
eNodeB

15 Huawei Confidential
All-Cloud Network Architecture

SDN/NFV
Edge cloud + regional cloud + core cloud O&M

Edge cloud Regional Core cloud

Backhaul cloud Backhaul

Edge cloud Regional

Access point Backhaul Backhaul Core DC
computing cloud DC

16 Huawei Confidential
SOC Network Architecture

Voice services
2/3/4/5G
SOC
(Service-oriented core) Video services

Wi-Fi
All access modes

All services
Autonomous
Flexible architecture Programmability Smart pipe driving

NB-IoT
Manufacturing

Fixed
CUP SB Native Smart city
Slicing
S A Cloud
Unlicensed Telemedicine

17 Huawei Confidential
SBA Network Architecture
EP 5GC
C
HSS
Core-CP 3rd-party Functions
MME PCR ID Mgnt
NEF UDM PCF NRF AF 2
F
Service Management Framework
S1-MME
AMF SMF AUSF SMSF Encrypt …
LTE SGW PGW
S1-U

N4
LTE
N2

NR
N3 Core-UP

 Large-scale network with inter-NE coupling function  Simplified network with fewer interfaces
 Long time to standardize new functions  Decoupled functions and open architecture
 Independent services and fast innovation

18 Huawei Confidential
5GC VS EPC

EPC Function Entity 5GC Function Entity

Mobility management AMF
MME Authentication management AUSF
PDN session management
SMF
PDN session management
PDN-GW
User-plane data forwarding
UPF
SGW User-plane data forwarding
PCRF Charging and policy control PCF
HSS Subscriber database UDM

19 Huawei Confidential
CUPS Improves User Experience and Network Efficiency

2G/3G/4G core network 5G core network

C Central DC:
50 ms 5 ms
P
 Centralized signaling plane
AMF/SMF/UDM/NRF/
for simplified O&M
AUSF/NEF…  Service-based architecture for
PS-GW/ agile O&M
MME/
PCRF/HSS
UP Local DC:
Charging, anchor... CDN  Local traffic processing
 Seamless mobile service anchor

Edge DC:
UP UP APP  User experience
(ULCL) (ULCL) server improvement
 Native MEC capability
1 Gbps/Site 10 Gbps/Site

21 Huawei Confidential
Cloud Native

Charging mgmt Service awareness Device mgmt eMBB slice

Mobility mgmt QoS User mgmt
Policy control Service forwarding Short message
User data Service tuning Voice

mMTC slice
Easy orchestration

URLLC
slice

Service cloudification

22 Huawei Confidential
MEC

Centralized resource Distributed resource deployment

deployment Close to terminals

23 Huawei Confidential
MEC Network Architecture

5GC UP APPs

5GC CP
5GC

UP

MEC IaaS

CP (control plane)

UP (user plane)

24 Huawei Confidential
MEC Applications
Enterprise traffic SMF/AMF/UDM
1
steering /NRF/PCF…
Core/Regional Internet UPF-
layer Anchor
2 Video optimization
Seven MEC applications
(defined by ETSI)
2 Video stream MEC-APP
analysis UPF
1 Local apps Aggregation ULCL
MEP

A layer MEC
2 Content regionalization 3
R
3 Edge computing
3 IoV MEC-APP
UPF
MEP
Access ULCL
layer MEC
3 IoT

Assistance for
3 MEC network
intensive computation
architecture

25 Huawei Confidential
MEC Application — Distributed CDN

Content source
@central DC
Online
Edge cache
transcoding
Control-plane NEs/
centralized gateway

BBU Distributed gateway Internet

MEC

26 Huawei Confidential
MEC Application — Video Surveillance

Local
network

Local data Videos analyzed and

flow processed locally

Data flow
passing through the core network

MEC server Core network Public network

27 Huawei Confidential
MEC Application — Cloud VR/AR

Image collection Video orchestrator

Small Cell 1

MEC server
VR audience
Small Cell 2

28 Huawei Confidential
 Contents

1. 5G Network Architecture
 5G Networking Scenarios
 5G Core Network Architecture
 5G Transport Network Architecture
 5G Radio Access Network Architecture
 E2E Network Slicing

2. Key 5G Air Interface Technologies

3. 5G Network Security
29 Huawei Confidential
Transport Network Structure
 Mobile transport networks include backhaul networks, MANs, and backbone networks.
 The backhaul network includes a fronthaul network, a midhaul network, and a backhaul network
according to the architecture of a wireless network.
 A MAN involves the access layer, aggregation layer, and core layer.

Core Network

gNodeB
Access ring Aggregation ring Core ring
(10/50/100 G) (100/200 G) (200/400 G)

eNodeB

30 Huawei Confidential
L3-to-Edge for 5G Backhaul, Enabling Flexible Connections

5GC 5GC

L3 to the aggregation/core
layer of the transport Layer 3 L3-to-edge transport network Layer 3
network

Layer 3
Layer 2
NR
NR NR NR

Xn X2
NR LTE NR LTE

Traffic forwarding path in L2+L3 solution Traffic forwarding path in L3-to-edge

31 Huawei Confidential
 Contents

1. 5G Network Architecture
 5G Networking Scenarios
 5G Core Network Architecture
 5G Transport Network Architecture
 5G Radio Access Network Architecture
 E2E Network Slicing

2. Key 5G Air Interface Technologies

3. 5G Network Security
32 Huawei Confidential
Base Station Architecture

AA BB
U U
CPRI/
AU RU eCPRI DU CU

Core
Network

BB
U
Antenna RRU CPRI/
eCPRI DU CU

33 Huawei Confidential
Wireless Site Deployment

AAU AA Power supply Clock

RR Clock U solution
U

Power supply solution

for BBU
Power supply
solution
Fronthaul
BB
U

BB BBU cabinet
U

Distributed radio access network (D-RAN) Centralized radio access network (C-RAN)

34 Huawei Confidential
Fronthaul Requirement — Higher-Rate CPRI Interface

Massive MIMO AAU 120

100
100

80
5x 64
CPRI bandwidth
increased by 80x 60 4G
5G
40 16x

20
20

4
0
BBU Signal bandwidth Number of antennas
(MHz)

35 Huawei Confidential
Wireless Network Cloudification – CU/DU Split

Opt 1
Core
E1
Opt 2 RRC

Opt 3 PDCP-C PDCP-U

RRC RAN-NRT C
Opt 4
PDCP U
F1-C F1-U
Opt 5
RLC-H
Opt 6
RLC-L RLC
Opt 7 DU
MAC-H MAC
RAN-RT DU PHY
MAC-L
PHY-H
PHY-L
RU
RF
RAN

36 Huawei Confidential
Wireless Network Cloudification
D-RAN C-RAN Cloud-based CU Deployment
Traditional and Centralized BBU baseband RAN-CU functions deployed in a centralized manner as a cloud for
simplified network resources, requiring fewer better DC, traffic distribution, edge computing, and intelligent
deployment equipment rooms and facilitating O&M.
collaboration. Distributed CU
Cloudification RAN-CU deployment requires
high reliability to
prevent single-point
IP failures.

Aggregation BBU
(compact) DU

BBU DU
CPRI/eCPRI CPRI/eCPRI
Site
CPRI/eCPRI
CPRI/eCPRI
DU+RU

Antenna
RU/AAU RU/AAU RU/AAU

Early stage of 5G deployment Flexible 5G deployment, meeting

various service requirements

37 Huawei Confidential
 Contents

1. 5G Network Architecture
 5G Networking Scenarios
 5G Core Network Architecture
 5G Transport Network Architecture
 5G Radio Access Network Architecture
 E2E Network Slicing

2. Key 5G Air Interface Technologies

3. 5G Network Security
38 Huawei Confidential
What Is Network Slicing?
 Network slicing is a technology that virtualizes multiple E2E networks on universal hardware.
Each network provides different capabilities to meet diverse service requirements.
eMBB slice

eMBB slice

Physical resources mMTC slice

Physical resources
access connection computing storage

access connection computing storage Physical resources

access connection computing storage

39 Huawei Confidential
Why to Use 5G Network Slicing?
4G network: no slicing,
4G network: voice, text, and resource preemption by Service/Device Service/Industry
multiple services
Internet access
Voice and
Mobile broadband
Internet access
4G network
Low latency and high 4G
Autonomous
reliability network driving

Massive connections Smart water

meter

Slicing
5G network: voice/Internet access, IoT, low
latency, high reliability 5G network: supporting slicing Service/Device Service/Industry
and service isolation
Voice & Internet Voice & Internet
Mobile broadband: 20 Gbps access
access

Autonomous Low latency and high 5G network Autonomous

driving reliability: < 1 ms driving

Massive connections: 1
Smart water Smart water
million/km2
meter meter

40 Huawei Confidential
Slicing Implementation
On-demand slice lifecycle,
distributed deployment,
Resource, security, and capacity,
OAM isolation and network services
Different domains can
use different isolation

On
n
technologies.

tio

dem
Transport network

Core network

la
Iso

a nd
RA
N

Terminal Network slices Web server E2E

E2E network slicing, including RAN,

transport network, and core network
slicing.
A cross-domain slice management
system is required.

41 Huawei Confidential
RAN Slicing: Time-Frequency Resource Slicing

Hard slicing Soft slicing

Time
AR/VR FMC V2X Independent
resources
Freq.

Frequency
Shared
Flexible TTI resources
Time

Time or frequency division for

different slices (frequency division is Different slices dynamically share
used as an example) time-frequency resources.

42 Huawei Confidential
Core Network: Slicing Meets Diversified Service Requirements
Programmable Function Set of the Core Network
SOC-UP SOC-CP
Codec SA TCP acceleration Encryption Registration Mobility mgmt Security Service mgmt QoS

Video optimization Cache Web acceleration Reliability Authentication Routing Policy control User data mgmt App

Remote control slice SOC-UP SOC-CP

99.9999% reliability Reliability App server Security QoS

IoV slice SOC-UP SOC-CP

1~5 ms latency Reliability V2X server Mobility mgmt QoS

SOC-UP
4K video Video VR
~10 Gbps optimization server QoS

Smart meter reading slice Service Meter

Million-level connections mgmt server

Edge DC Metro DC Central DC

SOC: Service-Oriented Core

43 Huawei Confidential
Transport Network: Flex-Eth for Network Slicing
Traditional: Packet Priority-based Scheduling FlexE Channelization: Slot-based Scheduling

Pipe blocked
Sub-port 0
Sub-port 0 by long packets

Sub-port 1 Sche
 Sub-port 1
FlexE
duler Shim PHY-Interface
PHY-Interface
Packet-level
包级调度
Sub-port 2 scheduling Sub-port 2 时分复用
TDM
基于66B Block级
Long packets block short packets, which prolongs the delay of FlexE: Slot-based scheduling, exclusive bandwidth. Services are not
short packets and affects each other. affected.

Slot-based scheduling eMBB

eMBB Statistical multiplexing
services
services 1 2 3 4
6 slots, 30 G Strict service isolation
URLLC 5 6 MAC MAC URLLC Statistical multiplexing
NP/TM services PHY services
9 10 11 MAC 3 slots, 15 G Strict service isolation
mMTC services
13 14 15 16 mMTC services Statistical multiplexing
8 slots, 40 G
17 18 19 20
Inter-interface isolation and intra-interface statistical multiplexing

44 Huawei Confidential
 Section Summary

 Networking modes: NSA and SA

 Core network: SBA, CUPS, native cloud, network slicing, and MEC
 RAN: D-RAN > C-RAN > CU/DU separation
 Transport network: L3 function sinking

45 Huawei Confidential
 Contents

1. 5G Network Architecture
2. Key 5G Air Interface Technologies
 Spectrum
 Rate Improvement
 Delay Reduction
 Coverage Improvement
 Massive MIMO

3. 5G Network Security
46 Huawei Confidential
New Air Interface Technologies
High bandwidth Flexible frame structure
New coding scheme
Rate increase Self-contained slot
High-order modulation
Latency reduction Grant-free scheduling
F-OFDM D2D
M-MIMO

UEs

UL/DL
gNodeB decoupling
Coverage
EN-DC improvement
M-MIMO

47 Huawei Confidential
 Contents

1. 5G Network Architecture
2. Key 5G Air Interface Technologies
 Spectrum
 Rate Improvement
 Delay Reduction
 Coverage Improvement
 Massive MIMO

3. 5G Network Security
48 Huawei Confidential
5G Air Interface Spectrum — Sub-6 GHz and mmWave
 The 5G spectrum resources defined in the 3GPP specifications can be divided into two frequency ranges, FR1 and FR2.
 FR1: 410 MHz ~ 7125 MHz, also called low frequency bands. It is the primary band for 5G. The frequencies below 3 GHz are referred to as sub-
3 GHz, and the others as C-band.
 FR2: 24250 MHz ~ 52600 MHz, mmWave, also referred to as the high frequency bands. It is the extended band for 5G. There are abundant
spectrum resources available in the FR2.

mmWave
Mainly 3.5 GHz Mainly 28/39/60/73 GHz

Visible
light

1 2 3 4 5 6 10 20 30 40 50 60 70 80 90
GHz

5G primary bands 5G extended bands

49 Huawei Confidential
Comparison Among 5G Frequency Bands

Frequency
Advantage Disadvantage Deployment Policy
Band

Limited spectrum resources, The available frequency resources are

Low frequency band, good most Sub-3 GHz frequency insufficient, and initial cell deployment is
Sub-3 GHz
coverage bands occupied by existing difficult. The refarming or CloudAIR solution
systems, limited cell bandwidths can be used in the future.

New NR frequency bands, The imbalance between the uplink and

Poor uplink coverage and clear
abundant spectrum downlink on the main 5G frequency bands
C-band imbalance between the uplink
resources, and large cell can be resolved through uplink and downlink
and downlink
bandwidth decoupling.

In the initial phase, FR2 is mainly used as a

Poor coverage and high
New NR frequency bands, supplement to eMBB services in hotspots and
mmWave requirements on RF component
largest cell bandwidth also applies to special scenarios such as
performance
WTTx and D2D.

50 Huawei Confidential
C-Band and High Frequency G30/G40, Available Spectrum of 5G
Wave 1 Wave 2

< 1 GHz 3 GHz 4 GHz 5 GHz 24–28 GHz 37–40 GHz

600 MHz (2*35 MHz) 2.5 GHz (B41) 3.7–4.2 GHz 27.5–28.35 GHz 37–40 GHz
USA

700 MHz (2*30 MHz) 3.4–3.8 GHz 24.5–27.5 GHz

EU
2.6 GHz 3.3–3.6 GHz 4.8–5.0 GHz 24.75–27.5 GHz 37–42.5 GHz
China
3.6–4.2 GHz 4.4–4.9 GHz 27.5–29.5 GHz
Japan
3.4–3.7 GHz 26.5–29.5 GHz
Korea

 Primary frequency band: The 3.5 GHz is preferred because it provides the widest continuous spectrum below 6 GHz and balances coverage and capacity. In
addition, it has a well-developed ecosystem globally. When the C-band is unavailable, 2.6 GHz is selected as the eMBB primary frequency. Alternatively, dual
connectivity (2.6 GHz+LTE 2.1/1.8 GHz) can be used to improve 5G user experience.
 Hotspot supplementation: mmWave is used as a supplementary frequency band for hotspots.

51 Huawei Confidential
 Contents

1. 5G Network Architecture
2. Key 5G Air Interface Technologies
 Spectrum
 Rate Improvement
 Delay Reduction
 Coverage Improvement
 Massive MIMO

3. 5G Network Security
52 Huawei Confidential
The Shannon Theorem
Shannon formula: C = B * log2(1 + S/N)
Maximum theoretical
Available SNR
capacity Spectrum bandwidth

① Wider carrier bandwidth ② Higher-order modulation format

400 MHz
64QAM
... ...

mmWave

16QAM
100 MHz
...

C-band QPSK

Wider transmission channel Higher rate

53 Huawei Confidential
High Bandwidth

LTE 5G FR1 FR2

5M 50M
1.4M
10M 100M
3M
5M 15M 200M

10M 20M
400M
25M
15M
20M 30M
40M
50M
60M
70M
80M
90M
100M

54 Huawei Confidential
5G Air Interface Protocol Stack
 Layer 3: User of air interface services, that is, RRC signaling and user plane data.
 Layer 2: Differentiates Layer 3 data and provides different services.
 Layer 1 (physical layer): Provides radio resources and physical layer processing for higher-layer
data.
UE gNB AMF UE gNB

NAS NAS SDAP SDAP

RRC RRC
PDCP PDCP
PDCP PDCP
RLC RLC
RLC RLC
MAC MAC
MAC MAC
PHY PHY
PHY PHY

55 Huawei Confidential
 

56
User User
data data

CRC CRC

Huawei Confidential
Code block Code block
segmentation segmentation

Coding Coding

Rate Rate
matching matching

Interleaving Interleaving

Code block Code block

concatenation concatenation

Scrambling
Scrambling
in terms of coding, modulation, and resource mapping.

QAM QAM
modulation modulation

Power control Power control

adjustment adjustment
Physical Layer Processing over the 5G Air Interface

MIMO
Coding

Resource Resource
mapping mapping

Antenna 1 Antenna 0
Output Output
The basic process of the 5G physical layer is similar to that of the 4G physical layer, but varies
5G Channel Coding
 Basic principles of channel coding selection
 Coding performance: error correction capability and coding
redundancy rate
 Coding efficiency: complexity and energy efficiency
 Flexibility: size of coded data blocks
 Turbo code
 High performance. As the rate increases, the computing amount of
Turbo LDPC Polar
coding also increases linearly. As a result, energy efficiency becomes Performance at low
data rate
a challenge.
Efficiency at low data
 LDPC: low density parity check code (traffic channel) rate
 High performance, low complexity, parallel computing, and good Performance at data
rate
support for high-speed services
Efficiency at high data
 Polar code (control channel) rate
 Excellent performance for small-packet services

57 Huawei Confidential
5G Channel Coding (Cont.)

LDPC Code (Traffic Channel) Polar Code (Control Channel)

LTE Turbo 10-1
Turbo

NR LDPC

FE
Turbo LDPC

R
Decoding Polar
30% 90%
performance

Decoding latency 1x 1/3

10-11
Chip size 1x 1/3
1 EcNo 8

Power consumption 1x 1/5 The Polar code adopts a highly reliable coding scheme. This
reduces retransmission times and SNR requirements,
Reducing terminal power consumption improving coverage.

58 Huawei Confidential
Air Interface Modulation Technology

LTE 5G
Imag  All LTE modulation schemes are
1011 1001 0001 0011
QPSK applicable in 5G. In addition, 5G
QPSK
Uplink 16QAM 16QAM introduces higher-order modulation
64QAM 64QAM schemes to further improve spectral
1010 1000 0000 0010 256QAM
efficiency.
Real

1110 1100 1100 0110

 In the current version, the highest
QPSK QPSK
16QAM 16QAM modulation scheme is 256QAM. In
Downl
64QAM 64QAM later versions, 1024QAM will be
1111 1101 0101 0111 ink
256QAM 256QAM
1024QAM introduced to further improve spectral
efficiency.

59 Huawei Confidential
256QAM
 3GPP Release 12 introduced DL 256QAM. As a supplement to the existing modulation schemes (QPSK, 16QAM, and 64QAM),
256QAM improves UE transmission rates under favorable radio conditions. DL 256QAM modulates eight bits into one symbol,
supporting a larger transport block size (TBS) than 64QAM. In theory, DL 256QAM can improve the peak spectral efficiency by as
much as 33%.

64QAM 256QAM

M
256 5 6QA AM
2
64Q AM
16Q S
QP
K

60 Huawei Confidential
Filtered-OFDM
 The F-OFDM technology optimizes RF processing, such as filters, to enable the base station to improve spectrum utilization and
service flexibility while ensuring normal RF indicators such as the adjacent channel leakage power ratio (ACLR).
 The F-OFDM improves 5G spectrum utilization to more than 95% at the optimum performance. The spectrum utilization for LTE is
90%.

OFDM F-OFDM (+10%)

LTE — 10% guard band NR — 2~3% guard band

61 Huawei Confidential
 Contents

1. 5G Network Architecture
2. Key 5G Air Interface Technologies
 Spectrum
 Rate Improvement
 Delay Reduction
 Coverage Improvement
 Massive MIMO

3. 5G Network Security
62 Huawei Confidential
Wireless Communications — Time-Domain Resource
 Time-domain resources: frames, subframes, slots, and symbols

Radio frame Basic data transmission period

Subframe Subframe ... Subframe Allocation unit of uplink and downlink

Minimum unit for data scheduling and

Slot Slot ... Slot synchronization

Symbol Symbol Symbol ... Symbol

Basic modulation unit

63 Huawei Confidential
NR Radio Frame Structure
Radio frame 10 ms

Subframe 1 ms
Fixed architecture
0 1 2 3 4 5 6 7 8 9

Subframe = {1, 2, 4} slots

Slot

0 1 2 3

Slot = {12, 14} symbols

Symbol

SCS-based
flexible architecture
0 1 2 3 4 5 6 7 8 9 10 11 12 13

64 Huawei Confidential
Flexible Frame Structure Configuration — Numerology

SCS = 15k TTI (slo t) = 14 sym b o ls = 1 m s

( TTI = 1 ms) 0 1 2 3 4 5 6 7 … 13

SCS = 30 k TTI (slo t) = 0.5 m s TTI

( TTI = 0.5 ms) 0 1 2 3 4 5 6 7 8 9 10 11 12 13 …

TTI (Slo t) = 0.25 m s TTI = 0.25 m s …

SCS = 60 K
（TTI = 0.25 ms ） 0 1 2 3 4 5 6 7 8 9 10 11 12 13 …

0.5 m s 0.5 m s

65 Huawei Confidential
NR Slot Format
 Basic composition of a slot
 DL slots (denoted as D) for DL transmission
 Flexible slots (denoted as X) for DL transmission, UL transmission, and GP, or as reserved resources
 UL slots (denoted as U) for UL transmission
D U X
 Slot type Type 1: DL-only slot Type 2: UL-only slot Type 3: Flexible-only slot

D X X U
 Type 1: DL slot only
Type 4-1 Type 4-2
 Type 2: UL slot only D XU DX U D XU D XU

Type 4-3 Type 4-4 Type 4-5

 Type 3: Flexible slot only
 Type 4: At least one UL or DL symbol, other symbols flexibly configured

66 Huawei Confidential
Self-contained Slot
 There are two special slot structures among NR slot structures. They are called self-contained
slots, which are designed to shorten the RTT delay of uplink and downlink data transmission.
They are classified into the following:
 Downlink self-contained slot:  Uplink self-contained slot:
The slot is used for downlink data The slot is used for uplink scheduling and
transmission and corresponding HARQ uplink data transmission.
feedback.
Downlink scheduling and Uplink scheduling Uplink data
data transmission HARQ feedback
transmission

D U D U

ACK/NACK

67 Huawei Confidential
Grant-free Scheduling
 There is RTT delay during scheduling. In NR, grant-free scheduling is introduced for delay-
sensitive services, which enables UEs to deliver services directly.

Grant-free

U gNodeB U gNodeB
E Req E

URLLC data
Grant

68 Huawei Confidential
D2D
 In device-to-device (D2D) communication, a base station allocates spectrum for UEs to directly transmit
user-plane data.
 Spectrum is allocated in one of the following ways:
 Using the remaining resources of cellular cells
 Reusing the downlink resources of cellular cells
 Reusing the uplink resources of cellular cells
 Interference control: Proper power control can
coordinate interference between D2D users and
other users on cellular networks when D2D reuses
cellular resources.

69 Huawei Confidential
 Contents

1. 5G Network Architecture
2. Key 5G Air Interface Technologies
 Spectrum
 Rate Improvement
 Delay Reduction
 Coverage Improvement
 Massive MIMO

3. 5G Network Security
70 Huawei Confidential
Unbalanced UL and DL Coverage & Insufficient UL Coverage
Coverage performance comparison between NR 3.5
GHz UL 1 Mbps and DL 10 Mbps
130
Major parameters of the NR 3.5
GHz link budget: 125.9
125
UE power 23 dBm

eNodeB power 50.8 dBm (120 W) 120

Carrier bandwidth 100 MHz

UL-DL slot 115

DL:UL = 3:1
configuration 112.2

SCS 30 kHz 110

Antenna configuration 64T64R

105
PUSCH PDSCH
UL: 1 Mbps DL: 10 Mbps

There is a gap of 13.7 dB in the UL and DL on the NR 3.5 GHz.

71 Huawei Confidential
Coverage Performance of C-band

C-band UL and DL coverage in typical scenarios (64T64R, TDD 3:1, indoors)

UL/DL Rate (M) DL UL

Typical urban 750

10/1Mbps_U
areas 300

Typical urban 50/5Mbps_U

600
areas 200

Dense urban 300

10/1Mbps_DU
areas 110

Dense urban 250

areas 50/5Mbps_DU Coverage Distance (m)
70

0 100 200 300 400 500 600 700 800

72 Huawei Confidential
SUL UL/DL Decoupling
 SUL is an important technology to make up for insufficient uplink coverage in C-band.

Compared with the downlink coverage, the uplink Poor uplink coverage can be compensated by switching the
coverage of C-band is 13.7 dB smaller. uplink transmission to 1.8 GHz.

Uplink enhancement

SUL: supplementary uplink

73 Huawei Confidential
Super Uplink
 5G services, especially new services in SA scenarios, pose higher requirements on high bandwidth and low latency in the uplink.
 Huawei's innovative Super Uplink uses NR FDD to enhance uplink coverage, user experience, and capacity.

Frequency band 3.5 GHz 2.1/1.8 GHz 3.5G D D D S U D D S U U

RAT TDD FDD

D D D D D D D D D D
Slot D D D S U D D S U U
configuration U U U U U U U U U U

Full uplink slots, suitable for uplink eMBB 3.5G D D D S U D D S U U

High bandwidth and high proportion of services
Advantages downlink slots, suitable for downlink 2.1G U 　 U 　 U U　
eMBB services Low frequency band, strong penetration
capability, suitable for low-latency services
Full uplink slots scheduling
High frequency band and limited Time- and frequency-domain multiplexing for
coverage capability Narrow bandwidth, not suitable for downlink better uplink performance
Disadvantages
Low proportion of uplink slots, limited eMBB services
uplink coverage capability

SUL is mainly used to make up for insufficient uplink coverage of C-band. Super Uplink has advantages in uplink capacity and user experience at the cell center
and can ensure gains in all scenarios.

74 Huawei Confidential
 Contents

1. 5G Network Architecture
2. Key 5G Air Interface Technologies
 Spectrum
 Rate Improvement
 Delay Reduction
 Coverage Improvement
 Massive MIMO

3. 5G Network Security
75 Huawei Confidential
What Is Massive MIMO?
 Massive multiple-input multiple-output: massive antenna arrays
 It uses a large-scale antenna array for 3D beamforming and multi-user resource reuse, improving both
coverage and capacity.

Radio Channel

Multiple Multiple
Input Output

76 Huawei Confidential
Network Requirements of Massive MIMO
 Frequency bands
 The number of antenna dipoles of Massive MIMO far exceeds that of traditional antennas. Therefore, the distance between
dipoles should not be too large. Otherwise, the antenna size will be too large to meet the engineering installation requirements.
 The distance between dipoles is related to the frequency band. The higher the frequency band, the smaller the dipole spacing and
the better the Massive MIMO deployment. (Currently, Massive MIMO is used only for frequency bands higher than 2.6 GHz.)

 Duplexing mode
 Massive MIMO introduces the beamforming technology. The reciprocity between the uplink and downlink channels in the TDD
system facilitates weight calculation of downlink beamforming. Therefore, TDD is more suitable for massive MIMO
deployment.
 A new reference signal (CSI-RS) can also be introduced to calculate the downlink weight in the FDD system. However, the
performance of the FDD system is slightly worse than that of the TDD system.

77 Huawei Confidential
Massive MIMO Gains — Reducing Uplink Interference
Receive diversity and UE-level beam tracking to cope with high interference

64R Receive Diversity

Deep fading suppression by
Signal from antenna 1 Signal from antenna 64 combining signals

User-Level Beam Tracking

In commercial scenarios, the cell-edge

interference of 64T64R cells is at least 6 dB
less than 8T8R cells.

78 Huawei Confidential
Massive MIMO — Coverage Enhancement
 Traffic channel  Broadcast channel
 High gains and narrow beams  High gains and narrow beams
 Dynamic beamforming direction adjustment  Scenario-based beam sweeping

79 Huawei Confidential
Massive MIMO Gains — Increasing Cell Capacity
 MU-MIMO (Virtual MU-MIMO)
 The MU-MIMO feature enables multiple paired UEs to use
the same time-frequency resources. This facilitates multi-
stream data transmission and improves the average cell
throughput.
 MU-MIMO pairing principles:
 The SINR values of different UEs are close.
 Correlation between the channels of different UEs is low.

 Massive MIMO adopts narrower beams, which leads to a

higher success rate in MU-MIMO pairing. In addition,
massive MIMO supports a larger number of data streams
and UE pairings.

80 Huawei Confidential
Traditional MIMO
Broadcast channel (highlighted
in yellow) Traffic channel
Horizontal direction:
 The broadcast channel
does not support
beamforming and
covers the entire cell.
 The Traffic channel
uses beamforming to
enhance coverage.

Vertical direction:
1 2 3 4  There is no beamforming in
+45° polarization the vertical direction. That
–45° polarization is, there is only one main
5 6 7 8 lobe, and other lobes are
side lobes.
8T8R antenna structure

81 Huawei Confidential
Massive MIMO Antenna Structure

1TRX

4TRX
1 2 3 4
+45° polarization
–45° polarization
5 6 7 8 1 2 3 4 5 6 7 8 64T64R with 128 dipoles

Diagram of LTE TDD 8T8R Schematic diagram of 5G 64T64R (192 dipoles) and 128 dipoles
Dual polarization: The black and blue colors indicate +/- 45° polarization, Dual polarization: The black and blue colors indicate +/- 45° polarization,
respectively. respectively.
8T8R: 1 TRX in the vertical direction x 4 TRXs in the horizontal direction x 64T64R: 4 TRXs in the vertical direction x 8 TRXs in the horizontal direction x 2
2 (dual-polarized) (dual-polarized)

82 Huawei Confidential
 Section Summary

 High rate: large bandwidth, massive MIMO (multiplexing), high-order modulation,

and LDPC
 High spectral efficiency: F-OFDM, flexible frame structure
 Coverage enhancement: SUL (UL/DL decoupling), Super Uplink, and massive
MIMO (beamforming)
 Low latency: CU/DU separation and self-contained slots

83 Huawei Confidential
 Contents

1. 5G Network Architecture
2. Key 5G Air Interface Technologies
3. 5G Network Security
 Network Security Threat
 5G Air Interface Security
 5G Network Security

84 Huawei Confidential
Key Security Threats Outside the Operator Network
O&M client Legitimate interception
gateway
4 5

Operator network EMS

VPLMN
3
1
Core
Network

UE RAN
2 Internet
MEC

1 Air Interface 2 Internet Access Network

3 4 External Access 5 Legitimate
• Eavesdropping/tampering of • User data disclosure and Roaming to the EMS Interception Access
user data and information tampering during • Sensitive user • Sensitive user information • Unlawful interception
• User access denied due to transmission information disclosure disclosure during transmission gateway access
DDoS attacks • Network application spoofing and tampering during • Unauthorized access • Leakage of intercepted
• Unauthorized terminal to deny specific services transmission • Malicious operations by target contact number
access to the network • Internet-side DDoS attacks to • Operator spoofing to authorized users • Data eavesdropping
• Fake base station deny data services deny services • O&M functions unavailable due and attacks on listening
• UE downgrade attacks • Unauthorized access to to DDoS attacks ports
• Malicious interference over capability openness APIs • Web attacks (SQL injection)
the air interface

85 Huawei Confidential
Key Threats Between NEs and Modules Inside the NE

5GC
gNodeB
SBA architecture on the CP
eCPRI
1 N2/N3
BBU AAU
AF PCF UDM NRF NEF
3
AM 2 Xn
NSSF AUSF SMF N3
4 F

N4 N4 gNodeB
UP UPF MEC
Threats to Inter-NE and Inter-module
6 Interfaces
N9  Eavesdropping on transmitted data

MEPM
Threats to SBA Architecture APP APP MEP
UPF 5 7  Tampering with transmitted data
① DoS attacks are launched on the NRF. As a result, MEC platform  Unauthorized access to NEs or modules
services cannot be registered or discovered.
② Attackers forge NFs to access the core network and
perform unauthorized access. Threats to MEC Modules
③ Communication data transmitted between NFs is ⑤ Malicious apps are used to attack the MEC platform or UPF VNF.
intercepted and tampered with. ⑥ Resources (computing/storage/network) are preempted between apps,
④ Known HTTPS vulnerabilities are exploited to launch affecting other apps.
attacks ⑦ Unauthorized management and O&M on third-party applications

86 Huawei Confidential
 Contents

1. 5G Network Architecture
2. Key 5G Air Interface Technologies
3. 5G Network Security
 Network Security Threat
 5G Air Interface Security
 5G Network Security

87 Huawei Confidential
Two-Way Authentication to Ensure Authorized Access
5G Networks Failing to Defend Against Downgrade
Mutual Authentication Between 5G UEs and
Attacks and Threats from 2G Fake Base Stations
the Core Network
RAN Core
UE network
Core 5G base station
network X
Fallback to a
2G base To prevent information leakage of
station specific UEs, the core network
Network access request
can reject the fallback of the UEs
Fallback to a
(IMSI).
2G fake base
The core network authenticates the UE.
station
2G base station
The UE authenticates the core network.

2G fake base station

 Unidirectional authentication is performed on 2G networks. The  Unidirectional authentication is performed on 2G networks. The network
network side cannot resolve issues related to 2G fake base stations. side cannot avoid issues related to 2G fake base stations in the case of
 Two-way authentication is used on 3G/4G/5G networks. downgrade attacks.
 To effectively defend against 2G fake base stations, 2G functions or
modules must be disabled or removed on the UEs.

88 Huawei Confidential
SUPI Encrypted Transmission
4G: IMSIs Transmitted in Plaintext Before 5G: SUPI Encryption Before Transmission, Preventing
Registration and Authentication, Possible Data Data Leakage
Leakage
IMSI catcher
IMSI Tracking and
locating a UE
IMSI catcher Encrypt Decrypt
SUPI SUC
SUCI SUPI
(IMSI/NAI) I
Unknown

Core Core
UE eNodeB UE eNodeB
network network
Attach request Attach request
(IMSI plaintext) (IMSI plaintext) Attach request (SUCI) Attach request (SUCI)
Security authentication and attach successful, with a Security authentication and attach successful, with a
temporary identity (TMSI) allocated temporary identity (TMSI) allocated

TMSI used in subsequent services TMSI used in subsequent services

89 Huawei Confidential
256-Bit 5G Key
256-Bit 5G Key to Prevent Quantum 64/128-Bit Key for 2G/3G/4G,
Computer Decryption Currently Secure Enough
gNodeB RAN
UE UE
Core
5GC
network
RRC/UP cipher RRC/UP cipher
(128/256-bit) (2G-64-bit/3G&4G-128-bit)
NAS cipher 4G NAS cipher
(128/256-bit) (128-bit)

128-bit x seconds 64-bit 3s to 4s

256-bit Trillions of years 128-bit Trillions of years

Future quantum computer decryption Summit supercomputer decryption

* The concept of quantum computer was proposed in the 1980s. So far, there is  Summit is the most advanced supercomputer currently operating in the Oak
no quantum computer in the real sense in the world. Ridge National Laboratory in the US.
 Supercomputing is achieved only by national labs in a few countries. Even if
the network downgraded to 2G/3G/4G, the network is sufficiently secure.

90 Huawei Confidential
User-Plane Integrity Protection
4G: In Labs, User Data Can Be Tampered with for 5G: User-Plane Integrity Protection Added
DNS Spoofing to Prevent Data Tampering
1. Legitimate
server 2. Tampering with a server
NAS: ciphering and integrity
for malicious use
3. Malicious
server RRC: ciphering and
4. Connecting to a malicious server integrity

UP: ciphering and

integrity
Malicious Legitimate
EPC DNS DNS
HTTP HTTP
UE Malicious eNodeB Core server server
relay network
 This vulnerability was released by GSMA on June 27, 2018. The risk lies in the
5GC
lack of integrity protection for user-plane data in LTE.
 Vulnerability attacks can be implemented only in specific scenarios in the lab.
Commercial 4G networks can still defend against such attacks. UE gNodeB Core network
Source: https://alter-attack.net/

91 Huawei Confidential
 Contents

1. 5G Network Architecture
2. Key 5G Air Interface Technologies
3. 5G Network Security
 Network Security Threat
 5G Air Interface Security
 5G Network Security

92 Huawei Confidential
IPsec for Inter-NE Security, TLS for Inter-FM Security
Secure Connection Between 5GC
Secure Connection Between 3GPP NEs
Functional Modules
Core Network CP
NEF NRF UDM PCF UDR

IPsec 5GC SB
I

Trusted Untrusted domain Trusted domain

Application

domain HTTP AMF SMF AUSF NSSF

TLS
TCP
IP
L2
L1
 IPsec used to secure data transmitted between 3GPP NEs  HTTPS used between 5GC functional modules to ensure data
 Data confidentiality and integrity during transmission ensured security
through IPsec encryption and verification  Encryption and integrity protection for transmitted data through TLS
 Authenticity of data sources ensured through IPsec  Fake NFs prevented from accessing the network through TLS two-way
authentication authentication

93 Huawei Confidential
SEPP/Security Gateway Ensures 5G Roaming Security
Security Risks Across 2G/3G/4G
5G Roaming Security Enhancement
Roaming Borders

EU Black Hat conference: PLMN 1 PLMN 2

5GC 5GC
Diameter and SS7 can be used to attack
operator networks. SEPP SEPP
TLS
Orange statistics in 2016:  Encryption and integrity protection for transmitted data through TLS
A large number of illegitimate SS7
 Message filtering and topology hiding by SEPP
requests from Africa and Middle East

4G without
EP protection vPLMN PLMN 1 PLMN 2
C
Security Security
5GC gateway gateway EP
 No filter to prevent illegitimate messages
 No E2E signaling protection C
 Untrusted or insecure service partners  Roaming security between the 5GC and 2G/3G/4G core network through
security gateways

94 Huawei Confidential
 Section Summary

 Network Security Threat

 5G Air Interface Security
 5G Network Security

95 Huawei Confidential
 Quiz

1. (True or False) NSA mode can only support eMBB services.

2. (Multiple) What technologies are used to improve spectral efficiency in 5G?
A. F-OFDM

B. Massive MIMO

C. High-order modulation

D. New coding schemes

3. (True or False) User plane integrity protection is introduced on 5G air interface.

96 Huawei Confidential
 Summary

 5G Network Architecture
 Key 5G Air Interface Technologies
 5G Network Security

97 Huawei Confidential
Thank you. 把数字世界带入每个人、每个家庭、
每个组织，构建万物互联的智能世界。
Bring digital to every person, home, and
organization for a fully connected,
intelligent world.

Copyright©2021 Huawei Technologies Co., Ltd.

All Rights Reserved.

The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.