Perspectives on Network Slicing – Towards the New ‘Bread and Butter’ of Networking and Servicing

Alex Galis, University College London

IEEE Softwarization, January 2018


Abstract: This paper provides an analysis of the challenges of Network Slicing in the context of 5G Networks. It represents also a synthetic perspective on the results presented in the special edition – published in the December 2017 and January 2018 issues of the SDN newsletter. It covers a summary of 5G network characteristics and advantages, network slicing concepts and terms and key challenges in network slicing.

Introduction: 5G networks are conceived as extremely flexible and highly programmable end-to-end connect-and-compute infrastructures that are both application- and service-aware, as well as being time-, location-, and context-aware.

These 5G networks [5GARCH] represent an evolution

  • Of native flexibility and programmability conversion in all radio and non-radio 5G network segments including Fronthaul and Backhaul Networks, Access Networks, Aggregation Networks, Core Networks, Mobile Edge Networks, Software Networks and Clouds, Satellite Networks and Edge Networks; as well as
  • In terms of capacity, performance, and spectrum access in the radio segments of the network

5G networks enable new business opportunities by meeting the requirements of a large variety of use cases as well as enabling 5G to be future proof by means of:

  • Implementing network slicing in a cost efficient way
  • Addressing both end-user and operational services
  • Supporting softwarization natively
  • Integrating communication and computation, and
  • Integrating heterogeneous technologies (including fixed and wireless technologies).

To take advantage of these opportunities new mechanisms or updated mechanisms will be needed in all network domains. Equally important is the requirement for 5G networks to take a novel approach as to how to orchestrate, deploy, and manage services in 5G networks as exemplified in the following figure.

Figure 1

Figure 1 – 5G Networks Environment -

5G networks are expected to present a number of advantages. One in particular, is a high degree of flexibility. They enforce the necessary degree of flexibility, where and when needed, with regard to capability, capacity, security, elasticity, and adaptability. These networks will serve highly diverse types of communication – for example, between humans, machines, devices and sensors – with different performance attributes.

Further advantages of 5G emerge in the areas of autonomous management, control of systems and resources. 5G networks enable uniform management and control operations that are becoming part of the design of dynamic software architectures. They can thereby host and execute services in one or more distinct network slices.

Network Slicing Context and Definitions: A number of definitions for network slicing as partitions of network resources were used in the last 10 years within the context of research into distributed and federated testbeds [GENI] and in future Internet research [ChinaCom09]. More recently in 5G research in SDOs revised definitions were used [NGMN], [ONF], [IMT2020], [NGS-3GPP], [IETF].

Network Slicing (NS) is an end-to-end concept covering all network segments. It enables the concurrent deployment of multiple logical, self-contained and independent shared or partitioned network resources and a group of network functions on a common infrastructure platform [GALI] [CONT] [CECC], [QIAN], [NAKA], [SABO], [QIAN], [NIKA], [ODIN].

From a business point of view, a slice includes a combination of all the relevant network resources, functions, and assets required to fulfill a specific business case or service, including OSS, BSS and DevOps processes.

From the network infrastructure point of view, network slice instances require the partitioning and assignment of a set of resources that can be used in an isolated, disjunctive or non- disjunctive manner for that slice [CONT] [CORS].

From the tenant point of view, network slice instance provides different capabilities, specifically in terms of their management and control capabilities, and how much of them the network service provider hands over to the slice tenant. As such there are two types of slices: (1) Internal slices, understood as the partitions used for internal services of the provider, retaining full control and management of them. (2) External slices, being those partitions hosting customer services, appearing to the customer as dedicated networks. [CONT]

Currently Network Slicing refers to the managed fully functional dynamically created partitions of physical and/or virtual network resources, network physical/virtual and service functions that can act as an independent instance of a connectivity network and/or as a network cloud [GALI] [CONT] [CECC], [SABO]. Network resources include connectivity, compute, and storage resources.

Network Slicing considerably transforms the networking perspective by abstracting, isolating, orchestrating, softwarizing, and separating logical network components from the underlying physical network resources and as such they enhance the network architecture principles and capabilities.

To support Network Slicing, the management plane creates a group of network resources (whereby network resources can be physical, virtual or a combination thereof); it connects with the physical and virtual network and service functions as appropriate, and it instantiates all of the network and service functions assigned to the slice. For slice operations, the control plane takes over governing of all the network resources, network functions, and service functions assigned to the slice. It (re-) configures them as appropriate and as per elasticity needs, in order to provide an end-to-end service. In particular, ingress routers are configured so that the appropriate traffic is bound to the relevant slice.

The establishment of slices is both business-driven as slices are the support for different types and service characteristics and business cases, and technology-driven as slices are a grouping of physical or virtual resources (network, compute, storage) which can act as a sub network and/or a cloud. A slice can accommodate service components and network functions (physical or virtual) in all of the network segments: access, core, and edge / enterprise networks.

Network operators can use NS to enable different services to receive different treatment and to allow the allocation and release of network resources according to the context and contention policy of the operators. Such an approach using NS would allow a significant reduction of the operations expenditure. In addition, NS makes possible softwarization, programmability and allows for the innovation necessary to enrich the offered services. NS provides the means by which the network operators can provide network programmable capabilities to both OTT providers and other market players without changing their physical infrastructure. NS enables the concurrent deployment of multiple logical, self-contained and independent, shared or partitioned networks on a common infrastructure. Slices may support dynamic multiple services, multi-tenancy, and the integration means for vertical market players (such as the automotive industry, energy industry, healthcare industry, media and entertainment industry, etc.)

Network Slicing Challenges for 5G Networks

In order to implement and use network slice functions and operations, there is a clear need to look at the complete life-cycle management characteristics of Network Slicing solutions based on the following architectural tenets:

  • Underlay tenet: support for an underlay data plane the transport network uses to carry that underlay.
  • Governance tenet: a logically centralized authority for the entire network slices in a domain.
  • Separation tenet: slices may be independent of each other and have an appropriate degree of isolation from each other.
  • Capability exposure tenet: allow each slice to present information regarding services provided by the slice (e.g., connectivity information, mobility, autonomicity, etc.) to third parties, via dedicated interfaces and /or APIs, within the limits set by the operator.

In pursuit of solutions for the above tenets towards a new type of ‘bread and butter’ of networking and servicing there is a need to address the following challenges and outcomes:

I. Architectural Challenges

  • A Uniform Reference Model for Network Slicing that describes all of the functional elements and instances of a network slice. It also describes shared non-sliced network parts.
  • Slice Templates: Providing the design of slices to different scenarios. This outlines an appropriate slice template definition that may include capability exposure of managed partitions of network resources (i.e. connectivity compute and storage resources), physical and/or virtual network and service functions that can act as an independent connectivity network and/or as a network cloud.

II. Challenges in Realising Network Slice Capabilities

  • Networks Isolation - Efficient slice creation with guarantees for isolation in each of the Data / Control / Management / Service planes. Having enablers for safe, secure and efficient multi-tenancy in slices. Methods to enable diverse requirements for NS, including guarantees for the end-to-end QoS of a service within a slice.
  • Network Slicing Service Mapping – creating an efficient service mapping model binding across network slicing; specifying policies and methods to realize diverse service requirements without re-engineering the infrastructure [GALI] [IETF] [CECC]
  • Recursion, namely methods for NS segmentation allowing a slicing hierarchy with parent–child relationships [GUER] [KARL].
  • Customized security mechanisms per slice - In any shared infrastructure, security is a key element to guarantee proper operation, and especially a fair share of resources to each user including Resource isolation and allocation policy at different levels and Isolation of network service management for multiple tenants [CONT], [NAKA].
  • Network Slices Reliability - Maintaining the reliability of a network slice instance, which is being terminated, or after resource changes [NAKA].
  • Optimisation, namely methods for automatic selection of network resources for NS; global resource views; global energy views; Network Slice deployment based on global resource and energy efficiency; slice mapping algorithms [GALI].
  • Capability exposure for NS (allowing openness); with APIs for slice specification and interaction [GALI].
  • Programmability and control of Network Slices [GALI].
  • Per-tenant Policy Management - In a multi-tenant, multi-slice end-to-end hosting and networking scenario, closed-loop automation requires both per-tenant policies, as well as the network operator’s own. Per-tenant policies would be set to limit compute, storage and network resource usage, block the execution of unauthorized operations, trigger actions including scaling, healing, and topology reconfiguration to meet the service-level agreement (SLA) with a tenant [KHAN].
  • Slice lifecycle management including creation, activation / deactivation, protection, elasticity, extensibility, safety, and sizing of the slicing model per network and per network cloud for slices in access, core and transport networks; for slices in data centres, and for slices in edge clouds [GALI].
  • Dedicated network - Each slice must behave as a dedicated network while sharing underlying resources, physical and Monitoring the status and behaviour of NS in a single and/or muti-domain environment and maintenance mechanisms have to be defined in order to show and abstract the proper information for each slice customer [CONT].
  • Radio Access Network (RAN) slicing targeting flexible customization and multiplexing over disaggregated RAN infrastructures [KHAN].
  • Scalability: In order to partition network resources in a scalable manner, it is required to clearly define to what extent slice customers can be accommodated or not on a given slice. The application of different SLAs on the offered capabilities of management, control and customization of slices will directly impact the scalability issue [CONT].
  • Slice dimensioning: Over-dimensioning has been the normal way in the past for avoiding any kind of congestion. With slicing the traffic sources and destinations become much less predictable, if at all. Appropriate planning, dimensioning and enforcement are needed to make sustainable the transition to this new form of service [CONT].
  • Autonomic slice management and operation, namely self-configuration, self-composition, self-monitoring, self-optimisation, self-elasticity for slices that will be supported as part of the slice protocols [IETF].
  • Automated instantiation, scaling and topology reconfiguration of slices [KHAN].
  • Slice stitching / composition by having enablers and methods for efficient stitching / composition / decomposition of slices: vertically (through service + management + control planes); horizontally (between different domains as part of access, core, edge segments); or a combination of vertically + horizontally [GALI] [IETF].
  • End-to-end network clouds orchestration of slices [GUERZONI], [KARL], [CONT].
  • Service Mapping, by having dynamic and automatic mapping of services to network slices [GALI] [CECC].
  • Efficient enablers and methods for integration of the above capabilities and operations.

III. Network Slices – Deployment & Economic Considerations

  • Deployment Options: There are architectural, engineering, performance, flexibility and service agility without disruption challenges in terms support of many next-generation services in a NS enable infrastructure. In terms of deployment options an operator could deploy a single multi-service network, with a shared physical layer supporting a shared functional layer. Alternatively, the operator could deploy separate physical sub-networks, each with their own physical resource layer and functional layer on top of that; Or the operator could deploy discrete virtual networks, built on one shared physical resource layer, with multiple functional layers dedicated to each application or service type [CORS] [DANN].
  • Economy of Scale in Slicing: The benefits of slicing grow as the number of service types that you are trying to launch grows. In addition significant investment is needed in automation to be able to do this at scale, otherwise the complexity and operational challenges are likely to mount up. It’s key that the rest of the organisation gears up to support this ambition – development, delivery, marketing, operations and so on - otherwise the operator won’t be able to exploit the technology commercially [CORS] [DANN].
  • Service Diversity: the key challenge is how to support and operate different kind of services with very distinct needs onto the same infrastructure. One practical approach is to position segregated services on specialized partitions, designed and optimized for the type of service to be provided [CONT].
  • Interaction with the vertical customers: Proper abstractions and templates have to be defined for ensuring the provision of a consistent service portfolio and their integration with the internal network management and orchestration [CONT] [ODIN].


This work has been performed in the framework of the H2020 project 5GEx (Grant Agreement no. 671636), project SONATA (Grant Agreement no. 671517) and EUB project NECOS (Grant Agreement no. 777067), which are partly funded by the European Commission.



[5GARCH] Redana, S., Bulakci, Ö., Galis, A., et all - Views on 5G Architecture – Mark 2 White Paper– 5G PPP Association – January 2018 -

[GENI] GENI Key Concepts - Global Environment for Network Innovations (GENI)

[ChinaCom09] Galis, A. et all - "Management and Service-aware Networking Architectures (MANA) for Future Internet" - Invited paper IEEE 2009 Fourth International Conference on Communications and Networking in China (ChinaCom09) 26-28 August 2009, Xi'an, China,

[NGMN] Hedmar, P., Mschner, K., et all - NGMN Alliance document "Description of Network Slicing Concept", January 2016;

[NGS-3GPP] Study on Architecture for Next Generation System - September 2016;

[ONF] Paul, M., Schallen, S., Betts, M., Hood, D., Shirazipor, M., Lopes, D., Kaippallimalit, J., - Open Network Fundation document "Applying SDN Architecture to 5G Slicing", April 2016;

[IETF] Galis, A., et all - Network Slicing - Revised Problem Statement Jan 2016,

[ITU-T IMT2020] Technical Report Application of network softwarization to IMT-2020, ITU-T FG IMT2020, December 2016,

[GUER] "Guerzoni, R., Vaishnavi, I., Perez-Caparros, D., Galis, A., et al Analysis of End-to-End Multi Domain Management and Orchestration Frameworks for Software Defined Infrastructures, June 2016,

[KARL] Karl, H., Dräxler, S., Peuster, M, Galis, A., et al - DevOps for Network Function Virtualization, July 2016,

[GALI] Galis, A., Chih-Lin I- Towards 5G Network Slicing- IEEE 5G Tech Focus, Volume 1, Number 1, March 2017-

[DANN] Danneberg, M., Nimr, A., Matthé, M., Fettweis, G. F. - Network slicing for Industry 4.0 applications – Initial RAN testbed results, January 2018 issue of the newsletter

[CORS] Corston-Petrie - A.E2E Network Slicing: Opportunities and Challenges for Operators – a view from BT, January 2018 issue of the newsletter

[CECC] Ceccarelli, D, Lee, Y. - Transport aspects of network slicing: existing solutions and gaps - January 2018 issue of the newsletter

[CONT] Contreras, L. M., López, D. R. - A Network Service Provider Perspective on Network Slicing - January 2018 issue of the newsletter

[NAKA] Nakamura, T., - Overview of ETSI NFV Network Slicing report: Network Slicing Support with ETSI NFV Architectural Framework - Dec 2017 issue of the newsletter

[NIKA] Nikaein, N., Chang, C. - Slicing and Orchestration in Service-Oriented RAN Architecture - Dec 2017 issue of the newsletter

[QIAN] Li, Q., Wu, G., Papathanassiou, A., Mukherjee, U., - Radio Slicing - Dec 2017 issue of the newsletter

[KHAN] Khan, A., Shimojo, T., Benjebbour, A., Okumura, Y., Iwashina, S.,- NTT DOCOMO’s 5G Experimentations and Trials - Dec 2017 issue of the newsletter

[ODIN] Odini, M-P.,- V2X and Network Slicing - Dec 2017 issue of the newsletter

[SABO] Saboorian, T., Xiang, A.,- Network Slicing and 3GPP Service and Systems Aspects (SA) Standard - Dec 2017 issue of the newsletter



Alex GalisAlex Galis is a Professor in Networked and Service Systems at University College London (UCL). He has co-authored 10 research books including and more that 250 publications in the Future Internet areas: system management, networks and services, networking clouds, 5G virtualisation and programmability. He participated in a number of EU research projects including overall technical leadership of the MISA - Management of IP networks, FAIN – programmable networks, CONTEXT – context aware networking and AUTONOMIC INTERET – autonomic networking projects. He was a member of the Steering Group of the Future Internet Assembly (FIA) and he led the Management and Service–aware Networking Architecture (MANA) working group at FIA. He acted as PTC chair of 14 IEEE conferences including TPC co-chair of IEEE Network Softwarization 2015 (NetSoft 2015) and reviewer in more than 100 IEEE conferences. He is also a co-editor of the IEEE Communications Magazine feature topic on Advances In Networking Software and an editor of IEEE JSAC series on Network Softwarisation and Enablers. He acted as a Vice Chair of the ITU-T SG13 Group on Future Networking. He is involved in IETF and ITU-T SG13 network slicing activities and he is also involved in IEEE SDN initiative including co-chairing of the IEEE SDN publication committee.


Network Slicing for Industry 4.0 Applications – Initial RAN Testbed Results

Martin Danneberg, Ahmad Nimr, Maximilian Matthé, Gerhard P. Fettweis, TU Dresden

IEEE Softwarization, January 2018


Abstract - Wireless networks operating in unlicensed bands suffer because multiple radio technologies have to share the same frequency resources causing cross-technology interference. However, in industrial scenarios various technologies have to be supported to connect any kind of application to the network. One solution to solve those challenges is to use one flexible physical layer (PHY) chipset, instead of multiple PHY chipsets to interconnect the different wireless sensors, robots or cameras. Since only one flexible chipset is going to be utilized, the parameters of the signal processing inside must be reconfigured quickly to emulate the different radio access technologies. This article gives an overview of a testbed that offers a flexible PHY implementation with fast reconfiguration. The goal is to provide an interface for SDN solutions to offer different network services in unlicensed bands.

Introduction – 5G NR technologies introduce more flexibility and adaptivity to cellular communications than previous standards. Especially, 5G flexible numerologies allows network controllers to adapt the properties of the physical layer to the applications and/or wireless scenarios. This includes for example the subcarrier spacing, bandwidth and the resource allocation. An overview of the radio-slicing concept for cellular communications is given in [1]. Still, the underlying technique will be the 5G NR physical layer (PHY) and its respective waveform.

In contrast, in industry scenarios, network slicing should support very different use cases with different radio access techniques, particularly including a change of the physical layer waveform itself. The reason is that various types of wireless technologies have to be connected, because diverse applications need access to cloud platforms. Harmonizing all those applications to use strictly one technology is a non-trivial challenge. For example, legacy systems cannot be updated to newer standards and embedded sensors have to deal with low energy consumption and therefore cannot use complex communication systems. Typically, several and independent Access points (AP) are used. Especially their non-synchronized operation leads to interference that results in reduced network performance as experimental studies in the EU Horizon 2020 project eWINE show.

Decoupling User Plane and Control Plane and controlling radio channels with SDN could solve this issue of RAN slicing, if all involved network elements at the AP support multiple technologies in a harmonized approach. The idea is to use one flexible PHY chipset, instead of multiple PHY chipsets. This has the advantage that only one chipset with a higher quality radio frequency (RF) chain can be used rather than several independent ones. More important, also the timings between the different PHY-services can be aligned, and thus, the inter-service interferences can be reduced. This allows using the frequency bands more efficiently. However, since only one chipset is going to be utilized the parameters of the signal processing must be reconfigured quickly.

Figure 1

Figure 1: Evolved access point with SDN functionalities offers various services using a reconfigurable and flexible physical layer chipset.

Envisioned access point - Figure 1 presents the envisioned communication system where one AP provides different clients with different services using different numerologies. In this case, IoT sensors are served with ZigBee communications for legacy reasons, whereas the robot receives control information provided by a cloud-based controller with an Ultra-Reliable Low-Latency Communication (URLLC) service. Since ISM (Industrial, Scientific and Medical) bands are not restricted to certain physical layers, a modified 5G NR or other PHY proposals could offer the URLLC service. Finally, a WLAN network is provided for non-critical but high-throughput clients, all operating in the 2.4GHz band.

The goal is that one AP operates on a given frequency band for its services, such that the other bands can be used by neighboring APs, without overlapping to prevent interference. The multi-standard capabilities of one AP enable serving the clients in a time-aligned approach to prevent any inter-service interference within the range of the AP, instead of relying on Carrier Sense Multiple Access (CSMA) to negotiate which service gets access to the medium. Here, a scheduled airtime is given to a service where all other services are “turned off“. However, this idea only partially covers the interference issues, because a client can still jam the transmissions. At the AP there are two options to mitigate this. Either the protocol foresees an option to turn off clients for a time period, as for example in the Zigbee standard or the AP creates additional signals to ensure that enough energy is radiated. Especially new waveform candidates like Filter Bank Multi-Carrier (FBMC) or Generalized Frequency Division Multiplexing (GFDM) are supporting very steep filter banks and could embed the actual signal while transferring additional data.

Figure 2 provides an overview of the proposed system, which consists of a Hewlett Packard Enterprise (HPE) Edgeline EL4000 System with intense computing power for higher layer processing and a National Instruments (NI) USRP RIO Software-Defined Radio (SDR) platform to accelerate the signal processing of PHY and parts of the MAC layer. The SDR platform supports RF bandwidths up to 160 MHz in a frequency range up to 6 GHz and is connected to the HPE server via PXI Express for fast data exchange.

Figure 2

Figure 2: System overview: The data path is marked with a continuous line, the control path with a dashed line. The different MACs can be instantiated in software and then program the PHY according to the requirements.

Flexible physical layer – The starting point for the SDN-enabled SDR platform is the GFDM-inspired waveform generation framework, introduced in [2]. It provides a framework that is able to generate and receive commonly used waveforms and candidates for future wireless networks [3]. In [4], a modulator is shown which realizes the transmitter part in a programmable chip (FPGA) system. The focus in this implementation is to keep the structure as general as possible. Therefore, the implemented components can be parametrized during the run-time, with only very short reconfiguration times of few clock cycles. This for example allows changing the PHY layer between WLAN or LTE systems. Besides 5G NR, other 5G waveform candidates are supported are as well. The reason is that the generalized filtering unit can be preloaded with arbitrary filter forms. This allows to create signals with very low out-of-band emissions. Further, it also could be used to create spread spectrum signals used in ZigBee. The SDR receiver can support this wide range parametrization too.

The parametrization is realized through a Femto-Forum similar messaging system. The messages are passed from a network controller through all involved layers down to the modules on the FPGA and back to inform about events occurring during the signal processing. In Figure 2, the control path is marked with a dashed line.

The MAC layer is running on the powerful EL4000 to provide all the flexibility the different services need. A Linux Real-Time system ensures consistent and reliable data processing. Still, parts of the time-critical MAC procedure are implemented on FPGA. For example, in WLAN the receive ACK has to be transmitted within 10 µs, which cannot be achieved if the server CPU and its operating system is involved.

Initial Results – Figure 3 presents first results of the “airtime scheduler” and the flexible transmitter. It shows two different PHY configurations multiplexed in time, captured by another SDR device. The first, longer signal has a WLAN-like configuration with 64 subcarriers and 9 subsymbols, whereas the second signal only uses 32 subcarrier and three subsymbols for very fast signal processing as required by URLLC. In both cases, different preambles are prepended before the data block to distinguish between the different services. Please note that the signal shape of the preambles is modified for easy identification and will not be used in practical systems. The reconfiguration time is in order of a few FPGA clock cycles, which does not have any impact on the transmission efficiency as the FPGA signal processing operates at 200 MHz clock speed. The RF bandwidth is adaptable up to 160 MHz.

Figure 3

Figure 3: Captured RF signal of two different numerologies created by the “airtime scheduler” and the flexible transmitter multiplexed in time.

Conclusions – The presented RAN slicing using the flexible PHY [5] improves the spectrum efficiency by, at one hand, getting rid of the inter-technology interference using the same unlicensed band. On the other hand, the reconfiguration of PHY parameters allows adapting the communication system according to the current scenario. The latter option allows network controllers to influence the operations at the PHY on a packet level. This enables instantiation of multiple services using various wireless standards. The interaction of SDR with SDN is also subject to ongoing studies in the EU Horizon 2020 project ORCA, where third parties can participate using online testbeds and open source software components.



[1] Qian Li, Geng Wu, Apostolos Papathanassiou and Udayan Mukherjee, “Radio Slicing”,

[2] M. Matthé, L. Mendes, I. Gaspar, N. Michailow, D. Zhang and G. Fettweis, “Precoded GFDM transceiver with low complexity time domain processing”, in EURASIP Journal on Wireless Communications and Networking (EURASIP), 2016

[3] N. Michailow et. al, “Generalized Frequency Division Multiplexing for 5th Generation Cellular Networks,” IEEE Transactions on Communications, vol. 62, no. 9, pp. 3045–3061, 2014.

[4] M. Danneberg, N. Michailow, I. Gaspar, D. Zhang, and G. Fettweis, “Flexible gfdm implementation in fpga with support to run-time reconfiguration,” in 2015 IEEE 82nd Vehicular Technology Conference (VTC2015-Fall), Sept 2015, pp. 1–2.

[5] (2017) Open Source flexible transceiver implementation. [Online]. Available:



Martin DannebergMartin Danneberg received his master degree in electrical engineering from the Dresden University of Technology in April 2013. During his studies, he focused on wireless communications and circuit design. His master thesis at the RF Engineering Chair dealt with the development of a backplane for a phased array. Since September 2013, he is a member of the Vodafone Chair and leading the research activities of the chair in the EU projects CREW, eWINE and ORCA. His professional interests revolve around non-orthogonal waveforms for future communication systems, especially about FPGA-based prototype implementations of flexible multicarrier modulation schemes.


Ahmad NimrAhmad Nimr received his diploma in Communication Engineering from HIAST, Syria in 2004. Afterwards, he worked as a software and hardware developer from 2005 to 2011. Then, he perused a master of science in Communications and Signal Processing and obtained his M.Sc degree in 2014 from TU Ilmenau. His research at TU Ilmenau focused on tensor based signal processing. In addition, he contributed to the FP7 project EMPhAtiC. Since October 2015, he has been a member of Vodafone Chair Mobile Communication Systems, TU Dresden. He is currently carrying out research in low-latency multiple access and resources allocation techniques for 5G networks.


Maximilian MatthéMaximilian Matthé received the Dipl.-Ing degree in electrical engineering from Technical University Dresden (TU Dresden), Dresden, Germany, in 2013. He is currently pursuing the Ph.D. in the Vodafone Chair Mobile Communication Systems at TU Dresden. During his studies, he focused on mobile communications systems and communication theory. He performed his internship at National Instruments Dresden and worked on the design and implementation of a measurement site for LTE test UEs. In his Diploma Thesis he concentrated on waveform design for flexible multicarrier transmission systems. His research focuses on the design and evaluation of MIMO architectures for future cellular networks.


Gerhard P. FettweisGerhard P. Fettweis earned his Ph.D. under H. Meyr's supervision from RWTH Aachen in 1990. After one year at IBM Research in San Jose, CA, he moved to TCSI Inc., Berkeley, CA. Since 1994 he is Vodafone Chair Professor at TU Dresden, Germany, with 20 companies from Asia/Europe/US sponsoring his research on wireless transmission and chip design. He coordinates 2 DFG centers at TU Dresden, namely cfaed and HAEC.

Gerhard is IEEE Fellow, member of the German academy acatech, and his most recent award is the Stuart Meyer Memorial Award from IEEE VTS. In Dresden he has spun-out eleven start-ups, and setup funded projects in volume of close to EUR 1/2 billion. He has helped organizing IEEE conferences, most notably as TPC Chair of ICC 2009 and of TTM 2012, and as General Chair of VTC Spring 2013 and DATE 2014.



Francesco BenedettoFrancesco Benedetto was born in Rome, Italy, on August 4th, 1977. He received the Dr. Eng. degree in Electronic Engineering from the University of ROMA TRE, Rome, Italy, in May 2002, and the PhD degree in Telecommunication Engineering from the University of ROMA TRE, Rome, Italy, in April 2007.

In 2007, he was a research fellow of the Department of Applied Electronics of the Third University of Rome. Since 2008, he has been an Assistant Professor of Telecommunications at the Third University of Rome (2008-2012, Applied Electronics Dept.; 2013-Present, Economics Dept.), where he currently teaches the course of "Elements of Telecommunications" (formerly Signals and Telecommunications) in the Computer Engineering degree and the course of "Software Defined Radio" in the Laurea Magistralis in Information and Communication Technologies. Since the academic year 2013/2014, He is also in charge of the course of "Cognitive Communications" in the Ph.D. degree in Applied Electronics at the Department of Engineering, University of Roma Tre.

The research interests of Francesco Benedetto are in the field of software defined radio (SDR) and cognitive radio (CR) communications, signal processing for financial engineering, digital signal and image processing in telecommunications, code acquisition and synchronization for the 3G mobile communication systems and multimedia communication. In particular, he has published numerous research articles on SDR and CR communications, signal processing applied to financial engineering, multimedia communications and video coding, ground penetrating radar (GPR) signal processing, spread-spectrum code synchronization for 3G communication systems and satellite systems (GPS and GALILEO), correlation estimation and spectral analysis.

He is a Senior Member of the Institution of Electrical and Electronic Engineers (IEEE), and and a member of the following IEEE Societies: IEEE Standard Association, IEEE Young Professionals, IEEE Software Defined Networks, IEEE Communications, IEEE Signal Processing, IEEE Vehicular Technology. Finally, He is also a member of CNIT (Italian Inter-Universities Consortium for Telecommunications). He is the Chair of the IEEE 1900.1 WG on dynamic spectrum access, the Chair of the Int. Workshop on Signal Processing fo Secure Communciations (SP4SC), and the co-Chair of the WP 3.5 on signal processing for ground penetrating radar of the European Cost Action YU1208.


Transport Aspects of Network Slicing: Existing Solutions and Gaps

Daniele Ceccarelli, Ericsson; and Young Lee, Huawei, USA

IEEE Softwarization, January 2018



A network slice is defined by 3GPP as an end to end logical network comprising a set of managed resources and  network functions. Its definition and deployment start from the RAN (Radio Access Network) and packet core, but in order to guarantee end to end SLAs (Service Level Agreements) and KPIs (Key Performance Indicators) especially for applications that require strict latency and bandwidth guarantee, the transport network also plays an important role and needs to be sliced as part of services bound to the different slices.  However, it is not easy for clients/applications to interface directly with transport networks.

ACTN (Abstraction and Control of Traffic Engineered Networks) has been driving SDN standardization in IETF in the TEAS (Traffic Engineering and Signaling) WG with the emphasis of providing customer interfaces that enable dynamic and automatic transport network slice instantiation and its life cycle operation.  This article provides an overview of existing transport network slicing solutions based on ACTN and a gap analysis to meet the requirements.

Transport network slicing: key factors and requirements

In order to provide guaranteed end to end performances, service providers have the need to define logically isolated networks (aka virtual networks) that can be offered as a service to the different customers, each of which with possibly different requirements.

From a high level point of view, this translates into a number of main requirements against the transport network:

Requirement 1.     Ability for the customer to define and convey their virtual networks without having to understand transport network details.

Requirement 2.     Ability for the provider to map and translate customer’s virtual network models (e.g., L2/3 VPN) against TE constrained paths in transport network.

Requirement 3.     Ability to provision and manage end to end paths meeting given virtual network constraints.

Requirement 4.     Ability to monitor such virtual networks or connections at various levels: customer level, orchestration level and domain level.

Requirement 5.     Ability to integrate other constraints such as Service Functions and/or Virtual Network Functions.

Requirement 6.     Ability to extend for integrating non-TE device level performance data such as queuing delay.


The provisioning of end to end paths often spans multiple administrative and technological domains, possibly involving domains operated by different providers. All this complexity needs to be hidden to the customer of the network slice, which in most cases customer only cares about connectivity with given constraints between a set of end points.

These issues are addressed by an ongoing work in the IETF (Internet Engineering Task Force) known under the name of ACTN – Abstraction and Control of Traffic engineered Network.

ACTN defines a hierarchy of controllers based on a 3-tier model whose main functionalities are [1]:

- Multi domain coordination: this function builds a single end to end network topology (with different levels of abstraction) to enable end to end path computation and provisioning.
- Virtualization/Abstraction: provides an abstracted view of the different network domains based on the customer requirements and negotiated with the service provider.
- Customer mapping/translation: This function maps customer level requests into network level constraints and command that can be sent down the control hierarchy till the devices.
- Virtual service coordination: Translation of service related information into requests and commands at network level. This includes many service orchestration functions such as multi-destination load balancing, guarantees of service quality, bandwidth, and throughput.

The 3-tier model defines types of controllers and the interfaces between them as shown in Figure 1 below.

Figure 1

Figure 1. ACTN architecture

A Customer Network Controller (CNC) is responsible for communicating a customer's Virtual Network Service (VNS) requirements to the network provider over the CNC-MDSC Interface (CMI).  It has knowledge of the end-points associated with the VNS (expressed as Access Points (APs)), the service policy, and other QoS information related to the service.

A Multi-Domain Service Coordinator (MDSC) is a functional block that implements all of the ACTN functions listed in above. The MDSC sits at the center of the ACTN model between the CNC that issues connectivity requests and the Provisioning Network Controllers (PNCs) that manage the network resources. The key point of the MDSC is detaching the network and service control from underlying technology to help the customer express the network as desired by business needs. It is assumed that an MDSC is under one provider’s authority. In case that customer applications are spread over multiple providers, it is a responsibility of the CNC to have multiple interfaces to coordinate the multi-provider issues.

A Provisioning Network Controller (PNC) oversees configuring the network elements, monitoring the topology (physical or virtual) of the network, and collecting information about the topology (either raw or abstracted).

Solutions for Transport Network Slicing

This section provides the current progress and solutions against the aforementioned requirements of transport network slicing.

Virtual Network Slicing Service Model

It discusses customer initiated virtual network slicing data model in which customer can control their virtual network slice to fit their needs [2]. This model fulfills the requirement #1. This is for CMI (i.e. CNC – MDSC Interface of ACTN) as shown in Figure 1. This model describes VN Yang model for customer access points, virtual network access points, Virtual Network (VN) identifiers, its VN-members, any constraints and policy customer cares for with respect to its VNs. See Figure 2 shows the process of VN creation in the context of ACTN architecture.

Figure 2

Figure 2. Virtual Network Slicing Service Creation

Figure 2 shows that VN Slicing Service model enables customer to create its VN without having to know the transport underlay details and to indicate its end-points with constraints (e.g., bandwidth, latency, load-balancing, protection, etc.) per VN or VN-member level. This model facilitates customer-driven dynamic life-cycle VN service operation.

TE-Service Mapping Model

It discusses the need for creating TE-Service Mapping model in which to create a binding relationship across Service Models such as L1/2/3 VPN [3-5] and ACTN VNS [2] and TE tunnel model [6].  This model fulfils the requirement #2. Figure 3 shows the binding relationship across different models.

Figure 3

Figure 3. TE-service mapping model

This binding will facilitate a seamless service operation with underlay-TE network visibility. The TE-service model developed can also be extended to support other services including L1 Connectivity Service Model, L2 Service Model, and L3 Service Model, and future transport network service models. TE-service mapping model allows for customer to indicate their service policy in regards to how under-lay TE tunnels be created for their VPN service (e.g., sharing with existing tunnels, new TE-tunnel for VPN, a complete isolation by creating optical TE tunnel, etc.). As VN isolation requirement is one of the key enablers for certain applications for 5G and others, this model fulfills such requirement. With this model, customer is given the underlay TE tunnel reference so that it can monitor how its VNs are performing in the underlay via VN telemetry model [7].

Abstracted TE topology and TE tunnel Models

Abstracted TE topology model [8] allows operators to control and manage its transport networks based on an end-to-end abstracted topology. The corresponding TE tunnel model [6] allows operator to control and manage various tunnels across the abstracted topology independent of the underlying domain technology. These models fulfill the requirement #3.

Figure 4

Figure 4. Abstracted TE topology and TE tunnel models with technology specific augmentation

In some cases, topology abstraction may not provide sufficient details of the underlay transport networks. Using YANG Remote Procedure Call (RPC) operation, path compute request and reply can be supported so that the MDSC can collect more granular topology information beyond generic abstraction level such as Optical Transport Network (OTN), Wavelength Switched Optical Network (WSON) and Flexi-grid from the domain networks. This refers to augmentation which is shown in Figure 4 where both TE-topology and TE-tunnel models are augmented by technology specific YANG models of various types.

VN Telemetry Model

It discusses KPI Telemetry which allows customer to define key performance monitoring data relevant for its virtual network slicing via YANG subscription model [6]. This model fulfills the requirement #4.

This model allows for mechanisms to define different aggregation/abstraction levels of telemetry data to support scalability. Figure 5 shows how VN telemetry model operates.

Figure 5

Figure 5. VN Telemetry Model Operation


The current traffic segregation solutions like L2VPN are not able to guarantee end to end constraints and SLA requirements, while new ACTN transport network slicing solutions presented in this article are focused on providing customer traffic with guaranteed end to end performances. The solutions allow creating virtual network slices for a set of end-to-end connectivity which connects customer’s end-points. Virtual networks requiring key performances such as bandwidth guarantee and strict latency can be created and monitored dynamically using various models presented in this article.  In summary, the current standardization efforts have identified solutions already for requirements 1-4 while there is still room for discussions/solutions for requirements 5-6. Related to requirement 5, other slicing constraints beyond connectivity constraints are yet to be fulfilled in the current transport network slicing. Virtual Network Functions (VNFs) and Service Functions (SFs) can be added to Transport network slicing scope. An initial use-case [9] and its corresponding solution for SF-enabled TE topology are available [10].

Related to requirement 6, the port/queue level isolation requirements have not been considered in current transport network slicing scope. In hybrid non-TE and TE networks, the low level PM data such as port/queue level latency required for enhanced VPN [11] and Deterministic Networking [12] may contribute to end-to-end latency and as such the VN telemetry model can be extended to integrate these low level PM data.



[1] Daniele Ceccarelli and Young Lee (Editors), “ACTN Framework”, draft-teas-actn-framework-10, IETF draft, November 2017.

[2] Young Lee, et al, “A Yang Data Model for ACTN VN Operation”, draft-lee-teas-actn-vn-yang-08, IETF draft, October 2017.

[3] Giuseppe Fioccola, et al, “A Yang Data Model for L1 Connectivity Service Model (L1CSM)”, draft-fioccola-ccamp-l1csm-yang-00, IETF draft, October 2017.

[4] Giuseppe Fioccola (Editor), “A YANG Data Model for L2VPN Service Delivery”, draft-ietf-l2sm-l2vpn-service-model-04, IETF draft, October 2017.

[5] S. Litkowski, L. Tomotaki, and K, Ogaki, “YANG Data Model for L3VPN Service Delivery”, RFC 8049, IETF, February 2017.

[6] T. Saad (Editor), “TE tunnel model A YANG Data Model for Traffic Engineering Tunnels and Interfaces”, draft-ietf-teas-yang-te-09, IETF draft, October 2017.

[7] Young Lee (Editor), “YANG models for ACTN TE Performance Monitoring Telemetry and Network Autonomics”, draft-lee-teas-actn-pm-telemetry-autonomics-05, IETF draft, October 2017.

[8] Xufeng Liu, et al, “YANG Data Model for Traffic Engineering (TE) Topologies”, draft-ietf-teas-yang-te-topo-13, IETF draft, October 2017.

[9] Igor Bryskin, et al. “Use Cases for SF Aware Topology Models”, draft-bryskin-teas-use-cases-sf-aware-topo-model-01, IETF draft, October 2017.

[10] Igor Bryskin and Xufeng Liu, “SF Aware TE Topology YANG Model”, draft-bryskin-teas-sf-aware-topo-model-00, IETF draft, October 2017.

[11] Stewart Bryant and Jie Dong, “Enhanced Virtual Private Networks (VPN+)”, draft-bryant-rtgwg-enhanced-vpn-01, IETF draft, October 2017.

[12] Norm Finn, et al. “Deterministic Networking Architecture”, draft-ietf-detnet-architecture-04, IETF draft, October 2017.

[13] Haomian Zheng, et al. “A YANG Data Model for Optical Transport Network Topology”, draft-ietf-ccamp-otn-topo-yang-02, IETF draft, October 30, 2017.

[14] Young Lee, et al. “A Yang Data Model for WSON Optical Networks”, draft-ietf-ccamp-wson-yang-09, IETF draft, November 12, 2017.

[15] J.E. Lopez de Vergara, et al. “YANG data model for Flexi-Grid Optical Networks”, draft-vergara-ccamp-flexigrid-yang-06, IETF draft, January 8, 2018.

[16] Haomian Zheng, et al. “OTN Tunnel YANG Model”, draft-ietf-ccamp-otn-tunnel-model-01, IETF draft, October 30, 2017.

[17] Young Lee, et al, “A Yang Data Model for WSON Tunnel”, draft-lee-ccamp-wson-tunnel-model-04, IETF draft, January 8, 2017.

[18] J.E. Lopez de Vergara, et al. “YANG data model for Flexi-Grid media-channels”, draft-vergara-ccamp-flexigrid-media-channel-yang-01, IETF draft, November 11, 2017.



Daniele CeccarelliDaniele Ceccarelli received his master degree in 2005 in Telecommunications Engineering from the University of Pisa. After some years as researcher he joined Ericsson as system manager and network architect with focus on GMPLS and distributed control plane. In the last year his interests evolved into packet-optical integration and multi layer and multi domain transport SDN solutions. Daniele started working in IETF in various working groups of the routing Area in 2008 where in 2014 he became co-chair of the CCAMP working group. Daniele is co-author of 12 RFCs and more than 20 active internet draft mostly covering GMPLS, PCE, MPLS and ACTN.


Young LeeYoung Lee is a Technical Director of SDN network architecture at Huawei Technologies USA Research Center, Plano, Texas. He is responsible for developing new technology in the area of SDN/T-SDN/NFV and driving standards in IETF and ONF. He has also been leading optical transport control plane technology research and development.  His research interest includes SDN, cloud computing architecture, cross stratum optimization, network virtualization, distributed path computation architecture, multi-layer traffic engineering methodology, and network optimization modeling and new concept development in optical control plane signaling and routing. Prior to joining to Huawei Technologies in 2006, he was a co-founder and a Chief Architect at Ceterus Networks (2001-2005) where he developed topology discovery protocol and control plane architecture for optical transport core product. Prior to joining to Ceterus Networks, he was Principal Technical Staff Member at AT&T/Bell Labs in Middletown/Holmdel, New Jersey (1987-2000).

He is active in standardization of transport SDN, GMPLS, PCE in IETF and ONF and has driven Transport SDN both in industry, standardization, and ONOS ACTN project. He currently serves a chair for Cross-Stratum Optimization (CSO) WG in ONF. He served a co-chair for IETF’s ACTN BOF and a co-chair for ONF’s NTDG.

He received B.A. degree in applied mathematics from the University of California at Berkeley in 1986, M.S. degree in operations research from Stanford University, Stanford, CA, in 1987, and Ph.D. degree in decision sciences and engineering systems from Rensselaer Polytechnic Institute, Troy, NY, in 1996.



Elio SalvadoriDr. Elio Salvadori is the Director of CREATE-NET Research Center within Fondazione Bruno Kessler (FBK); he is responsible for managing, organizing, executing and monitoring of the activities of the Center.

He joined CREATE-NET in 2005 and since then he has served different roles within the organization: from 2007 to 2012 he has been leading the Engineering and Fast Prototyping (ENGINE) area. From 2012 to 2014 he has been acting as SDN Senior Advisor while holding a position as CEO in Trentino NGN Srl. He then moved fully back to CREATE-NET acting as Research Director and then as Managing Director until the incorporation within FBK at the end of 2016.

Prior to CREATE-NET, Dr. Salvadori has developed a mixed industrial and academical background: he graduated in 1997 at Politecnico di Milano through an internship pursued at CoreCom, a research lab funded by Politecnico and Pirelli Optical Systems (now Cisco Photonics). Afterward he has worked as systems engineer at Nokia Networks in Milan and then at Lucent Technologies in Rome. In 2001 he won a research grant at the University of Trento to pursue his PhD on Information and Communication Technologies. He received his PhD degree in March 2005 with a thesis on traffic engineering for optical networks.

During his research career, he has been involved in several national and European projects on SDN and optical networking technologies as well as on Future Internet testbeds.

His current research interests include software-defined networking (network virtualization and distributed controller architectures), Network Functions Virtualization (NFV) and next generation transport networks. He has published in more than 100 International refereed journals and conferences. He is a member of IEEE and ACM.


IEEE Softwarization - January 2018
A collection of short technical articles

Transport Aspects of Network Slicing: Existing Solutions and Gaps

By Daniele Ceccarelli, Ericsson; and Young Lee, Huawei, USA

A network slice is defined by 3GPP as an end to end logical network comprising a set of managed resources and  network functions. Its definition and deployment start from the RAN (Radio Access Network) and packet core, but in order to guarantee end to end SLAs (Service Level Agreements) and KPIs (Key Performance Indicators) especially for applications that require strict latency and bandwidth guarantee, the transport network also plays an important role and needs to be sliced as part of services bound to the different slices.  However, it is not easy for clients/applications to interface directly with transport networks.

Network Slicing for Conditional Monitoring in the Industrial Internet of Things

By Huanzhuo Wu, Deutsche Telekom Chair of Communication Networks; Giang T. Nguyen, Deutsche Telekom Chair of Communication Networks, SFB-912 HAEC, Technische Universität (Dresden, Germany); Anil Kumar Chorppath, Deutsche Telekom Chair of Communication Networks; and Frank H.P. Fitzek, Deutsche Telekom Chair of Communication Networks, 5G Lab Germany

One of the key use cases for the future 5G network is the massive machine-to-machine communication for the Internet of Things (IoT) area, fulfilling a broad set of requirements, from massive bandwidth to extremely low latency and the huge heterogeneity of end devices. Subsequently, the network has to provide the IoT domain a dedicated network slice from the physical network. The network slicing concept describes a logical segment of a physical network guaranteeing a set of QoS requirements. More importantly, they are ensured for end-to-end communication, not only at the radio access segment, but also at the network core. The whole network infrastructure needs to provide provisioning, managing association to slices, interoperating and supporting performance and isolation.

Network Slicing for Industry 4.0 Applications – Initial RAN Testbed Results

By Martin Danneberg, Ahmad Nimr, Maximilian Matthé, Gerhard P. Fettweis, TU Dresden

Wireless networks operating in unlicensed bands suffer because multiple radio technologies have to share the same frequency resources causing cross-technology interference. However, in industrial scenarios various technologies have to be supported to connect any kind of application to the network. One solution to solve those challenges is to use one flexible physical layer (PHY) chipset, instead of multiple PHY chipsets to interconnect the different wireless sensors, robots or cameras. Since only one flexible chipset is going to be utilized, the parameters of the signal processing inside must be reconfigured quickly to emulate the different radio access technologies. This article gives an overview of a testbed that offers a flexible PHY implementation with fast reconfiguration. The goal is to provide an interface for SDN solutions to offer different network services in unlicensed bands.

A Network Service Provider Perspective on Network Slicing

By Luis M. Contreras and Diego R. López, Telefónica Global CTIO Unit

The feasibility of creating logical, full-functional partitions of network infrastructures (either physical, virtual, or a combination of both), known as slices, will permit network service providers to overcome the great challenge of forthcoming 5G services: how to support and operate different kind of services with very distinct needs onto the same infrastructure. Mixing services like enhanced Mobile Broadband (eMBB), massive Machine-Type Communications (mMTC) and ultra-Reliable and Low Latency Communications (uRLLC), altogether on the same network, makes quite difficult to define a common architecture capable of keeping the requirements of each of them in an ordered and structured form. It is much more convenient to think on segregating them on specialized partitions, designed and optimized for the type of service to be provided.

5G: Platform and Not Protocol

By Bessem Sayadi and Laurent Roullet, Nokia Bell-Labs France

With the promise of offering ultra-reliable, low-latency high speed communications, 5G is expected to enable a golden digital age of remote healthcare, autonomous cars and advanced robotics use-cases. 5G heralds an explosion of augmented and virtual reality (AR/VR) applications and accelerates the already rapid growth of the Internet of Things (IoT).

5G Network Slicing and Security

By Emmanuel Dotaro, Head of ICT and Security Labs at Thales Secure Communications and Information Systems – France

Despite the lack of common understanding or unique standard definition, the network slicing concept has been used with the same virtualization fundamentals in many contexts. From the GENI concept, in MPLS/GMPLS framework towards 5G, most of the visions consider a set of resources virtualized for the benefit of a tenant, sharing de-facto part of the control/management with the underlying infrastructure. The immediate security issue was related to the isolation between slices but already in NGMN listed a set of key security issues beyond basic isolation concerns. The overall slice vision is illustrated in Fig. 1.

Perspectives on Network Slicing – Towards the New ‘Bread and Butter’ of Networking and Servicing

By Alex Galis, University College London

This paper provides an analysis of the challenges of Network Slicing in the context of 5G Networks. It represents also a synthetic perspective on the results presented in the special edition – published in the December 2017 and January 2018 issues of the SDN newsletter. It covers a summary of 5G network characteristics and advantages, network slicing concepts and terms and key challenges in network slicing.


5G Network Slicing and Security

Emmanuel Dotaro, Head of ICT and Security Labs at Thales Secure Communications and Information Systems – France

IEEE Softwarization, January 2018


5G network slicing comes with Security Transformation Requirements

Despite the lack of common understanding or unique standard definition, the network slicing concept has been used with the same virtualization fundamentals in many contexts. From the GENI concept [1], in MPLS/GMPLS framework [2] towards 5G [3], most of the visions consider a set of resources virtualized for the benefit of a tenant, sharing de-facto part of the control/management with the underlying infrastructure. The immediate security issue was related to the isolation between slices but already in [4] NGMN listed a set of key security issues beyond basic isolation concerns. The overall slice vision is illustrated in Fig. 1

The 5G slicing security is one security area among many 5G other specific issues. 5G (beyond 3GPP phase 1) will encompass non-3GPP domains, extended roaming procedures, Service Based Architecture (SAB) applied to security and will certainly bring unprecedented architectures, services or business models. The evolution towards the next generation has already been subject to a substantial literature. Considering the 5G architecture and procedures introduced in [5] and [6], security areas are more specifically addressed in [7][8]. Going far beyond 4G complexity, 5G is imposing to reconsider many security aspects such as Authentication and Authorization, RAN (multi-access) security, User Equipment (including IoT), confidentiality and key management, etc...and finally Network Slicing security. An overall vision of this security landscape is given in [9] where one can find references to groups and bodies active on 5G security such as ETSI --in particular working groups dealing with Network Function Virtualization (NFV) and management issues (MANO), IETF, IMT 2020,...

The nature of 5G components, systems and services lead to an unprecedented combination of specific software-based vulnerabilities, function distribution, boundaries variations in time and space.

Moreover, the multiplicity of stakeholders and authorities in the case of Network slicing raises serious challenges which are exacerbated by the so-called Mission-Critical support.

Through technological but also architectural and business aspects, or even regulation, the 5G slicing shows a novel attack surface but also great opportunities to deliver the relevant level of cybersecurity.

The following sections will briefly highlight main issues and specific potential directions.

Figure 1

Figure 1: Overall slice vision

“What’s in my Slice”?

The 5G slices are Software-based and as such, inherit among others from SDN and NFV security issues and solutions. Many threat Intelligence aspects are already addressed in the literature including comprehensive survey [10] or, for instance for SDN-NFV components, available as Common Vulnerabilities and Exposure (CVE) list.

As described in [5] 5G relies on a set of security functions which have to be instantiated on a per slice basis. Security should be tuned as per tenant/vertical policies for a given slice which implies in turn to manage/duplicate the security functions on logical slices. A user may access different slices for different services, but the confidentiality, integrity and availability has to be preserved for any slice. Most of the issues pointed here may be summarized as isolation issues. The potential attacks can affect tenant services by targeting user data but attention should be paid to the control exchanges (e.g negotiations of Slice as a Service, templates etc...).

When considering knowledge of slice assets and its consequences in terms of security issues, a specific problem occurs by nature as the slices are both:

- an abstraction/composition of the actual systems and services delivered by third parties and,
- flexible, dynamic or even adaptive to satisfy the varying needs through multi-party complex business environment

Ensuring trust and consistent security policies/governance between tenants and providers point of views is a remaining challenge. This may be considered as a pre-requisite when applied to vertical sectors under stringent security and resilience requirements, beyond existing standards and certification schemes often applied to limited perimeters. There is thus a need to evaluate and expose security attributes of subnets, systems and services involved in the composition of the 5G slices.

The 5G is actually disruptive and the security issues raised by 5G slicing will remain work in progress for some time. Compensating the new threats and issues, security should inherit from the best 5G paradigms. Some beneficial 5G aspects applied to security are presented below.

Software Defined Security: Slice Protection Deployments

5G slices is a new way to virtualize an infrastructure for tenants with dynamic software defined provisioning technologies and service aggregation rather than system integration approach. Deployment, orchestration, chaining of (virtualized) protection functions becomes by analogy a software defined security concept.

This provides a great opportunity, allowing fine grain policies, Artificial Intelligence-based smart algorithms (security phases illustrated in Fig. 2), etc... The end-to-end security is thus resulting from the diversity of stakeholders involved in the provision and usage of the slices. As an immediate consequence, horizontal (end-to-end), vertical (infrastructure provider vs. tenants), multilateral (security-as-a-service, vertical services) coordination/composition of security becomes a challenge. Beyond technical aspects, the liability distribution is expected to have a major impact on the slice security operations.

Nevertheless, the control and flexibility of the software defined security is an enabler for innovative slice defense strategy. Among 5G slicing related security concepts, two categories are emerging, in both cases using the ability to automate the manipulation of the system morphology:

- Micro-segmentation [11] can provide fine grain isolation, specific access control & security policies.
- Deception, overcoming historical honeypots, is assuming that advanced (often unknown/zero days) attacks will be defeated by deceiving the attackers with enabled dynamic/smart proactive security.

Security-as-a-Service should be a companion to 5G Slices. Not all tenants will have internal up-to-date expertise available to manage all security aspects. It is thus expected that a wide range of security will be delivered by managed security service providers. As an example, Identity and Access Management (IAM) as a Service will be key to distribute and control respective authorities and access across multiple 5G systems stakeholders. Many other security aspects (Key Management, Intrusion detection...) will be handled this way participating to the slice security.

Figure 2

Figure 2: Enabled Smart Slice security with Artificial Intelligence

Monitoring, Attack Detection and Remediation

As aforementioned, knowledge of slice security conditions is not straightforward considering the multiplicity of authority perimeters and the complexity of dependencies between sub-systems, services etc...  Slice security mandates continuous monitoring tracking events or anomalies end-to-end. This dynamic assessment may require both specific advanced tools but will have to face the boundaries of respective stakeholder perimeters. Monitoring or reporting security data is an open field. A particular case is the response to incident which basically require sharing of information from detection towards tenants or adjacent party interconnected.

As for protection deployment, detection and remediation are the purpose of smart AI-based strategies that may be applied on a per-tenant basis. Each and every tenant may for instance deploy its own probes for attack detection across his slice, in addition to some reporting delivered by the providers. Specific remediation strategies may then apply relying on specific critical asset knowledge on tenant side. One can obviously anticipate some remaining challenges with respect to the actual isolation (inter-dependencies) of the slices from other slice/underlying infrastructure or the need of signaling/exchanges between the actors. It should be also noticed that those exchanges are subject to potential attacks and should be secured (may be a specific dedicated “control and management” slice.)


The promising 5G Network Slicing won’t become a reality without embracing security concerns. Some of the specific weaknesses are resulting more from architectural patterns than basic technologies. The opportunity to transform security into smart, dynamic, accurate, fine grain strategies applications concomitantly with 5G evolution is both promising and needed.



[1] GENI, Global Environment for Network Innovation, Key GENI concepts,

[2] IETF, RFC 5212, Requirements for GMPLS-Based Multi-Region and Multi-Layer Networks (MRN/MLN)

[3] NGMN Alliance: "Description of Network Slicing Concept", Version 1.0, January 2016.

[4] NGMN Alliance: "5G Security Recommendations Package #2: Network Slicing” Version 1.0, April 2016.

[5] 3GPP TS 23.501, “System Architecture for the 5G System”,

[6] 3GPP TS 23.502, “Procedures for the 5G System”

[7] 3GPP TR 33.899, “Study on the security aspects of the next generation system”

[8] 3GPP TS 33.501, “Security architecture and procedures for 5G System”

[9] 5G PPP Phase 1 Security Landscape,

[10] Scott-Hayward, S., Natarajan, S., & Sezer, S. (2016). A Survey of Security in Software Defined Networks, IEEE Communications Surveys and Tutorials

[11] Olli Mämmelä, Jouni Hiltunen, Jani Suomalainen, Kimmo Ahola, Petteri Mannersalo, Janne Vehkaperä, “Towards Micro-Segmentation in 5G Network Security”. EuCNC 2016



Emmanuel DotaroEmmanuel Dotaro is the director of ICT and Security labs at Thales Secure Communications and Information Systems. He joined Thales in 2009 as director of innovation for C4I systems. Beside his current research and innovation management activity he is involved in various National and European ICT and Cybersecurity initiatives. He serves in both 5G-IA and ECSO PPP’s associations boards as well as various Technical Committees or clusters of the digital ecosystem. His current areas of interests are network virtualization and softwarization, cloud brokering, security as a service, security policies enforcement in 5G and IoT systems as well as certification, detection, remediation related security topics.



Marie-Paule OdiniMarie-Paule Odini is Distinguished Technologist in HPE with over 25 years of telecom experience. She is focusing on customer innovation and emerging trends in the communication industry including NFV, SDN, IoT, big data and 5G and leads technology discussions and solution roadmaps towards 5G inside HPE.  She is also involved in industry forums and standard organization such as ETSI NFV Vice Chair, IEEE SDN Chair and Editorial board member, 5G Americas co-author of Network Slicing and V2X white paper and more recently as co-chair of TIP (Telecom Infra Project) new E2E network slicing project.