The BroadForward Security Edge Protection Proxy (BroadForward SEPP) enables secure interconnect between 5G networks. The SEPP ensures end-to-end confidentiality and/or integrity protection between source and destination network for all 5G interconnect roaming messages.
BroadForward SEPP
The BroadForward SEPP is an industry leading software solution offering operators a cutting-edge 5G network function tailored for edge services, including interconnect routing. The BroadForward SEPP powered the world’s first 5G Standalone Roaming connection. Also see: BroadForward again recognized by Kaleido as Champion vendor for signaling security
The SEPP is built upon the BFX Unified Signaling Core (USC), a robust and award-winning signaling architecture boasting over a decade of demonstrated excellence in the 3G and 4G core network functions. By design it includes support for the BroadForward STP and DRA/DEA, and it ensures the BroadForward SEPP can guarantee a smooth migration to 5G. Operators familiar with the BFX software architecture will recognize the graphical user interface and innovative features, such as conversion and list profiles, empowering operators to continue their operational excellence in the 5G landscape.
The BroadForward SEPP is delivered as a turnkey software solution and adheres to the latest security standards defined in the 3GPP specifications, incorporating TLS security up to version 1.3 and OAuth2 support for peer authentication. The BroadForward SEPP is a fully software-based solution, supporting the following features:
- NRF registration for SEPP
- N32c interface support with TLS
- N32f interface support with TLS
- Dynamic peer discovery via DNS for remote SEPP service
- NRF service discovery, subscription and notification
- Onboard gRPC interface support for HTTP traffic monitoring & forwarding, enabling direct integration with network monitoring and analysis system
- OAuth2 support for peer authentication
- Certificate management (creation, upload/download, validity checking)
- Flexible routing on any parameter (non-encrypted for IPX SEPP)
- Support for Outsourced-SEPP and Hosted-SEPP (GSMA NG.113)
- Support for transport layer security (TLS) up to version 1.3
- Support for 5G firewalling according to FS.36 (roadmap)
- Support for load balancing
- Support for Egress/Ingress limitation
- Supporting high-available and geo-redundant deployment models
- Full GUI based signaling orchestration and system management, configurable service logic, no need for scripting or development
- Optional (on-board) support for:
SEPP multi-tenancy for Hosted and Outsourced SEPP
With the BroadForward SEPP solution, a Hosted or Outsourced SEPP can be deployed as individual SEPP per tenant or in a multi-tenant setup. In the multi-tenant deployment model, one single BroadForward SEPP instance can provide SEPP functions for multiple tenants (MNO’s, MVNO’s or Enterprises). All inbound and outbound routes can be managed by each tenant individually via the onboard API which can be accessed by a customer portal provided by the hosting party. In this setup, the BroadForward SEPP message flows allow traffic separation based on tenant-ID. Event Detail Records (EDR) are split per tenant to provide tenant specific EDR files. The multi-tenant SEPP will maintain individual N32 connections for each tenant. It can be configured to allow direct N32 communication between tenants, reducing the overall capacity requirement.
Also see: Industry perspectives: The adoption of SEPP for 5G roaming – why it matters and what’s next
Virtualized, cloud-based and containerized deployment
The BroadForward SEPP provides unmatched flexibility with various deployment options, including bare metal, virtual machines, containers, and cloud environments, all while maintaining a low resource footprint. This 100% software-based, hardware-agnostic solution eliminates the need for specialized hardware or proprietary operating systems. Deploying the BroadForward SEPP on a common platform facilitates the transition for operators and vendors from proprietary appliance-based systems to a standardized, hardware-agnostic, software-only infrastructure.