The BroadForward Security Edge Protection Proxy (BroadForward SEPP) enables secure interconnect between 5G networks. The SEPP ensures end-to-end confidentiality and/or integrity between source and destination network for all 5G interconnect roaming messages.
BroadForward SEPP
The BroadForward SEPP is an industry leading software solution offering operators a cutting-edge 5G network function tailored for edge services, including interconnect routing. The BroadForward SEPP powered the world’s first 5G Standalone Roaming connection.
The SEPP is built upon the BFX framework, a robust and award-winning signaling architecture boasting over a decade of demonstrated excellence in the 3G and 4G core network functions. By design it includes support for the BroadForward STP and DRA/DEA, and it ensures the BroadForward SEPP can guarantee a smooth migration to 5G. Operators familiar with the BFX software architecture will recognize the graphical user interface and innovative BFX features, such as conversion and list profiles, empowering operators to continue their operational excellence in the 5G landscape.
The BroadForward SEPP is delivered as a turnkey software solution and adheres to the latest security standards defined in the 3GPP specifications, incorporating TLS security up to version 1.3 and OAuth2 support for peer authentication. he BroadForward SEPP is a fully software-based solution, supporting the following features:
- NRF registration for SEPP
- N32c interface support with TLS
- N32f interface support with TLS
- Dynamic peer discovery via DNS for remote SEPP service
- NRF service discovery, subscription and notification
- Onboard gRPC interface support for HTTP traffic monitoring & forwarding, enabling direct integration with network monitoring and analysis system
- OAuth2 support for peer authentication
- Certificate management (creation, upload/download, validity checking)
- Flexible routing on any parameter (non-encrypted for IPX SEPP)
- Support for Outsourced-SEPP and Hosted-SEPP (GSMA NG.113 multi-tenancy environment)
- Support for transport layer security (TLS) up to version 1.3
- Support for 5G firewalling according to FS.36 (roadmap)
- Support for load balancing
- Support for Egress/Ingress limitation
- Supporting high-available and geo-redundant deployment models
- Full GUI based signaling orchestration and system management, configurable service logic, no need for scripting or development
- Optional (on-board) support for:
SEPP multitenancy for Hosted and Outsourced SEPP
With the BroadForward SEPP solution, a Hosted or Outsourced SEPP can be deployed as individual SEPP per tenant or in a multitenant setup. In the multitenant deployment model, one single BroadForward SEPP instance can provide SEPP functions for multiple tenants (MNO’s, MVNO’s or Enterprises). All inbound and outbound routes can be managed by each tenant individually via the onboard API which can be accessed by a customer portal provided by the hosting party. In this setup, the BroadForward SEPP message flows allow traffic separation based on tenant-ID. Event Detail Records (EDR) are split per tenant to provide tenant specific EDR files. The multitenant SEPP will maintain individual N32 connections for each tenant. It can be configured to allow direct N32 communication between tenants, reducing the overall capacity requirement.
Virtualized, cloud-based and containerized deployment
The BroadForward SEPP provides unmatched flexibility with various deployment options, including bare metal, virtual machines, containers, and cloud environments, all while maintaining a low resource footprint. This 100% software-based, hardware-agnostic solution eliminates the need for specialized hardware or proprietary operating systems. Deploying the BroadForward SEPP on a common platform facilitates the transition for operators and vendors from proprietary appliance systems to a standardized, hardware-agnostic, software-only infrastructure.