The revision of guidelines from the Ministry of Internal Affairs and Communications and the Ministry of Health, Labour and Welfare have prompted local governments and hospitals to build private 5G (dedicated 5G networks in Japan hosted by entities outside the communication service sector is referred to as private 5G in this paper) networks on their existing infrastructure, aligning with these updates. Despite the increasing trend towards integration, the need to maintain network separation for security reasons persists. Therefore, it is imperative to implement network separation throughout the entire network, including the private 5G network, to ensure robust security measures are upheld. This paper aims to present a method for expanding virtual network technology, a widely embraced core component of NEC’s SDN solution, by integrating it with private 5G technology.

1. Introduction

The Japanese market for network equipment for businesses is projected to experience a strong annual average growth rate of 2.4% from 2021 to 2026¹⁾. However, despite this optimistic forecast, Japan grapples with a persistent shortage of IT personnel due to population decline and an aging workforce. This shortage raises concerns about the potential implications for the effective operation and management of IT systems.

NEC has been proposing software-defined networking (SDN) as a solution to tackle network operation challenges. SDN offers centralized control and management of devices through software, eliminating the need for individual device building and management. At the core of NEC’s SDN solution are virtual networks, which facilitate rapid and efficient establishment of secure networks by logically separating them without being constrained by physical configurations. This approach not only enhances security but also reduces costs by minimizing dependence on physical equipment.

The novel coronavirus infection (COVID-19) pandemic has accelerated the implementation of digital transformation (DX) within companies, resulting in a significant shift in work styles. However, this shift has introduced new challenges, particularly the increasing number of devices connected to networks. To address these challenges effectively, it is crucial to establish an environment that enables seamless communication among a wide range of IT and OT devices, both within and beyond the company premises.

To address this challenge, NEC proposes a solution to integrate the Local Area Network with the Radio Access Network (LAN/RAN). Through this integration, the benefits that SDN originally offered to corporate networks (LAN), are extended to private 5G networks connected to LAN, creating new opportunities for enhanced value generation. This approach enables the building and operation of a network infrastructure that facilitates seamless communication regardless of user location or device.

In this paper, we will introduce two representative industry-specific use cases in section 2, wherein we will provide more specific details regarding the need for network separation and expansion to private 5G. Next, in section 3, we will explain the virtual network technology required to realize these use cases, and finally, we will conclude the paper by summarizing our key findings.

2. Market Trends and Envisioned Use Cases

Taking into account the government’s initiatives, we will provide an explanation regarding the importance of network separation as presented in section 1.

2.1 Separation of local government networks

Local governments utilize the Internet for communicating with external vendors while relying on a closed-environment network system called Local Government Wide Area Network (LGWAN) for comprehensive administrative purposes. In order to address Internet-related threats such as preventing information leaks within this structure of multiple networks, the Ministry of Internal Affairs and Communications has issued guidelines²⁾ stressing the necessity of network separation focused on three security policies related to the My Number Card, LGWAN, and Internet. Additionally, regional revitalization initiatives, including the concept of a digital Garden City, have emerged as a critical area of focus, and collaborative efforts between local governments and local companies, leveraging advanced technology, have been recognized as a key solution in the guidelines for effectively achieving regional revitalization. Preliminary verifications have also been conducted in some municipalities as subsidized projects from the fiscal year 2020 to 2022. At NEC, we have developed a use case that utilizes private 5G technology as a foundation for implementing digital transformation (DX) in areas such as store openings, crime prevention, cleaning, protection of animals and plants, safeguarding cultural properties, and disaster prevention in urban parks. By implementing network separation, it becomes possible to connect the responsible divisions of local governments with designated vendors for each category, enabling operation under different security policies (Fig. 1).

2.2 Separation of hospital networks

The Ministry of Health, Labor, and Welfare’s guidelines for hospital LAN networks emphasize the importance of preventing patient information leakage from the electronic medical record system to the Internet and highlights the need to separate the electronic medical record system from the business LAN that is connected to the Internet. Furthermore, in the field of remote medical care, the utilization of smart glasses and surgical support robots has been advancing as an innovative approach to medical treatment. In this critical field, where any interruption in surgical procedures and medical examinations is unacceptable, ensuring reliable communication quality is of utmost importance. To meet these requirements, the implementation of private 5G technology can ensure stable communication quality for telemedicine and implementing network separation for both LAN and private 5G can enhance the level of security (Fig. 2).

3. Virtual network technology and private 5G virtualization technology

In local government and hospital networks, a prevalent LAN configuration consists of a three-layer structure. At the top layer, redundant core switches are strategically positioned. Just below them, multiple distribution switches are deployed, and further down the hierarchy, multiple access switches are placed.

In this three-layer LAN structure, devices and servers communicate through routing based on the assigned subnets. The core switch or distribution switch, which have Layer 3 (L3) functionality, handle the assignment of subnets to different organizations or purposes.

With the utilization of virtual network technology, the LAN structure described can be effectively represented by employing a single virtual router along with multiple virtual switches interconnected to it. Each virtual switch is assigned one or more subnets. Alternatively, it is possible to configure multiple virtual networks on the same physical network by utilizing the Virtual Router Function (VRF) and VLAN capabilities of the switches (Fig. 3).

Section 3 describes two methods for expanding virtual network technology using the following 5G technologies:

This section also explains the approach used to ensure end-to-end communication quality on the virtual network that combines LAN and private 5G that was established using the method described in the previous section.

3.1 Expanding virtual network technology through APN

In private 5G, the network accessible to devices is defined as an Access Point Name (APN). It is also possible to define multiple APNs on the User Plane Function (UPF) that handles traffic processing on the 5G network. In this case, the IP addresses assigned to the devices will be included in the subnet allocated to the corresponding APN. Therefore, the role of APNs in the configuration of private 5G is equivalent to the Layer 3 (L3) functionality in LAN, where each APN represents a subnet configuration.

The virtual network based on these factors is depicted in Fig. 4.

When organizing the correspondence between various devices and functions on the private 5G network and the LAN network, we can align the UPF with a distribution switch and the APN with VRF. Additionally, we can consider the Central Unit (CU) and Distributed Unit (DU) as access switches, and the Radio Unit (RU) as an access point. Based on this organization, an APN can be represented as a single virtual switch on a virtual network.

3.2 Expanding virtual network technology through the 5G LAN-Type Service

The 5G LAN-type Service enables device grouping through VN (Virtual Network) groups and allows for communication permissions limited to the grouped range. Additionally, it is possible to define multiple VN groups and allocate subnets to them for a specific APN.

In other words, VN groups can be seen as playing an equivalent role to VLANs in LAN. The virtual network based on this understanding is illustrated in Fig. 5.

By configuring multiple VN groups with assigned subnets on the private 5G network, it becomes possible to represent a single APN on a virtual network as multiple virtual switches.

3.3 Virtual network technology and communication quality assurance

To ensure communication quality on the network, LAN utilizes Type of Service (ToS) and Differentiated Services Code Point (DSCP) to control prioritization. Similarly, 5G incorporates Quality of Service (QoS) flows to guarantee communication quality. Combining these approaches, a unified communication prioritization control method for both LAN and private 5G has been proposed by Sandesh Dhawaskar Sathyanarayana et al³⁾. By employing this method and defining a single communication policy on the virtual network, it may be possible to achieve easier assurance of communication quality when private 5G devices access servers within the LAN (Fig. 6).

4. Conclusion

Virtual network technology has gained significant market recognition for its capacity to rapidly and efficiently establish secure networks for businesses, while also enabling cost savings through the reduction of physical equipment. Looking ahead, the integration of private 5G is expected in the networks of local governments and hospitals.

In light of these evolving market dynamics, we are dedicated to ongoing research and development efforts. Our goal is to ensure the continual delivery of the values of safety, security, efficiency, and comfort, which have been successfully achieved through virtual network technology.

References

Authors’ Profiles

Related URL: