Introduction to 5G NetworkArchitecture
Overview of RAN and Core Network Domains
In a 5G deployment the Radio Access Network (RAN) and the 5G Core (5GC) are tightly coupled domains that together deliver end‑to‑end services such as enhanced mobile broadband (eMBB), ultra‑reliable low‑latency communication (URLLC), and massive machine‑type communication (mMTC).
- RAN comprises gNodeBs (gNBs), optional ng-eNBs for LTE interworking, and the Xn/X2 interfaces that enable inter‑gNB handover and load sharing. The RAN terminates the radio protocol stack (MAC, RLC, PDCP, SDAP) and maps user‑plane traffic to the NG‑U interface toward the UPF. - 5GC follows a service‑based architecture (SBA) with network functions (NFs) such as AMF (Access and Mobility Management Function), SMF (Session Management Function), UPF (User Plane Function), PCF (Policy Control Function), UDM (Unified Data Management), and AUSF (Authentication Server Function). Control‑plane signalling traverses the NG‑C interface (using SCTP‑based NGAP) while user‑plane traffic uses NG‑U (GTP‑U over UDP).
The service consequence of any mismatch between these domains appears first as a signalling or user‑plane anomaly at the NG interface, which then propagates to the UE‑visible service (e.g., failed attach, PDU session establishment delay, or QoS degradation).
Key Components and Interfaces
| Domain | Primary NF / Element | Key Interface(s) | Protocol Stack (Control) | Protocol Stack (User) |
|---|---|---|---|---|
| RAN | gNB (CU‑CP, CU‑UP, DU) | NG‑C (gNB‑AMF), NG‑U (gNB‑UPF), Xn (gNB‑gNB), X2 (eNB‑eNB for LTE) | NGAP over SCTP | GTP‑U over UDP (NG‑U) |
| 5GC | AMF, SMF, UPF, PCF, UDM, AUSF | NG‑C, NG‑U, N1 (UE‑AMF), N2 (AMF‑gNB), N3 (UPF‑gNB), N4 (SMF‑UPF), N5‑N11 (various NF‑NF) | HTTP/2 + JSON (SBA) or Diameter (legacy) | GTP‑U over UDP (NG‑U, N3, N4) |
| Transport | Routers, switches, IP/MPI networks | Any IP‑based transport (e.g., MPLS, SRv6) | – | – |
When any of these interfaces carry incompatible protocol versions, mismatched timers, or insufficient resources, the signal‑to‑service ladder looks like:
- Signal – NGAP message (e.g., Initial UE Message) fails to get a response or is rejected with an unexpected cause value.
- Service Impact – UE remains in RRC_IDLE, no PDU session is established, or the session is set up with a QoS profile that does not match the subscribed service.
- Customer‑Visible Outcome – No data connectivity, video buffering, or URLLC latency breach → customer complaint or SLA violation.
Systemic Mismatch Causes and Effects ## Incompatible Network Protocols and Signaling
Protocol incompatibility often surfaces during network slicing roll‑outs or when a vendor‑specific extension is introduced on one side but not the other. Examples:
- NGAP version skew – gNB implements Release 16 NGAP (supporting UE‑Radio Capability ID) while AMF only understands Release 15. The AMF may reject the Initial UE Message with Cause = “Protocol error, unspecified”, leading to attach failure. - GTP‑U extension header mismatch – UPF expects a specific PDU session extension header (e.g., QoS Flow Identifier) that the gNB does not insert, causing the UPF to drop packets silently.
- Diameter vs. HTTP/2 SBAs – Legacy PCF using Diameter Gx while SMF expects HTTP/2‑based PCC rules results in policy not being applied, causing QoS mis‑alignment.
Signal‑to‑Service Ladder for NGAP version skew:
- Signal – gNB sends NGAP Initial UE Message with IE UE‑RadioCapabilityID.
- Interpretation – AMF (Release 15) does not recognize the IE, treats it as unknown and discards the message per NGAP error handling. 3. Service Impact – No Initial Context Setup Request is generated; UE stays in RRC_IDLE.
- Customer Outcome – UE shows “No Service” or “Emergency Calls Only”; user cannot initiate any data session.
Insufficient Resource Allocation and QoS Management Even when protocols match, resource exhaustion at the interface level creates systemic mismatch:
- NG‑C SCTP association overload – Too many concurrent NGAP messages cause SCTP retransmission storms, increasing round‑trip time (RTT) beyond the T3500 timer, leading to AMF‑initiated UE context release.
- NG‑U GTP‑U tunnel limits – UPF port exhaustion (e.g., >64k GTP‑U tunnels per instance) results in new PDU session requests being dropped with Cause = “No resources available”.
- QoS policer mis‑configuration – AMF subscribes a 5QI with a guaranteed bit rate (GBR) that the UPF cannot enforce due to missing DSCP mapping, causing best‑effort treatment for latency‑critical services.
Signal‑to‑Service Ladder for GTP‑U tunnel exhaustion:
- Signal – SMF sends Create Session Request to UPF with a new TEID.
- Interpretation – UPF checks its tunnel table; finds it full, returns Create Session Response with cause “No resources available”.
- Service Impact – SMF aborts PDU session setup, sends PDU Session Release Command to UE via AMF.
- Customer Outcome – UE experiences a “dedicated bearer failure” for URLLC traffic; application sees sudden jitter increase or packet loss.
Impact on Network Performance and User Experience
When mismatches persist, the degradation radius expands:
- Control‑plane storms cause increased paging load, reducing battery life for idle UEs.
- User‑plane blackholes lead to TCP retransmission spikes, lowering average throughput and increasing application‑layer latency (e.g., video start‑up time >4 s).
- Slice isolation breach – Mis‑matched QoS policies allow best‑effort traffic to consume resources reserved for URLLC, causing jitter violations for industrial IoT use cases.
Operational teams observe these effects as rising KPIs:
- Attach Success Rate dropping below 98 %
- PDU Session Setup Success Rate falling under 95 %
- Average DL Throughput per cell decreasing >20 % during peak hours
- URLLC 95th‑percentile latency exceeding the 5 ms target
Troubleshooting Systemic Mismatch Issues
Identifying Symptoms and Isolating Problems
The first step is to map the observed symptom to a specific interface using the signal‑to‑service ladder. Typical observable symptoms and their likely domain:
| Symptom (OSS/BSS alarm or customer ticket) | Likely Mismatch Point | Initial Diagnostic Question |
|---|---|---|
| “UE attach fails with cause #3 (Illegal UE)” | NG‑C (gNB‑AMF) – Authentication or NAS security mismatch | Is the UE’s 5G‑GUTI recognized by AMF? |
| “PDU session establishment timeout (T3596)” | NG‑U (gNB‑UPF) – GTP‑U path failure | Is there a reachable route from gNB to UPF on the NG‑U interface? |
| “Video buffering spikes during peak hour” | QoS policy mis‑alignment (PCF‑SMF) | Are the 5QI/ARP values received by UE matching the subscribed profile? |
| “Inter‑gNB handover failure (Xn) – UE drops to LTE” | Xn interface – Handover preparation failure | Are XnAP Handover Request/Response messages exchanged successfully? |
A disciplined troubleshooting flow follows:
- Collect UE‑side logs (via drive test or UE‑based logger) to confirm the exact NAS/NGAP cause value. 2. Correlate with NF logs (AMF, SMF, UPF) using a common timestamp (e.g., NTP‑synced).
- Check interface counters (NG‑C SCTP, NG‑U GTP‑U, Xn/X2 SCTP) for drops, retransmissions, or resource exhaustion.
- Validate protocol versions via NF configuration (e.g.,
show versionor YANG model). - Confirm resource pools (e.g., GTP‑U TEID range, SCTP stream limits) are not exhausted.
Using Diagnostic Tools and Logging Mechanisms
| Tool / Log | What it Reveals | Typical Command / Query |
|---|---|---|
| ngrep / tcpdump on NG‑C | NGAP message flow, cause IE values | sudo ngrep -d any port 38412 |
| Wireshark with NGAP/GTP‑U dissectors | Deep packet inspection of IEs, timers | Apply display filter ngap or gtpv2 |
| Prometheus metrics (exposed by NFs) | NGAP message rates, SCTP retransmissions, GTP‑U tunnel count | ngap_msg_total{interface="NG-C",msg_type="InitialUEMessage"} |
| OSS event correlator (e.g., Nokia NetAct, Ericsson OSS) | Cross‑domain alarm correlation, root‑cause suggestions | UI drill‑down from “Attach Failure” alarm |
| kubectl logs (for cloud‑native NFs) | Container‑level logs, crash loops | kubectl logs -n 5gcore amf-0 |
| NetConf/RESTCONF RPC | Retrieve live YANG data (e.g., interface stats, version) | netconf-ssh --host amf.example.com --get-config --filter "<interfaces/interface[name='ngc0']>" |
| UE‑based diagnostic app (e.g., Qualcomm QXDM) | RRC state, NAS timers, PDU session status | Capture log and filter for EMM/ESM messages |
When a mismatch is suspected, enable debug logging on the NFs involved (e.g., log level debug ngap on AMF) but restrict it to a specific UE IMSI or TAC to avoid log flood.
Example CLI Commands for Troubleshooting
Below are representative CLI snippets for a typical vendor‑agnostic, Linux‑based gNB and a cloud‑native AMF/UPF deployment. Adjust paths and credentials per your environment.
1. Verify NG‑C SCTP association state on gNB
# Assuming the gNB runs on a Linux host with SCTP stack
ss -sctp state ESTABLISHED | grep 38412
# Expected output: sctp ESTAB 0 0 *:38412 *:* users:(("gnb",pid=1234,fd=5))If the association is TIMEWAIT or absent, check the AMF reachability:
ping -c 3 <AMF_IP>
traceroute <AMF_IP>2. Inspect NGAP message counters via Prometheus (gNB exporter)
# Example output:
# ngap_msg_total{msg_type="InitialUEMessage",direction="uplink"} 1245
# ngap_msg_total{msg_type="InitialUEMessage",direction="downlink"} 1230
# ngap_msg_total{msg_type="ErrorIndication",direction="downlink"} 15A rising ErrorIndication counter often points to protocol mismatches.
3. Check GTP‑U tunnel count on UPF (containerized)
kubectl exec -n 5gcore upf-0 -- ss -u state ESTABLISHED | grep -c :2152
# Should be well below the configured limit (e.g., 60000)If the count approaches the limit, look for stale tunnels:
kubectl exec -n 5gcore upf-0 -- gtpu-tunnel-stats --stale-threshold 864004. Validate NGAP version compatibility via NetConf
netconf-ssh --host amf.example.com --username admin --password **** \
--get-config --filter "<ngap><version/></ngap>"Expected response:
<ngap>
<version>release-16</version>
</ngap>If the gNB reports release-16 while AMF shows release-15, plan a coordinated upgrade. ### 5. Capture NGAP trace on the AMF side (temporary)
# Enable debug for a specific IMSI (replace with actual)
curl -X POST http://amf.example.com:8080/onos/v1/debug/ngap \
-H "Content-Type: application/json" \
-d '{"imsi":"208930000000001","level":"debug"}'Then retrieve logs:
kubectl logs -n 5gcore amf-0 | grep ngapLook for messages like:
[NGAP] RX InitialUEMessage from gNB-123 (IMSI=208930000000001) IE UE-RadioCapabilityID present -> unknown -> DISCARDThat log entry directly explains the attach failure. # Code Examples for RAN-Core Network Integration
Implementing X2/Xn Interface for Inter-RAT Handover
The following Python snippet uses the pysctp library to simulate an XnAP Handover Preparation request from a source gNB to a target gNB. In practice, the gNB software would generate this, but the example shows the exact IE encoding needed for interoperability validation.
import sctpimport struct
def build_xnhandover_prep(target_gnb_id, source_gnb_id, ue_id):
"""
Build a minimal XnAP Handover Preparation message.
This is illustrative; real implementations use ASN.1 PER encoding.
"""
# Simplified IE: Message Type (Handover Preparation = 1)
msg_type = struct.pack("!B", 0x01)
# IE: Source gNB ID
src_gnb_ie = struct.pack("!HH", 0x01, source_gnb_id) # IE-ID=1, length=2
# IE: Target gNB ID
tgt_gnb_ie = struct.pack("!HH", 0x02, target_gnb_id) # IE-ID=2, length=2
# IE: UE ID (e.g., AMF UE NGAP ID)
ue_ie = struct.pack("!IH", 0x03, ue_id) # IE-ID=3, length=4
payload = msg_type + src