5G QoS: Impact of Security Functions on Latency

TL;DR

This paper investigates how security functions, specifically intrusion prevention systems, impact latency in 5G URLLC services and proposes a model to predict system load while maintaining strict latency requirements.

Contribution

It introduces a software architecture using off-the-shelf hardware and open-source software to implement security functions that meet URLLC latency standards in 5G networks.

Findings

Security functions can be optimized to meet URLLC latency requirements

A predictive model for system load under security constraints is developed

Experimental validation using Snort demonstrates practical feasibility

Abstract

Network slicing is considered a key enabler to 5th Generation (5G) communication networks. Mobile network operators may deploy network slices -- complete logical networks customized for specific services expecting a certain Quality of Service (QoS). New business models like Network Slice-as-a-Service offerings to customers from vertical industries require negotiated Service Level Agreement (SLA) contracts, and network providers need automated enforcement mechanisms to assure QoS during instantiation and operation of slices. In this paper, we focus on ultra-reliable low-latency communication (URLLC). We propose a software architecture for security functions based on off-the-shelf hardware and open-source software and demonstrate, through a series of measurements, that the strict requirements of URLLC services can be achieved. As a real-world example, we perform our experiments using the intrusion prevention system (IPS) Snort to demonstrate the impact of security functions on latency. Our findings lead to the creation of a model predicting the system load that still meets the URLLC latency requirement. We fully disclose the artifacts presented in this paper including pcap traces, measurement tools, and plotting scripts at https://gallenmu.github.io/low-latency.