5G Network Slice Isolation with WireGuard and Open Source MANO: A VPNaaS Proof-of-Concept

TL;DR

This paper presents a novel framework integrating WireGuard with open source MANO for secure, high-performance network slicing in 5G, demonstrating significant improvements in throughput and latency.

Contribution

It introduces the first OSM-WireGuard framework for 5G network slicing, enabling VPN-as-a-Service with enhanced security and performance.

Findings

OSM-WireGuard instantiation time is under 5 minutes.

Network throughput increases by up to 5.3 times with WireGuard.

Latency is reduced by up to 41% compared to OpenVPN.

Abstract

The fifth-generation (5G) mobile networks aim to host different types of services on the same physical infrastructure. Network slicing is considered as the key enabler for achieving this goal. Although there is some progress in applying and implementing network slicing in the context of 5G, the security and performance of network slicing still have many open research questions. In this paper, we propose the first OSM-WireGuard framework and its lifecycle. We implement the WireGuard secure network tunneling protocol in a 5G network to provide a VPN-as-a-Service (VPNaaS) functionality for virtualized network functions. We demonstrate that OSM instantiates WireGuard-enabled services up and running in 4 min 26 sec, with potential the initialization time to go down to 2 min 44 sec if the operator prepares images with a pre-installed and up-to-date version of WireGuard before the on-boarding process. We also show that the OSM-WireGuard framework provides considerable enhancement of up to 5.3 times higher network throughput and up to 41% lower latency compared to OpenVPN. The reported results show that the proposed framework is a promising solution for providing traffic isolation with strict latency and throughput requirements.