Secure Service Implementation with Slice Isolation and WireGuard

TL;DR

This paper explores using WireGuard to provide encrypted VPN tunnels for secure, isolated network slices in 5G networks, demonstrating performance suitable for real-world cellular deployments.

Contribution

It presents a novel application of WireGuard for slice isolation in 5G, with real-life scenario evaluations showing its effectiveness and performance alignment with 5G KPIs.

Findings

Throughput ranges from 0.8 Gbps to 2.5 Gbps

Latency remains below 1 millisecond

WireGuard meets 5G performance standards

Abstract

Network slicing enables the provision of services for different verticals over a shared infrastructure. Nevertheless, security is still one of the main challenges when sharing resources. In this paper, we study how WireGuard can provide an encrypted Virtual Private Network (VPN) tunnel as a service between network functions in 5G setting. The open source management and orchestration entity deploys and orchestrates the network functions into network services and slices. We create multiple scenarios emulating a real-life cellular network deploying VPN-as-a-Service between the different network functions to secure and isolate network slices. The performance measurements demonstrate from 0.8 Gbps to 2.5 Gbps throughput and below 1ms delay between network functions using WireGuard. The performance evaluation results are aligned with 5G key performance indicators, making WireGuard suited to provide security in slice isolation in future generations of cellular networks.