[Study Note] DCRS and SAS : Private Network

### :book: Study Note : Private Documentation :::success List the essential information of this study note. 1. Private Network 2. CBRS (Citizens Broadband Radio Service) 3. SAS (Spectrum Access System) 4. Reference ::: --- ## 1. Private Network ### 1.1 Definitions Private 5G is a cellular network technology that offers fifth-generation (5G) connectivity for private use cases, providing restricted access while functioning similarly to public 5G networks. It serves various entities such as private businesses, third-party providers, and municipalities as an alternative to Wi-Fi and other wireless options like public LTE and 5G. Unlike public networks, private 5G allows organizations to deploy their own cellular infrastructure using shared spectrum, such as the CBRS band, granting them control over security and access while benefiting from high-speed 5G connectivity. ### 1.2 3GPP on Private Network To support private networks, 3GPP developed the non-public networks concept in 5G for: * Network control (applying configuration and control that is not possible through the public networks). * Achieving sufficiently low latency for critical operations. * Guaranteed coverage indoors and inside the industrial shops and industries (throughout the premises, if outside connectivity is not required). * Higher performance (to provide industrial operators with controlled configurations and quality of service). * Applying security based on roles, access, positions etc. specific to the needs of the vertical or entity. As 5G is designed to employ a service-based architecture [TS23.501], it is now possible to place the core network control and data plane functions in distributed locations rather than needing to keep them all together in the central location of a mobile network operator. This flexibility enables different vertical industries to meet their specific requirements, such as low latency, jitter and bandwidth aggregation, close to the devices. Also, 5G has introduced application functions which can be located near the premises or in the cloud. Through the network slicing concept, a 5G core and RAN can provide isolated and QoS maintained services, thereby enabling vertical industries to provide their respective customers with a service level agreement (SLA). 3GPP R15 introduced a completely isolated standalone NPN (SNPN) while R16 improved and worked on the SNPN devices requirements. However, 3GPP R16 does not allow SNPNs to interconnect with SNPN devices or to connect to a PLMN (public land mobile network). This is primarily for security and traceability reasons. The SNPN devices are private and un-trusted for the PLMN (public land mobile network) unless they are registered for a PLMN service. Operators are subject to rules and regulatory requirements for public networks, but these restrictions are not imposed on standalone private networks. 3GPP R16 specifies the ability to identify, discover, select and implement access control for NPNs. In addition, section 5.30 of TS23.501(R16) supports SNPN access via PLMN. In R17, 3GPP extends the SNPN service to allow Authentication, Authorisation and Accounting (AAA) and specifies user equipment (UE) onboarding for 5G connectivity and remote provisioning for accessing NPN services. In this release, 3GPP also allows IMS voice and emergency services for the SNPN. Further work is continuing in 3GPP studies to enhance NPN capabilities. ### 1.3 Benefits of 5G Private Networks The industry 4.0 concept introduces cellular wireless connectivity into industrial networks. Private wireless networks provide a number of advantages to an industrial operator or enterprise, including ultra-low latency, privacy, security and aggregation of high-bandwidth data, while modernising the manufacturing lines by enabling them to share equipment, mobile robots and Automated Guided Vehicles (AGVs) at different times. The following diagrams from 5G Americas illustrate the development of the addressable market for private networks in different industry sectors over time and estimate the revenue opportunities. As Figure 2 indicates, manufacturing industries will be significant users of private networks to generate revenues and Benefits of 5G Private Networks cost savings. Without cellular wireless connectivity, a device needs to be connected with a long Ethernet cable, making it difficult to move it across the manufacturing floor. Another advantage of a private network is that the data plane of the 5G system can be on site so customer data need never leave the industrial owner’s premises. Most mobile network operators can support private networks with secure access to their public networks. A private network can be standalone with private spectrum, or it can use national licenced spectrum or unlicenced spectrum depending on the applications employed. ![image](https://hackmd.io/_uploads/S1GX39Hh6.png) ### 1.4 Types of Private Networks There are a several types of private networks discussed in many industry groups. Many of them originated from 5G ACIA NPN White Paper and 3GPP 5G Specification. 1) Standalone private networks without any access to and from PLMN 2) Standalone private networks with MNO providing shared RAN 3) Public network integrated private networks using RAN and control sharing 4) Public network integrated private networks using end-to-end network slicing Note : red icons indicate the system is managed by an MNO (Mobile Network Operator) and blue icons signify the system is managed by the enterprise. Red and blue colours indicate the component is shared (e.g. shared RAN and database). ![image](https://hackmd.io/_uploads/BJwCacShT.png) :::info Note Definitions : 1. **NPN or non-public network** is the term 3GPP uses to refer to private 5G networks tailored to different vertical industries. The implementation and placement of the 3GPP network functions and application functions vary due to the vertical industry requirements. A NPN is made possible by the distributed and service-based architecture (SBA) in 3GPP 5G (starting from R15). A NPN can be offered by a mobile network operator or a third-party service provider. NPNs can be standalone or integrated with a public network. 2. A **PNI-NPN (Public Network Integrated Non-Public Networks)** is another configuration of NPN where the private network is connected and integrated with the MNO’s PLMN network, typically using the national licenced spectrum. The MNO and the industrial operator may agree on placement of the user-data plane on-site and the RAN could be made private for the enterprise. In this case, the MNO uses 5G network slicing to offer isolation and security protection of customer data and control messages. A PNI-NPN is useful when enterprise applications do not require critically low latency operations. This option is favoured when the industrial owner does not have the capacity to run 5G operations in-house and maintain the quality of their own vertical products and services. ::: #### 1.4.1 Standalone Non-Public Networks (SNPN) A SNPN network is usually a self-contained standalone network, which is operated by an industrial operator with leased, unlicenced or privately licenced spectrum, which is blocked for access outside the enterprise,as shown in Figure below. The implementation has its own radios and 5G network system components, storage and LAN to ensure applications can run quickly and have the capacity they need. ![image](https://hackmd.io/_uploads/SyNoeiH26.png) ::: info Figure above shows 5G core components and RAN all located inside the enterprise without any PLMN connection. The 5G core components contain both control and data plane functions. Multiple radios are possible in one SNPN. As discussed above, an enterprise may contain different domains. While an isolated SNPN provides autonomy, data privacy, low latency, local wireless and availability of 5G operations with in-house networks and devices, it can come with a few challenges. These networks require regular maintenance and QoS validation of the connection. There is the possibility of security attacks and leaks of radio signals,and they will require software upgrades and integration with different components of the network. Unlicenced spectrum coverage may be insufficient, so there may be a need for an MNO or third party to integrate spectrum coverage for a larger space. ::: Options Deployment : 1) A connection to a PLMN network for voice and data in case of an emergency. 2) SNPN with shared RAN: In this scenario, 5G network components (including the user data base and authentication service and data) are all inside the enterprise premises, but the spectrum is provided by the MNO. The public network and the isolated private network could share a RAN where the spectrum is hosted/shared by the PLMN. With a spectrum sharing solution enabled, both networks may share the antenna and a RF combiner or an antenna and a base station. These solutions are often based on 3GPP Multi-Operator Core Network (MOCN) or Multi-Operator Radio Access Networks (MORAN) technology 3) A connection to a PLMN network as a backup or a failover network (for example, a utility network may need a fallback connection for public safety or regulatory aspects). 4) Allowing devices from a PLMN network into the SNPN network to connect after the user device registers and authenticates itself through the PLMN network (a prior agreement between the PLMN and the SNPN owner must exist). 5) Similarly, 3GPP specifications may allow selected SNPN devices (which are registered to the PLMN network) to access a PLMN network during shipment or transit. #### 1.4.2 Public Network Integrated Non-Public Networks (PNI-NPN) **Option 1**: A fully remote managed service in which the MNO employs network slices to isolate private networks for each enterprise or the customers of the enterprise. This option provides a high-level of security and can ensure compliance with an SLA. This is a suitable option when there is no demanding low latency requirement and no local offload of data for processing is required on-site. **Option 2**: The MNO and the industry operator agree to place the dedicated or shared 5G RAN/radio and part of the 5G core (UPF, NWDAF or other core functions) on-site for low latency, data offloading and local processing support. In this configuration, most of the control plane remains in the MNO network. A closed access group (CAG) mechanism is used in PNI-NPN configuration to isolate the RAN cells and protect the private network from public network traffic. ### 1.5 Private 5G vs Wi-Fi Private 5G and Wi-Fi have often been discussed in terms of either/or. However, the two are highly complementary and enterprises are exploring new ways to use the private 5G and Wi-Fi 6/Wi-Fi 6E in tandem. Private 5G and Wi-Fi are complementary: * Private 5G provides wider area coverage, high-velocity mobility, and deterministic network access. * Wi-Fi 6 and Wi-Fi 6E (802.11ax) deliver the highest network capacity in dense deployments, particularly indoors. Some industry examples: * Large public venues are using dedicated private 5G for secure, back-end applications while reserving high-capacity Wi-Fi for fan activities. * Warehouses are using private 5G to provide seamless roaming over large areas for fast-moving robotic/autonomous vehicles and Wi-Fi 6/6E for office use and IoT applications such as touchless door locks. * Higher education institutions are using private 5G for campus security cameras and Wi-Fi for high-density lecture halls and dormitories. * Governmental organizations are using private 5G for highly classified applications and Wi-Fi for indoor mobility and guest access. ![image](https://hackmd.io/_uploads/HJhCrcB3p.png) ### 1.6 Sample Use Cases ![image](https://hackmd.io/_uploads/SJTiMcSnT.png) ## 2. CBRS (Citizens Broadband Radio Service) A private 5G network is considered private if an organization owns or rents 5G spectrum and infrastructure. Private 5G networks are deployable as either a service, wholly owned, hybrid or sliced private networks: * In wholly owned private 5G networks, an organization owns all the equipment and infrastructure needed for the 5G connection and manages the network itself. * In hybrid private 5G networks, an organization leases the equipment needed for the 5G connection and uses a cloud service to host parts of the network. * In sliced private 5G networks, an organization virtualizes wireless network infrastructure, logically dividing their network in slices -- each slice for a different use case. * In private 5G as-a-service, an organization partners with a vendor that is in charge of deploying, operating, managing and scaling the private mobile network. In the past, private organizations typically couldn't build their own cellular networks for private use because the costs of licensing and purchasing carrier-grade equipment were too high. This changed when the Federal Communications Commission introduced the Citizens Broadband Radio Service (CBRS) in 2015. CBRS is a 150 megahertz band of spectrum that operates in the 3,550 MHz to 3,700 MHz range. ### 2.1 Tier on CBRS CBRS uses a three-tier priority concept with the following licenses: * Incumbent Access installations reserved for government and fixed satellite installations; * Priority Access License (PAL) for purchased and reserved channel access; and * General Authorized Access (GAA) tier, which is unlicensed and free to use where available. Because these tiers concurrently share CBRS spectrum, the FCC requires that GAA users cannot interfere with PAL or incumbent users, and PAL users cannot interfere with incumbent users. A Spectrum Access System (SAS) is required to manage this potential interference. ![image](https://hackmd.io/_uploads/rJKbVsSn6.png) ### 2.2 Network Architecture Private 5G networks function identically to publicly accessible 5G networks. Private 5G networks provide the same low, mid and millimeter wave bands. Endpoints must be cellular-capable, and connect to the private wireless network via physical subscriber identity modules, or embedded SIMs. This gives private 5G operators tremendous control over which devices can connect to the network. In most use cases, a private 5G network attaches to a corporate local area network (LAN) -- similar to how Wi-Fi operates. Once connected, private 5G endpoints can communicate with other devices on the private 5G radio access network (RAN) itself, as well as other IP-connected devices on the corporate LAN or wide area network. ![image](https://hackmd.io/_uploads/rJYp4sH36.png) ## 3. SAS (Spectrum Access System) Google is an FCC-certified SAS administrator and is also one of the main contributors to CBRS WInnForum specifications and the OnGo Alliance. Google has developed a suite of cloud-based products and services that help these network operators to create a CBRS ecosystem that provides better wireless internet. The workings of the Spectrum Access System (SAS) involve several key steps that enable it to dynamically and efficiently manage spectrum usage: * Spectrum Monitoring: The SAS continuously monitors spectrum usage in a designated area, including CBRS (Citizens Broadband Radio Service) spectrum. This involves monitoring the activities of licensed and unlicensed users, as well as detection of interference or other disturbances. * Spectrum Database: SAS uses a comprehensive spectrum database to track spectrum availability and usage in various locations. The database includes information on the location, usage schedules and other technical characteristics of licensed and non-licensed users. * Demand Assessment: When a device or operator wants to use CBRS spectrum, they must submit a request to the SAS. The SAS then evaluates the request based on spectrum availability, user priorities and other regulatory rules. * Spectrum Allocation: After receiving the request, the SAS will determine whether the spectrum use is eligible and whether it can be allocated without causing interference or interference to other users. If eligible, the SAS will grant permission to use the spectrum in accordance with the specified parameters. * Coordination of Use: The SAS ensures efficient coordination between licensed and non-licensed users in the use of CBRS spectrum, including managing interference and ensuring that licensed users get appropriate access priority. * Monitoring and Enforcement: During spectrum usage, the SAS continuously monitors activity to detect interference or other rule violations. If necessary, the SAS may take enforcement action, including issuing warnings or terminating unauthorized spectrum use. ### 3.1 SAS Core Service ![image](https://hackmd.io/_uploads/rk9wLCBna.png) As shown in the preceding diagram, the SAS consists of three main components: * Google SAS Portal. Includes the Portal UI and Portal API that manages the CBSDs connected to SAS. * SAS Backend (SAS BE). Includes all the services that SAS offers. * SAS Database (DB). Includes the DB that stores all CBSDs registered with SAS along with the information required to manage CBSDs. This information includes details about the grants that are currently active and aggregate interference for any protected points or areas. It also stores information collected from other SASs about where they have CBSDs and what protected points or areas exist. These three SAS modules interact with each other and the other network elements to provide network operators with all the necessary tools and processes to manage their CBRS network. ### 3.2 Details about SAS Services You can see in here : [Click Here](https://cloud.google.com/spectrum-access-system/docs/overview#:~:text=SAS%20uses%20a%20network%20of,operate%20CBSDs%20near%20the%20coast.) ## 4. Reference 1. GSMA Private 5G Industrial Network Report, [See here for full document](https://https://drive.google.com/file/d/1Nx1v7kV20x9qOIt6pWLzzK8HzGDu9qjb/view?usp=sharing) 2. Aruba Website [Click here](https://https://www.arubanetworks.com/faq/what-is-private-5g/#:~:text=The%20%22private%22%20in%20private%205G,to%20those%20established%20for%20CBRS.) 3. TechTarget Website [Click here](https://https://www.techtarget.com/searchnetworking/definition/private-5G) 4. Google SAS [Click Here](https://https://cloud.google.com/spectrum-access-system/docs/overview#:~:text=SAS%20uses%20a%20network%20of,operate%20CBSDs%20near%20the%20coast.)