5G Lab Testing


Comprehensive 5G Core testing

Mobileum’s 5G dsTest solution has been designed to provide full 5G core network test coverage where the 5GC testing goes from the interface to the radio network, through the core, until the user's data leaves the network via the User Plane.

Our N1/N2 Interface application fully exercises gNodeB and AMF network functions with support for both the N2 interface between the 5GC and the NG RAN and the N1 interface between the 5GC and the UE. Our tests ensure 5G core network coverage and determine maximum capacity prior to deployment, and identifies bottlenecks already in the lab.
Automation Framework Mobileum

N1/N2 interface testing

Mobileum’s dsTest N1/N2 Interface Application supports the physical N2 interface between the NG-RAN gNodeB (gNB) and the Access and Mobility Management Function (AMF) in the 5G Core (5GC) network as well as the logical N1 interface between the UE and the AMF. 

N2 is the control plane interface between an Access Network — NG-RAN or non-3GPP WLAN — and the 5GC. It is primarily concerned with connection management, UE context and PDU session management, and UE mobility management. In addition, Non-Access Spectrum (NAS) signaling between the UE and the AMF is transported over the N2 connection for that UE. This signaling includes information regarding access control, authentication and authorization, and session management procedures. Furthermore, delivery of services to the UE such as SMS, delivery of policies to the UE, and obtaining location information from the UE are achieved through the N1 interface.
5G interface application testing

User Plane Control and 4G-5G interworking testing

Test policy provisioning towards the UPF and usage reporting towards the SMF with our N4 Interface application. Use our SMF emulator to manage N4 associations, policy rules, and packet flow descriptions in your UPF or simulate a UPF and push N4 session reports to your SMF.

Use our N26 Interface application in conjunction with our 4G Interface applications to test your migration strategy as well as 4G-5G mobility.
5G Core Testing

N4 interface
testing

In the 5G Core (5GC) network the N4 Interface is the bridge between the control plane and the user plane. As such, it is the conduit for PDU session management and traffic steering towards the UPF and PDU usage and event reporting towards the SMF. The SMF conveys the policy rules obtained from the PCF regarding packet handling, forwarding, and usage reporting to the UPF. For the UPF to recognize the user plane traffic that must be governed by a particular rule, it uses the Packet Flow Descriptions (PFDs) that are also supplied by an SMF. Finally, in some scenarios, the SMF may buffer user plane traffic or forward user plane traffic towards the DN or the UE via the UPF.
  • Node-level procedures
  • N4 association setup, update, and release procedures
  • PFD management
  • N4 session report
  • Load control and overload control
  • N4 session procedures
  • N4 session establishment, modification, and release
N4 interface testing

N26 interface
testing

As 5G technology is deployed in core networks, mobility between 4G and 5G networks becomes necessary for UEs that only support a single registration mode. IP address continuity is required for inter-system mobility to be as seamless as possible from the perspective of a connected UE — particularly for voice services. The N26 interface enables networks to achieve this continuity as it enables networks to exchange the UE Mobility Management (MM) and Session Management (SM) states. The 4G-5G mobility procedures are derived from the 4G S1-based handover with Mobility Management Entity (MME) and Serving Gateway (SGW) relocations. 

Mobileum’s dsTest supports the N26 connected-mode handover procedures briefly described below as well as the handover cancel procedure.
N26 interface testing

Service-based interfaces testing


Mobileum dsTest provides extensive coverage of the service-based interfaces in the 5GC with our RESTful test applications. Provide services in your lab with our service producer emulators or test the limits of your service producers and consumers. In addition, REST ServiceFlow allows you to craft messages – with valid or invalid content – into a request/response message flow to test any RESTful service.

Conformance testing under load is a hallmark of dsTest and is one of the features that separates dsTest from the competition. Use our REST Protocol Dictionary to validate message content while pushing the limits of service producers and consumers.
Continuous Integration Continuous Deployment

Access and mobility function testing

The Network Access and Mobility Function (AMF) acts as the gatekeeper for the 5G Core (5GC) network, determining whether a particular UE may register with a network. With the Namf services it provides, the AMF also acts as the conduit through which 5GC Network Functions (NFs) communicate with a connected UE and obtain information about a UE’s capability, reachability, or location. Mobileum’s dsTest Namf application supports the services briefly described below.
  • Namf_Communication
  • Namf_Exposure
  • Namf_MT
  • Namf_Location
access and mobility function

Authentication server function testing 

The Authentication Server Function (AUSF) provides authentication services and other security-related services to the 5G Core (5GC) network through the Nausf Service-Based Interface (SBI). The AUSF authenticates the UE using materials obtained through the Nudm_UEAuthentication Service while using the method specified by the service consumer. In addition, it computes the keys necessary to protect the Steering Information List when requested.

Our AUSF server emulator in the 5G testing tool allows authentication services to the consumers in the lab network while verifying their compliance with service specifications. Users can easily configure their subscriber database to support 5G-AKA and EAP authentication, or a mix of both for millions of subscribers. They can add Authentication information, obtained through the Nudm_UEAuthentication Service to the AUSF’s subscriber database, eliminating the need for a separate UDM.

Mobileum’s dsTest supports Nausf services such as:
  • Nausf_UEAuthentication service
  • Nausf_SoRProtection service
authentication server function

5G location services testing

Providing Location Services (LCS) to a UE or to other entities regarding one or more UEs is a cooperative effort amongst several Network Functions and service APIs in the 5GC. 

Mobileum’s dsTests support the three types of requests used to initiate location reporting, and two modes in which they operate.
  • Network Induced Location Requests (NI-LR) are initiated by an AMF to determine a UE’s location on behalf of a regulatory agency (e.g. to determine location during an IMS emergency call)
  • Mobile Terminated Location Requests (MT-LR) are initiated by internal or external LCS clients and may be related to a service or application accessed by the UE, requests from regulatory agencies, or requests from the PLMN operator
  • Mobile Originated Location Requests (MO-LR) are initiated by the UE to determine its own location or to provide its location to an external client
5G location services testing

Gateway mobile location
center testing

The Gateway Mobile Location Center (GMLC) exposes location services to external LCS clients over the Le interface (not shown). These clients may be commercial clients, such as web applications, or regulatory clients such as emergency services or law enforcement. Commercial clients must be granted permission by the UE to access its location information, and the GMLC obtains the UE’s LCS Privacy Policy using the Nudm_SDM service on the NL6 interface if needed. Internal clients, NEFs, and trusted AFs are implicitly authorized to access location information.

The location service produced by the GMLC to interact with internal LCS clients includes the following operations:
  • ProvideLocation
  • LocationUpdate
  • CancelationLocation
  • LocationUpdateNotify
gateway mobile location center

Location management function testing

Mobileum’s dsTest Location Management Function (LMF) manages the resources and timing of positioning activities, and it exposes the Nlmf_Location service to the AMF for immediate or deferred location information requests on the NL1 interface. An LMF uses the Namf_Communication service on the NL1 interface to request UE positioning from the access network over N2 or to communicate with the UE over N1 for UE-based or UE-assisted positioning. It may also request estimated movement — velocity and direction — or estimate the accuracy of the location information when requested. 

Our solution provides the following LMF operations:
  • DetermineLocation
  • EventNotify
  • CancelLocation
  • LocationContextTransfer
location management function

Network repository function testing

When NRF services are deployed, NF instances and SCPs register their identities, location, network slice(s) served, service instances, and operational status, as well as any other information required by the network operator, with a local NRF. Network entities typically register when they become operative and de-register when they cease to be. As mentioned above, any NF or SCP may subscribe to availability and profile change notifications regarding any NF while SCPs may also subscribe to notifications regarding other SCPs.

Mobileum’s dsTest’s NRF emulator and emulated Nnrf_NFManagement clients support the following service operations:
  • Repository Management Service Operations
  • Status Change Subscriptions and Notifications
  • Nnrf_NFDiscovery Service
  • Nnrf_AccessToken Service
  • Nnrf_Bootstrapping Service
network repository function

Policy control function testing 

Mobileum’s Policy Control Function (PCF) is the rule keeper in the 5G core network. As such, it interacts with various network functions to gather data as a basis for the rules that it formulates. It obtains subscription data from the UDR, current network conditions from the NWDAF, and spending limits from the CHF. A PCF uses that data, along with any predefined policies, to determine how a UE may behave as well as how a UE’s PDU sessions may be handled. It then dispenses those rules, using the Npcf services, to the network functions that will enforce them. Mobileum’s Npcf application testing includes the following features::
  • Npcf_AMPolicyControl
  • Npcf_UEPolicyControl
  • Npcf_SMPolicyControl
  • Npcf_PolicyAuthorization
  • Npcf_BDTPolicyControl
  • Npcf_EventExposure
policy control function

Session management function testing

In the 5G Core (5GC) network, the Session Management Function (SMF) interacts with the Access and Mobility Function (AMF) to establish, modify, and release PDU sessions through the Nsmf Service-Based Interface. When a UE initiates a PDU session request, the serving AMF selects an SMF that will establish and manage that session. This decision is informed in part by subscription data that the AMF receives through the Nudm service.

The SMF determines whether the requested PDU session is compliant with the mobile subscriber’s subscription and, if the request is valid, selects the UPF that will host the PDU session. An SMF interacts with UPFs over the N4 interface to direct a UPF to establish or release a PDU session and to push the policies applicable to specific PDU sessions to the UPF when indicated.
  • Nsmf_PDU_Session
  • Nsmf_EventExposure
session management function

Unified data management service testing

Mobileum’s The Unified Data Management (UDM) network function provides authentication and subscription information to the 5G Core (5GC) network functions that are generally concerned with controlling network access and establishing a subscriber’s session. It also manages dynamic information regarding the subscriber’s current session and provides that information to service consumers on request. The Nudm Service-Based Interface (SBI) accomplishes all these functions. A UDM may be stateful, which means, it stores data locally or stateless. A stateless UDM manages subscription data in the UDR through the Nudr service. 

Our Nudm SBI application supports:
  • Nudm_SubscriberDataManagement Service (Nudm_SDM)
  • Nudm_UEContextManagement Service (Nudm_UECM)
  • Nudm_UEAuthentication Service (Nudm_UEAU)
  • Nudm_EventExposure Service (Nudm_EE)
  • Nudm_ParameterProvision Service (Nudm_PP)
unified data management service

6 key capabilities of Mobileum’s 
5G Core network testing

Application and interfaces
Applications and Interfaces
Supported applications and interfaces can be mixed to create different testing scenarios with emulated and real network nodes. 
Interactive subscriber database
Interactive subscriber database
Monitor, modify, trigger any subscriber in the DB, change subscriber policies, APN, events.
Scalable solution for Core Network Testing
Scalable and built
for performance
Supports hundreds of millions of simulated subscribers. Supports up to one million simulated gNBs within a single instance. 
Continuous Monitoring
Continuous
monitoring
Log subscriber actions continuously or only on error and capture real-time events. 
Core network testing full automation
Fully
automated
Lab Core Network test interfaces can be fully automated, e.g with SITE Automation Framework, using REST or XML APIs or CLI.
High-Performance Packet capture
High-Performance Packet capture
Capture all incoming and outgoing packets at rates exceeding 200,000 packets per second.

Leveraging other products in our Portfolio

5G Performance Testing
5G was specifically designed to meet IoT needs, whereas 2G, 3G, and 4G were never developed with IoT in mind. It brings two key attributes which neither NB-IoT nor LTE can deliver; they are: low latency and ultra-reliability. Know more about our 5G testing solutions and how they support IoT environments.
Smartphone Experience
For the ongoing monitoring of communication service providers (CSP) customer's experience and continued end-to-end testing of your 5G services, Mobileum test automation supports flagship 5G smartphone performance when it comes to measuring, monitoring, and benchmarking network services and APP performance using 5G enabled devices. 
Automation Framework
Automation Framework
AAF offers a set of tools that enable operators to automate manual testing and monitoring processes at all stages of the network lifecycle, from design to deployment and operations. It includes the capability to run variants of existing test cases (5G, IoT, voice, data, messaging, etc.) and offers keyword-driven scripting on top of a group of testing building blocks.

See how Mobileum can help protect & grow your business

Over 900 Telecom companies, in more than 150 countries, are scaling their business with Mobileum solutions.

Reference Materials

Utilize our published reference materials to assist in your software development or testing activities.
  • 5G Service Map – associates 5GC services, architectural reference points, and service consumers at the operation level with links to the 3GPP stage 3 specifications governing those services.
  • NGAP Protocol Dictionary — defines the messages involved in N2 procedures and the specified content of each message.
  • PFCP Protocol Dictionary — defines the messages transmitted across the N4 interface along with the specified information elements of each message.
  • REST Protocol Dictionary — defines the URLs and request/response message content for all 3GPP REST applications including those used in the service-based interfaces of the 5G core network.

5G Core Network Glossary

Utilize our published reference materials to assist in your software development or testing activities.
  • 5G Equipment Identity Register (EIR)
    The 5G-EIR maintains a list of blacklisted permanent equipment identities and provides that information to the AMF upon request.
  • Access and Mobility Management Function (AMF)
    The AMF terminates the NG RAN and N3IWF control plane interfaces (N2) and UE NAS ciphering and integrity protection (N1). It also provides transport for messages between core network functions such as SMS, PCF, NEF, or location management and the UE or access network. In addition, the AMF is generally responsible for access authentication and authorization while managing UE registration, connection, reachability, mobility, and the enforcement of access-related and mobility-related policies. Source and target AMFs communicate with each other over the N14 interface.
  • Application Function (AF)
    An AF provides application services to the subscriber. It may interact with the PCF in order to influence traffic routing, to notify the PCF of application bandwidth requirements or usage thresholds, or register for PDU session events. If an AF is trusted it can interact directly with the PCF; otherwise, it must interact with a NEF.
  • Authentication Server Function (AUSF)
    The only responsibility of the AUSF is UE authentication for 3GPP network access and for access from untrusted, non-3GPP WLANs.
  • Binding Support Function (BSF)
    The BSF stores the associations between UEs, data networks, and serving PCFs for specific PDU sessions. Any NF can thereby quickly retrieve the PCF associated with a PDU session. An external AF may retrieve a binding via the NEF. The PCF registers, updates, and removes the stored bindings as indicated by session events. A BSF may be standalone or collocated with other network functions (e.g., PCF, UDR, NRF, SMF)
  • Cell Broadcast Center Function (CBCF)
    Broadcast messages, such as from the Public Warning System, are delivered to the access network and ultimately to UEs through the CBCF’s use of the Namf_Communication service.
  • Charging Function (CHF)
    In contrast to the separate online and offline charging functions in 4G networks, 5G introduces the Converged Charging System (CCS). The CHF is the interface between the CCS and the 5GC. It provides spending limits and quotas for services to the PCF and SMF and collects usage information from the SMF.
  • Gateway Mobile Location Center (GMLC)
    The GMLC interacts with external Location Services (LCS) clients via the Le interface (not shown above), providing them with the current location of specified UEs. If the GMLC implements the Location Retrieval Function (LRF) it learns the identity of the UE’s serving AMF from the UDM and then obtains the UE’s location from that AMF. The LRF can alternatively be a standalone node that provides services to multiple GMLCs.
  • gNodeB (gNB)
    Access to the 5GC from the NG RAN is established through the gNodeB. It terminates the N1/N2 interface with the AMF and the N3 interface with the UPF. In addition, it is responsible for AMF selection when the requisite information is not available from the UE.
  • Home Subscriber Server (HSS)
    A RESTful HSS provides subscriber data management, UE authentication, and UE context management services for IMS and for EPC-5GC interworking.
  • Location Management Function (LMF)
    The LMF determines, using information from the UE and/or NG RAN, the current location of the UE and provides it on request.
  • Network Exposure Function (NEF)
    The NEF exposes network capabilities and events to other network functions within the 5GC and also provides a secure means for external application functions to interact with core network functions like the PCF. Any NF in the 5GC can interact with a NEF. When dealing with external entities the NEF can mask sensitive network and user information. Furthermore, a NEF may manage packet flow descriptions — operating as a PFDF — and either provide PFDs to the SMF on request or push PFDs to the SMF as part of the management function.
  • Network Repository Function (NRF)
    5G expands the concept of service discovery with the NRF. Any network function can query an NRF to obtain the identities and locations of other network functions that provide a specific service. Multiple NRFs may be deployed in a network and they may be deployed at different levels — providing information about the entire network, about a set of network slices, or about a network slice instance. NRFs communicate with each other over the N27 interface.
  • Network Slice Selection Function (NSSF)
    One of the most noteworthy innovations in the 5GC is the introduction of the network slice — a set of logically separated NFs that provide full PLMN services. The NSSF selects the set of network slice instance(s) that will serve a UE. The selection process is informed by subscription data and network load information. In a dynamic network, the NSSF may query the NRF to discover service producers. H-NSSFs and V-NSSFs communicate with each other over the N31 interface.
  • Network Slice Specific Authentication and Authorization Function (NSSAAF)
    An NSSAAF provides authentication and authorization services in a network slice that utilizes a AAA server. The NSSAAF relays EAP messages towards the AAA, and provides notification to the serving AMF of the need to re-authenticate and re-authorize the UE or to revoke the E authorization.
  • Non-3GPP Interworking Function (N3IWF)
    The N3IWF provides access to the 5GC from untrusted, non-3GPP WLANs. It establishes and terminates an IPSec tunnel with the UE and terminates the N1/N2 and N3 interfaces with the 5GC. Similar to the gNodeB, the N3IWF relays N1/N2 signaling between the UE and the AMF as well as relays user plane packets between the UE and the UPF.
  • Policy Control Function (PCF)
    The PCF primarily determines which rules will govern UE session management and user plane traffic, including authorized QoS, gating rules, and traffic steering control. The AMF utilizes the access and mobility rules. while session management rules are used by the SMF. The UPF receives rules for service data flows and PDU sessions via the SMF. The PCF also conveys to the UE, via the AMF, how the UE will route outgoing traffic. The policy decisions made by the PCF may be based on subscription information obtained from the UDR along with information regarding the current load on network slices from the NWDAF and, potentially, online charging information from the CHF. If an AF specifies a usage threshold for the session — whether it’s a P-CSCF in IMS or an external AF — the PCF may invoke usage monitoring on the SMF and may notify the AF when a threshold is reached. An AF can also register for session event notification from the PCF or request the PCF to report access network information (when Rx is supported). When the AF is an external entity it interacts with the PCF via the NEF. H-PCFs and V-PCFs communicate with each other over the N24 interface.
  • Session Management Function (SMF)
    The SMF is primarily concerned with managing the UE’s PDU sessions. Its responsibilities include the establishment, modification, and release of the PDU sessions along with maintenance of the tunnel (N3) between the UPF and the gNodeB or N3IWF. The SMF selects the UPF that will handle the session’s user plane traffic and configures traffic steering at that UPF. It also handles UE IP address allocation and DHCP services as well as determining the session and service continuity (SSC) mode for the UE’s session. Finally, in the policy and charging arena the SMF enforces policy decisions related to charging, pushes rules regarding traffic handling and reporting to the UPF, and collects usage data that is then reported to the CHF. SMFs communicate with each other over the N16 interface (H-SMF to V-SMF), the N16a interface (SMF to I-SMF), or the N38 interface (I-SMF to I-SMF or V-SMF to V-SMF).
  • Short Message Service Function (SMSF)
    The SMSF manages short message service over NAS and implements SM-RP/SM-CP with the UE. It relays MO messages toward the SMS Router and relays MT messages toward the UE. It also interacts with the AMF regarding the availability of the UE for SMS transfer.
  • UE Radio Capability Management Function (UCMF)
    The radio capability requirements of various applications are stored in the UCMF. Requirements are identified by either manufacturer-assigned identifiers, which may be provisioned by an AF/NEF, or PLMN-assigned identifiers, which the UCMF is responsible for assigning. The UCMF manages dictionary entries that map between UE Radio Capability Identifiers and the corresponding UE Radio Access Capability Information.
  • Unified Data Management (UDM)
    UDM services provide subscriber, session, and subscription information — user identifiers and authentication credentials, serving NF identifiers, access authorization — to various network functions. The UDM also manages subscription data and may store this information itself or manage the information stored in a UDR.
  • Unified Data Repository (UDR)
    Unified Data Repository (UDR)The UDR provides storage and retrieval services for structured data in the PLMN. The UDR stores subscription data used by the UDM and the PCF, application data (including PFDs) used by the NEF, and data to be exposed by the NEF.
  • User Plane Function (UPF)
    In keeping with the control and user plane separation (CUPS) architecture, the UPF is solely concerned with handling user data. This includes routing, forwarding, downlink packet buffering, ARP and IPv6 neighbor solicitation proxying, and packet inspection. The SMF informs the UPF of the policies that it must enforce. The UPF, in turn, reports the traffic usage data that it collects to the SMF. UPFs communicate with each other over the N9 or N19 (PSA UPFs) interface.