Core Network 5G: A Gentle Introduction [2025] 

What Is 5G Core?

The 5G core (5GC) is the central component of next-generation mobile networks, responsible for managing both control and user plane functions. Unlike previous architectures, 5G core introduces a service-based architecture that supports greater flexibility, scalability, and automation. 

5G core enables seamless handling of data and signaling traffic, along with essential services such as authentication, policy enforcement, and session management. One of its defining features is its cloud-native design. This allows it to run as containerized microservices across different platforms—whether on private infrastructure, edge deployments, or public cloud. 

5G core supports diverse applications including IoT, real-time analytics, and enterprise services, while delivering improved latency, higher throughput, and strong security.

This is part of a series of articles about core network

Evolution from 4G EPC to 5G Core

The transition from the 4G Evolved Packet Core (EPC) to the 5G Core marks a fundamental shift in network architecture. While 4G EPC was designed primarily for mobile broadband, the 5G Core adopts a modular, service-based approach that accommodates a wider range of applications, including industrial IoT and mission-critical services. 

The 5G Core uses cloud-native technologies such as containerization and microservices, enabling more dynamic resource allocation, automation, and scalability. Operators commonly start with non-standalone (NSA) deployments, using a 5G radio with the existing 4G EPC. This allows for an incremental upgrade path to standalone (SA) 5G, which relies entirely on the new 5G Core. 

In SA mode, the network can fully exploit 5G capabilities like ultra-low latency and network slicing. This architecture also supports edge computing integration, making it suitable for data-intensive and real-time applications.

Key Features of 5G Core

The 5G Core introduces several technical enhancements that set it apart from earlier generations:

• Network slicing: Enables the creation of multiple virtual networks over a shared infrastructure, allowing tailored service experiences based on performance, security, or reliability needs.
• Cloud-native architecture: Built using microservices and containerized functions, allowing deployment across public, private, or edge cloud environments with flexible scaling.
• Improved speed and latency: Offers higher data rates and lower latency, which supports real-time applications such as autonomous vehicles and remote healthcare.
• Enhanced security: Provides advanced authentication, encryption, and integrity protection mechanisms to ensure secure device and service access.
• Edge computing compatibility: Allows data to be processed closer to end users, reducing round-trip delays and improving the performance of latency-sensitive applications.
• Service-based architecture (SBA): Uses standardized APIs to enable modular service interaction, improving interoperability and simplifying integration.
• Automation and orchestration: Supports extreme automation through software-defined controls, allowing real-time network adaptation and simplified operations.

Related content: Read our guide to 5G core network architecture

Core 5G Network Functions and Their Roles

Access and Mobility Management Function (AMF)

The AMF handles mobility and access management tasks in the 5G core. It manages user registration, authentication, and mobility sessions while coordinating with other network functions for service delivery. The AMF also ensures efficient connectivity when users transition between different access networks.

Another role of the AMF is to optimize signaling workflows by reducing redundant interactions, improving system efficiency. By centralizing critical access procedures, the AMF enables smooth user experiences, supporting low-latency requirements while ensuring secure and reliable network access.

Session Management Function (SMF)

The SMF oversees session and IP address management tasks within the 5G core. It initiates, modifies, and terminates user sessions, ensuring dynamic resource allocation based on service requirements. It also interacts with the UPF to manage data traffic between devices and network destinations.

Crucially, the SMF implements quality of service (QoS) policies, optimizing session performance according to application-specific demands. This enhances network flexibility, making 5G core adaptable for high-bandwidth or latency-sensitive applications, such as IoT or immersive technologies.

User Plane Function (UPF)

The UPF separates data traffic processes in the user plane, handling packet routing and forwarding. By isolating user traffic, the UPF ensures efficient data handling, reducing latency and improving bandwidth allocation for various services.

Additionally, the UPF enables local breakout for edge computing and supports QoS policies. This functionality ensures that data routing aligns with application-specific requirements, helping operators optimize resources while improving overall user experience.

Policy Control Function (PCF)

The PCF provides centralized policy control for the 5G network, enabling the implementation of personalized service plans and resource allocation. It enforces rules for network behavior, such as bandwidth limits and service prioritization, ensuring optimal QoS for individual devices.

With a cloud-native design, the PCF supports dynamic scalability for real-time policy adjustments. Its role in automating resource usage and network behavior makes it indispensable for managing 5G networks at scale.

Unified Data Management (UDM)

The Unified Data Management (UDM) function is responsible for managing user identities, subscription data, and service profiles across the 5G core. It acts as the central database that stores information required for authentication, policy enforcement, and session management.

By enabling consistent access to user data across multiple network functions, UDM ensures service continuity and supports personalized experiences. It also plays a key role in mobility management and seamless service delivery when users move across different network slices or domains.

Authentication Server Function (AUSF)

The Authentication Server Function (AUSF) handles the authentication of users and devices attempting to access the 5G network. It verifies identities using credentials stored in the UDM, ensuring that only authorized users are granted access.

AUSF also plays a vital role in securing network entry points by preventing identity spoofing and unauthorized access. Its integration with other core functions strengthens the overall security posture of the 5G system, maintaining trust in highly dynamic network environments.

5G Core Interfaces and Protocols

The 5G core is defined by a set of interfaces and reference points specified by the 3GPP in TS 23.501. These interfaces form the logical separation between network functions and enable communication across the control and user planes. The primary reference points between the radio access network (RAN) and the core are N1, N2, and N3.

• N1 connects the user equipment (UE) to the Access and Mobility Management Function (AMF), providing a path for non-access stratum (NAS) signaling.
• N2 links the gNB (next-generation base station) to the AMF, handling control plane signaling between RAN and core.
• N3 connects the gNB to the User Plane Function (UPF), enabling user data transfer across the user plane.
  

Security across these interfaces is enforced using a hop-by-hop model. For example, the NAS signaling over N1 is encrypted between the device and the AMF. Similarly, user plane traffic across N3 is protected using the NDS/IP framework. This means data is encrypted over the air and in transit but may be decrypted within network elements such as the gNB, which can access it in cleartext unless end-to-end application-level encryption is applied.

The flexible deployment of 5G—whether centralized, edge-based, or cloud-native—means these interfaces may span different physical locations or be co-located. The N2 and N3 interfaces, in particular, are key to managing the dynamic separation or integration of RAN and core functions based on deployment needs. 

In practice, the degree of separation is dictated more by commercial strategy and use-case requirements (e.g., ultra-low latency or local breakout) than by rigid protocol definitions.

Best Practices for 5G Core Network Implementation

Here are some useful practices to consider when adopting the 5G core network architecture.

1. Apply Zero Trust Security Principles from Day One

A Zero Trust model is essential when securing 5G core environments, especially due to the increased attack surface introduced by cloud-native, loosely coupled architectures. Instead of assuming internal components or users can be trusted by default, Zero Trust requires continuous verification of access at every level—devices, users, applications, and services.

Start by implementing strong identity management, multi-factor authentication, and strict network segmentation. Pay close attention to access control for both human users and machines, especially in environments involving BYOD or third-party IoT devices. These precautions reduce the likelihood of internal compromise spreading through the core.

2. Segment and Isolate Network Functions

5G core networks are made up of many decoupled microservices. Properly segmenting these components is critical for both performance and security. Use logical isolation to separate the control and user planes, and enforce strict boundaries between components such as AMF, SMF, UPF, and PCF.

This segmentation must extend to the infrastructure layer. In Kubernetes-based deployments, use namespaces to organize network functions (NFs), apply Role-Based Access Control (RBAC), and assign different network policies using tools like Multus to manage multi-interface configurations. This approach minimizes lateral movement if one component is compromised.

3. Leverage Containerization and Automation Tools

Kubernetes and Helm charts offer a scalable, flexible way to manage 5G core services. Each network function should be containerized and managed through well-structured Helm charts, allowing for repeatable deployments and simplified updates. Use values.yaml files to manage configuration settings and interface bindings.

Implement Horizontal Pod Autoscalers (HPAs) where appropriate to adapt to traffic changes, and integrate Persistent Volumes for shared resources like MongoDB. Automating deployments through CI/CD pipelines ensures consistency and reduces the risk of misconfiguration. This is especially important when working across multiple clusters or physical environments.

4. Build a Multilayered Vulnerability Response Framework

A reactive-only approach to security won’t cut it. Build a robust detection-and-response framework that includes active monitoring, timely patching, and automated regression testing. Understand that in a microservices-based 5G core, patching one component could have unintended consequences on others.

Set up alerting and logging at every layer—application, container, and infrastructure. Use tools like tcpdump or Wireshark during testing to monitor interface behavior (e.g., N3 and N6 on the UPF). Regularly validate that updates do not break service function registration, session establishment, or other interdependencies critical to network stability.

5. Plan for Deployment Flexibility and Low-Latency Requirements

Depending on the use case—such as mobile broadband or IoT—your deployment model may require co-locating certain functions to meet latency targets. Design your architecture to support both centralized and edge deployments. For example, deploy the control plane in one Kubernetes cluster and the user plane in another to simulate production-like separation.

Use Multus CNI and MACVLAN configurations to assign multiple interfaces to pods. Configure IP forwarding and ensure proper promiscuous mode settings for traffic flow across interfaces. Always validate interface status post-deployment and test end-to-end communication using UERANSIM or similar tools. 

5G Core Network for IoT with floLIVE

Why it matters: IoT workloads don’t just need “faster.” They need predictable latency, airtight security, global compliance, and lifecycle control at massive scale. floLIVE’s 5G Core (5GC) is built cloud-natively to meet those needs, end-to-end.

Cloud-native 5GC built for IoT scale

• Own core network and SBA microservices: AMF/SMF/UPF/PCF/UDM/AUSF and exposure via APIs—deployed across private, edge, or public cloud for elastic scale and high availability.
• Distributed UPF for local breakout: keep traffic in-country or at the edge to minimize round-trip time and meet data-residency rules.
• Observability & automation: policy-driven QoS, per-flow monitoring, and automated healing to keep fleets healthy at millions of devices.

Global-local connectivity, by design

• Direct interconnects with MNOs plus multi-IMSI on the SIM enable steering-free resilience and in-country access where permanent-roaming policies apply.
• RSP/eUICC integration: remotely load a local profile or floLIVE’s multi-IMSI as needed—no truck rolls, no swap.
• Pay-for-what-you-use commercial model aligns cost with actual device activity.

Security & compliance baked in

• Zero-Trust posture: strong device identity, least-privilege access between NFs, and isolation across tenants/slices.
• Standards-aligned interface protection with optional crypto for N2/N3 and per-tenant keys; end-to-end application encryption support for sensitive data streams.
• Regional data governance: route sessions to in-region UPFs and comply with local regulations without redesigning your application.

Built for real IoT use cases

• Cameras & security systems: deterministic uplink, jitter control, and efficient bulk firmware updates.
• Retail & payments: resilient primary/backup connectivity with traffic segmentation for POS vs. back-office.
• Mobility & telematics: low-latency breakout for command/control; seamless cross-border handoffs.
• Industrial & robotics: edge UPF + policy control for bounded latency and safe operations.

Integrations that shorten time-to-value

• CMP & portal: full lifecycle control (activate, monitor, troubleshoot) and rich APIs for back-office systems.
• Slice-ready architecture: align traffic classes to policies today; adopt dedicated slices (e.g., URLLC/RedCap) as they become available in your markets.
• Flexible deployment: as-a-service, in your VPC, or on-prem for private networks—using the same core components.

Outcome: With floLIVE, enterprises and OEMs get a 5G Core tailored to IoT—global reach with local control, rigorous security, and the operational levers to keep fleets reliable and costs predictable.