Core Network in 2025: Evolution, Architecture, and Best Practices

What Is a Core Network? 

A core network is the central component of a telecommunications network, responsible for managing subscribers, routing voice and data traffic, and handling connectivity between end users and external networks. It acts as the backbone of mobile services, supporting functions such as authentication, mobility management, policy enforcement, and charging. The core network facilitates communication by linking access networks—such as cellular radio—to internal or external packet data networks like the internet or private cellular networks.

In addition to basic connectivity, the core network manages quality of service, security, and session control for voice, messaging, and internet services. It integrates a range of functions, ensuring interoperability and reliability of services offered by telecom operators. With the increased demand for high-speed data, low latency, and new application types, the design and operation of the core network have evolved significantly, especially with the advent of cloud-native architectures and edge computing in modern deployments

Evolution of Mobile Core Networks

Telecommunications core networks have progressed through several generations, each bringing enhanced capabilities and efficiencies. 

2G-3G

The second and third generations of mobile networks introduced significant advances in mobile communications. 2G networks were built on circuit-switched architecture designed primarily for voice services, while 3G added packet-switched capabilities to support data services such as mobile internet and multimedia messaging. 

Standards developed under 3GPP provided a unified framework for global deployment, enabling operators to offer improved mobility, connectivity, and subscriber management as mobile use expanded beyond voice to include email, browsing, and early mobile apps.

4G

The transition to 4G LTE marked a fundamental shift to fully packet-based core networks, eliminating legacy circuit-switched systems. This architecture enabled higher data rates and lower latency, allowing operators to deliver rich media services such as high-definition video streaming and real-time gaming. 

The 4G core also laid the groundwork for mobile broadband as a mainstream utility, integrating functions like policy management and subscriber data handling within a more scalable, efficient design to accommodate explosive growth in mobile data consumption.

5G

The evolution to 5G introduces a completely redesigned core network architecture known as the 5G core (5GC). It supports advanced capabilities such as network slicing, service-based architecture (SBA), and tight integration with cloud and edge computing resources. 

These innovations enable ultra-reliable low-latency communications (URLLC), massive machine-type communications for IoT, and enhanced mobile broadband (eMBB). The 5G core is also cloud-native, supporting automation and dynamic scalability to handle diverse use cases and future technologies like 5G Advanced and 6G.

Learn more in our detailed guide to core network 5G 

5G Core Network Architecture Concepts

Architectural Models

The 5G core network introduces a service-based architecture (SBA), a shift from traditional, rigid network designs. SBA uses modular network functions that interact through standard APIs, promoting interoperability and flexibility. These microservice-based components are deployed in a cloud-native environment, which enables automation, efficient scaling, and rapid innovation.

Operators can now deploy the 5G core in private, public, or hybrid cloud environments. This deployment flexibility supports diverse scenarios—from private industrial networks to national mobile networks—and enables edge computing for latency-sensitive applications. By decoupling software from hardware, SBA reduces operational complexity and supports on-demand service delivery.

Control Plane Functions

The control plane in the 5G core handles essential signaling tasks that govern the behavior of the network and devices. This includes subscriber authentication, mobility management, session management, and policy control. Key functions like the Access and Mobility Management Function (AMF) and the Session Management Function (SMF) are deployed as microservices and communicate via APIs in SBA.

Automation is central to the control plane. With 5G, resources are allocated dynamically based on demand, reducing manual intervention and minimizing configuration errors. Additionally, exposure functions like the Network Exposure Function (NEF) enable third-party developers to access network capabilities through secure, standardized APIs.

User Plane Function

The User Plane Function (UPF) is responsible for routing and forwarding user data packets within the 5G network. It serves as the interface between the core and external networks, such as the internet or enterprise data centers. In modern deployments, UPFs can be placed closer to end users using edge cloud infrastructure, reducing latency and enhancing performance for real-time applications.

Edge-deployed UPFs are essential for supporting Industry 4.0 use cases like autonomous vehicles and predictive maintenance. These use cases require low-latency, high-throughput connections, which the distributed nature of UPFs in a 5G architecture can effectively support.

Voice Functions in 5G Core (VoLTE for 5G) and Non-Standalone (NSA) vs. Standalone (SA)

Voice services in 5G networks are delivered through two different models depending on the network deployment type: non-standalone (NSA) and standalone (SA). In NSA deployments, 5G radio access is paired with the existing 4G LTE core network—known as the Evolved Packet Core (EPC)—which continues to handle voice services through Voice over LTE (VoLTE). VoLTE relies on the interworking of EPC and the IP Multimedia Subsystem (IMS) to deliver voice calls and SMS as packet-switched data.

While VoNR represents the long-term direction for 5G voice, VoLTE will remain relevant as 4G and 5G networks are expected to coexist for years. Operators can deploy hybrid solutions, leveraging VoLTE in NSA deployments and VoNR in SA scenarios, depending on coverage, infrastructure readiness, and device compatibility.

PDN Gateway (PGW) vs. Packet Gateway

In 4G LTE networks, the PDN Gateway (PGW) served as the interface between the mobile network and external packet data networks. In the transition to 5G, the PGW’s functions are largely replaced or absorbed by the UPF in the new architecture. While existing 4G operators can initially deploy 5G in non-standalone (NSA) mode—leveraging the existing PGW—the move to standalone (SA) 5G involves migrating to UPF-based architecture.

This evolution allows operators to gradually transform their core network while still offering enhanced broadband services. As the shift toward full 5G SA continues, the PGW becomes less central, giving way to the more agile and scalable UPF.

Learn more in our detailed guide to 5G core network architecture 

Core Network Components

Virtualized Network Functions (VNFs)

Virtualized network functions are software-based implementations of traditional network services that previously required dedicated hardware. VNFs run on generic, commercial off-the-shelf (COTS) hardware, allowing operators to scale network capabilities on demand and automate service delivery. In the 5G core, VNFs are key components in enabling cloud-native deployments.

VNFs support microservices-based architectures, allowing core network functions like session management, authentication, and policy enforcement to be containerized and deployed in any cloud environment—private, public, or hybrid. This enables operators to reduce time-to-market, optimize costs with OpEx-based models, and dynamically allocate resources based on real-time demand. These virtual functions are also important in network slicing, where they can be isolated and customized per slice to meet specific performance and security requirements.

Physical Network Functions (PNFs)

Physical network functions refer to traditional, hardware-bound network elements that still play a role in modern telecommunications infrastructure. Although 5G emphasizes virtualization and cloud-native design, PNFs may still be used in certain scenarios for performance, legacy compatibility, or regulatory reasons.

PNFs are typically deployed in centralized data centers and offer fixed capacities. While they lack the flexibility and scalability of VNFs, they may be preferred in networks where deterministic performance or hardware acceleration is required. For some service providers transitioning gradually from 4G to 5G, PNFs continue to support legacy interfaces and services until the network is fully virtualized.

Edge Devices

Edge devices in the context of the core network are nodes deployed closer to end users or devices to enable real-time data processing and reduce latency. They play a critical role in supporting use cases like autonomous vehicles, industrial automation, and smart cities.

5G edge deployments often include UPFs and other user-plane functions that are relocated from centralized data centers to regional or on-premises edge sites. This distribution supports Industry 4.0 applications by bringing compute and storage closer to the data source. Edge devices also allow for compliance with data localization laws by ensuring that user data is processed within national borders. Their deployment is made possible by the platform-agnostic nature of cloud-native 5G cores, which can run on Kubernetes, OpenShift, or public cloud infrastructure like AWS or Google Cloud.

Core Network Interfaces and Protocols

In legacy networks, core communication relied on protocols like GTP (GPRS tunneling protocol), Diameter, and SCTP. While some of these still exist in interworking scenarios, 5G’s native protocol stack is designed to simplify operations and improve interoperability across distributed environments and hybrid infrastructures.

The 5G core network relies on a service-based interface model in which core functions communicate through standardized APIs. This marks a shift from the legacy point-to-point interfaces used in earlier mobile generations. In the service-based architecture (SBA), each network function exposes its capabilities as services that other functions can access through RESTful APIs over HTTP/2, enabling flexible, scalable, and modular interaction.

Key interfaces include:

• N1/N2/N3 for communication between user equipment, the radio access network (RAN), and the core.
• N6 between the User Plane Function (UPF) and external data networks.
• N8/N10/N11, among others, for internal signaling between control functions like AMF (Access and Mobility Management Function), SMF (Session Management Function), and UDM (Unified Data Management).

Protocols such as HTTP/2 and JSON replace older telecom-specific protocols, facilitating cloud-native deployment, openness, and third-party integration. This API-driven approach also underpins the Network Exposure Function (NEF), which allows external applications to interface with the core network through securely exposed APIs.

Network Slicing in 5G Core

Network slicing is a capability of the 5G core network that enables operators to partition a single physical network into multiple virtual networks—or “slices”—each optimized for a specific use case, customer, or service requirement. This is made possible by the cloud-native architecture of the 5G core, where virtualized functions can be logically isolated and independently managed.

Each slice can have distinct attributes such as bandwidth, latency, and reliability. For example:

• An automotive manufacturer may require a slice with ultra-low latency and high reliability for autonomous robots and predictive maintenance.
• A public safety agency may need a highly redundant and secure slice for mission-critical communications.
• An energy provider could use a low-priority, high-throughput slice for collecting data from millions of smart meters.

Network slicing enables service-level differentiation, allowing Communication Service Providers (CSPs) to monetize their infrastructure by offering customizable service profiles to various industries. It also ensures that critical services can run in parallel without interference.

Because 5G core networks are built on microservices and deployed in cloud environments, slices can be dynamically scaled, provisioned, and decommissioned based on real-time needs. This automation is critical to meeting the evolving requirements of enterprise customers.

These same innovations are transforming how enterprises deploy and manage connected devices.

Explore our IoT Connectivity Solutions guide to see it in action

Challenges in Core Network Implementation and Management

Security Vulnerabilities

Core networks are prime targets for cyberattacks due to their central role in managing subscriber data, authentication, and service delivery. As the network becomes more open through APIs and integrates third-party services via the Network Exposure Function (NEF), the attack surface increases. Malicious actors could exploit weak access controls, unpatched services, or misconfigured interfaces.

To mitigate these risks, core networks must be protected with security mechanisms such as intrusion detection, firewalls, and DDoS protection. Data privacy regulations and localization laws further increase the pressure on operators to secure user data, especially when deploying in multi-country or hybrid cloud environments.

Operational Complexity

The shift from hardware-based PNFs to cloud-native, microservices-based VNFs introduces new levels of operational complexity. Each component must be deployed, scaled, updated, and monitored independently. While this increases flexibility, it also requires skilled personnel and orchestration tools to manage the distributed system.

Furthermore, in roaming scenarios, limited visibility into partner networks can delay troubleshooting and resolution. Manual intervention in network operations leads to increased error rates, longer downtimes, and higher operational costs. Automation and unified observability are essential to overcoming these complexities.

Latency and Throughput Requirements

As real-time services like autonomous vehicles, industrial automation, and immersive media become mainstream, the latency and throughput demands on the core network intensify. Routing all data through centralized data centers—especially across borders—introduces delay and can violate local regulations.

Deploying User Plane Functions (UPFs) at the network edge helps mitigate these issues, but it also requires a scalable, distributed infrastructure. Ensuring consistent performance across geographies, particularly in hybrid deployments, adds to the implementation challenges.

Best Practices for Successful Core Network Management

Enhance Security Through Zero Trust Architecture

The openness and programmability of the 5G core—particularly with the introduction of network exposure through APIs—require a hardened security posture. A Zero Trust Architecture (ZTA) enforces the principle of “never trust, always verify,” meaning that every access request, even from within the network, must be authenticated and explicitly authorized.

This approach involves securing every microservice interaction using mutual TLS, enforcing role-based access control (RBAC), and segmenting the network to limit lateral movement of threats. API gateways can throttle and monitor external access, ensuring that only authorized applications or users can interact with exposed network functions. Real-time monitoring, anomaly detection, and automated incident response mechanisms should be embedded in the core to rapidly detect and neutralize threats.

ZTA is especially important in cloud-native environments where workloads are distributed and change frequently, increasing the potential for configuration drift and vulnerabilities.

Optimize Network Design and Operations

To support the dynamic demands of 5G and beyond, operators must rethink traditional network architectures. A cloud-native, microservices-based design enables distributed deployment, high availability, and granular control over each network function. This architecture should be platform agnostic, allowing deployment on private clouds, hyperscalers like AWS and Google Cloud, or hybrid models.

Operational agility improves when functions like UPFs, SMFs, and AMFs are decoupled and independently scalable. Operators can deploy closer to users—for instance, placing UPFs at the edge to reduce latency for critical applications—while centralizing less time-sensitive functions.

In addition, a modular architecture enables faster innovation and reduced time-to-market for new services, including those deployed as-a-service. This level of flexibility ensures CSPs can serve multiple customer types (e.g., IoT providers, public safety, industrial clients) on the same physical infrastructure while tailoring services per slice.

Implement Continuous Configuration Automation

Manual configuration of network elements introduces risk and cannot scale to meet the complexity of modern deployments. To address this, operators should adopt infrastructure-as-code (IaC) principles, allowing automated provisioning, version control, and consistent replication of configurations across environments.

Continuous automation ensures that network functions scale automatically based on real-time load, and it facilitates rolling updates and zero-downtime deployments, minimizing service disruptions. Automation also accelerates recovery from failures through predefined policies and self-healing workflows.

Operators can further reduce configuration drift and ensure policy compliance by integrating automation tools with orchestration and monitoring platforms. This tight integration supports both operational consistency and rapid response to changing conditions or faults.

Establish Robust Orchestration and Service Assurance Mechanisms

Orchestration is the central nervous system of a modern core network, responsible for coordinating the lifecycle of all virtualized and physical functions. A robust orchestration framework must support policy-driven deployment, healing, scaling, and retirement of services in real time.

Integrated service assurance tools should provide full visibility across the control and user planes, spanning from data centers to edge deployments. Monitoring must cover key metrics like latency, throughput, error rates, and resource utilization. When combined with analytics and AI/ML-driven insights, these tools can predict potential issues before they affect customer experience.

Orchestration platforms should also integrate with service-level agreement (SLA) enforcement mechanisms to automatically adjust resources or reroute traffic to meet performance commitments, ensuring high availability and customer satisfaction.

Ensure Compliance and Documentation

Data privacy regulations—especially data localization requirements—present a growing challenge for multinational CSPs. Operators must ensure that user data remains within the required geographic boundaries, which necessitates intelligent traffic routing, geo-fencing policies, and localized deployments of UPFs and other sensitive functions.

Compliance also requires continuous documentation of network topologies, policies, and data flows. Automated compliance audits, driven by orchestration tools, can verify that configurations align with regulatory requirements and trigger alerts if violations occur.

Well-maintained documentation is not only essential for regulatory audits but also supports faster incident response, troubleshooting, and onboarding of new services or staff. CSPs should integrate compliance checks into their deployment pipelines and maintain detailed logs of access, configuration changes, and service interactions to support auditability.

floLIVE: Core Network Solution

floLIVE offers a modern core network solution that brings together cloud-native design, global reach, and local compliance. Built from the ground up with flexibility and scale in mind, floLIVE’s core network supports all cellular generations from 2G, 3G to 4G LTE and 5G architectures.

Cloud-Native from the Start

Unlike traditional telco cores that evolved from hardware-centric models, floLIVE’s core was designed from day one as a cloud-native platform. Core network functions such as the AMF, SMF, UPF, and UDM run as containerized microservices, orchestrated with Kubernetes. This approach allows the network to scale elastically, update without downtime, and deploy quickly across different environments, whether in public clouds, private infrastructure, or hybrid models.

Distributed Architecture for Global-Local Coverage

A key differentiator in floLIVE’s solution is its distributed core network architecture. By deploying multiple local instances of the core, including user plane functions (UPFs) and policy enforcement nodes, closer to end users, floLIVE ensures low latency, high performance, and compliance with data residency requirements.

This global-local setup enables international connectivity while respecting local regulations, a growing challenge for IoT deployments that cross borders.

Built-In Multi-IMSI and eSIM Management

floLIVE’s core is tightly integrated with its own multi-IMSI engine, enabling dynamic profile switching across networks to optimize coverage and regulatory alignment. It also includes full support for Remote SIM Provisioning (RSP), allowing the same capabilities to extend to eSIMs. The result is seamless global connectivity that adapts to changing network conditions or business policies.

Full Stack, API-Driven Platform

Another important aspect of floLIVE’s core network is that it’s part of a fully integrated, operator-grade platform. Rather than relying on third-party components, floLIVE has developed and operates the full stack—including the core network, connectivity management platform (CMP), SIM technology, and policy engines.

This tight integration allows for deep automation, fine-grained control, and a robust API layer that simplifies integration into enterprise or partner systems.

Support for Private Deployments and Network Slicing

For customers with specific security, performance, or regulatory requirements, floLIVE offers private core deployments that can run on-premises or in dedicated cloud environments. These instances are ideal for industrial IoT, government use cases, or any environment that demands strict isolation and control.

With built-in support for network slicing, floLIVE can create logically separate virtual networks on shared infrastructure—each tailored to a different application or customer type, with its own policies, bandwidth, and security parameters

Summary of Key Capabilities