A view from the trenches
Walking the exhibition floor at KubeCon EU 2024 in London recently, I couldn't help but notice a striking trend: nearly half the vendors were prominently featuring observability as a core value proposition. This prevalence speaks volumes about the maturation of cloud-native technologies and the growing recognition that visibility (“what”) – and more so, observability (“how” the issue occurred, and “why”) – isn't just a nice-to-have; it's fundamental infrastructure.
As cloud-native principles continue reshaping telecommunications infrastructure, from the 5G service-based architecture (SBA) in the core through the RAN, particularly in Open RAN deployments, we're witnessing the convergence of two key approaches to network visibility: cloud-native observability and Deep Packet Inspection (DPI). I’ll discuss how these complementary technologies can bridge the visibility gap in disaggregated network environments and bring visibility, traceability, and control in Open RAN.
The Open RAN vision and visibility challenge
Open Radio Access Networks (Open RAN) promise flexibility, innovation acceleration, and a diversified vendor ecosystem by disaggregating traditional, monolithic RAN architectures. However, this very openness – replacing black boxes with interconnected, multi-vendor components – introduces operational hurdles. Findings from a recent survey by The Fast Mode and Rohde & Schwarz underscore this, with nearly 69% of vendors citing the presence of multiple vendors as having a significant impact on RAN management complexity, followed closely by the challenge of managing highly modularized functions (44%).
Realizing the full potential of Open RAN requires more than just standardized interfaces; it demands an embrace of cloud-native operational practices. Central to this is robust observability, a practice that moves beyond traditional monitoring to provide deep, actionable insights into these complex systems.
The Open RAN landscape: complexity by design
At its heart, Open RAN decomposes the base station into distinct functional units: the Open Radio Unit (O-RU), the Open Distributed Unit (O-DU), and the Open Centralized Unit (O-CU), connected via open fronthaul and midhaul interfaces (e.g., F1). Orchestration and intelligence are handled by the Service Management and Orchestrator (SMO) and the RAN Intelligent Controller (RIC), the latter split into non-real-time (Non-RT RIC) and near-real-time (Near-RT RIC) components hosting specialized applications (rApps and xApps) communicating via interfaces like A1 and E2.
While elegant in its modularization, this disaggregation creates a complex web of interactions. Functions are delivered as virtualized (VNFs) or containerized (CNFs), potentially running on different hardware, across various locations (cell site, edge cloud, central cloud), and sourced from multiple vendors. This environment renders traditional monitoring tools inadequate – a sentiment echoed by nearly 74% of vendors in the abovementioned survey, who believe conventional RAN analytics tools are insufficient for Open RAN's demands. Visibility into the virtualized layers (VNFs/CNFs) and the underlying cloud infrastructure becomes critical, as highlighted by survey respondents (63% and 45% respectively rating real-time analytics as 'very important' for these layers).
Furthermore, this expanded, multi-vendor, software-defined landscape can expose a broader attack surface. While robust cloud security practices (SBOMs, encryption, RBAC) are essential, ensuring operational security and performance requires deep visibility. Context-aware approaches like Zero-Trust Network Access (ZTNA) are key, yet the survey found a concerning gap: over 77% of MNOs currently lack the sufficient user, device, and application visibility needed for robust ZTNA implementation. Clearly, insights beyond basic network flows are essential.
Navigating observability in a disaggregated world
To manage this complexity, the telecom industry is adopting observability practices honed in the cloud-native domain, typically analyzing Metrics, Events, Logs, and Traces (MELT). However, applying these practices in Open RAN requires acknowledging two distinct contexts:
- Intra-Application/Microservice Observability: Within a single cloud-native network function (CNF) composed of multiple microservices, or between tightly coupled CNFs developed by the same vendor (e.g., components within an SMO), standard cloud-native tooling often excels. Service meshes (like Istio/Envoy, Linkerd), distributed tracing libraries (OpenTelemetry), and metric collectors (Prometheus) can be integrated directly into the application code or sidecars, providing detailed visibility into internal calls, latencies, and errors. Here, the operator or vendor often has significant control over the instrumentation.
- Inter-Module Observability (Across O-RAN Interfaces): Observing interactions between distinct, potentially multi-vendor Open RAN components communicating over standardized interfaces (like F1, E1, E2, A1) presents a different challenge. Operators may not control the instrumentation points within each vendor's black box. Communication often uses specific protocols (e.g., SCTP-based F1AP/E2AP) where standard service meshes don't readily apply. Effective observability here relies on:
- Monitoring interface-specific KPIs defined by O-RAN standards (if available and sufficient).
- Instrumenting API gateways or interface termination points where possible.
- Analyzing the network traffic flowing over these interfaces. This involves inferring performance from transport-layer behavior (e.g., TCP/TLS handshake times, retransmissions); or, more powerfully, inspecting the traffic itself to understand the relationship between protocols and applications and the impact on performance.
It's in this second context – observing the crucial interactions across standardized, multi-vendor interfaces – where traditional cloud-native instrumentation can fall short, highlighting the need for complementary network-level visibility techniques.