N2/N3/N4/N6/N9 transport requirements, SCTP on N2, IPsec on N3, DSCP/QoS mapping, SR-MPLS backhaul, SyncE/PTP timing
1. What Is 5GC Transport — The Simple Version
5GC transport is the network infrastructure connecting gNBs to the core NFs and connecting NFs to each other. It is not a passive pipe. Every 5GC interface has specific latency, bandwidth, jitter, and reliability requirements. Get transport wrong and your core can be perfectly configured but completely non-functional — PFCP timeouts because N4 has jitter, registration failures because N2 has too much RTT, VoNR drops because N3 QoS is not enforced at the aggregation router.
The most common operator mistake: the transport team and the core team work independently. The transport team provisions links by bandwidth. The core team designs NF interfaces. Nobody specifies end-to-end latency, jitter, or QoS marking requirements until something breaks in production.
| 3GPP Reference |
| 3GPP TS 38.401 — NG-RAN Architecture Description (N2/N3 interface transport) |
| ITU-T G.8271 — Time and Phase Synchronisation aspects of packet networks (PTP) |
| ITU-T G.8261 — Timing and synchronisation aspects in packet networks (SyncE) |
| 3GPP TS 33.501 Section 9.9 — Security for N3 interface |
2. Architecture — Per-Interface Transport Requirements
| Interface | Protocol Stack | Bandwidth Driver | Latency Target | Jitter Tolerance |
| N2 (AMF–gNB) | NGAP over SCTP over IP | Low — ~10 Kbps per UE (signalling only) | < 100ms RTT | < 10ms — SCTP retransmit timer sensitive |
| N3 (UPF–gNB) | GTP-U over UDP over IP | User throughput — size from peak traffic per site | < 10ms one-way consumer; < 1ms URLLC | < 1ms URLLC; < 5ms eMBB |
| N4 (SMF–UPF) | PFCP over UDP over IP | Low — ~1 Mbps per 1M sessions | < 3ms SMF–UPF RTT (T1 default 3s) | < 1ms — PFCP timeout at 3s leaves no margin |
| N6 (UPF–Internet) | IP (any) | Full internet throughput from UPF | CDN/peering dependent | Best effort — internet quality |
| N9 (UPF–UPF) | GTP-U over UDP over IP | Edge-to-anchor UPF traffic | Adds to N3 path — minimise | Same as N3 |
| SBI (NF–NF) | HTTP/2 over TLS over TCP | Low — signalling only | < 5ms NF-to-NF in DC | < 2ms — HTTP/2 stream timeout sensitivity |
Table 1 — 5GC interface transport requirements. N4 is the most critically underengineered interface. Its 3-second PFCP timeout leaves < 3ms margin for RTT.
3. How It Works — SCTP on N2 and Why Not TCP
N2 uses SCTP (Stream Control Transmission Protocol) instead of TCP. SCTP provides multi-homing — the N2 association uses two IP paths simultaneously (primary and secondary AMF IPs, or multiple gNB transport IPs). If the primary path fails, SCTP switches to secondary within one heartbeat interval. For TCP, this would take 20+ seconds of TCP timeout before failover.
SCTP also provides message-oriented delivery — NGAP messages are delivered atomically, not as a byte stream. This eliminates the TCP framing overhead that 4G S1AP implementations had to handle. And SCTP multi-streaming means paging messages for different UEs are in different streams — a large message for one UE does not block paging messages for others.
| SCTP Feature | Benefit for N2 |
| Multi-homing | Two IP path N2 association. Path failure → SCTP switches to secondary in < 1s vs TCP’s 20s+ timeout |
| Multi-streaming | Multiple independent streams in one association. No head-of-line blocking between different UE procedures |
| Heartbeating | SCTP detects path failures before TCP keepalive would. Fast failover critical for N2 gNB association |
| Message-oriented | NGAP messages delivered atomically. No partial-message framing needed at application layer |
Table 2 — SCTP on N2. Multi-homing is the primary reason N2 uses SCTP. Configure primary and secondary AMF IP on every gNB.
4. DSCP/QoS Mapping — From 5QI to Transport
5G QoS flows have 5QI values that define priority. These must be mapped to IP DSCP markings at the DU/gNB and respected at every transport hop through to the UPF. If DSCP markings are not trusted at the aggregation router — the most common issue in the field — all traffic arrives at the UPF as best-effort regardless of 5QI.
| 5QI | Service | DSCP Marking | MPLS EXP | Action if Wrong |
| 1 | VoNR (GBR) | EF (46) | 5 | Calls drop under congestion — DSCP trust gap at PE ingress is cause #1 of VoNR failure |
| 2 | Video (GBR) | AF41 (34) | 4 | Video quality degrades before voice — less critical but visible |
| 65 | MCPTT / Emergency | EF or VA (44) | 5 | Emergency comms degraded — regulatory and safety issue |
| 5 | IMS Signalling | CS5 (40) | 4 | SIP call setup fails under congestion before media is affected |
| 9 | Default internet | CS0 (BE, 0) | 0 | Correct — best effort is appropriate |
| 7 | Interactive gaming | AF31 (26) | 3 | Gaming latency spikes — revenue impact for gaming slice SLA |
Table 3 — 5QI to DSCP mapping. EF (46) for VoNR. If aggregation routers remark DSCP to CS0, all traffic is treated as best-effort and this table becomes irrelevant.
| Field Note: DSCP Remarked to CS0 at Aggregation Router — VoNR Drops Under Load |
| Operator deployed VoNR with 5QI=1 mapped to DSCP EF (46) at gNB. |
| Call quality was acceptable at low load. During morning rush hour: significant MOS degradation. |
| Transport investigation: DSCP EF being remarked to CS0 at the first aggregation router. |
| Root cause: aggregation router QoS policy only trusted DSCP from core-side interfaces, not gNB-facing. |
| All gNB-originated packets remarked to 0 at ingress. VoNR packets competed with best-effort. |
| Fix: add “trust dscp” on all gNB-facing interfaces of aggregation routers. |
| Post-fix: VoNR MOS under load improved from 2.8 to 4.1. |
5. Key Parameters and Technical Terms
| Term | Definition | 5GC Significance |
| SCTP Multi-homing | SCTP association using multiple IP paths simultaneously. | Configure two AMF N2 IP endpoints on every gNB. Failover < 1s vs TCP failover 20s+. |
| DSCP EF (46) | Expedited Forwarding — highest-priority DSCP marking. Defined in RFC 3246. | Used for VoNR (5QI=1) and emergency services. Must be trusted at every transport hop. |
| DSCP trust boundary | The point in the network where DSCP markings are accepted as-is vs remarked. | Set trust boundary at aggregation router gNB-facing interface. Without trust: all gNB DSCP remarked. |
| SyncE | Synchronous Ethernet. Frequency synchronisation via Ethernet physical layer clock. | All transport switches in N3 path must support SyncE to prevent frequency wander at gNB. |
| PTP G.8275.1 | Precision Time Protocol profile for telecom. Phase/time alignment over packet network. | Boundary Clock at each transport hop. Target: < 1.5 µs time error at gNB for TDD NR. |
| N3 IPsec | IPsec encryption of N3 GTP-U traffic for untrusted transport segments. | Required if N3 traverses untrusted/leased transport. Offload to NIC crypto engine for line-rate. |
| SR-MPLS | Segment Routing MPLS. Source-based path control without per-hop RSVP state. | Replaces RSVP-TE for traffic engineering. Enables per-slice traffic engineering via Segment Lists. |
| BFD (Bidirectional Forwarding Detection) | Sub-second link/path failure detection protocol. | Deploy on N3/N4 transport paths. Detects failures faster than SCTP/PFCP heartbeat timers. |
Table 4 — Transport key terms. DSCP trust boundaries and PTP timing are the two transport configurations that most directly affect 5GC service quality.
6. Common Issues in the Field
| Field Note: N4 Over Shared WAN — PFCP Timeout Causing PDU Session Failures |
| Private 5G site: on-premises UPF connected to central SMF via shared enterprise WAN. |
| WAN link carries: video surveillance, enterprise applications, and N4 PFCP traffic — no QoS differentiation. |
| During video conference peak hour: WAN utilisation hit 95%. N4 PFCP packets queued. |
| PFCP Session Establishment Response arrived at SMF after T1 timer (3s). SMF declared failure. |
| PDU session setup failure rate for enterprise devices: 35% during video conference hours. |
| Fix: dedicated QoS queue for N4 PFCP on WAN router (DSCP CS6, guaranteed 2 Mbps). |
| PDU session setup failure rate dropped to < 0.1%. |
7. Troubleshooting
| Symptom | Root Cause | Check | Fix |
| VoNR drops under load, not at low traffic | DSCP EF remarked to CS0 at aggregation router | Capture packets at PE ingress and egress: verify DSCP value preserved | Set trust dscp on gNB-facing aggregation interfaces |