China Unicom has implemented its CUBE-Net 3.0 technical architecture for next-level networks.
By Tang Xiongyan, Chief Scientist of China Unicom, Vice President of China Unicom Research Institute, and Chief Leader of CUBE-Net 3.0 Technical Architecture
In March, 2021, China Unicom released a series of white papers on next-generation digital infrastructure, or CUBE-Net 3.0, and set up a demonstration base in the Guangdong–Hong Kong–Macao Greater Bay Area to promote innovation.
Key innovations of CUBE-Net 3.0
The CUBE-Net 3.0 technical architecture defined by China Unicom (Figure 1) consists of eight parts:
CUBE-Net 3.0 technical architecture
1. Ubiquitous and elastic mobile broadband
With the steady development of 5G networks and applications, 5G services are becoming increasingly differentiated, convergent, and diversified. However, uplink bandwidth remains a bottleneck.
Mobile broadband communications need to evolve towards higher spectrum bands and bandwidth. Due to the massive amounts of connections, a large number of low- and medium-rate services will coexist with services that require large bandwidth for a long time. As mobile broadband requires more intelligent, flexible, and elastic bandwidth management, it will become ubiquitous, elastic, intelligent, and green over the next decade.
Flexible bandwidth: Full-spectrum 5G reconstruction will lay the foundation for the continuous evolution and development of 5G networks. To achieve that, three major requirements must be fulfilled: First, driving evolution towards operating bandwidth above 1 GHz with large single-carrier bandwidth above 400 MHz in millimeter wave and terahertz bands. Second, creating spectrum resource pools where cross-band resources are managed in pools by coordinated on-demand access to high-, medium-, and low-frequency bands. Third, matching bandwidth resources to users' service demands through intelligent bandwidth resource allocation.
Flexible timeslots: High uplink and downlink demands for B2B and B2C services are completely different. Alongside interference avoidance, flexible timeslot configuration is required for large uplink bandwidth to achieve optimal resource utilization and user experience. AI can accurately predict service demand trends and thus determine the necessary timeslot configuration. Real-time adjustments to the timeslot configuration based on service demand are required to achieve symbol-level flexible configuration. We can use AI to identify interference features and prevent interference to match services with functions.
Dedicated smart uplink: Built on smart timeslots, carrier aggregation, and dedicated devices, dedicated smart uplink works with AI to boost time, frequency, power, and antenna concurrency. It also opens up the possibility for future networks to offer gigabit uplink.
Wireless AI: 5G and AI can accurately match radio resources to users with converged scheduling algorithms based on service demand, user grouping, scheduling prediction, and network MCS/RANK quality. Technologies for network, user, and service sensing can understand service intentions and intelligently select and coordinate resources between networks. This contributes to optimized mobility management, interference management, and load balancing to achieve intelligent service navigation.
2. Ultra-broadband, high-quality optical fiber access
Fixed access networks are evolving from 1G PON and Wi-Fi 5 to 10G PON and Wi-Fi 6, providing gigabit access to homes. In the next 5 to 10 years, optical access networks will develop in the following three directions.
Direction 1: extending all-optical access to the end. OLTs will need to support multiple forms of flexible networking for the diverse services of the future. Therefore, future optical fibers will continue to be extended to the end. Gigabit FTTR will be deployed in rooms to achieve stable access with high bandwidth and low latency.
Direction 2: providing differentiated slice bearing and open capabilities. OLTs will support end-to-end slicing to meet the differentiated bearing requirements of services such as home broadband, government and enterprise services, and industry applications. The uplink of OLTs supports VXLAN, VLAN, ODU/OSU, SRv6, and other forwarding and routing selection modes. Adopting technologies such as HQoS, hard isolation in chips and PON ports, and Wi-Fi air interface slicing, OLTs work together with bearer network slices to enable end-to-end slicing. Traffic is directed to different slices based on services and applications to create greater synergies with service capabilities on the cloud.
Direction 3: opening up embedded computing power. Computing resources deployed on devices and the edge can help achieve application sensing and real-time pipe optimization. AI-enabled cloud-edge-device collaboration supports application scenarios such as experience management, identifying potential customers, and intelligent O&M. Video optimization, video surveillance backhaul, and industrial IoT can be migrated to cloud by opening up the embedded computing capabilities of OLTs and ONTs and collaborating with the cloud ecosystem.
3. Smart and open all-optical base
The CUBE-Net 3.0 all-optical base has four key features: (1) Stable architecture, all-optical switching, large bandwidth, and a high level of scalability. (2) All-optical anchor and all-service access support one-hop access to the cloud. (3) Intelligent management and control for automatic O&M. (4) End-to-end slicing that provides differentiated SLA services for multiple services on the same network.
The CUBE-Net 3.0 all-optical base also adopts four key technologies:
1. All-optical cross-connection (OXC). OXC equipment that adopts wavelength selective switches and optical backplanes can achieve zero fiber connections, plug-and-play, flexible scheduling, smooth capacity expansion, and ultra-large-capacity wavelength grooming, greatly saving equipment room space and reducing power consumption.
2. Optical service units (OSUs). Service-oriented OSUs can efficiently transport low-rate services and provide a slicing solution for the all-optical base, representing a potential evolution direction for OTN technologies.
3. Centralized and distributed control plane protocol architecture. Centralized SDNs use global resources to compute optimal service paths. Distributed control protocols enable agile and efficient execution, millisecond-level fault detection, and quick response. The network control protocol for all-optical services based on centralized and distributed architecture provides massive connections, ultra-high reliability, and intelligent O&M.
4. Layered intelligent management and control as well as end-to-end orchestration. Using standard ACTN interfaces, the layered architecture helps achieve cross-domain and cross-vendor E2E automatic orchestration and collaboration, providing open, fast, and layered optical network service provisioning and O&M, including fast service provisioning, latency management, and service availability management.
4. Integrated computing-network bearer networks
As IP networks evolve towards IPv6+/SRv6 alongside integrated computing-network architecture, computing-aware networking can enable collaboration between cloud, networks, edge, devices, and services. Enabling technologies include Application-aware Networking (APN), Service Function Chaining (SFC), and in-situ Flow Information Telemetry (iFIT).
The IPv6 extension header transmits application information to networks using APN technology. Using this information, the network can deploy services and adjust resources to satisfy SLA requirements of applications. When a site is deployed at the edge of a network (i.e., edge computing), APN technology can connect the network and applications, adapt to the requirements of edge services, and direct traffic to the right network path, bringing the advantages of edge services into full play.
SFC – an ordered collection of service functions – enables service chains to be created with different types of computing power, so that new types of services can be quickly provisioned. Service flows pass through specified value-added service devices in a specified sequence to acquire one or more value-added services. In a computing network, SFC underpins intent-driven computing services by connecting with different computing services based on customer intention. Alongside SRv6 SIDs and related services, SFC helps build a computing transaction platform. Computing power provided by ecosystem partners is registered with the network as an SRv6 SID. Buyers can purchase the computing power they need, while the network connects computing power services through SFC and provides services to buyers hassle-free.
Visualized computing paths and measurable performance have become key capabilities of integrated computing-network architecture. iFIT supports accurate on-demand packet-by-packet detection of performance indicators, such as latency, packet loss, and jitter, for each service. Second-level telemetry data sampling displays the SLA of service flows in real time. The hop-by-hop deployment mode enables ms-level fault recovery, ensuring the lossless transfer of computing power.
5. Customized services with deterministic performance
Many vertical industry applications, such as industrial control in power grids, manufacturing, IoV, and telemedicine, have precise requirements on network latency, reliability, timing accuracy, and data isolation. Increasing the adoption of 5G industry applications requires differentiated, deterministic, and stable QoS for vertical industry customers.
Using the CUBE-Net 3.0 architecture, China Unicom proposed providing customized networks with deterministic services, which can be approached in the following two ways:
First, unified SLA parameters applied industry-wide on deterministic services. Key requirements of vertical industry applications are classified into different levels to unify and standardize application scenario requirements, network indicators, and deterministic service indicators such as latency, jitter, bandwidth, reliability, positioning, and clock precision. A visualized and user-friendly interface allows customers to monitor services against SLAs in real time and accurately sense service indicators.
Second, removing technical bottlenecks, especially wireless air interface jitter, wide-area determinism, and the ability to integrate industry technologies. 3GPP has proposed URLLC technology to provide low latency and high reliability over the air interface. A multi-service co-existence mechanism has also been introduced. The feasibility and performance of both technologies are yet to be verified.
The capabilities of air interfaces need to be enhanced. AI-enabled real-time control can offset the adverse effects of having a large number of coexistent, complex services and mitigate the impact of traffic burst on air interface performance. Currently, the technologies for delivering deterministic services have many limitations. For example, applications like connected vehicles and remote control still struggle to deliver deterministic wide-area services across regions. Delivering these services places high demands on network equipment and requires large-scale network upgrades, meaning that cost will become a limiting factor. Currently, 5G systems support latency-sensitive services mainly by serving as a black box and integrating time-sensitive networking (TSN). Realizing native TSN functions and deeply integrating them with industrial networks is a key technical challenge for customized 5G networks.
6. AI-enabled cloud-network brain
Advanced technologies like IT, data technology, and AI can help build secure, reliable capabilities like fast service provisioning across clouds or networks, domains, and vendors, integrated fault diagnosis, resource visualization, automatic load balancing, and coordinated SLA monitoring and prediction. These will combine to form a CUBE-Net 3.0-based cloud-network brain.
End-to-end cloud-network scheduling and management require resource abstraction and a scheduling engine.
Resource abstraction means abstracting clouds or networks in different scenarios and technologies into standard basic resource models based on common data models and providing unified capabilities for acquiring, converting, storing, and managing resources.
Developing a service-independent automatic orchestration engine where design and implementation are decoupled can (1) dynamically inject resources and service models, (2) automatically analyze service intent, receive management policies and configuration items automatically converted by B/O through scenario-based interfaces, intelligently control networks enabled by AI inference, and sense and respond to network status changes in real time, and (3) support highly reliable distributed transaction mechanisms, retries at failure breakpoints, and automatic or manual rollback based on time snapshots. The orchestrator allows for visualization of resources at different layers, service analysis and association, and lightweight OSSs.
CUBE-Net 3.0 will provide network digital twin management capabilities with traceable status, predictable goals, and easy adaptation to changes. It will also offer virtual support for network diagnosis, prediction, decision-making, and sharing, and enable real-time interaction between logical and physical objects, data privacy, and security.
The real-time interaction between logical and physical objects requires real-time sensing and dynamic modeling technologies that can help precisely map logical and physical networks. Software and AI technologies can enable interaction between physical and logical networks, assist with decision-making, and support continuous improvement. This will help dynamically monitor and simulate the real status, behavior, and rules of physical networks, which will in turn support dynamic design and programming, fault simulation, and cutover simulation.
Digital twins create a new digital space outside of closed-off physical resources. This space will become increasingly open and accessible, which will cause more security and privacy issues. Blockchains are decentralized, difficult to tamper with, and provide non-repudiation, making them ideal for data privacy and security. CUBE-Net 3.0 will include a blockchain-based trusted computing service system, and a more efficient and reliable intelligent twin system enabled by AI.
AI is the technical foundation for running and decision-making in autonomous networks. Going forward, AI capabilities will be everywhere at the network element layer. With efficient collaboration between on-premises and the cloud, the CUBE-NET 3.0 network architecture enables AI models to take effect with just one click and be replicated across the entire network, addressing the challenge of large-scale replication of AI applications that has long plagued the industry.
The cloud has strong computing power and can fit all AI application scenarios across networks. As networks are deployed far from end users, AI inference focuses on meeting time-insensitive services (seconds or longer) and cross-domain/cross-vendor scenarios that require global collaboration, like service quality forecasting over a long cycle based on performance indicators, IP and optical collaboration, and wireless and bearer network collaboration. Expert experience and product knowledge can be aggregated on the cloud to help build a powerful AI training platform. Based on this platform, a network knowledge repository can be developed using knowledge graphs and fed into on-premises, which includes the network equipment layer and the management layer, for intelligent network O&M.
On-premises are distributed across different geographical locations and are highly time-sensitive. Due to limited computing power, they focus on providing real-time AI inference capabilities. When a lack of samples of on-premises can meet the precision requirements of training models, the models can be retrained on cloud and the results fed into the on-premises inference framework. To address the aging of on-premises models, a regular update and assessment mechanism is used to select optimal models.
7. Data-driven intelligent operations
Data-driven intelligent network operations comprise three parts: data convergence and the opening up of capabilities, data intelligence and building the driver layer, and innovative data applications.
The first part is data convergence and the opening up of capabilities. All-domain convergence enables data source identification and management based on standardized and ID-based data and supports the establishment of data analysis chains and data lineage tracing. Scenario-based data aggregation and public data models can help build data interfaces that are scenario-based, standardized, automated, and that translate data into information. The layered loop provides intent-based interfaces externally, so the upper layer will have lower network expertise requirements. Unified APIs and data make it easier for the upper layer to acquire network data, helping build a layered data governance architecture that supports data collection, transmission, and the analysis of different levels of time sensitivity at different scales and different levels of precision.
With a data security management framework that covers the entire data lifecycle, data management focuses on the highest-risk data transfers. A security management policy created based on a review of existing data assets and data risks can quickly satisfy the customized data security needs of businesses and households.
The second part is data intelligence and building the driver layer. General algorithm models, data simulation, and a network operation knowledge repository are used to build a data-driven middle layer for the research and development of upper-layer applications.
The third part is innovative data applications. Using converged data and open capabilities, network AI algorithms, and network operation knowledge repositories, we can build a series of intelligent data applications such as dynamic network monitoring and prediction and network configuration, maintenance, and optimization. These are used to track and sense service objects in real time while dynamically and intelligently adjusting resources to meet diverse customer needs.
8. Intrinsic cybersecurity
The CUBE-Net 3.0 intrinsic network security module uses the following five technologies:
Channel-associated trusted identity technology optimizes communication protocols and network equipment, and embeds trusted identifiers and password credentials into packet headers. Network equipment can verify the authenticity and legitimacy of requests through identity verification, preventing fraud and building fine-grained access authentication and sourcing capabilities.
Intrinsic NE security technology based on trusted boot and abnormal behavior detection introduces chip-level trusted computing technology into NEs, which helps build a trusted, secure software and hardware running environment based on the bottom layer of NEs. This allows for verification at all layers, from hardware platforms and operating systems to applications, ensuring the confidentiality and integrity of systems as a whole.
AI-enabled dynamic planning of security policies strengthens capabilities like self-learning and the modeling of traffic and service characteristics, risk prediction, and security policy orchestration based on feature models. This function also enables security policy conflict detection and automatic optimization.
Blockchain-enabled security management of digital network resources helps build a trusted system for digital network resources such as IP addresses, domain names, and AS numbers. A distributed accounting and consensus mechanism ensures the authenticity of resource ownership and mappings and prevents security issues such as IP tampering, route hijacking, and domain spoofing.
Software-defined and integrated security capability orchestration provides security functions in the form of pools and microservices, making integrated orchestration and the opening up of capabilities possible. This will allow users to flexibly define security policies, invoke security resources on demand, and agilely deploy and roll out security capabilities. Intelligent policy planning enables security on any cloud and any network.
Enabling industry digitalization with an open ecoystem
China Unicom will use CUBE-Net 3.0 to create an ecosystem with capabilities opened up on demand and easily integrated, build a unified platform for opening up network capabilities, implement a strategy of network service as a platform, provide standardized network capability APIs, open up more network service elements in the form of applications, and make network as a service (NaaS) a reality.
It will also work closely with vertical industries, industry application developers, and industry device providers to integrate applications, computing, networks, and devices, and provide intelligent, converged services for vertical industries, thus building up its strengths in connectivity, computing, and intelligence, enabling industry digitalization.
With CUBE-Net 3.0, China Unicom will also work to build a controllable open source technology ecosystem. We will continue to pursue open innovation, make full use of integrated applications and consolidated resources, expand the open source ecosystem, and work with industry partners to build a technical alliance for the open source industry. To become self-sufficient in basic software and hardware and core technologies, China Unicom will intensify efforts to pursue technical partnerships with domestic leaders.
Together, we will build a full-stack open-source technology ecosystem that covers chips, devices, networks, operating systems, and security, over which we will have full autonomy.
