1 / 17

6G-NTN D5.2 Analysis and Work Plan

Tasks 5.2 and 5.3 Progress and Future Activities

Recall of the tasks 5.2 and 5.3 description + p.m

WP5 Description

Objectives related to tasks 5.2 and 5.3:

Investigate the integration of NTN in an E2E 6G network through a system level approach
Extend the 6G orchestration and automation environment with tools and models enabling seamless orchestration of services and resources throughout the disaggregated 6G network, including the NTN part
Integrate the cybersecurity constraints related to open interfaces and cloud native environments in the design phases of the virtualization and orchestration solutions
Prototype and demonstrate the positioning, orchestration and cybersecurity end-to-end system enablers through Proof-of-concepts and lab tests

T5.2 Description

The consortium will propose new virtualized and cloud native architectures for the 6Gcore network capable to cope with the ad hoc satellite constellations of 6G through disaggregating and dynamically orchestration the service-based architecture of the core network.
The Consortium will define open interfaces and APIs to monitor, configure, manage and orchestrate the NTN edge and core networks through AI and ML based algorithms leveraging measurements and analytics coming from both network components and UEs.
The proposed core and edge orchestration architectures will be demonstrated on the open testbed of THALES. In fact, TH-SIX will extend its current 5G-SA testbed by disaggregating the RAN, Edge and core domains and adding open interfaces by relying on open-source initiatives such as Open5GS, Magma, and O-RAN Alliance.

T5.3 Description

The objective of this task is twofold.

First: assess the possible vulnerabilities originating from the specific architecture of 6G-NTN
Second: propose the adequate security countermeasures focusing on securing the container-based environment, the deployed functions itself as well as the communications between these virtualized functions.

Summary of the main findings of D5.2 (quels verrous technologiques ont été levé)

Technical Architecture Achievements

Hardware Platform Implementation: The project has moved from conceptual design to concrete implementation with Kubernetes orchestration.

AI-Powered Orchestration Framework: The team developed an integrated system combining traffic prediction using LSTM and ARIMA models with dynamic VNF placement. Their testing shows LSTM models outperform ARIMA for CPU usage prediction, achieving better accuracy across multiple metrics (MAPE, MAE, RMSE).

Key Technical Innovations

Dynamic Resource Management: The orchestrator can proactively allocate resources based on ML predictions, with capabilities for real-time network monitoring and anomaly detection. The system aims to reconfigure resources within minutes during network disruptions.

Security Framework: A three-phase security mechanism was identified: proactive detection before deployment (currently operational), real-time reaction during runtime, and threat mitigation (planned for phase 2). Only first phase has been implemented.

Research Contributions

Comprehensive State-of-the-Art Analysis: The document includes extensive coverage of VNF orchestration challenges, reviewing 60+ academic sources and comparing existing solutions like Kubernetes, OpenStack, and ONAP for NTN environments.

NTN-Specific Challenge Identification: The team identified critical challenges including resource constraints in satellite systems, network heterogeneity across orbital layers (LEO, MEO, GEO), and dynamic topology management due to satellite mobility.

Phase 2 Planning: A structured roadmap for the second project period includes algorithm development, testing/optimization, deployment evaluation, and comprehensive reporting.

Critical Assessment

While the technical progress is substantial, several limitations emerge:

The traffic prediction models were tested only on a single AMF dataset from 5G networks
Real-world NTN deployment remains theoretical
The security framework is only partially implemented
Theoretical integration with satellite constellation dynamics properties (from WP3/WP4) is deferred to phase 2

Summary of delta findings in D5.2 v3 (Fév 2025) wrt D5.2 v1 (Juillet 2025)

1. New Chapters Added

Section 3: State of the Art (New)

Definition of VNFs
VNF orchestration overview
3GPP specifications related to management and orchestration
Machine Learning and AI for VNF placement and orchestration
New virtualized and cloud-native architecture

Section 4: Challenges in NTN Context (New)

VNF orchestration challenges
Security challenges
Recent research projects (SESAME, HORSE-6G)

Summary of delta findings (continued)

Section 7: Activity Plan for Second Period (New)

Advanced algorithm development
Testing and optimization
Deployment and evaluation
Reporting and dissemination

2. Modifications to Existing Sections

Section 2: From 5G to 6G

Addition of subsection "Requirements for core orchestration and platform monitoring"
Development of detailed technical requirements

Section 5 (formerly 3): Dynamic Orchestration

Addition of subsection "6G-NTN Hardware Platform"
Detailed description of hardware platform (VMware ESXi server, Intel Xeon processors, 128 GB memory)
Integration of Terraform for infrastructure-as-code

Summary of delta findings (continued)

3. Academic Content Enhancement

Bibliographic References

Version 1.0: 30 references
Version 3.0: Over 60 references with significant additions in:
- VNF placement and machine learning
- Non-terrestrial network security
- Intelligent orchestration

Additional technical details

More precise description of hardware platform
Integration of 3GPP standards (28.530, 28.532, 28.533, 28.554)
Development of interoperability aspects with NWDAF, NEF, CAPIF

4. Executive Summary Modifications

Version 3.0 presents a completely rewritten executive summary that:

Reflects the new document structure
Integrates state-of-the-art and identified challenges
Presents a more mature project vision

Summary of the delta between what evaluators request and what is promised in the task

> Other sections are still unsatisfactory. For example the cybersecurity section, which is very limited in detail by comparison with the "comprehensive analysis" that is targeted.

Answer: As described in the DoW of the project, Task 5.3 is related to secure communications between the VNFs. We do not address in this task the security of NTN links.

> T5.3: Cybersecurity: Provide examples of the use of this toolkit, how it is configured, the micro-service graphs, its detection and reporting of specific vulnerabilities.

This toolkit has been only adapted to be used in our platform and has not been designed, implemented, and evaluated in the scope of 6G-NTN. Thus, we do not estimate relevant to provide this information. However, the paper describing this work has been cited and contains all required information.

> Refer to the existing state of the art established in 3GPP Rel.18 to ensure that standardised requirements and features are adopted.

We have decided to adopt a pragmatic approach. Our solution relies on leveraging an existing 5G core infrastructure, which, while not perfect, serves as a robust foundation for our VNF orchestration platform. Rather than seeking an idealized solution that meets all requirements, we are using available open-source software to drive forward with our objectives. This approach is necessitated by the complexity and scope of R18, which poses significant implementation challenges that are more feasible in a controlled test environment.

> Note that STR-FUNC-05 and STR-FUNC-20 suggest that edge computing capabilities are required. Thus they cannot be excluded from the orchestration platform design and its functionality, even if, as stated they will not be implemented.

Most of the requirements are covered especially the first ones. However, STR-FUNC-11, for instance, is too specific to be considered here.

> - D4.2 describes the functions 6G-NTN RIC, also driven by AI and also managing use of system resources. These must be orchestrated themselves. RIC (radio) resource management decisions could potentially conflict with service management decisions concerning the orchestration of VNFs.

An orchestrator can take into account such a RIC. But for now, we first focus on orchestration of different VNFs depending on what we can achieve. The cohabitation between 2 intelligent components will not be considered in 6G-NTN.

Summary of the delta (continued)

> Additional to the further detail requested about the platform and its realisation, describe the deployment (planned or actual) of the 5G Core and any functions related to the NTN air/space-borne RAN.

Integration of 3GPP NG RAN functions are not planned to be integrated into the platform.

> Provide additional analysis of APIs relevant to orchestration and service management, including security mechanisms, especially referencing relevant work of 3GPP, ORAN Alliance and ETSI.

We do not plan to implement these specific functions in our core network. Our plan is to use a containerized core network and demonstrate the feasibility of VNF placement.

> The first part of this section is only about one aspect of Kubernetes deployment security and should be separated out into a section on its own with a new title.

This section is all about securing VNFs deployment and we focused on threats related to Kubernetes deployments. We have adapted an already existing tool developed by TH-SIX to be used as part of the platform.

> As noted before, there is a substantial state of the art for all of the topics mentioned in this section. The topics are presented as planned work but the report would benefit from references to the security challenges described by other experts. Security of integrated TN and NTN systems must also be addressed.

In this section, we have described what are the challenges related to securing 6G NTN links but we do not plan to address these challenges in the scope of this project.

> Provide state of the art analysis and references for the security topics mentioned in new section "SECURING 6G NON-TERRESTRIAL NETWORKS", e.g. IEEE Future Networks NGNR roadmaps, NextG Alliance, ORAN Alliance, and 3GPP, addressing system, API and orchestration security.

As described in the DoW of the project, Task 5.3 is related to secure communications between the VNFs. We do not address in this task the security of NTN links.

Work plan until end of project (including description of demo)

Theoretical study on UPF placement in LEO constellation
Edition of D5.3
Demo
- UPD moving from one node to another, involving different scenarios and consequences

Theoretical Analysis: Comprehensive study of UPF placement strategies within LEO satellite constellations
Deliverable D5.3: Edition
Demo preparation and setup

Demonstration Scenario Workflow

Stage 1: Configuration Input

Upload JSON configuration file to orchestrator's RESTful API
File contains traffic predictions, resource constraints, and service quality requirements
API validates input and generates operation ID for tracking

Stage 2: Intelligent Decision Making

Orchestrator analyzes JSON input alongside real-time network telemetry
AI algorithms evaluate optimal VNF placement based on:
- Orbital position and satellite coverage
- Link quality and latency metrics
- Load balancing requirements
- Resource availability across nodes
Decision engine determines UPF migration necessity and target node selection

Stage 3: Automated Execution

Orchestrator triggers cluster updates via direct kubectl commands
If orchestrator host is part of Kubernetes cluster, executes local scripts
Seamless VNF migration from source to destination satellite node
Maintains service continuity during transition process

Stage 4: Real-time Monitoring and Visualization

Grafana dashboards display migration impact in real-time
Initial metrics focus on pod distribution across cluster nodes
Visual confirmation of successful VNF relocation
Performance monitoring ensures service quality maintenance