5GS: Practical Guide to 5G System Architecture for Telecom Engineers

April 17 2026, by Paul Waite
14 min reading time

If you work in the telecom industry, you’ve likely heard “5G” used loosely to describe everything from faster download speeds to futuristic smart cities. But 5GS—the 5G System as defined by 3GPP—is something far more specific. It encompasses the complete end-to-end architecture for 5G networks, integrating 5G New Radio (NR) with the 5G Core (5GC) network. This distinction matters because 5GS enables capabilities like network slicing, ultra-reliable low-latency communications (URLLC), and massive machine-type communications (mMTC) that simply aren’t possible with radio upgrades alone.

This guide answers what 5GS actually is and how it differs from 5G NR radio, the 4G Evolved Packet Core (EPC), and legacy cores. We’ll walk through 3GPP Releases 15–18 (2018–2025) as the main milestones shaping commercial deployments. The focus here is on practical implications for MNOs, MVNOs, and fixed wireless operators building real networks—not abstract theory.

A modern cellular tower stands tall against a clear blue sky, with city buildings visible in the background, representing the infrastructure essential for mobile networks and 5G core technology. This image highlights the deployment of advanced communication systems that support voice and data access in urban environments.

From 4G EPC to 5GS: What Changes for Operators

The transition from 4G EPC to 5GS represents a fundamental shift in how mobile network infrastructure operates. EPC, widely deployed between 2014 and 2016, relies on a monolithic, hardware-centric design with point-to-point interfaces like S1 (RAN-to-core), S5/S8 (user plane), and S6a (authentication). This architecture handled peak throughputs around 1 Gbps per cell—impressive for its time, but insufficient for 5G’s targets of 20 Gbps peaks.

5GS separates 5G NR (the radio access technology) from the core network and system architecture. This separation matters enormously for migration planning. While EPC required tightly coupled components, 5GS introduces control and user plane separation (CUPS), service based architecture (SBA), and cloud-native deployment models. RESTful HTTP/2 APIs with JSON payloads replace GTP tunnels, enabling deployment on Kubernetes orchestrators with 10x faster scaling—seconds versus hours for VNF instantiation.

The deployment timeline creates distinct operational realities. Non-Standalone (NSA) deployments using EN-DC keep EPC in place as an anchor, which accelerated early rollouts—over 100 operators launched NSA by end-2020. However, NSA sacrifices slicing and VoNR capabilities. Standalone (SA) requires a full 5g core and significant changes in OSS/BSS integration, with commercial SA launches growing from 2021 onward. GSMA data indicates 70% of operators were running hybrid EPC-5GC environments by 2024, with full EPC sunset projected for 2027-2028 in Europe and Asia.

3GPP 5GS Specifications and Releases

3GPP defines 5GS through a series of releases, each adding capabilities that operators can leverage for different use cases. Understanding which release supports your requirements helps you select the right equipment and plan your roadmap.

Release 15 (frozen June 2018, functional freeze March 2019) introduced initial 5G NR and 5GC specifications. Key documents include TS 23.501 (system architecture), TS 23.502 (procedures), and TS 23.503 (policy and charging). This release enabled first NSA deployments and laid the SBA foundation with NRF for NF discovery.

Release 16 (finalized mid-2020 to early 2021) enhanced URLLC for industrial IoT with latency targets under 1ms and reliability exceeding 99.999%. It added integrated access and backhaul (IAB) for dense deployments and vehicle-to-everything (V2X) improvements.

Release 17 (completed 2022) expanded to non-terrestrial networks (NTN) for satellite integration and NR-RedCap for reduced-complexity IoT devices supporting data rates up to 220 Mbps downlink.

Release 18 (5G-Advanced or “5.5G,” work ongoing through 2025) focuses on AI/ML-driven network optimization, integrated sensing, and uplink enhancements for FWA, with studies showing potential capacity gains of 3-5x over Release 17 in mid-band deployments.

The most relevant 3GPP groups for 5GS architecture include SA1 (services), SA2 (architecture, producing TS 23.501/502), SA3 (security), SA5 (management and telecom management), RAN1-3 (physical layer, layer 2/3, architecture and interfaces), and CT groups for IMS and protocols.

Core 5GS Architecture: Service-Based Design

The 5g core (5GC) serves as the central element of 5GS—a fully software-defined, service-based architecture that fundamentally changes how network components communicate and scale.

In EPC, components connect through point-to-point interfaces (S1, S6a, S11) with rigid, predefined interactions. 5GC replaces this with service-based interfaces where network functions expose APIs via REST/HTTP2 with JSON payloads. This shift enables horizontal scalability and simplifies adding new capabilities without redesigning interface specifications.

The logical separation of control plane and user plane is critical for scaling traffic. Control plane functions (AMF, SMF, PCF, UDM, AUSF) handle signaling and session management, while user plane functions (UPF) focus purely on packet forwarding with throughputs up to 100 Gbps per instance. This separation allows independent scaling—UPFs handle 80-90% of traffic volume while control plane manages signaling storms from IoT surges reaching up to 1 million devices per square kilometer.

The image depicts the interior of a modern data center featuring rows of sleek server racks illuminated by blue lighting, highlighting the advanced hardware setup used for managing and supporting core network functions. This environment is essential for monitoring and deploying service-based architecture in mobile networks, facilitating efficient communication and data processing.

Telecom vendors now deploy 5GC as cloud-native network functions (CNFs) on Kubernetes or OpenStack-based clouds. Vendors like Ericsson report 5x OPEX savings through auto-scaling during peak events. When visualizing this architecture, focus on logical blocks and reference points (N1, N2, N3, N6) rather than vendor-specific products.

Key 5GS Network Functions

In 5GS, network functions (NFs) replace many traditional network element roles from EPC, exposing capabilities through discoverable APIs.

AMF (Access and Mobility Management Function) handles NAS signaling, connection management, and selection of SMF/PCF. It evolves from MME but delegates session duties to SMF.

SMF (Session Management Function) manages PDU session establishment with QoS profiles, addressing the control aspects previously handled by SGW/PGW.

UPF (User Plane Function) consolidates SGW/PGW user plane for packet forwarding, deployable at network edge for latency under 10ms.

AUSF/UDM replace HSS for unified authentication. AUSF handles authentication server duties with 5G-AKA vectors, while UDM manages subscriber data with SUPI-to-SUCI encryption to prevent IMSI catching.

PCF (Policy Control Function) extends PCRF for slice-aware policies with dynamic rules based on UE location and speed.

NSSF (Network Slice Selection Function) selects S-NSSAI at PDU setup, supporting multi-tenancy.

NEF (Network Exposure Function) exposes network capabilities to application functions like edge apps.

NRF (NF Repository Function) acts as service registry with OAuth-protected discovery, handling 10,000+ registrations per second in hyperscale deployments.

NWDAF (Network Data Analytics Function) provides ML-based analytics for predictive scaling and anomaly detection.

For engineers coming from LTE: MME maps roughly to AMF+SMF, HSS maps to UDM+AUSF+UDR, and PCRF maps to PCF+CHF. This helps you read 5GS specifications with familiar mental models.

5GS and Network Slicing

Network slicing stands as one of the defining capabilities of 5GS, enabling multiple logical networks to run over shared RAN and core infrastructure. Each slice operates as an isolated end-to-end network with dedicated resources and policies.

Slices are identified by S-NSSAI (Single Network Slice Selection Assistance Information), with support for up to 256 slices per PLMN. Slice/Service Types (SST) define the category: SST 1 for eMBB (enhanced mobile broadband), SST 2 for URLLC, and SST 3 for mMTC. Instantiation spans from gNB (CU/DU slicing via AMF request) through AMF, SMF/PCF (policy and QoS per slice), to UPF (traffic isolation via DNN).

NSSF anchors slice selection using UE subscription and requested SST. PCF enforces slice-specific policies, while SDN/NFV orchestration platforms like ONAP manage slice lifecycle—from creation through monitoring to teardown.

The image depicts an industrial factory floor filled with advanced automated machinery and robotic arms, working in unison to enhance production efficiency. This high-tech environment showcases the integration of hardware and software components, reflecting the future of manufacturing and the role of automation in modern industry.

Consider these concrete cases from recent deployments:

T-Mobile’s 2023 rural FWA slice on mid-band n71 (600 MHz) serves 50,000 homes with dedicated UPFs delivering 500 Mbps speeds
Volkswagen’s 2024 factory slice in Germany (3.7-3.8 GHz local spectrum) provides AGV control with URLLC latency requirements
Enterprise private network slices for MVNOs reduce CAPEX by 40% through shared RAN/core infrastructure per GSMA’s 2024 report

One challenge to watch: RAN-core synchronization introduces 20-30% overhead in inter-slice handover latency if not properly tuned.

5GS Deployment Models: NSA, SA, and Private 5G

Non-Standalone (NSA) and Standalone (SA) represent fundamentally different architectural choices. NSA (Option 3x, EN-DC) anchors 5G NR to LTE RAN and EPC, boosting bandwidth through carrier aggregation—combining 4G 100 MHz with 5G 400 MHz to achieve 2 Gbps. SA (Option 2) uses full 5GC, enabling slicing and VoNR.

The timeline tells the story: NSA commercial launches hit 80+ operators around 2019-2020, with China Mobile covering 300 million users. The shift toward SA accelerated from 2021 for operators prioritizing VoNR and slicing revenue. SA-capable UE penetration grew from 10% in 2021 to 60% by 2024 per Ericsson Mobility Report.

For operators evaluating deployment, architectural impacts include:

Dual connectivity (EN-DC) over Xn/X2 interfaces for seamless handover
Dual registration for UEs connecting to NR and 5GC
Roaming complexity from N9 inter-UPF routing and SUPI handling
Device requirements for SA-capable UEs

Private 5G and non-public networks (NPN) offer additional flexibility. Local spectrum allocations—CBRS Band 3 (3.55-3.7 GHz) in the US with 50,000+ deployments projected by 2025, German 3.7-3.8 GHz for factories—enable standalone deployments with local 5GC or public core integration via N3IWF. LA Port’s 2023 automation upgrade achieved 5ms latency using this approach.

Operators typically weigh NSA for quick coverage expansion (80% of sites upgraded by 2020) against SA for revenue growth—slicing adds $20-50 per user monthly in enterprise ARPU.

5GS Frequency Bands and Radio Integration

While 5GS primarily concerns the system and core network side, spectrum choices for NR (FR1 and FR2) heavily influence core design and capacity planning.

Low-band (600-900 MHz, including n5 and n28) provides coverage extending 10-50 km with typical speeds around 100 Mbps—ideal for rural FWA like T-Mobile’s n71 deployments.

Mid-band (3.3-4.2 GHz, n77/n78) delivers 500 Mbps to 2 Gbps with 100-200 MHz bandwidth. This band dominates global deployments, comprising 70% of 5G sites by 2025.

mmWave (24-40 GHz, n258/n260) achieves 4-10 Gbps with 800 MHz bandwidth but limited range under 200 meters—suited for high-density venues like stadium deployments.

Different bands create different traffic patterns through UPFs and backbone. Edge UPFs handle bursty mmWave traffic with 10x peaks, while central UPFs serve steady low-band flows. Dynamic spectrum sharing (DSS) enables up to 90% LTE-5G efficiency during transition periods.

Integration with legacy RATs matters for brownfield operators. LTE and NR dual connectivity, Xn interfaces for multi-RAT handover, and careful backbone planning ensure seamless user experience during migration.

Security and Trust in 5GS

5GS enhances security through several mechanisms, but the shift to IT-like protocols and cloud-native deployment also enlarges the attack surface. ENISA’s 2023 report estimates 5-10x increase in potential attack vectors compared to traditional telecom architectures.

Key security features address known 4G vulnerabilities:

SUCI (Subscription Concealed Identifier) uses public-key encryption to prevent passive eavesdropping that plagued IMSI in 4G
5G-AKA provides enhanced key derivation with home-visited mutual authentication
AUSF/UDM deliver unified authentication vectors with stronger cryptographic foundations

Regulatory and geopolitical concerns shaped 5GS deployment from 2019-2024. The EU’s 5G Toolbox (2020) mandated supplier risk assessments. US FCC’s 2022 restrictions and UK’s Huawei cap at 35% drove supply chain diversification—operators like Deutsche Telekom achieved 100% policy-compliant 5GC by 2024.

Operational security requirements for 5GS environments include API security (mTLS, rate limiting) for SBA interfaces, certificate lifecycle management and automation, strict segmentation between slices to prevent cross-talk, and continuous monitoring of exposed NFs via NEF. The IT nature of SBA demands robust API gateways to mitigate DDoS risks that weren’t concerns in traditional telecom protocol stacks.

5GS for Industrial, IoT, and Fixed Wireless Use Cases

5GS supports three main service categories simultaneously: eMBB (20 Gbps peaks), URLLC (sub-millisecond latency, 99.99999% reliability), and mMTC (1 million devices per square kilometer). This flexibility enables diverse deployments across industries.

Industrial deployments have accelerated since 2022. Bosch’s 2023 factory implementation using Release 16 achieves 0.5ms latency for controlling 1,000 robots. Port automation projects like LA Port’s 2023 upgrade demonstrate how local 5GS cores with dedicated slices enable autonomous vehicle control with strict SLA guarantees.

mMTC and RedCap (Release 17) address massive IoT requirements. RedCap devices offer reduced complexity with 20 Mbps peak rates and 10-year battery life for sensors—manageable through slicing without overwhelming core capacity.

The image depicts a serene rural landscape featuring rolling hills under a clear sky, with a small farmhouse nestled in the distance. This tranquil setting evokes a sense of simplicity and connection to nature, ideal for those seeking a peaceful retreat.

Fixed wireless access booms with 5GS SA cores. Verizon’s 2024 n77 FWA deployment serves 2 million subscribers at 1 Gbps, rivaling fiber at $300 per home versus $1,000+ for fiber installation. Rural and suburban areas increasingly rely on FWA as a faster-to-deploy alternative, often supporting 5GS slices alongside mobile traffic.

From an operator perspective, capacity planning must address 99.999% uptime SLAs while managing hybrid EPC-5GC environments. Slice isolation ensures industrial URLLC traffic doesn’t compete with eMBB consumer streams.

Operations, Automation, and Observability in 5GS

5GS was designed from the ground up for automation, with APIs and event exposure enabling closed-loop control that wasn’t practical in EPC environments.

NWDAF (Network Data Analytics Function) serves as the analytics engine, correlating KPIs across RAN and core for predictive scaling and anomaly detection. ML models can predict 20-30% traffic surges, triggering UPF scaling before congestion occurs. Unsupervised learning approaches identify network anomalies that would otherwise require manual log analysis.

Integration with external orchestrators and CI/CD pipelines enables continuous deployment of CNF updates. Zero-downtime rolling upgrades—impossible in monolithic EPC—become standard practice. NRF-based service discovery means new NF instances automatically register and become available.

Practical observability requires fusing multiple data sources:

SBI call tracing with latency targets under 50ms
UPF performance monitoring (packets per second exceeding 1 million)
RAN KPIs like CQI and BLER correlated with core metrics
Standard telemetry formats (Prometheus, Grafana dashboards)

AT&T’s 2024 stadium deployments demonstrate auto-scaling handling 5x traffic spikes during events—exactly the kind of scenario 5GS automation was built to address.

Migration Roadmap to 5GS

Most operators will run mixed EPC and 5GC environments for several years. A phased migration strategy balances coverage expansion, revenue capture, and operational complexity.

Typical phases include:

LTE/EPC optimization (2018-2020): Maximize existing investment while planning 5G
NSA introduction (2019-2022): Rapid coverage expansion, 90% of sites upgraded
Limited SA for specific use cases (2021-2023): Enterprise campus deployments, private networks
Wider SA rollout and VoNR (2023-2025): 70% of sites, consumer VoNR replacing VoLTE fallback
EPC sunset planning (2026-2028): Final migration of remaining traffic

Technical dependencies constrain timing. SA-capable UE penetration needs to reach 80% before broad SA migration makes sense—projected by 2026. IMS readiness for VoNR remains essential, with VoLTE fallback required until then. Legacy 2G/3G interworking via N26 interface (AMF-MME handover) adds complexity in regions where these networks persist.

Greenfield operators like Dish bypassed this complexity by launching SA-only from 2022. Most established MNOs target broad SA footprint between 2024 and 2027, accepting hybrid operations as transitional reality.

Looking ahead, 5G-Advanced (Release 18) promises 3x spectrum efficiency improvements and AI-native network optimization. Research into 6G and non-terrestrial convergence positions 5GS as the foundation for the next decade of mobile network evolution. Operators who master 5GS architecture today will be best positioned to adopt these advancements as they mature.

Start by evaluating your current EPC dependencies and identifying high-value use cases—whether enterprise slicing, FWA expansion, or industrial IoT—that justify SA investment. Consider piloting SA on a limited footprint to build operational expertise before broader rollout. Visit the 3GPP specifications page for details on the latest releases supporting your target capabilities.