Near-RT RIC in O-RAN Architecture

• Near-RT RIC is a central element of the O-RAN architecture that enables programmable, closed-loop RAN control at 10 ms to 1 s latencies.
• It hosts microservice control applications (xApps) that process real-time telemetry and execute AI-driven optimizations for effective radio resource management.
• It integrates conflict management, secure interfaces, and high-throughput messaging to support low-latency operations crucial for 5G/6G network performance.

The Near-Real-Time RIC (Near-RT RIC) is a central element of the O-RAN architecture, tasked with enabling programmable, closed-loop control of the Radio Access Network (RAN) at timescales between 10 ms and 1 s. Its architectural role is to bridge high-level, long-term operations governed by the non-real-time (Non-RT) RIC and rapid, PHY/MAC timescale decisions executed in the distributed and centralized RAN units (O-DU/O-CU). By hosting microservice control applications (“xApps”), the Near-RT RIC orchestrates advanced radio resource management, enables AI-driven optimization, and enforces policies with strict latency guarantees essential for emerging 5G/6G use cases and service-level agreements.

1. Functional Architecture and Placement

The Near-RT RIC is deployed between the O-CU/O-DU layer of the RAN and the Non-RT RIC, residing either centrally or at the network edge depending on latency and scalability requirements. Architecturally, it comprises several core functional blocks:

• E2 Termination/E2-Lite Agent: Manages SCTP-based E2 interface connections to RAN nodes, receiving and forwarding telemetry.
• xApp Execution Environment: Provides an isolated, containerized runtime for xApps with strict resource quotas and lifecycle management.
• Shared Data Layer (SDL) / RIC Database: Centralized store for telemetry (Key Performance Metrics—KPMs, buffer stats, etc.), supporting efficient subscribe/query mechanisms for xApps.
• Internal Messaging Infrastructure (IMI): High-throughput pub/sub and routing for telemetry and control, typically implemented with Redis Streams or Kafka.
• Management Services: xApp management, subscription orchestration, and logging/monitoring services.

Integration with the broader O-RAN service architecture is achieved through standardized interfaces:

• E2 interface (southbound to O-DU/O-CU): For real-time telemetry ingestion and enforcement of control policies.
• A1 interface (northbound to Non-RT RIC): For receipt of high-level policy, guidance vectors, and model updates.
• O1 interface: For configuration and management data to/from the Service Management Orchestration (SMO).

Precise timing and placement are critical. Latency-sensitive components (E2T, certain xApp runtimes) are typically offloaded to edge nodes colocated with DUs to minimize round-trip delays and ensure sub-10 ms control loops where required (Almeida et al., 2023).

2. Control Loop Semantics and Latency Guarantees

The Near-RT RIC orchestrates a closed feedback loop: Sense → Decide → Actuate. Telemetry is collected over E2 at periodicities of 10 ms to 1 s, processed by xApps, and corresponding control actions are propagated back to the RAN via the same interface. The total control-loop delay is the sum of measurement, data transport, inference, and actuation time:

$$T_\mathrm{loop} = T_\mathrm{sense} + T_\mathrm{process} + T_\mathrm{decide} + T_\mathrm{actuate}$$

Empirical deployments consistently report end-to-end control-loop delays $T_\mathrm{loop}$ well below the O-RAN-specified 1 s upper bound—commonly in the 10–100 ms regime for URLLC and closed-loop scheduling (Xavier et al., 2023, Yan et al., 17 Sep 2025, Lin et al., 2024). For example, an early attack detection xApp achieved $T_d \approx 3.81$ ms including a 2.86 ms inference step using Random Forest on commodity virtual machines (Xavier et al., 2023). At larger scale, Deep RL-based xApps maintain forward pass and actuation well within 10 ms budgets, supporting slicing and QoS control for 5G and beyond (Yan et al., 17 Sep 2025).

3. xApps: Structure, APIs, and Methodologies

xApps are microservices running within the Near-RT RIC’s containerized runtime. Each xApp:

• Subscribes to one or more telemetry streams (E2SM-Indication) from the RAN (typical periodicity: 10–500 ms).
• Executes decision logic—rule-based, ML/DL inference, RL, or heuristic.
• Issues E2SM-Control messages to adjust RAN parameters such as PRB allocations, handover thresholds, or scheduling weights.

To lower the barrier for interoperable xApp development, frameworks like xDevSM abstract E2 service model (SM) logic, subscription management, ASN.1 encoding/decoding, and message construction behind concise Python or C APIs (Feraudo et al., 2024). For example, an xApp can subscribe, process, and control with under 200 lines of code (vs. 1800 LOC without xDevSM), and maintain latency overheads $<0.5$ ms per Indication-to-Control cycle.

Machine learning and RL pipelines are prevalent:

• Ensemble ML for Traffic Classification: Random Forest and tree ensembles for early attack detection (Xavier et al., 2023).
• Deep RL for Slicing: Policy gradient or actor–critic algorithms (PPO, DDPG) for MAC/PHY-layer resource allocation, with regret or utility-based objectives and explicit integration of slice-level throughput, latency, and reliability constraints (Yan et al., 17 Sep 2025, Bao et al., 25 Apr 2025).
• Graph-based Models: GCNs for dynamic session/slice graph embeddings in adaptive slicing (Yan et al., 17 Sep 2025).
• Post-Transformer SSMs: Specialized tensor network-based architectures with $O(L)$ inference for online KPI forecasting under strict compute/memory constraints (Rezazadeh et al., 18 Jan 2026).
• Federated Learning: Split and mutual learning paradigms for scalable, deadline-aware distributed model training across Near-RT and Non-RT RICs (Gu et al., 4 Aug 2025).

4. Conflict Management and Inter-xApp Coordination

Running multiple heterogeneous xApps poses the challenge of parameter conflicts. Direct, indirect, and implicit conflicts (i.e., concurrent or interacting control actions on overlapping or correlated RAN parameters) must be resolved in sub-second timescales.

Standardized Conflict Management Systems (CMS) in the Near-RT RIC consist of:

• Conflict Detection Controller (CDC): Monitors for KPI breaches, detects conflicting updates (via timestamped parameter journals and groupings), and classifies conflict types (direct/indirect/implicit).
• Conflict Mitigation Controller (CMC): Implements game-theoretic bargaining (e.g., Nash Social Welfare Function, Equal Gains) over the feasible parameter space, eliciting utilities from xApps and iterating to an equilibrium value (Wadud et al., 2023, Adamczyk et al., 2023).

Empirical results demonstrate restoration of target KPIs and fairness improvement for losing xApps by 50–150% over naively alternating maximization, all within tight control-cycle deadlines. Extending this, abstraction layers and policy-driven tie-breakers allow for scalable, extensible conflict management in large deployments.

5. Security, Privacy, and Trust in Near-RT RIC

The open, multi-tenant, microservice nature of Near-RT RIC exposes new threat vectors:

• Message-level attacks: Malformed or semantically adversarial E2 messages, including replay or crafted ASN.1 fields.
• Data-level attacks: Poisoned KPM reports or adversarially perturbed intelligence data (including test-set poisoning by colluding xApps).
• Control logic compromise: Tampered xApp binaries or runtime code injection.

Multi-layer defense frameworks are proposed, with dedicated modules for signature-based E2 message inspection (sub-ms overhead), anomaly detection on KPM telemetry using LSTM-based temporal scoring (attack detection rates $>97.9\%$), and runtime xApp attestation via memory image hash challenge–response (sub-ms per MB overhead); combined, these maintain end-to-end loop extensions well under the 1 s maximum and control logic integrity (Alimohammadi et al., 1 Dec 2025).

For data confidentiality, zero-trust architectures leveraging Inner Product Functional Encryption (IPFE) enable inference over encrypted telemetry in the Near-RT RIC, preventing data exposure via the E2 interface or shared SDL. Empirical results maintain $>97.9\%$ detection accuracy and sub-0.5 s round-trip times for ML-driven xApps (Lin et al., 2024).

6. Advanced Applications and Research Testbeds

The flexibility of the Near-RT RIC control plane supports a broad range of programmable RAN functions:

• Early network event and anomaly detection: Real-time ML-based xApps for volumetric DoS attack mitigation at the DU, reducing RAN-wide damage before central units are affected (Xavier et al., 2023).
• Closed-loop slicing and traffic steering: DRL-driven resource allocation for adaptive slicing balancing throughput, reliability, and latency across profile-diverse slices (eMBB, URLLC, mMTC) and user sessions (Yan et al., 17 Sep 2025, Barker et al., 2 Feb 2025).
• Dynamic spectrum and PRB allocation: Heuristic conflict-graph coloring with proportional fair metrics for responsive, fairness-guaranteed physical layer scheduling under dense multi-cell interference (Giannopoulos et al., 20 Jan 2026).
• Data-driven VR latency control: Heuristically steered RBG allocations track per-application latency, outperformed static slicing by 15.8% in resource efficiency in 4G O-RAN testbeds (Casparsen et al., 2024).

Testbeds range from srsRAN and OpenAirInterface-based SDR deployments to full-scale simulators (ns-3, DigitalTwin) integrating accurate channel models for RL offline training with seamless xApp on-boarding to production Near-RT RIC platforms (Lacava et al., 2022, Ko et al., 2023).

7. Challenges and Emerging Directions

Key unresolved issues and research trajectories include:

• Timely inference under constrained budgets: Need for model compression, edge-oriented acceleration, and quantization to achieve $<10$ ms inference for URLLC/6G (Bao et al., 25 Apr 2025).
• Hierarchical and agentic AI orchestration: Multi-scale frameworks with Large/Small LLMs (LLMs/SLMs) spanning Non-RT and Near-RT layers, whereby intent, model lifecycles, and tactical RAN actions are coordinated for intent-driven, robust control (Navidan et al., 15 Feb 2026).
• Interoperable and portable xApp ecosystems: Abstracted SM APIs, automated code generation, and cross-platform pipelines enabling rapid deployment and version evolution (Feraudo et al., 2024).
• Federated and split learning for model updates: Adaptive resource selection ensuring learning round deadlines, bandwidth/cost optimization, and network model convergence aligned with Near-RT RIC constraints (Gu et al., 4 Aug 2025).
• Conflict management standardization: Move toward vendor-agnostic, extensible CMF APIs and inter-RIC (vertical, inter-layer) conflict pipelines.
• Security and trust extensibility: Modular, policy-driven integration of runtime and data-path detectors, and long-term adaptation for emerging threat classes (Alimohammadi et al., 1 Dec 2025, Lin et al., 2024).

The Near-RT RIC thus acts as the tactical backbone of the O-RAN intelligent control plane, enabling programmable, low-latency, AI-driven, and secure RAN operation, and is the focus of intense ongoing research for scalable and resilient network automation (Xavier et al., 2023, Yan et al., 17 Sep 2025, Navidan et al., 15 Feb 2026, Alimohammadi et al., 1 Dec 2025, Wadud et al., 2023, Feraudo et al., 2024).