Near-RT RIC: Edge Intelligence in O-RAN

• Near-RT RIC is a programmable control-plane element in O-RAN that manages sub-second radio resource orchestration and mobility through xApps.
• It integrates graph-based and machine learning xApps for optimized spectrum allocation, mobility management, and QoS under dynamic network conditions.
• The system leverages standardized interfaces like E2 and A1 to enable secure, fine-grained, and interoperable network management at the network edge.

A Near-Real-Time RAN Intelligent Controller (Near-RT RIC) is a core programmable control-plane element in Open Radio Access Network (O-RAN) systems. Operating at the network edge on 10 ms–1 s timescales, the Near-RT RIC hosts xApps—modular, closed-loop control microservices—that orchestrate radio resources, mobility, and service-level objectives in response to dynamic network conditions and high-level policies supplied by non-Real-Time RIC (Non-RT RIC) rApps. The Near-RT RIC interfaces with both RAN nodes (O-DU/O-CU) through the E2 protocol and management infrastructure via A1, O1, and other open interfaces (Santos et al., 2024, Giannopoulos et al., 20 Jan 2026). This architecture enables multi-vendor interoperability, fine-grained resource management, and rapid adaptation to time-varying user, channel, and traffic demands.

1. Architectural Roles and Multi-Timescale Integration

The O-RAN architecture splits network intelligence into multi-timescale planes. The non-RT RIC, located in the Service Management and Orchestration (SMO) domain, manages slow-timescale functions (model training, long-term policy, rApps). The Near-RT RIC—typically edge-deployed—ingests near-real-time performance telemetry from RAN nodes, executes time-critical control logic via xApps, and enforces decisions over E2 interfaces (Santos et al., 2024, Giannopoulos et al., 20 Jan 2026, Lacava et al., 2022). Physical decomposition places O-RU (radio), O-DU (lower PHY/MAC), O-CU (higher layer), and Near-RT RIC on distinct logical or physical elements.

The Near-RT RIC closes feedback loops with sub-second deadlines, enabling rapid orchestration of functions such as mobility management, dynamic spectrum (PRB) allocation, RAN slicing, interference control, and application-level Quality-of-Experience (QoE) adaptation. Policy flows from non-RT RIC rApps via the A1 interface (JSON/REST), delivering control primitives such as user priorities, fairness weights, interference tolerance, and algorithm preferences to xApps. E2 (SCTP/E2AP/E2SM) carries batched metrics and configuration commands between the Near-RT RIC and O-DU/O-CU (Santos et al., 2024, Giannopoulos et al., 20 Jan 2026). This decouples long-term traffic intelligence and learning from sub-second spectrum shaping.

2. Control Logic: Graph-Theoretic and Machine-Learning xApps

A distinctive capability of the Near-RT RIC is to support sophisticated xApps implementing advanced, policy-driven control. A canonical example is graph-theoretic resource assignment for dynamic spectrum allocation (Giannopoulos et al., 20 Jan 2026). At each scheduling slot, the xApp constructs a conflict graph $G(t) = (V(t), E(t))$ over active UEs, where edges encode sharing constraints derived from interference or same-RU assignment. The PRB allocation task is cast as a weighted graph coloring problem: maximize

$\sum_{u=1}^U w_u \min(R_{u, c_u}(t), d_u)$

subject to coloring and power constraints, where $w_u$ is the SLA weight, $R_{u, c_u}(t)$ the data rate achieved on the colored PRB, and $d_u$ the target. Heuristic coloring algorithms (Welsh–Powell, DSatur) and conflict-aware, modified proportional-fair (MPF) scheduling are employed to maximize both PRB assignment success and long-term fairness.

Machine Learning (ML) and especially Deep Reinforcement Learning (DRL) are now pervasive in Near-RT RIC xApps for resource slicing, traffic steering, QoS regret minimization, and dynamic adaptation to unpredictable network conditions. Typical DRL-based xApps leverage actor-critic frameworks (PPO, DDPG, SAC) and Graph Neural Networks (GCN) for state embedding, enabling flexible operation with a variable number of UEs and slices (Barker et al., 2 Feb 2025, Yan et al., 17 Sep 2025, Wen et al., 28 Jan 2026). DRL-based xApps can adaptively allocate bandwidth, power, compute, and optimize complex reward functions such as weighted combinations of throughput, delay, and reliability (Yan et al., 17 Sep 2025, Wen et al., 28 Jan 2026).

3. Real-Time Interfaces, Data Flows, and Timing Constraints

The Near-RT RIC exposes standardized interfaces (Santos et al., 2024):

• E2 (Southbound):
  • Supports E2AP protocol with stackable E2 Service Models (E2SM) such as KPM for metrics and RC for RAN control.
  • Enables xApps to subscribe to, decode, and act on fine-grained real-time telemetry (SINR, PRB metrics, user rates), pushing control updates at slot-level periodicity (10 ms–1 s) (Santos et al., 2024, Feraudo et al., 2024).
• A1 (Northbound):
  • Connects to non-RT RIC for policy, ML model, and configuration management.
  • Pushes JSON-structured policy profiles defining priorities, algorithm selections, thresholds, and targets (Giannopoulos et al., 20 Jan 2026).
• O1/O2 (Management and Orchestration):
  • Supports slow-timescale monitoring, health, configuration, and container management via Netconf/YANG, REST, and gRPC.

Closed-loop actuation achieves core-to-edge RTTs on the order of 1–10 ms in optimized edge deployments, with Kubernetes pod startup and RMR routing table injection typically requiring 1–2 s (non-critical for steady-state operation) (Santos et al., 2024, Giannopoulos et al., 20 Jan 2026). Orchestration and path selection are informed by placement and latency modeling (see disaggregation and cluster placement strategies in (Almeida et al., 2023)).

4. Security, Trust, and Conflict Management

The openness and programmability characteristic of O-RAN and the Near-RT RIC expose new attack surfaces and operational hazards (Chiejina et al., 2024, Dayaratne et al., 2024, Alimohammadi et al., 1 Dec 2025). Threats include:

• Message-level attacks: malicious or malformed E2AP/E2SM messages. Structural and semantic validation plus signature-based filtering at E2Term are recommended (Alimohammadi et al., 1 Dec 2025).
• Data/KPI poisoning attacks: compromised xApps or telemetry can poison real-time input streams, misleading DRL agents or triggering false control decisions. Sequence-anomaly detectors (LSTM) in xApps or dedicated verifier services are effective (Alimohammadi et al., 1 Dec 2025, Chiejina et al., 2024).
• Control logic compromise: malicious containers or API misuse. Runtime attestation (hash challenge-response) and RBAC/TLS for RPCs are critical (Alimohammadi et al., 1 Dec 2025, Dayaratne et al., 2024).
• ML-specific adversarial examples: white-box or black-box perturbations of KPMs or spectrograms can degrade xApp performance by up to 100%. Distillation and adversarial training have been demonstrated to restore model robustness while meeting near-RT latency budgets (Chiejina et al., 2024).

Zero-trust platforms based on functional encryption (IPFE) allow inference on encrypted KPM/counter data within the Near-RT RIC, ensuring privacy even from co-located xApps or compromised infrastructure, with minor overhead and no accuracy loss (Lin et al., 2024).

For multi-xApp conflict management—a major practical concern in open ecosystems—standardized conflict detection and mitigation frameworks (CMF, CMS) are embedded in the Near-RT RIC (Adamczyk et al., 2023, Wadud et al., 2023). These resolve direct, indirect, and implicit conflicts via database-driven analysis, KPI monitoring, and game-theoretic bargaining (Nash Social Welfare, Eisenberg–Gale solutions) to ensure network stability and Pareto efficiency.

5. xApp Lifecycle, Development, and Interoperability

The Near-RT RIC is architected as a set of microservices, typically Kubernetes pods. xApps follow a container-based lifecycle, from source through descriptor/schema filing, dockerization, Helm onboarding, installation, runtime registration (with routing and subscription managers), and eventual upgrade or graceful termination (Santos et al., 2024, Feraudo et al., 2024). Runtime operations require E2 subscription, real-time message/event handling, and support for persistent data storage (SDL/STSL).

xDevSM frameworks encapsulate E2SM serialization, subscription, and control logic into shared libraries and concise Python APIs, reducing codebase size and enabling seamless testing across heterogeneous RAN platforms (OAI, srsRAN, proprietary) (Feraudo et al., 2024). Sub-millisecond per-message overhead means that integration costs are negligible for RIC-loop periodicities down to 10 ms.

Design best practices include:

• Static/dynamic code vetting and behavioral profiling.
• TLS enforcement for all interfaces (E2, A1, RMR).
• Ongoing monitoring of xApp rates, control actions, and model outputs.
• RBAC/ACLs—fine-grained privilege enforcement within SDL and control planes.

6. Performance Benchmarks and Empirical Results

Empirical evaluation of Near-RT RIC xApps in both simulation and OTA testbeds confirms their potential for substantial network improvements:

Metric	Result/Improvement	Reference
PRB assignment success	>90% with DSA xApp (graph-coloring + MPF)	(Giannopoulos et al., 20 Jan 2026)
Service-share fairness	>85% (Jain's index with MPF)	(Giannopoulos et al., 20 Jan 2026)
Regret reduction (slicing)	67% over model-predictive/DRL baselines	(Yan et al., 17 Sep 2025)
URLLC latency (<2 ms pct)	>95% with RL-based slicing xApp	(Barker et al., 2 Feb 2025)
QoE-driven XR playback	~18% median latency reduction (DRL-xApp)	(Wen et al., 28 Jan 2026)
Conflict mitigation	-7% call blockages or total handovers depending on policy	(Adamczyk et al., 2023)
Attack resilience (adv ML)	Robustness restored to >98% accuracy with distillation	(Chiejina et al., 2024)
Zero-Trust overhead	<50 ms added per inference round-trip under IPFE encryption	(Lin et al., 2024)

xApp inference costs remain sustainable (<10 ms for DRL/GCN models, <1 ms for standard ML), and network performance is robust to both scale and attack under properly engineered deployment.

7. Open Challenges and Future Directions

Key open research and engineering challenges for the Near-RT RIC include:

• Scale and Placement: partitioning/disaggregation of RIC components for latency and resource optimization under dynamic network topologies (Almeida et al., 2023).
• Service orchestration: efficient, multi-tenant RIC/gNB architectures, especially for immersive, latency-critical applications (XR, telesurgery) (Wen et al., 28 Jan 2026).
• Security: scalable, low-latency mechanisms for provenance tracking, zero-trust key management, and ML model attestation that match the 10 ms–1 s control-loop constraint (Lin et al., 2024, Alimohammadi et al., 1 Dec 2025).
• Interoperability: standardized APIs and cross-platform abstraction layers for rapid, portable xApp onboarding and testing (Feraudo et al., 2024).
• Conflict resolution: scalable, real-time frameworks for multi-agent, multi-KPI arbitration in dense, heterogeneous, and adversarial environments (Wadud et al., 2023, Adamczyk et al., 2023).
• ML workflow innovation: federated and split-learning methods for distributed model training, inference acceleration, and transfer under heterogeneous deadlines and compute budgets (Gu et al., 4 Aug 2025).

These challenges define an active and rapidly evolving research field, with the Near-RT RIC central to the programmatic, secure, and agile optimization of next-generation RANs.