O-RAN: Open Radio Access Network

• O-RAN is an industry-driven, standards-based open architecture that replaces traditional monolithic RANs with disaggregated, vendor-neutral, and programmable network components.
• It integrates hierarchical RAN Intelligent Controllers (RIC) hosting xApps and rApps to deliver real-time, AI/ML-driven closed-loop control for dynamic network optimization.
• O-RAN supports advanced network slicing and virtualization, enabling secure, efficient resource management and multi-vendor interoperability essential for 5G evolution and emerging 6G applications.

The Open Radio Access Network (O-RAN) is an industry-driven, standards-based paradigm for realizing programmable, disaggregated, and virtualized cellular radio access networks. O-RAN replaces proprietary, monolithic hardware-centric RAN architectures with vendor-neutral software, open interfaces, and intelligent controllers operating at multiple timescales. This re-architecture enables multi-vendor interoperability, rapid innovation via third-party network applications (xApps/rApps), fine-grained network slicing, and closed-loop control underpinned by artificial intelligence and machine learning (AI/ML). O-RAN is central to the evolution of 5G and a foundation for emerging 6G RANs (Alam et al., 6 May 2024, Polese et al., 2022, Abdalla et al., 2021, Thiruvasagam et al., 2023).

1. Architectural Principles, Building Blocks, and Open Interfaces

O-RAN deploys a layered, open architecture characterized by hardware-software disaggregation and standardized, multi-vendor interfaces. The canonical functional decomposition comprises:

• O-Radio Unit (O-RU): Responsible for RF front-end, analog/digital conversion, and low-PHY (FFT/IFFT, beamforming) (Abdalla et al., 2021, Polese et al., 2022, Masur et al., 2021).
• O-Distributed Unit (O-DU): Implements high-PHY, MAC, and RLC, real-time scheduling; deployed on COTS servers (Polese et al., 2022, Masur et al., 2021).
• O-Centralized Unit (O-CU): Divided into control-plane (CU-CP: RRC, SDAP) and user-plane (CU-UP: PDCP); offers multi-RAT and advanced mobility support (Polese et al., 2022).
• Service Management and Orchestration (SMO): Provides FCAPS management, instantiates and manages virtualized network functions (VNFs/CNFs) in the O-Cloud (Alam et al., 6 May 2024, Thiruvasagam et al., 2023).
• RAN Intelligent Controllers (RIC): Hierarchical AI/ML-driven controllers: non-RT RIC (policy, model training, >1 s), near-RT RIC (xApp hosting, 10 ms–1 s control), and prospective RT RIC for sub-ms PHY control (Abdalla et al., 2021, Alam et al., 6 May 2024).

The architecture is unified via key open interfaces:

• Open Fronthaul (eCPRI, split 7.2x): O-RU↔O-DU; U-plane: I/Q samples; C-plane: scheduling; S-plane: PTP sync; M-plane: NETCONF/YANG (Thiruvasagam et al., 2023, Groen et al., 23 Apr 2024).
• F1 (O-DU↔O-CU), E1 (CU-CP↔CU-UP): 3GPP control/user-plane splits.
• E2 (near-RT RIC↔O-DU/CU): E2AP over SCTP/IPsec; fine-grained KPM telemetry/control, xApp mediation (Alam et al., 6 May 2024, Polese et al., 2022, Upadhyaya et al., 2022).
• A1 (non-RT RIC↔near-RT RIC): gRPC/TLS/JSON; policy, ML model and intent distribution (Abdalla et al., 2021, Masur et al., 2021).
• O1/O2: Management and orchestration (SMO↔RAN nodes / O-Cloud) (Alam et al., 6 May 2024).

This design enables full virtualization of RAN protocol stack elements, supports dynamic function deployment across cloud, edge, or even UAV platforms, and delivers vendor-agnostic interoperability (Moore et al., 6 Nov 2024, Moro et al., 2023, Michaelides et al., 2 Sep 2024).

2. Intelligence-Driven Control: xApps, rApps, and AI/ML Workflows

O-RAN natively embeds intelligence through closed-loop control loops orchestrated by the RICs:

• Non-RT RIC (≥1 s): Hosts policy and analytics rApps, global AI/ML model training, orchestration (Polese et al., 2022, Abdalla et al., 2021).
• Near-RT RIC (10 ms–1 s): Hosts xApps—microservices implementing real-time resource control, traffic management, slice scheduling—with access to KPM streams and RAN control primitives over E2 (Mungari et al., 28 May 2024, Polese et al., 2022).

AI/ML workflows span:

1. KPI Telemetry Collection: via O1, E2; raw RSRP, CQI, utilization, traffic, mobility data.
2. Feature Extraction & Preprocessing: normalization, windowing, PCA.
3. Model Training: LSTM, DRL, ARIMA, ConvLSTM; offline in non-RT RIC, validated in Model Catalog.
4. Policy/Model Distribution: via A1, model artifacts or containers.
5. xApp/rApp Online Inference: real-time model execution within near-RT RIC (sub-second) or O-DU (prospective sub-ms "zApps" in RT RIC) (Gopal et al., 14 Apr 2024, Masur et al., 2021, Abdalla et al., 2021).
6. Continuous Monitoring & Retraining: KPI delta tracking, distribution drift, explainability toolchains (Polese et al., 2022, Alam et al., 6 May 2024).

Deployment of xApps is orchestrated dynamically (see OREO algorithm) to maximize service satisfaction and resource efficiency, leveraging function-level decomposition, complexity-aware selection, and dynamic scaling under compute/memory constraints (Mungari et al., 28 May 2024).

3. Network Slicing, Programmability, and Virtualization

O-RAN natively supports RAN slicing, enabling E2E virtual subnetworks for eMBB, URLLC, mMTC, private campus, and custom use cases (Alam et al., 6 May 2024). Key slicing features:

• Slice-aware O-CU/O-DU Scheduling: per-slice PRB allocation, QoS isolation, KPM per-slice reporting.
• Integration with SMO/CSMF/NSMF/NSSMF: orchestrated via O1/O2, mapped through standardized slice management actors and orchestration frameworks (ONAP, NFV-MANO).
• Infrastructure (IL), Network Function (NFL), Service (SL) Layer Slicing: decoupling hardware substrate, virtual RAN functions, and service-level definitions.
• Multi-Vendor Slicing: supported via open interfaces; slices can mix O-DUs/O-CUs from different vendors (Alam et al., 6 May 2024).

Virtualization is realized through COTS servers, VMs/containers, Kubernetes/OpenStack orchestration, full lifecycle management (scaling, healing, upgrades), and support for microservices and multi-tenant deployments (Chen et al., 2023, Michaelides et al., 2 Sep 2024). Programmability and innovation are further catalyzed by full stack openness and third-party xApp/rApp ecosystems (Mungari et al., 28 May 2024, Upadhyaya et al., 2022).

4. Security Challenges, Threat Surfaces, and Mitigation Strategies

O-RAN significantly enlarges the RAN attack surface due to disaggregation, open interfaces, cloud-native deployments, and third-party AI/ML components (Chen et al., 2023, Abdalla et al., 2023, Polese et al., 2022, Liyanage et al., 2022). Key risk domains include:

• Architectural Openness: Supply-chain attacks, open fronthaul eavesdropping, jamming, API compromise (Chen et al., 2023, Zhang et al., 2022).
• Cloud/Virtualization Threats: VM/container image tampering, hypervisor escapes, side-channels, misconfigured access (Chen et al., 2023, Liyanage et al., 2022).
• Network Slicing: Template tampering, unauthorized instantiation, inter-slice resource leakage.
• AI/ML Attacks: Training data poisoning, model inversion, extraction, adversarial examples (Chen et al., 2023, Liyanage et al., 2022).
• Open Interface Protocol Attacks: MITM, replay, spoofing across E2, O1, A1, F1, Open Fronthaul (Groen et al., 2023, Abdalla et al., 2023, Groen et al., 23 Apr 2024).

Mitigation best practices include:

• Strong Encryption and Mutual Authentication: IPsec (E2), MACsec (Open Fronthaul), mTLS (O1/O2/A1), PKI root-of-trust, hardware attestation (Groen et al., 23 Apr 2024, Groen et al., 2023, Abdalla et al., 2023).
• Zero-Trust and RBAC: Per-interface authentication, least-privilege, container isolation, segmentation (Groen et al., 2023, Chen et al., 2023).
• Continuous Security Assessment: Image scanning, code signing, runtime monitoring, security-by-design CI/CD.
• ML Defenses: Input validation, differential privacy, adversarial training, anomaly detection, explainability (Groen et al., 2023, Chen et al., 2023).
• **Standardization in O-RAN WG11; conformity to NIST SP 800-207 Zero Trust, 3GPP TS 33.501, and ETSI NFV security recommendations (Liyanage et al., 2022, Thiruvasagam et al., 2023).

Measured impacts of encryption protocols on latency/throughput are typically small in well-provisioned environments (e.g., IPsec/GCM adds ≲50 µs/packet E2; MACsec on Open Fronthaul remains feasible with correct MTU and compute), but insufficient compute or suboptimal protocol selection can produce bottlenecks (Groen et al., 23 Apr 2024).

5. Resource Management, Efficiency, and Implementation Realities

Resource management in O-RAN encompasses secure, low-latency UE–O-RU association, dynamic encryption selection under CPU/memory constraints, and real-time scaling of xApps (Abughazzah et al., 10 Mar 2025, Mungari et al., 28 May 2024). Multi-objective optimization frameworks balance latency and security by jointly assigning users to O-RUs and selecting encryption/configuration parameters subject to battery, processing, and security budgets. Convex relaxations and iterative algorithms yield near-optimal trade-offs and scale for realistic problem sizes (Abughazzah et al., 10 Mar 2025).

Power efficiency models show that centralizing baseband processing (BBP) at high-utilization points (DU, CU, or DC) can yield ≥80% reduction in per-user energy compared to RU-edge processing, contingent on fanout and traffic; DU fanout ≥8 is optimal for many topologies (Tariq et al., 30 May 2025). Real-world testbeds and frameworks (e.g., Colosseum, OAI, srsRAN, OpenRAN Gym) enable performance/latency benchmarking, including control-plane loop latencies (~3 ms per E2 command), data-plane throughput validation, and stress-testing of xApp orchestration at scale (Upadhyaya et al., 2022, Michaelides et al., 2 Sep 2024, Polese et al., 2022).

6. Limitations, Open Issues, and Research Directions

Despite its impact, O-RAN faces substantial research and engineering challenges (Abdalla et al., 2021, Polese et al., 2022, Chen et al., 2023):

• End-to-End Security and Assurance: Full automation of supply-chain vetting, standardized secure onboarding, zero-trust across interfaces, and robust AI/ML pipelines.
• Deterministic Latency: Achieving URLLC-class latency (<1 ms) across multi-vendor fronthaul, especially for advanced splits.
• Sub-millisecond PHY Control: Near-RT RIC control loops (≥10 ms) are inadequate for ultra-fast beamforming/link adaptation; research directions highlight the need for RT RICs/zApps operating at DU/O-RU with sub-ms inference (Abdalla et al., 2021).
• AI Testing, Certification, and Explainability: No unified regime for AI module validation, adversarial/fuzz testing, runtime monitoring, or explainable decision-making in xApp/rApp/zApp control (Abdalla et al., 2021, Alam et al., 6 May 2024).
• Cross-domain Orchestration: Converged management of RAN, transport, and core slices; harmonization of O-RAN, 3GPP, ETSI, and ONAP standards; dynamic functional split and multi-timescale coordination.
• Scalability and Practicality: Centralized optimization and orchestration scales poorly for large deployments; distributed, RIC-driven, and learning-based heuristics are active areas of research (Mungari et al., 28 May 2024, Abughazzah et al., 10 Mar 2025).

7. Impact and Future Trajectory

O-RAN enables flexible, cost-effective, and programmable RANs—transforming cellular research, multi-vendor operations, and deployment models. By combining open interfaces, disaggregation, embedded intelligence, and strong security, O-RAN is at the core of 5G-Advanced, B5G, and is foundational for 6G architectures. Ongoing standardization, real-world trials, and testbed validation are evolving solutions to current limitations, including security hardening, sub-millisecond control, and AI/ML lifecycle management. Cross-domain orchestration frameworks, function-level abstraction in xApp orchestration, and next-generation AI testbeds will be central to O-RAN’s maturation (Alam et al., 6 May 2024, Moore et al., 6 Nov 2024, Abdalla et al., 2021, Mungari et al., 28 May 2024).