Open Radio Access Network Systems

Updated 12 January 2026

Open RAN systems are a disaggregated, software-centric cellular architecture that decouples base station functions using vendor-neutral interfaces.
They enable network function virtualization, multi-tenancy, and dynamic slicing with embedded machine learning for intelligent resource management.
Despite enhancing innovation and cost-efficiency for 5G/6G, open RAN systems also face expanded operational and security challenges.

Open Radio Access Network (Open RAN or O-RAN) systems implement a disaggregated, software-centric cellular architecture wherein base station functions—traditionally interlocked within proprietary hardware—are decomposed into interoperable building blocks connected by open, vendor-neutral interfaces. This paradigm is defined by its support for network function virtualization (NFV), multi-tenancy, programmability, and intelligence via embedded machine learning in the control plane. Open RAN design accelerates innovation, reduces total cost of ownership, and enables flexible deployment models across 5G and emerging 6G domains, but simultaneously expands the operational and security threat surface due to its openness, virtualization, and third-party extensibility (Thiruvasagam et al., 2023, Azariah et al., 2022, Kak et al., 2023).

1. System Architecture and Functional Disaggregation

Open RAN architectures split the traditional base station—known as gNB/eNB—into three principal network functions:

O-RU (Radio Unit): Executes low-PHY, RF conversion, analog/digital front-end, FFT/IFFT, and beamforming. Typically deployed at the antenna site.
O-DU (Distributed Unit): Implements high-PHY, MAC, RLC, scheduling, and channel coding. Usually hosted on edge data centers with COTS hardware and supports real-time L1/L2 processing.
O-CU (Central Unit): Handles upper MAC, PDCP, SDAP, and RRC functions. Frequently split into CU-CP (control-plane) and CU-UP (user-plane).

These components are interconnected via openly specified interfaces:

Open Fronthaul (eCPRI, Split 7.2x): RU–DU, digitized I/Q samples, synchronized ±250 µs timing budget.
F1-C/U, E1: DU–CU, stratified into control (SCTP) and user-plane (GTP-U).
E2: Near-RT RIC↔[DU, CU], closed-loop control/telemetry for intelligent function orchestration at 10 ms–1 s granularity.
A1/O1/O2: SMO—RIC—cloud management, policy distribution, and FCAPS operations (Thiruvasagam et al., 2023, Azariah et al., 2022, Kak et al., 2023, Abdalla et al., 2021).

The RAN Intelligent Controller (RIC) hierarchy comprises:

Near-RT RIC: Hosts xApps for dynamic radio resource management, slicing, scheduling, and mobility management; control loop 10 ms–1 s.
Non-RT RIC: Executes rApps for policy management, model training, and analytics; control loop ≥ 1 s, co-located with SMO.

The architecture supports multi-RAT operation (LTE, 5G-NSA, SA), containerized deployment in edge/cloud environments, and tightly-integrated orchestration for on-demand service scaling (Kak et al., 2023, Thiruvasagam et al., 2023).

2. Open Interfaces, Programmability, and Control Flows

Key open protocols enable full interoperability and closed-loop programmability:

E2AP/E2SM: ASN.1-encoded for KPI streaming (E2SM-KPM) and control (E2SM-RC, slicing, scheduler tuning); messages encapsulated in SCTP connections to the near-RT RIC (Kak et al., 2023, Moro et al., 2023).
A1: REST/HTTP2 (TLS 1.2/1.3), non-RT RIC→near-RT RIC policy and ML model updates.
O1: SMO↔network functions, NETCONF/YANG, lifecycle management, FM/PM.

Advanced control flows are realized by loading protocol-level and RAN-function plugins:

Dynamic plugin loading/unloading: Live insertion of xApps/rApps, service models (E2SM), and protocol APIs to realize real-time reconfiguration without DP restart (Kak et al., 2023).
Slice state machines: Idle/Shared/Prioritized/Dedicated with explicit triggers and transitions in response to UE events or controller directives.
Programmable C APIs: Expose RRC, PDCP, MAC, PHY parameters, facilitating per-session, per-user, and per-slice traffic steering (Kak et al., 2023, Longhi et al., 16 Aug 2025).

Control flows are orchestrated to enforce SLA adherence on sub-100 ms timescales using closed-loop feedback from per-UE, per-slice metrics (e.g., throughput, latency, RB utilization). Policies may be set in non-RT rApps, enforced by near-RT xApps, and dynamically updated via E2 control (Kak et al., 2023, Moro et al., 2023, Longhi et al., 16 Aug 2025).

3. RAN Slicing, Resource Allocation, and Intelligent Scheduling

Open RAN enables programmable resource partitioning through network slicing:

Slice Definition: Each slice $i$ assigned weight $w_i$ ; share $\alpha_i = \frac{w_i}{\sum_j w_j}$ .
Per-TTI Scheduling: Dedicated/Prioritized slices receive $\mathrm{Vi}=\mathrm{floor}(\alpha_i\cdot\mathrm{Total~RBs})$ , with unused RBs recycled into Shared pools (Kak et al., 2023).
Programmable Scheduler: TailO-RAN generalizes PF by exposing a per-UE exponent $\beta_i$ , which is tuned by xApps using empirical joint CCDF lookup to guarantee long-term throughput (Longhi et al., 16 Aug 2025). Scheduler logic: $\gamma_i[n]=\theta_i[n]/D_i[n]$ ( $\theta_i$ requested throughput, $D_i$ moving average, raised to $\beta_i$ ); tuning $\beta_i$ enforces probabilistic flow-level SLAs.

Mathematical optimization frameworks govern resource allocation:

Linear programming for soft SLA minimization, knapsack for strict SLA enforcement (Moro et al., 2023).
Multi-agent DQN and team learning for conflict-mitigation across xApp-driven RRM functions (Zhang et al., 2022).

Experimentally, programmable scheduling improved throughput SLA success by 33% and asset-tracking F1 by 37.04% (Longhi et al., 16 Aug 2025). Multi-cell load-balancing and controller-driven slice adaptation provide robust, fine-grained QoS assurance (Kak et al., 2023, Moro et al., 2023).

4. Virtualization, Cloudification, and Deployment Models

Open RAN exploits NFV, SDN, and cloud-native orchestration:

All RAN functions (RU, DU, CU, RICs, SMO) deploy as VNFs (VMs/containers) in the O-Cloud using Kubernetes, OpenStack, or proprietary managers (Thiruvasagam et al., 2023, Azariah et al., 2022).
Zero-touch CI/CD: Automated onboarding of tenants/slices; declarative YAML templates; Tekton / ArgoCD pipelines (NeutRAN paradigm) (Bonati et al., 2023).
Rapid elasticity: Slicing, scaling, and failover occur in sub-10 s for entire base stations; the orchestration engine instantiates hundreds of containerized network elements with microsecond-to-millisecond scheduling budgets.

Power consumption and efficiency depend on placement of baseband processing (BBP):

Centralized BBP (DC) reduces per-user power ( $\sim 0.1$ W) versus DU-level ( $\sim 0.3$ W) or RU ( $\sim 0.5$ W), but increases fronthaul energy demand (Tariq et al., 30 May 2025).
Proper DU fanout (e.g., 8–12 RUs per DU) is essential; excessive fanout increases fronthaul rates (per DU: Fanout $_{DU}\times11$ Gb/s) (Tariq et al., 30 May 2025).

Multi-tenant, neutral-host models (NeutRAN) enable shared spectrum and RAN infrastructure, achieving up to 2.18 $\times$ network throughput improvement versus dedicated licensing while reducing instantiation latency to under 10 s (Bonati et al., 2023).

5. Security Challenges and Mitigation Strategies

Openness and multi-tenancy fundamentally expand the O-RAN attack surface:

Architectural Risks: Multi-vendor interconnections (API/OSS/firmware supply-chain), open interfaces (E2/A1/O1/O2, eCPRI), and API misconfigurations (Mimran et al., 2022, Liyanage et al., 2022, Chen et al., 2023).
Virtualization Risks: Container/VM escape, side-channel attacks, noisy-neighbor DoS; vulnerabilities in orchestration (Kubelet, container networking) (Chen et al., 2023, Mimran et al., 2022).
ML Risks: Model/data poisoning, inference/decision evasion, adversarial manipulation, unauthorized xApp/rApp execution (Mimran et al., 2022, Liyanage et al., 2022).
Slicing Risks: Template tampering, intra/inter-slice resource contention, rogue API calls (Chen et al., 2023).

Mitigation approaches include:

Zero-Trust Architecture: Mutual-TLS auth on all interfaces, PKI, and hardware root-of-trust (TPM) for attestation (Abdalla et al., 2021, Chen et al., 2023).
Container Security: SBOM, secure boot, runtime integrity checks, RBAC, mandatory access controls in K8s (Mimran et al., 2022).
Cryptographic Controls: AES-GCM/IPsec for E2/AP, TLS 1.3 for O1/A1, signed models, and provenance for ML.
Anomaly Detection: ML-based, including autoencoder pre-processing for xApps; ensemble techniques and continuous drift monitoring (Groen et al., 2023, Liyanage et al., 2022).
Blockchain-Backed Mutual Authentication: Ledger-based identity for components, smart contracts for access control (Chen et al., 2023).

Best practices include explicit separation of concerns, continuous trust evaluation, API and code scanning, and regular patching/updating of network elements (Mimran et al., 2022, Groen et al., 2023, Chen et al., 2023).

6. Hardware Acceleration and Performance Optimization

Hardware acceleration is essential for scaling Open RAN to high-throughput, low-latency 5G/6G services:

Layer 1 Offload: FPGAs (deterministic $\sim$ 20 µs kernel latency), GPUs (flexible, 50–200 µs), ASICs (1–5 µs), SmartNICs/DPUs ( $\sim$ 50 µs) (Kundu et al., 2023).
AAL (Acceleration Abstraction Layer): Vendors expose logical processing units (LPUs), profile-agnostic APIs (AALI-C, AALI-P), and buffer pools to enable dynamic orchestration and multi-tenancy, facilitating migration and sharing without vendor lock-in.
Inline Processing: DU architectures leverage direct GPUDirect RDMA and kernel-driven slot processing to guarantee sub-ms TTI slot latency, with observed host CPU utilization reduction ( $\sim$ 70% $\rightarrow$ 15%), and per-carrier power down to 5 W (Kundu et al., 2023).

Acceleration extends to higher layers (L2, scheduler, ARQ) and RIC AI/ML inference blocks as RAN performance targets sub-100 µs control loops for 6G (Kundu et al., 2023, Abdalla et al., 2021).

7. Evaluation: Prototyping, Testbeds, and Interoperability

Open-source projects and community testbeds drive reproducibility, scalability, and interoperability in O-RAN research:

Reference Stacks: OpenAirInterface, srsRAN, OSC (O-DU, O-CU, RIC); open source, continuously integrated, and containerized (Azariah et al., 2022, Thiruvasagam et al., 2023, Upadhyaya et al., 2022).
Testbed Deployments: Colosseum, OpenRAN Gym, OpenShift neutral-host clusters; support full-stack experimentation with xApps, programmable over-the-air endpoints, and multi-tenant evaluation (Bonati et al., 2023, Moro et al., 2023, Upadhyaya et al., 2022).
Simulated Environments: ns-O-RAN (ns-3 integration with near-RT RIC) enables scalable, realistic performance assessment, with validated E2AP/E2SM messaging and KPIs (Lacava et al., 2023).
Empirical Metrics: Sub-10 ms control loops; slice SLA enforcement at $\sim$ 100 ms; message-processing latency $\sim$ 100 µs (HexRAN), reliability $\ge$ 99.5% at 100 msg/s (HexRAN and FlexRIC), scaling to 15-cell clusters without performance degradation (Kak et al., 2023, Longhi et al., 16 Aug 2025).

Benchmark studies verify energy savings, instantiation latency, resiliency, closed-loop SLA convergence, and seamless plug-and-play across multi-vendor ecosystems.

Open RAN, as defined by O-RAN Alliance and instantiated across industry-standard open-source platforms, delivers a cloud-native, programmable, disaggregated RAN ecosystem that supports scalable multi-tenant slicing, embedded intelligence, zero-touch orchestration, and hardware-accelerated performance. This capability is tempered by expanded security risks, tight resource orchestration constraints, protocol compatibility challenges, and the imperative for continuous standardization and testing. Experimental and analytical results substantiate that Open RAN can enforce strict SLAs, scale to large deployments, and provide fine-grained programmability necessary for 5G-Advanced and for future 6G applications (Kak et al., 2023, Moro et al., 2023, Longhi et al., 16 Aug 2025, Kundu et al., 2023, Mimran et al., 2022, Liyanage et al., 2022).