TelcomIQ

Navigate

BrowseSecurityCoverageQuizContact

Graph

Full GraphBuilder

UPF

User Plane Function β€” traffic forwarding anchor in the 5G packet core

Type

node

Generations

5G

Threat level

medium
🧩

Quiz coming soon for this topic.

Questions & comments

Join the discussion

Overview

The UPF β€” User Plane Function β€” is where subscriber data actually moves in a 5G SA core. While the AMF and SMF handle control signalling, the UPF performs the packet forwarding: receiving GTP-U tunnels from the gNB on N3, applying QoS enforcement and traffic detection, and routing packets to and from the data network on N6. Every byte of subscriber internet traffic, VoNR RTP stream, or enterprise VPN packet passes through the UPF.

The UPF is a pure user plane function β€” it makes no autonomous forwarding decisions. All of its behaviour is programmed by the SMF via PFCP (Packet Forwarding Control Protocol) on the N4 interface. The SMF installs Packet Detection Rules (PDRs) that classify incoming traffic, Forwarding Action Rules (FARs) that determine where classified packets go, QoS Enforcement Rules (QERs) that police bitrate and mark DSCP, and Usage Reporting Rules (URRs) that count bytes for charging. The UPF executes these rules at line rate but has no say in what they contain.

The UPF replaced the user plane components of two 4G nodes: the SGW-U (which handled GTP-U toward the eNB and toward the PGW) and the PGW-U (which handled packet routing toward the PDN and enforced Gx policy at the traffic level). The 3GPP CUPS (Control and User Plane Separation) architecture introduced in Release 14 was the bridge β€” it defined PFCP as the control channel between SGW-C/PGW-C and SGW-U/PGW-U, and that same PFCP interface became the N4 interface in 5G.

The UPF can be deployed at multiple points in the network simultaneously. A 5G operator may run a central Anchor UPF (A-UPF) for general internet traffic and a distributed Intermediate UPF (I-UPF) co-located with the gNB for edge compute or local breakout. The SMF controls both and chains them via N9 GTP-U tunnels. This distributed UPF model is the foundation for Multi-access Edge Computing (MEC) in 5G networks.

How it works

PFCP session establishment

Before any subscriber data flows, the SMF must establish a PFCP session on the UPF for each PDU session.

  1. The SMF sends a PFCP Session Establishment Request to the UPF on N4. The request contains the full rule set for the session:
    • PDRs with packet detection criteria (5-tuple, TEID, SDF template)
    • FARs specifying forwarding action (forward, drop, buffer, or duplicate), destination (N3 TEID for downlink, N6 interface for uplink)
    • QERs with guaranteed and maximum bitrates, DSCP marking
    • URRs with volume thresholds and reporting triggers for charging
  2. The UPF allocates a local PFCP session context and a tunnel endpoint ID (TEID) on the N3 interface for uplink traffic from the gNB.
  3. The UPF returns a PFCP Session Establishment Response containing the allocated N3 TEID and the UPF's N3 IP address.
  4. The SMF passes the N3 address and TEID to the AMF, which forwards it to the gNB via N2 (NGAP PDU Session Resource Setup Request).
  5. The gNB establishes the GTP-U tunnel to the UPF. Data flows begin.

Packet processing β€” uplink path

  1. Subscriber device sends a packet; the gNB encapsulates it in GTP-U with the session's uplink TEID and forwards it to the UPF on N3.
  2. The UPF matches the incoming GTP-U packet against PDRs using the TEID.
  3. The matching FAR specifies: strip the GTP-U header, apply QoS (via QER), and forward the inner IP packet to the N6 interface toward the data network.
  4. If a URR volume threshold is crossed, the UPF sends a PFCP Session Report Request to the SMF with the usage report. The SMF forwards this to the CHF for charging.

Packet processing β€” downlink path

  1. A packet arrives at the UPF on N6 from the data network, addressed to the UE's allocated IP.
  2. The UPF matches the packet against PDRs using the destination IP (SDF filter).
  3. The matching FAR specifies: encapsulate in GTP-U with the session's downlink TEID, and forward to the gNB's N3 address.
  4. QoS marking and rate enforcement (QER) are applied before encapsulation.
  5. If the UE is suspended (idle mode), the FAR action is "buffer" β€” the UPF buffers the packet and notifies the SMF via a PFCP report, which triggers paging via the AMF.

N9 β€” multi-UPF chaining

When the SMF deploys an I-UPF between the gNB and the A-UPF:

  1. The gNB sends GTP-U to the I-UPF's N3 interface.
  2. The I-UPF's FAR for uplink traffic forwards the packet over a GTP-U tunnel on N9 to the A-UPF.
  3. The A-UPF terminates the N9 tunnel and forwards the packet to N6.
  4. Downlink traffic follows the reverse path: A-UPF β†’ N9 β†’ I-UPF β†’ N3 β†’ gNB.
  5. Both UPFs maintain separate PFCP sessions controlled by the same SMF.

Architecture role

The UPF is the user plane anchor β€” the point at which the subscriber's IP address is rooted. As the UE moves between gNBs, the SMF updates the UPF's downlink FAR to point to the new gNB's TEID, keeping the UE's IP address stable across mobility events. The UPF does not move; the gNB attachment point changes around it.

In 5G SA: The UPF is controlled by the SMF via PFCP on N4. It terminates GTP-U from the gNB on N3, routes to the internet or enterprise network on N6, and chains with other UPF instances on N9.

Compared to 4G EPC: The SGW-U handled the GTP-U relay between eNB and PGW-U. The PGW-U terminated the packet core and connected to the PDN on SGi. The 5G UPF merges both into a single function with PFCP replacing GTP-C as the control channel, and N6 replacing SGi as the DN interface name.

The UPF's placement has direct implications for latency and MEC. An A-UPF in a central data centre introduces backhaul latency for every packet. An I-UPF co-located with the gNB site (or at a regional aggregation point) enables local traffic breakout before packets reach the central core β€” critical for sub-10ms application latency targets.

Key interfaces

InterfaceBetweenDirectionPurpose
N3UPF ↔ gNBBidirectionalGTP-U tunnels carrying subscriber PDU sessions
N4UPF ↔ SMFBidirectionalPFCP β€” session establishment, rule install, reporting
N6UPF ↔ Data NetworkBidirectionalIP routing between UPF and internet / enterprise DN
N9UPF ↔ UPFBidirectionalGTP-U inter-UPF tunnels for chained/distributed UPF

Security posture

The UPF's threat model is dominated by one fact: all subscriber user plane traffic flows through it. If an attacker can influence what the UPF does with packets β€” by manipulating PFCP rules, abusing GTP-U tunnel mechanics, or intercepting traffic at the N6 boundary β€” they can intercept, redirect, or suppress traffic for any subscriber whose session the UPF serves.

Unlike the AMF and SMF, the UPF does not participate in the SBA and has no OAuth2 or REST API attack surface. Its exposure is at the protocol level: PFCP on N4 (UDP, optionally IPsec-protected), GTP-U on N3 and N9 (UDP, no inherent authentication), and raw IP on N6 (the internet-facing interface). The N6 interface is the most exposed β€” it connects directly to the data network, which for internet DNN traffic is the public internet.

The UPF also holds all usage reporting data that feeds charging. A UPF that suppresses or manipulates URR reports can silently cause charging bypass β€” a subscriber consuming data without generating billable records.

Attack surface

GTP-U encapsulation abuse

GTP-U, the tunnel protocol on N3 and N9, has no authentication or encryption. Any node that can send UDP packets to the UPF's N3 port (2152) can inject GTP-U encapsulated packets with a valid TEID β€” effectively injecting traffic into any active PDU session. An attacker who learns an active session's TEID (e.g., by observing N3 traffic on a compromised gNB) can inject arbitrary packets into that session from outside the legitimate tunnel.

Impact: Arbitrary packet injection into active subscriber sessions; potential for TCP session hijacking or protocol-level attacks.
Difficulty: Medium. Requires knowledge of a valid N3 TEID and network access to the UPF's N3 interface. TEID values are not secret in unencrypted transport environments.

N6 traffic interception

The N6 interface connects the UPF to the data network β€” for internet DNN traffic, this is typically a peering link or transit connection. Traffic on N6 is plain IP. If the routing infrastructure between the UPF and the internet peering point is compromised, or if a BGP hijack redirects traffic, subscriber data is exposed in plaintext (unless the application uses TLS).

Impact: Passive interception of all unencrypted subscriber application traffic for the affected UPF.
Difficulty: Variable. BGP hijacks affecting the operator's IP addressing are a documented real-world threat; physical tapping of N6 segments is a nation-state capability.

PFCP rule manipulation via compromised SMF

The UPF trusts PFCP instructions from its controlling SMF unconditionally. If an attacker compromises the SMF, or registers a rogue node as an SMF in the NRF and obtains a PFCP association with the UPF, they can install malicious FARs that redirect all subscriber traffic on a given session to an attacker-controlled IP address, silently duplicating traffic while forwarding the original.

Impact: Full subscriber traffic interception and duplication β€” the most severe UPF attack class.
Difficulty: High. Requires either SMF compromise or a rogue PFCP node with network access to the N4 segment.

Usage reporting suppression

The UPF's URR mechanism triggers volume reports to the SMF at configured thresholds. A UPF that is manipulated or misconfigured to suppress URR reports β€” by modifying volume thresholds to near-infinite values, or by dropping PFCP Session Report Requests β€” causes the SMF to generate no charging records for affected sessions.

Impact: Charging bypass β€” affected subscribers consume data without billing.
Difficulty: Medium. Requires either UPF misconfiguration access or manipulation of PFCP Session Establishment Requests to install URRs with suppressed thresholds.

Mitigations

The UPF requires defence at the PFCP control channel, the GTP-U tunnels, and the N6 data network boundary.

  • IPsec on N4 (PFCP): Deploy IKEv2 with mutual certificate authentication on all N4 paths. The UPF should only accept PFCP associations from known, certificate-verified SMF instances. Do not allow PFCP associations from unknown source addresses.

  • GTP-U source validation on N3: Configure the UPF to validate that incoming GTP-U packets on N3 arrive from registered gNB IP addresses with expected TEIDs. Drop GTP-U packets with TEIDs that do not correspond to active sessions or that arrive from unexpected source IPs. IPsec on the N3 transport (where the gNB supports it) provides stronger guarantees.

  • N6 egress filtering: Deploy a stateful firewall on the N6 interface. Apply ingress filtering to reject spoofed source IPs (BCP38) and egress filtering to ensure subscriber traffic sources match the UPF's allocated IP pools. Inspect traffic for protocol anomalies using DPI.

  • PFCP session isolation: Ensure that each SMF can only modify or delete PFCP sessions it originally created. The UPF should enforce SEID (Session Endpoint ID) ownership β€” reject PFCP Session Modification Requests from an SEID not associated with the initiating SMF instance.

  • URR integrity monitoring: Monitor PFCP Session Report Request rates per UPF and per SMF. Alert when URR reporting drops to zero for UPFs that should be carrying active sessions. Cross-reference with network traffic counters from the RAN to detect charging suppression.

  • N4/N9 network segmentation: Place the N4 and N9 interfaces on isolated VLANs or VRFs separate from RAN-facing (N3) and internet-facing (N6) interfaces. Prevent any device on the RAN segment from reaching the PFCP port (UDP 8805) directly.

Spec references

  • 3GPP TS 23.501 β€” 5G system architecture. Section 6.2.3 defines the UPF's role; Section 5.8 covers the overall CUPS-based user plane architecture.

  • 3GPP TS 29.244 β€” The normative PFCP specification for N4. Defines all PDR, FAR, QER, and URR rule types, PFCP session procedures, and reporting mechanisms. The definitive reference for SMF-UPF integration work.

  • 3GPP TS 38.415 β€” NG-RAN PDU Session User Plane Protocol. Defines the GTP-U extensions specific to 5G NR on the N3 interface, including QoS flow indicators.

  • 3GPP TS 33.501 β€” 5G security architecture. Section 9 covers user plane security requirements including UP integrity protection between gNB and UPF.

Related topics

The UPF is inseparable from the SMF, which programs all of its forwarding behaviour via PFCP on the N4 interface. The UPF executes; the SMF decides. Understanding the UPF requires understanding PFCP rule semantics and how the SMF translates PCF policy into forwarding instructions.

The N3 tunnel uses GTP-U β€” the same protocol used between eNB and SGW in 4G EPC, and between SGSN and GGSN in 3G. The GTP-U mechanics on N3 are essentially identical to S1-U in 4G; the 5G-specific additions are the QoS Flow Indicator (QFI) extensions defined in TS 38.415.

The UPF superseded the user plane of both the SGW (which handled the GTP-U relay between RAN and PGW in 4G) and the PGW (which terminated the packet core and connected to the PDN on the SGi interface).

For the full 5G packet core architecture see 5G SA, which places the UPF in the context of the complete NF mesh.

Relationships