Listen to this article

Telecom operators have invested north of $220 billion globally in 5G infrastructure, yet a majority are flying blind inside their own core networks. The shift from monolithic 4G EPC to a cloud-native, service-based 5G Core (5GC) has fundamentally broken traditional monitoring paradigms. With disaggregated network functions communicating over REST APIs at millisecond intervals, the blast radius of an undetected anomaly is no longer a single node. It is the entire service layer. Operators who treat observability as an afterthought will face escalating SLA breaches, revenue leakage and an inability to monetize network slicing at scale. The imperative is clear: end-to-end 5G Core observability is not a tool choice, it is a strategic capability that must be engineered, not bolted on.

The 5G Core is a Distributed System, and Distributed Systems Fail Silently

The service-based architecture (SBA) of 5G Core introduces a class of failure modes that legacy OSS/BSS tooling was never designed to detect.

The Structural Shift That Changed Everything

In 4G, the Evolved Packet Core (EPC) was largely monolithic. Network functions like the MME, SGW and PGW were tightly coupled, vendor-locked and monitored through SNMP traps and vendor-proprietary element management systems (EMS). Visibility was shallow but sufficient, you knew when a box went down.

5G Core dismantles this architecture entirely. Functions such as the AMF (Access and Mobility Management), SMF (Session Management), UPF (User Plane), UDM (Unified Data Management), AUSF (Authentication), PCF (Policy Control), NRF (Network Repository) and NSSF (Network Slice Selection) are now discrete microservices — containerized, independently scalable and communicating exclusively over HTTP/2-based APIs using the SBI (Service Based Interface).

This is architecturally powerful, but operationally treacherous. A degraded NRF that responds slowly does not “fail” in any traditional sense. It introduces latency that cascades across every NF that queries it for service discovery. An SMF handling thousands of simultaneous session requests may appear perfectly healthy by average performance measures — response times look fine, no alarms are firing. But for the top 1% of transactions, it is silently timing out. In a network carrying enterprise SLA traffic, that 1% is not a rounding error, it is a breach. Legacy monitoring tools see none of this.

What Traditional Monitoring Misses

Monitoring DimensionLegacy (4G/EPC)5G Core Reality
Visibility ModelBox-level SNMP / EMSService mesh, API trace
Failure ModeHard failures (node down)Soft failures (latency, retries, partial)
ToolingVendor EMS (Ericsson ENM, Nokia NetAct), IBM NetCool, HP NNM, ENIQPrometheus, Jaeger, OpenTelemetry
Data Granularity5–15 min polling intervalsSub-second telemetry streams
Coupling AwarenessNoneCritical (NF dependency graph)

Real-World Implication

A Tier-1 operator reported that after migrating to a cloud-native 5GC, their mean-time-to-detect (MTTD) for service-impacting issues increased by 3x — not because failures were more frequent, but because the observability stack had not kept pace with the architectural shift. The operator was monitoring infrastructure (CPU, memory, pod health) but had zero visibility into inter-NF API behavior.

The Three Telemetry Pillars and the Data Sets That Matter

Effective 5G Core observability requires convergence across three telemetry streams: metrics, traces and logs, each mapped to specific network function behaviors and failure hypotheses.

The Observability Stack for 5GC

Pillar 1: Metrics (What is happening, at what rate)

The key metric datasets for 5GC include:

  • NF-level KPIs: Registration success/failure rates (AMF), PDU session establishment latency (SMF), authentication success rate (AUSF/UDM), policy decision latency (PCF)
  • SBI API metrics: HTTP response codes (2xx, 4xx, 5xx) per NF service operation, request rates, error rates and latency percentiles (p50/p95/p99) per API endpoint
  • UPF throughput metrics: Packet forwarding rates, GTP tunnel counts, QoS flow enforcement accuracy, N4 session counts
  • NRF health metrics: NF registration/deregistration events, service discovery query rates, NF profile TTL violations
  • Infrastructure metrics: Pod restarts, HPA scaling events, node CPU/memory saturation (via Kubernetes metrics-server or cAdvisor)

Pillar 2: Distributed Traces (Why is it happening, where)

Every inter-NF call in 5GC traverses the SBI. Distributed tracing using standards like Open Telemetry with propagation headers (traceparent, tracestate) across HTTP/2 enables operators to reconstruct the full call graph for any procedure: registration, authentication, PDU session setup or handover.

Critical trace datasets:

  • End-to-end UE registration traces (AMF → AUSF → UDM → PCF → NRF)
  • PDU session establishment traces (AMF → SMF → UPF → PCF → UDM)
  • Handover procedure traces (source AMF → target AMF → SMF)
  • Slice selection traces (AMF → NSSF → NRF)

Pillar 3: Structured Logs (What exactly happened, in sequence)

5GC NFs must emit structured logs (JSON-formatted, timestamped, with correlation IDs) to enable cross-NF event correlation. Critical log datasets include:

  • 3GPP procedure logs (Namf, Nsmf, Nudm, Npcf service operations)
  • Security audit logs (AUSF authentication events, UDM subscription changes)
  • NRF registration/discovery event logs
  • SMF charging trigger logs (for revenue assurance correlation)

The Toolchain That Brings It Together

LayerRecommended Tooling
Metrics CollectionPrometheus + custom exporters per NF vendor
Metrics StorageThanos / VictoriaMetrics (for long-term, multi-cluster)
TracingJaeger / Tempo with OpenTelemetry SDK
Log AggregationFluentd / Vector → Elasticsearch or Loki
VisualizationGrafana (unified dashboards across metrics + logs + traces)
AlertingAlertmanager with SLO-based alert policies
Service Mesh ObservabilityIstio / Linkerd with Envoy sidecar metrics

Persistent recommends a unified telemetry pipeline built on the OpenTelemetry Collector as the vendor-neutral backbone, ingesting signals from all NF vendors, normalizing them to OTLP format and routing to purpose-fit backends.

NWDAF: The Native Intelligence Layer Operators Are Underutilizing

The Network Data Analytics Function (NWDAF) is 3GPP’s answer to intelligent, closed-loop observability, yet most operators treat it as a future roadmap item rather than an immediate operational lever.

What NWDAF Actually Does

NWDAF, standardized in 3GPP Release 15 and significantly enhanced in Release 16/17, is the native analytics engine embedded within the 5G Core SBA. It consumes data from all NFs via the Nnwdaf service interface and produces analytics outputs, both historical statistics and predictive inferences, that other NFs can subscribe to and act upon.

NWDAF serves two distinct functions:

  • NWDAF-MTLF (Model Training Logical Function): Trains ML models on NF telemetry
  • NWDAF-AnLF (Analytics Logical Function): Executes inference and delivers analytics to consumers

Analytics use cases with immediate operational value:

NWDAF Analytics IDUse CaseConsumer NF
NF_LOADPredict NF congestion before it impacts serviceAMF, SMF, NRF
UE_MOBILITYPredict UE movement for proactive resource allocationAMF, PCF
SLICE_LOAD_LEVELPer-slice congestion prediction for dynamic NSSF policyNSSF, PCF
SERVICE_EXPERIENCEQoE degradation detection per application/UEPCF, AF
ABNORMAL_BEHAVIORDetect UE or NF anomalies (security, signaling storms)AMF, PCF, NEF

The Closed-Loop Opportunity

The true power of NWDAF is not passive analytics. It is closed-loop automation. When NWDAF predicts an SMF instance approaching saturation 90 seconds ahead of threshold breach, it can notify the NRF to de-prioritize that SMF in service discovery responses, load-balancing sessions without human intervention. This is a fundamentally different operating model from reactive alert-and-escalate.

Persistent has observed that operators who integrate NWDAF into their NOC workflows, even in an advisory (human-in-the-loop) capacity, reduce mean-time-to-mitigate (MTTM) for core network events by 40–60% versus those relying on threshold-based alerting alone.

The Implementation Gap

Despite 3GPP standardization, NWDAF adoption lags for three reasons: vendor implementations vary significantly in completeness, data pipelines between NFs and NWDAF require careful integration work and most operators lack the ML engineering capability in-house to operationalize model outputs. This is precisely where an experienced systems integrator becomes the differentiating factor.

Observability as a Revenue Enabler: The Network Slicing Business Case

For operators monetizing 5G through enterprise network slicing, observability is not a cost of operations. It is the assurance mechanism that makes SLA-backed commercial agreements defensible.

The Slicing Promise Requires Slice-Level Visibility

Network slicing, selling dedicated, isolated 5G logical networks to enterprise verticals (manufacturing, healthcare, logistics), is the primary monetization vehicle for 5G investment recovery. GSMA puts the broader B2B enterprise opportunity for telcos at $400B+, with network slicing explicitly named as a near-term priority. Ericsson’s June 2026 Mobility Report shows slicing commercial launches nearly doubled in just 6 months

Every enterprise SLA for a network slice contains hard commitments: guaranteed latency (e.g., <10ms for industrial automation), throughput floors, availability targets (99.999%) and security isolation guarantees. Delivering and proving these commitments requires per-slice observability that most operators currently cannot provide.

The Observability Requirements for Monetized Slices

Per-slice visibility demands instrumentation across all three layers simultaneously:

  • Infrastructure layer: Per-slice resource utilization (dedicated UPF pods, SMF contexts, RAN resources via O-RAN xApp telemetry)
  • NF behavioural layer: Per-S-NSSAI PDU session counts, SMF charging records per slice, PCF policy enforcement per slice, NSSF selection decisions
  • Business layer: Per-slice SLA adherence dashboards (customer-facing), breach prediction alerts, usage-based billing records for CSP revenue assurance

The Commercial Consequence of Observability Gaps

Without per-slice observability, operators face three compounding risks. First, inability to detect SLA breaches before customers do, eroding trust and triggering penalty clauses. Second, inability to prove SLA compliance during contractual disputes. Third, inability to optimize slice resource allocation, resulting in stranded capacity that erodes margin.

Three Actions for CXOs to Take Now

The window for treating 5G Core observability as a deferred investment is closing rapidly. As networks scale, slices proliferate and enterprise SLAs harden, the cost of retrofitting observability grows non-linearly. The organizations that will lead in 5G monetization are those building observability-first into their core network operations today.

  1. Audit Your Current Observability Coverage Against the Three-Pillar Framework. Assess honestly: do you have sub-second API-level metrics, distributed traces across NF procedures and structured correlated logs? If you are still dependent on vendor EMS and SNMP, you are operating blind in a microservices environment.
  2. Accelerate NWDAF Integration. NWDAF already exists inside your 5G Core. Start using with two basic use cases — predicting NF overload and detecting abnormal network behavior. These deliver value quickly, without large investments and build your team’s confidence in automated network management.
  3. Build Per-Slice Observability Before You Sign Enterprise SLAs. Do not commit to SLA-backed commercial slicing agreements without first validating that your observability stack can measure, report and alert at the slice level. This is a go-to-market readiness gate, not a post-launch nice-to-have.

Engineer Observability Into Your 5G Core

Persistent brings deep expertise in cloud-native telecom architecture, 5G Core integration and AI/ML-driven network analytics. Our Telecom & Networks Practice partners with Tier-1 and Tier-2 operators globally to design and implement observability platforms that turn 5G infrastructure investments into defensible, monetizable service capabilities.

To explore how Persistent Systems can accelerate your 5G Core observability program, connect with our Telecom Practice leadership.

Author Profile

Mandar Baxi

Prateek Agnihotri

Principal Solutions Consultant – Pre-Sales Communications, Media, Technology, and Industrial

As a Principal Solutions Consultant, Prateek works closely with sales, delivery, engineering, practice, partnership, and leadership teams to craft winning technology solutions and business propositions for enterprise customers. He specializes in AI, GenAI, digital engineering, telecom, and cloud-led transformation, helping organisations align business objectives with innovative technology strategies to drive growth, operational excellence, and measurable business outcomes.