Why SS7 and Diameter Are Being Replaced by HTTP in 5G Standalone

Phil Knight
Phil Knight

This is the first of two blogs dealing with the topic of signalling evolution of APIs, the second part ‘5G network APIs’ will be published shortly.

As the telecom world transitions into the 5G era, one of the less visible but most significant changes is the shift in signalling protocols. Traditional signalling systems like SS7 (Signalling System 7) and Diameter are being replaced by HTTP/2-based APIs in 5G Standalone (5G SA) networks. But why is this change happening? Let’s unpack the evolution.

A Brief History: SS7 and Diameter

SS7: The Legacy Backbone

SS7 is a signalling protocol suite developed in the 1970s and used in 2G and 3G networks. It enables everything from call setup and routing to SMS and roaming. While it has been incredibly durable, it’s based on circuit-switched architecture—something the modern, data-heavy world is moving away from. When it was defined the only companies that could access the closed SS7 network were trusted fixed and mobile operators, consequently the level of in-built security was minimal. Over time this approach failed as piece by piece less scrupulous players were allowed access to the network and a multitude of scams emerged ranging from phishing to artificial SMS revenue enhancement.

Diameter: The 4G Successor

With the introduction of LTE (4G), SS7’s limitations prompted the use and further development of Diameter, an IP-based protocol designed for authentication, authorization, and accounting (AAA). It supports more advanced use cases but was still deeply tied to telco-centric infrastructure models. At the same time the industry was trying to retro engineer security features into the legacy SS7 network, which proved only partially successful. Interestingly, the MNOs (apparently quite deliberately) did not embed a speech solution into the 4G standards, relying on a difficult to implement solution called VoLTE, which even today several operators have failed to get working for a variety of reasons that were glossed over by the standards community who wrote the 4G standards. 

 Enter 5G Standalone and Service-Based Architecture (SBA)

There are two main variants of 5G, 5G NSA and 5G SA. NSA is basically 4G signalling and control with additional faster 5G bearers added to that architecture. However, 5G SA isn’t just faster LTE—it’s a complete re-architecture of the mobile core, centred on Service-Based Architecture (SBA). In this model, each network function (like session management, policy control, etc.) is exposed as a web service, using RESTful APIs over HTTP/2.

This shift is fundamental, not just in technology but also in policy. Exposing a rich suite of APIs deep inside the network core is a completely new venture for the Mobile Operators, and it’s one of the key reason HTTP is replacing SS7 and Diameter. It remains to be seen whether there is any real demand for this, for instance location information accessed via APIs has been available for years but has stimulated very little revenue.

Why the Shift to HTTP in 5G SA?

1. Cloud-Native Architecture

5G is built to be cloud-native from the ground up. HTTP/2 aligns perfectly with modern microservices and container-based environments like Kubernetes. SS7 and Diameter were never designed for this world.

2. Stateless Communication

HTTP APIs support stateless interactions, which simplifies scaling and resilience. This is critical for services like network slicing, IoT, and URLLC (Ultra-Reliable Low Latency Communication).

3. Flexibility & Extensibility

HTTP/2 and RESTful APIs are widely adopted in IT and web development. This allows for rapid integration with new services, easier innovation, and a broader talent pool for development and maintenance.

4. Improved Performance

HTTP/2 supports multiplexing, header compression, and efficient binary framing—features that reduce latency and improve signalling efficiency compared to Diameter’s AVP (Attribute-Value Pair) model.

5. Security Built-In

HTTP-based communication in 5G leverages TLS (Transport Layer Security) by default, ensuring encrypted and authenticated communication channels. SS7, in contrast, has long been criticized for serious vulnerabilities and lack of inherent security. This is not surprising because when SS7 was specified there was little or no need for the sort of security we see today, because it was a closed network connecting trusted partners, and at the time had a high technology cost to enter the environment. Of course, all of that has changed.

6. Standardized API Interface

The 3GPP standards define well-documented APIs for each 5G core network function. This modularity makes it easier to build, update, and scale networks without needing proprietary implementations or extensive vendor lock-in (in theory at least).

 What Happens to SS7 and Diameter?

• SS7 is already in decline, mostly used for backward compatibility with 2G/3G networks.

• Diameter is still relevant in 4G and will coexist with 5G Non-Standalone (NSA) deployments for some time.

• In 5G SA, HTTP-based service interfaces (like Nnrf, Nsmf, Namf) replace Diameter interfaces (like S6a, Gx, etc.), marking a definitive shift.

 The Road Ahead: HTTP is Just the Beginning

HTTP/2 and REST are just the starting point. The telecom industry is also exploring HTTP/3gRPC, and event-driven architectures using Kafka or Webhooks for future evolutions of 5G and even early 6G concepts.

This signalling shift isn’t just about protocols—it’s about aligning telco infrastructure with the broader digital transformation, enabling networks to be as agile and programmable as the applications they serve. The lack of agility of mobile and fixed networks has long been a millstone around the operators, and it can be argued has led to them being almost completely frozen out of the service plane, and its associated revenues, and losing more of the voice and messaging revenues they once enjoyed than was necessary.

There is a cautionary note here that needs to be added, a lot of complexity in mobile networks today comes from the need to interwork between 2G, 3G, 4G,5G NSA, and 5GSA, mobile operators are notoriously poor at retiring old systems and protocols, and the use of a completely new core network architecture and protocol set, will mean another geometric expansion in the number of interworking cases to be adequately engineered, and tested.

Final Thoughts

Replacing SS7 and Diameter with HTTP in 5G Standalone is more than a technical upgrade—it’s a strategic move that redefines how networks are built, operated, and scaled. There is a strong prevailing view that as telecom becomes more software-driven, embracing modern web technologies is not only smart but necessary. There are alternatives factions who maintain that embracing the internet to this degree simply opens the telecoms networks to mass security attack, and that whilst it may not be glamourous, there will always be money in a purely bearer based business, and that this rush to embrace the latest internet and technology trend is just another in a long line of somewhat ridiculous technology purists innovations that have never returned anything like the investment they required to bring into service, the classic example being the MNO portals all of which cost millions in development and then sank without trace within two years.

The winners in this transformation will be those who can marry telco-grade reliability and historical security with web-scale agility—and arguably HTTP is the bridge that makes that possible 

Leave a Reply

Your email address will not be published. Required fields are marked *

Retype the CAPTCHA code from the image
Change the CAPTCHA code