Telecom 6 min read

MNP routing in modern networks: from legacy signaling to API-first architecture

Network evolution toward 5G and cloud architectures requires rethinking MNP routing. Discover how to transition from monolithic systems to modular, API-first solutions for efficient number portability.

The evolution of telecommunications networks toward 5G Standalone and cloud architectures is forcing operators to fundamentally rethink their Mobile Number Portability (MNP) routing mechanisms. What was once perceived as a local engineering task, solved at the level of signaling gateways and static tables, has now become a complex integration challenge. Connection setup delays, rising signaling loads, and new cyber threat vectors necessitate a shift away from monolithic BSS/OSS systems toward modular, API-first solutions.

Anatomy of MNP: how number portability routing works in hybrid networks

When a subscriber changes their operator while retaining their number, their MSISDN identifier is no longer strictly associated with the donor operator's original number range (NDC). From that moment on, every call or message addressed to this subscriber requires a prior check to determine which network currently serves the number.

Global practice utilizes two primary routing methods:

  • Indirect Routing: The call first reaches the donor operator, which, after querying its database, redirects the traffic to the recipient operator. This method creates unnecessary load on transit channels and increases capital expenditures for interconnects.
  • Direct Routing: The operator where the call is initiated queries a local copy of the Local Number Portability Database (LNPDB), identifies the recipient network code, and routes the call directly there.

Direct routing is significantly more efficient but requires instantaneous synchronization of the operator's local databases with the central state MNP registry. During subscriber migration, updating their status in HLR/HSS (Home Location Register / Home Subscriber Server) or UDM (Unified Data Management) databases must occur synchronously to prevent calls to ported numbers from temporarily failing or returning errors.

Architectural deadlock: why legacy SS7/Diameter signaling hinders MNP in modern networks

Traditional communication networks rely on signaling protocols such as SS7 (in 2G/3G networks) and Diameter (in 4G/LTE networks). To determine a call route, switching equipment sends signaling requests to databases. However, these protocols were developed in an era of static topology and are not designed for dynamic, high-frequency real-time queries.

According to the ENISA Threat Landscape 2025 report, the exploitation of legacy signaling protocols, particularly SS7 and Diameter, remains a persistent security risk for mobile networks. Beyond security vulnerabilities, legacy signaling creates infrastructure constraints:

  • Latency: Each additional request through the signaling network increases connection setup time, directly impacting the customer experience.
  • Scalability challenges: Expanding the throughput of signaling gateways requires specific telecom hardware and licensing.
  • Limited flexibility: Such systems are difficult to integrate with modern cloud services.

Transitioning to API-first and TM Forum ODA: modernizing BSS/OSS for dynamic routing

To bridge the technological gap, the industry is moving toward TM Forum's Open Digital Architecture (ODA) standards. This approach replaces monolithic BSS/OSS systems with a component-based, API-first framework, allowing the MNP verification function to be transformed into a lightweight microservice.

In the context of the transition to 5G Standalone, 3GPP defines a Service-Based Architecture as the foundation of the network core, which is a key driver for telecom's move toward cloud-native principles. Instead of Diameter signaling requests, 5G Core elements interact with MNP databases via HTTP/2 APIs. This enables in-memory caching and request processing speeds at the millisecond level.

MNP security: protection against signaling fraud and identifier spoofing

Manipulations involving ported number routing remain a target for cybercriminals. According to the CFCA Global Fraud Loss Survey 2025, global losses from telecom fraud in 2025 are estimated at approximately 41.82 billion dollars, highlighting the criticality of secure routing and identifier verification.

Implementing an API-first architecture allows for strict authorization of every MNP database request, traffic encryption via TLS, and integration with anti-fraud systems that analyze call behavior during connection setup. While the transition to 3GPP standards or ODA is not a panacea for all types of fraud, it provides architectural control that legacy networks lack.

Migration strategy: integrating modern MNP gateways without network core downtime

A complete replacement of the network core is an unacceptable risk for operators with large subscriber bases. Modernization typically occurs in stages: a hybrid API gateway is implemented to translate legacy signaling requests from existing equipment into modern API requests to an updated MNP database.

Comparison criteriaLegacy approach (SS7/Diameter queries)API-first approach (Service-Based Architecture / ODA)
Request processing speedMedium/low (limited by signaling link throughput)High (cloud scalability, in-memory caching)
Integration complexityHigh (requires specific telecom hardware and licenses)Low (standardized REST/gRPC APIs, containerization)
Fraud resistanceLow (SS7 protocol vulnerabilities to interception and spoofing)High (request authorization, TLS encryption, analytics integration)

In this context, the telecom practice of the Intecracy Group (an alliance of independent companies linked by partner agreements and share exchanges) offers proven tools for integrating BSS/OSS systems. For voice traffic management and flexible routing (SIP routing, MNP routing), the DooxSwitch carrier-grade VoIP platform is used, which supports Least Cost Routing (LCR), real-time billing, and integrates with the existing network core via open APIs.

For automating administrative processes and synchronizing local databases with central MNP registries, it is appropriate to use solutions built on the UnityBase platform. UnityBase is a joint development of Intecracy Group companies (where InBase is a key, but not the only, developer). The platform uses a unified metadata model (Domain metadata) for generating REST APIs and integrations. For telecom projects with high loads and increased security requirements, official documentation recommends the Enterprise or Defence editions of the platform. They provide Row-Level Security (RLS), Role-Based Access Control (RBAC), and detailed audit trails, which are critical for protecting number portability registries and ensuring a controlled transition to cloud architectures.

FAQ

How to implement MNP routing when transitioning from 4G to 5G Standalone?

In a 5G Standalone environment, routing is integrated into a Service-Based Architecture. Instead of using Diameter or SS7 protocols, core elements access number portability databases via standardized HTTP/2 APIs, which accelerates queries and allows these nodes to be deployed as microservices.

What security risks do MNP databases face due to SS7 vulnerabilities?

Legacy signaling protocols like SS7 were not designed for modern threats and lack robust authorization mechanisms. This allows attackers to exploit vulnerabilities to intercept routing information, perform identifier spoofing, and conduct other types of signaling fraud.

How to integrate a local MNP database with a central registry without billing delays?

To ensure zero latency during real-time billing, an API-first approach with in-memory caching on the operator side is used. The local database is synchronized asynchronously with the central registry via secure web services, eliminating the impact of network latency on the call setup process.

Data sources

Sources & materials

Materials and sources used in this article.

  1. TM Forum: Open Digital Architecture (ODA) — web.tmforum.org
  2. 3GPP — Mobile Standards — 3gpp.org
  3. CFCA Global Fraud Loss Survey 2025 — cfca.org
  4. ENISA Threat Landscape 2025 — enisa.europa.eu