As described in TS 23.501, each subscriber in the 5G System shall be allocated one 5G Subscription Permanent Identifier (SUPI) for use within the 3GPP system. As described in TS 23.501, each FN-RG or 5G-RG accessing the 5G System shall be assigned a Permanent Equipment Identifier (PEI).
The clauses below describe specific aspects for supporting 5G-RG and FN-RG.
The SUPI for an FN-BRG subscription shall, based on operator configuration, either contain an IMSI or a GLI as defined in clause 4.7.8. A SUPI containing a GLI takes the form of a NAI whose user part is the GLI and whose realm part is an identifier of the operator owning the subscription.
The SUCI provided by the W-AGF to the 5GC for FN-BRG always corresponds to a SUPI containing a GLI. This SUCI acts as pseudonym of the SUPI and the UDM performs a mapping to the actual SUPI that, depending on operator configuration, contains either an IMSI or the same GLI that was provided in the SUCI.
As described in TS 23.003, the SUCI also contains an identifier of the Home network, i.e. the identifier of the operator owning the subscription.
The SUPI for a FN-CRG subscription shall, based on operator configuration, contain either an IMSI, as described in clause 5.9.2 of TS 23.501, or a GCI (Global Cable identifier defined in clause 4.7.9).
The SUPI for a 5G-CRG subscription shall, based on operator configuration, contain either an IMSI, as described in clause 5.9.2 of TS 23.501, or a GCI (Global Cable identifier defined in clause 4.7.9).
Only 5G-CRG whose SUPI corresponds to an IMSI may use 3GPP access to connect to 5GC.
A SUPI containing a GCI takes the form of a NAI where the user part is the GCI and the realm part is an identifier of the operator managing the subscription.
The SUCI provided by the 5G-CRG to the network contains the concealed SUPI, as described in TS 33.501.
The SUCI provided to the network for FN-CRG support always corresponds to a SUPI containing a GCI. This SUCI acts as pseudonym of the SUPI and the UDM performs a mapping to the SUPI that, depending on operator configuration, contains either an IMSI or the same GCI than in the SUCI.
As described in TS 23.003, for both cases where the SUCI contains an IMSI or contains a GCI, the SUCI contains an identifier of the Home network i.e. an identifier of the operator managing the subscription.
If the 5G-RG (i.e. 5G-BRG and 5G-CRG) supports at least one 3GPP access technology (i.e. NG-RAN, E-UTRAN), the 5G-RG must be allocated a Permanent Equipment Identifier (PEI) in the IMEI or IMEISV format, as described in TS 23.501. The 5G-RG shall present this PEI to the network independent of access technology used by the 5G-RG (3GPP access technology or W-5GAN access technology).
If the 5G-BRG supports only W-5GAN access, the PEI shall contain the 5G-BRG MAC address.
If the 5G-CRG supports only W-5GAN access, the PEI shall contain the cable modem MAC address.
For FN-RG (i.e. FN-BRG and FN-CRG), the W-AGF shall provide a PEI containing:
The FN-RG MAC address: this shall be used by the W-AGF when it is known by configuration that the MAC address received by the W-AGF is unique (no other entity can use the same MAC address) and corresponds to the permanent MAC address configured on the RG by the manufacturer.
The MAC address received by the W-AGF, together with an indication provided by the W-AGF that this address cannot be used as an Equipment identifier of the FN-RG: this shall be used by the W-AGF when the conditions to provide a PEI containing the FN-RG MAC address are not met.
For usage with 5GC, a Global Line Identifier (GLI) is specified in order to define a globally unique identifier of the line connecting the RG to the network. In this release an RG is associated with a unique GLI.
For FN BRG, the GLI is used to build a SUCI. For FN-BRG the GLI may be used to build a SUPI. See clause 4.7.3. For all types of RG, the GLI is used as User Location Information on wireline access.
The GLI contains an identifier of the Line ID source and the Line ID value. The identifier of the Line ID source ensures the unicity of the GLI while the Line ID may not be unique in some deployments. The identifier of the Line ID source and Line ID are administered by the W-AGF operator.
The Global Line Identifier is a variable length identifier encoded as defined in TS 23.003 and in BBF TR 470 .
For usage with 5GC, a Global Cable Identifier (GCI) is specified in order to define a globally unique identifier of the line connecting the CRG to the network. In this release an RG is associated with a unique GCI.
The GCI contains the HFC_Identifier which is defined in CableLabs WR-TR-5WWC-ARCH .
For FN CRG, the GCI is used to build a SUCI. For FN CRG the GCI may be used to build a SUPI. See clause 4.7.4. For all types of CRG the HFC Node ID is used to build User Location Information on Cable access.
The identifier of the HFC Node ID and the HFC_Identifier are administered by the W-AGF operator.
The Global Cable Identifier is a variable length identifier encoded as defined in TS 23.003 and CableLabs WR TR 5WWC ARCH .
The AMF, as described in TS 23.501, clause 126.96.36.199, determines the RAT Type for Wireline access, taking into account the Global W-AGF Node ID and possibly ULI information provided by the W-AGF. The RAT Type may allow to distinguish between Wireline, Wireline-Cable access andWireline-BBF access.
The SUPI for non-5G capable (N5GC) device connecting via CRG shall contain a network-specific identifier. A SUPI containing a network-specific identifier takes the form of a Network Access Identifier (NAI) as defined in TS 23.003.
The SUCI provided by the W-AGF to the AMF is derived from the EAP-Identity message received from the N5GC device, as defined in TS 33.501. The format of this SUCI is defined in TS 23.003.
Mutual authentication of the FN-CRG and the wireline access network is completed as specified by CableLabs DOCSIS MULPI . The successful completion of the authentication of the FN-CRG is conveyed by the W-AGF serving the FN-CRG to the AMF.
This clause specifies high level definition of services specific for WWC scenario.
PWS functionality as described in TS 23.041 is not supported for Wireline access but may be supported by RG(s) connected over 3GPP access.
IPTV is defined as multimedia services such as television/video/ audio/text/graphics/data delivered over IP-based networks managed to support the required level of QoS/QoE, security, interactivity and reliability. STB obtains IPTV service via RG, including 5G-RG and FN-RG, which are connected to 5GC.
The procedures to support IPTV is specified in clause 7.7.1.
An RG connecting via W-5GAN or NG-RAN access towards 5GC can provide connectivity for a UE behind the RG to access an N3IWF or TNGF. It is assumed that the UE is 5GC capable, i.e. supports untrusted non-3GPP access and/or trusted non-3GPP access. This allows the RG, W-5GAN and the RG's connectivity via 5GC to together act as untrusted/trusted N3GPP access to support UEs behind the RG.
When FN-RG/5G-RG is serving a UE, the control and user plane packets of the UE is transported using a FN-RG/5G-RG IP PDU session and then from PSA UPF of that PDU session to an IWF. A single FN-RG/5G-RG IP PDU session can be used to serve multiple UEs.
Figure 4.10-1 shows the non-roaming architecture for a UE, behind a 5G-RG, accessing the 5GC via TNGF where the combination of 5G-RG, W-5GAN and UPF serving the 5G-RG is acting as a trusted Non-3GPP access network.
The 5G-RG can be connected to 5GC via W-5GAN, NG-RAN or via both accesses. The UE can be connected to 5GC via 5G-RG, NG-RAN or via both accesses.
The TNGF and Ta reference point are defined in TS 23.501.
For isolated 5G networks (i.e. roaming is not considered) with wireline access, non-5G capable (N5GC) devices connecting via W-5GAN can be authenticated by the 5GC using EAP based authentication method(s) as defined in TS 33.501. The following call flow describes the overall registration procedure of such a device.
Roaming is not supported for N5GC devices
The usage of N5GC device correspond to a subscription record in UDM/UDR that is separate from that of the CRG.
The CRG is configured as L2 bridge mode and forwards any L2 frame to W-AGF. 802.1x authentication may be triggered. This can be done either by N5GC device sending a EAPOL-start frame to W-AGF or W-AGF receives a frame from an unknown MAC address.
How the CRG is configured to work in L2 bridge mode and how the W-AGF is triggered to apply procedures for N5GC devices is defined in CableLabs WR-TR-5WWC-ARCH .
The N5GC device send an EAP-Resp/Indentity including its Network Access Identifier (NAI) in the form of username@realm.
W-AGF, on behalf of the N5GC device, sends a NAS Registration Request message to AMF with a device capability indicator that the device is non-5G capable. For this purpose, the W-AGF creates a NAS Registration Request message containing a SUCI. The W-AGF constructs the SUCI from the NAI received within EAP-Identity from the N5GC device as defined in TS 33.501.
Over N2 there is a separate NGAP connection per N5GC device served by the W-AGF.
When it provides (over N2) ULI to be associated with a N5GC device, the W-AGF builds the N5GC's ULI using the GCI (see clause 4.7.9) of the CRG connecting the N5GC device.
EAP based authentication defined in TS 33.501 is performed between the AUSF and N5GC device.
Once the N5GC device has been authenticated, the AUSF provides relevant security related information to the AMF. AUSF shall return the SUPI (this SUPI corresponds to a NAI that contains the username of the N5GC device and a realm as defined in TS 33.501) to AMF only after the authentication is successful.
The AMF performs other registration procedures as required (see TS 23.502, clause 188.8.131.52.2).
When providing a PEI for a N5GC device, the W-AGF shall provide a PEI containing the MAC address of the N5GC device. The W-AGF may, based on operator policy, encode the MAC address of the N5GC device using the IEEE Extended Unique Identifier EUI-64 format (see IEEE Publication ).
The AMF sends Registration Accept message to W-AGF.
Once the registration procedure is completed, the W-AGF requests the establishment of a PDU Session on behalf of the N5GC device. Only one PDU session per N5GC device is supported. The procedure is the same as the PDU Session establishment procedure specified in clause 7.3.4 with the difference as below:
After successful registration, PDU Session establishment/modification/release procedure specified in clause 7.3.4, 7.3.6, and 7.3.7 apply with the difference as below:
FN-RG is replaced by N5GC device.
The W-AGF shall request the release of the NGAP connection for each N5GC device served by a CRG whose NGAP connection has been released.
5G-CRG behaves as FN-CRG (i.e. L2 bridge mode) when handling N5GC devices.
UE Configuration Update procedure is referred to the procedures in clause 184.108.40.206.
If the 5G-RG is registered via both 3GPP access and W-5GAN, and the AMF has received W-AGF identities from the AGF, the AMF may provide the W-AGF identities to the SMF also when AMF forwards N1 SM container sent by the 5G-RG via 3GPP access.
This clause specifies the support of Hybrid Access considering both the support of PDU session and MA PDU session.
Hybrid Access applies to a 5G-RG capable of connecting to both NG-RAN and to W-5GAN. Hybrid Access also applies to a 5G-RG capable of connecting to W-5GAN/5GC and E-UTRAN/EPC using EPC interworking architecture. Hybrid Access does not apply to FN-RG.
The following Hybrid Access scenarios are supported with single-access PDU sessions:
Hybrid Access using PDU session carried only on a single access, either NG-RAN or W-5GAN, but that cannot be simultaneously on both accesses. Such PDU Session can be handed over between NG-RAN and W-5GAN using procedures described in clause 4.9.2 of TS 23.502, but with UE replaced by 5G-RG and N3IWF replaced by W-5GAN.
Hybrid Access using single access connectivity for 5G-RG supporting LTE/EPC and EPC interworking. In that case mobility between W-5GAN/5GS and E-UTRAN/EPC is handled using interworking procedures described in clause 4.11.3 of TS 23.502, but with UE replaced by 5G-RG and N3IWF replaced by W-5GAN.
The following Hybrid Access scenarios are supported with multi-access connectivity:
Hybrid Access with Multi-Access PDU Session connectivity over NG-RAN and W-5GAN and operator-controlled traffic steering. This scenario is further detailed in clause 4.12.2.
Hybrid Access with simultaneous multi-access connectivity to LTE/EPC and W-5GAN/5GS using EPC interworking. This scenario is further detailed in clause 4.12.3.
In this Release of the specification, a RG that supports MA PDU Sessions and LTE/EPC access as described in clause 4.12.2, shall also support MA PDU using LTE/EPC as 3GPP access as defined in clause 4.12.3.
This clause applies to the case where multi-access PDU Session connectivity via NG-RAN and W-5GAN is supported in the 5G-RG and network. The Hybrid Access architecture of 5G-RG is defined in TS 23.501 in Figure 220.127.116.11-1. This scenario uses the ATSSS solution described in clause 5.33 of the Release 16 version of TS 23.501, with the following difference:
UE is replaced by 5G-RG.
Non-3GPP access(es) is specifically referred to wireline access.
This clause applies to the case where multi-access connectivity via both EPC and 5GC is supported in the 5G-RG and network. In this case, multi-access connectivity using ATSSS via both EPC and 5GC may be provided as described in this clause.
For a 5G-RG, a Multi-Access PDU Session may use user-plane resources of an associated PDN Connection on 3GPP access in EPC. This enables a scenario where a MA PDU Session can simultaneously be associated with user-plane resources on 3GPP access network connected to EPC and W-5GAN connected to 5GC. Such a PDN Connection in EPS would thus be associated with multi-access capability in 5G-RG and PGW-C+SMF.
The feature is supported as defined in clause 5.32 of TS 23.501 (Release 17) and TS 23.502 (Release 17) with following differences:
UE is replaced by 5G-RG.
5G-RG is connected to 5GC via a non-3GPP access corresponding to W-5GAN.
MA PDU Sessions of Ethernet PDU Session type where the 3GPP access corresponds to E-UTRAN/EPC are not applicable for 5G-RG.
FN-RG is a legacy type of residential gateway that does not support N1 signalling and is not 5GC capable. The architecture to support FN-RG is depicted in clause 18.104.22.168 of TS 23.501. Support for FN-RG connectivity to 5GC is provided by means of W-AGF supporting 5G functionality on behalf of the FN-RG, e.g. UE NAS registration and session management functionality. In particular, the W-AGF supports the following functionality on behalf of the FN-RG:
Acting as end-point of N1 towards AMF, including maintaining CM and RM states and related dynamic information received from 5GC. This also includes support of URSP.
Mapping between Y5 towards FN-RG and N1/N2 towards 5GC as well as mapping between a Y5 user plane connection and a PDU Session user plane tunnel on N3.
Authentication of FN-RG may be done by the W-AGF, as defined by BBF and Cablelabs. The W-AGF provides an indication on N2 that the FN-RG has been authenticated. The W-AGF also provides a SUCI or a 5G-GUTI as described in TS 23.501.
Slicing as defined in TS 23.501 is supported with following clarifications and modifications:
5G-RG may receive USRP rules mapping application flows to S-NSSAI (and other 5GC related parameters). For 5G-RG, the detection of application flows may refer to traffic from devices within the customer premises.
For 5G-RG access over 3GPP access (FWA), slicing is supported as described in TS 23.501.
For 5G-RG access over Wireline, the Wireline access is assumed to be able to carry slicing information in W-CP together with NAS signalling between the 5G-RG and the W-AGF.
The W-AGF shall support the same requirements for AMF selection based on slicing request from the UE than defined for N3IWF / TNGF in TS 23.501, clause 5.15.