Tech-invite  3GPPspecsRELsGlossariesSIP
Info21222324252627282931323334353637384‑5x

full Contents for  TS 23.316  Word version:   16.3.0

Top   Up   Prev   Next
1…   4…   4.5…   4.7…   5…   6…   7…   7.2.2…   7.2.3…   7.2.4…   7.3…   7.6…   7.7…   8…   9…   10…   A…

 

7  System procedure
7.1  General
This clause describes the differences in respect the procedures defined in TS 23.502, clause 4.
7.2  Connection, Registration and Mobility Management procedures
The listed parameters in the procedures are not exhaustive, but more parameters can be used as described in the protocol specifications.
Where parameters have not been described, the meaning of the parameter is the same as for 3GPP access as described in TS 23.502, TS 24.501, TS 38.413.
7.2.1  Registration Management proceduresWord-p. 33
This clause specifies delta for Registration Management procedure defined in TS 23.502, clause 4.2 for 5G-RG and FN-RG.
7.2.1.1  5G-RG Registration via W-5GAN
The 5G-RG registration management procedures are followed for both W-5GBAN and W-5GCAN.
Clause 7.2.1.1 specifies how a 5G-RG can register to 5GC via aW-5GAN. It is based on the Registration procedure specified in TS 23.502, clause 4.2.2.2.2 and it uses the EAP method "EAP-5G" as specified in clause 4.12.2.1 of TS 23.502. If the 5G-RG needs to be authenticated, mutual authentication is executed between the 5G-RG and AUSF. The details of the authentication procedure are specified in TS 33.501. In Registration and subsequent Registration procedures via W-5GAN access, the NAS messages are always exchanged between the 5G-RG and the AMF. When possible, the 5G-RG can be authenticated by reusing the existing UE security context in AMF for the 5G-RG.
Figure 7.2.1.1-1 only shows authentication flow using EAP-AKA' (specifically in step 6c, step 7a and step 7b) but other methods are possible: Authentication procedures that 5G-RG and the 5GC shall support, are specified in TS 33.501. Specific EAP authentication methods (see TS 33.501) for 5G-CRG with non-3GPP identities and credentials may be used for isolated network (see TS 33.501).
Up
NOTE 1:
EAP-5G is assumed to be used during authentication but need to be verified with BBF.
NOTE 2:
The procedure assuming that EAP-5G is used between the 5G-RG and the W-AGF. This assumption may be revised based on SA WG3 and BBF decision
Step 1.
The 5G-RG connects to a W-5GAN with procedures outside the scope of 3GPP and creates an initial W-CP EAP signalling connection. This connection shall support EAP messages transfer between 5G-RG and W-AGF.
Step 2.
The W-AGF sends an EAP-Request/5G-Start packet over the W-CP connection. The EAP-Request/5G-Start packet informs the 5G-RGto initiate an EAP-5G session, i.e. to start sending NAS messages encapsulated within EAP-5G packets.
Step 3.
The 5G-RG sends an EAP-Response/5G-NAS packet that contains the Access Network parameters (GUAMI if available, the selected PLMN, Requested NSSAI and Establishment Cause) and a NAS Registration Request message (SUCI or 5G-GUTI as defined in TS 24.501, security parameters/UE security capability, NSSAI parameters, UE MM Core Network Capability, PDU session status, Follow-on request). The Establishment cause provides the reason for requesting a signalling connection with 5GC.
NOTE 3:
The steps from 1 to 3 depend on BBF decision for what protocols to use for NAS transport. The step needs to be revised based on their decision.
Step 4.
The W-AGF shall select an AMF based on the received AN parameters and local policy, as specified in TS 23.501, clause 6.3.5. The W-AGF shall then forward the Registration Request received from the UE to the selected AMF within an N2 initial UE message (NAS message, ULI, Establishment cause, UE context request).
Step 5.
The selected AMF may decide to request the SUCI by sending a N2 Downlink NAS transport message (NAS Identity Request) message to W-AGF. This NAS message and the response are sent between W-AGF and 5G-RG encapsulated within EAP/5G-NAS packets. In this case the RG shall answer with a NAS Identity response that is carried over EAP-5G and N2 signalling.
Step 6.
The AMF may decide to authenticate the 5G-RG by invoking an AUSF. In this case, the AMF shall select an AUSF as specified in TS 23.501, clause 6.3.4 based on SUPI or SUCI.
The AUSF executes the authentication of the UE as specified in TS 33.501. The AUSF selects a UDM as described in TS 23.501, clause 6.3.8 and gets the authentication data from UDM. The authentication packets are encapsulated within NAS authentication messages and the NAS authentication messages are encapsulated within EAP/5G-NAS packets. Between W-AGF and AMF, the messages are encapsulated within N2 downlink/uplink NAS transport messages. After the successful authentication the AUSF provides relevant security related information to the AMF. If the AMF provided a SUCI to AUSF, the AUSF shall return the SUPI to AMF only after the authentication is successful.
The AMF decides if the Registration Request needs to be rerouted as described in TS 23.502, clause 4.2.2.2.3, where the initial AMF refers to the AMF.
Step 7a.
If NAS security context does not exist, the NAS security initiation is performed as described in TS 33.501: the AMF initiates NAS Security Mode command. If the 5G-RG had no NAS security context in step 1, the UE includes the full Registration Request message as defined in TS 24.501. If an EAP-AKA' authentication was successfully executed in step 6, the AMF shall encapsulate the EAP-Success received from AUSF within the NAS Security Mode Command message. The message is encapsulated within a N2 downlink NAS transport message.
The AMF initiates a NGAP/N2 procedure to provide the 5G-AN with security context as specified in TS 38.413.
Step 7b.
The W-AGF shall forward the NAS Security Mode Command message to 5G-RG within an EAP/5G-NAS packet.
Step 7c.
The 5G-RG completes the authentication procedure (if initiated in step 6), creates a NAS security context as defined in TS 33.501 and sends the NAS Security Mode Complete message (IMEISV) within an EAP/5G-NAS packet.
Step 7d.
The W-AGF relays the NAS Security Mode Complete message to the AMF in a N2 Uplink NAS transport message.
Step 8a.
Upon receiving NAS Security Mode Complete, the AMF shall send an N2 Initial Context Setup Request message as defined in TS 38.413 and TS 29.413 possibly including as additional W-AGF specific parameter the RG Level Wireline Access Characteristics, RG-TMBR.
Step 8b.
This triggers the W-AGF to send an EAP-Success to 5G-RG, which completes the EAP-5G session. After this step, NAS messages between 5G-RG and W-AGF are transported without EAP-5G using W-CP signalling connection.
Step 9.
[Conditional]: An W-CP signalling connection is established between the 5G-RG and W-AGF.
Step 10.
W-AGF notifies the AMF that the 5G-RG context (including AN security) was created by sending a N2 Initial Context Setup Response.
Step 11.
[Conditional] The AMF may request the PEI from the 5G-RG as described in TS 23.502, clause 4.2.2.2.2 step 11.
Step 12.
The AMF performs step 12-16 in TS 23.502, clause 4.2.2.2.2. At AMF registration to UDM for the 5G-RG, the Access Type non-3GPP access is used. The RAT type used toward PCF and UDM shall indicate wireline access. The AMF determines Access Type and RAT Type based on the Global RAN Node ID associated with the N2 interface.
Step 13.
The AMF sends N2 Downlink NAS transport with the NAS Registration Accept message (as defined in step 21 TS 23.502, clause 4.2.2.2.2) to the W-AGF, which forwards the NAS Registration accept message to the 5G-RG.
Step 14.
[Conditional]The 5G-RG responds with NAS Registration Complete message as described in TS 23.502, clause 4.2.2.2.2 step 22 and W-AGF forwards the NAS Registration Complete message to AMF in a N2 Uplink NAS transport message.
Step 15.
The AMF performs step 23-24 in TS 23.502, clause 4.2.2.2.2.
Up
7.2.1.2  5G-RG Deregistration via W-5GANWord-p. 36
Up
Step 1.
The Deregistration procedure is triggered by one of the events:
Step 1a.
For 5G-RG-initiated Deregistration as in steps 1 to 7 of TS 23.502, Figure 4.2.2.3.2-1.
Step 1b.
For network initiated deregistration as in steps 1 to 6 of TS 23.502, Figure 4.2.2.3.3-1.
If the 5G-RG is in CM-CONNECTED state either in 3GPP access, W-5GAN access or both:
  • the AMF may explicitly deregister the 5G-RG by sending a Deregistration request message (Deregistration type, access type set to -W-5GAN) to the 5G-RG as in step 2 of TS 23.502 Figure 4.2.2.3.3-1. The 5G-RG will interpret access type set to non-3GPP as referring to wireline access.
  • the UDM may want to request the deletion of the subscribers RM contexts and PDU Sessions with the reason for removal set to subscription withdrawn to the registered AMF as in step 1 of TS 23.502 Figure 4.2.2.3.3-1.
Step 2.
AMF to W-AGF: The AMF sends a N2 Context UE Release Command message to the W-AGF with the cause set to Deregistration to release N2 signalling as defined in step 4 of TS 23.502, clause 4.12.4.2.
Step 3.
The W-AGF may initiate the release of the signalling connection between 5G-RG and W-AGF.
NOTE:
Whether this step is needed, and if so, the details of this step is defined by BBF.
Step 4.
W-AGF to AMF: The W-AGF acknowledges the N2 UE Context Release Command message by sending N2 UE Context Release Complete message to the AMF as defined in step 7 of TS 23.502, clause 4.12.4.2.
Up
7.2.1.3  FN-RG Registration via W-5GANWord-p. 37
The FN-RG registration management procedures are followed for both W-5GBAN and W-5GCAN. The FN-RG does not support N1 but instead the W-AGF handles the NAS signalling on behalf of the FN-RG as defined by WT-456 [9] and WT-457 [10] for FN-BRG and by WT-TR-5WWC-ARCH [27] for FN-CRG.
When the connectivity is established between the FN-RG and the W-AGF in the W-5GAN, the W-AGF may authenticate the FN-RG; this is controlled by local policies and defined in BBF specifications. Then when the RM state of the FN-RG is "RM-DEREGISTERED" the W-AGF shall perform registration to 5GC as described in this clause, otherwise it performs Service Request as defined in clause 7.2.2.
Once the FN-RG is in RM-REGISTERED and CM-CONNECTED the W-AGF may setup PDU session(s) on behalf of the FN-RG (as described in clause 7.3.4).
Up
Step 1.
The FN-RG connects to a W-AGF (W-5GAN) via a layer-2 (L2) connection, based on Wireline AN specific procedure.
The FN-RG is authenticated by the W-5GAN based on Wireline AN specific mechanisms.
Step 2.
W-AGF selects an AMF based on the AN parameters and local policy. W-AGF may use the Line ID / HFC identifier provided from the Wireline AN to determine the 5GC and AN parameters to be used for the FN-RG registration. How the W-AGF can determine the necessary 5GC and AN parameters is defined in BBF WT-456 [9], WT-457 [10] or CableLabs WR-TR-5WWC-ARCH [27].
Step 3.
W-AGF performs initial registration on behalf of the FN-RG to the 5GC. The W-AGF sends a Registration Request to the selected AMF within an N2 initial UE message (NAS Registration Request, ULI, Establishment cause, UE context request, Allowed NSSAI, Authenticated Indication).
The NAS Registration Request contains the SUCI or 5G-GUTI of the FN-RG, security parameters/UE security capability, UE MM Core Network Capability, PDU Session Status, Follow-on request, the selected PLMN, Requested NSSAI and Establishment Cause. The 5G-GUTI, if available, has been received from the AMF during a previous registration and stored in W-AGF.
The NSSAI parameters are provided based on W-AGF configuration. Based on W-AGF configuration of the 5GC NAS parameters, one or multiple Requested S-NSSAI may be used; e.g. when the W-AGF has been configured to use a specific slice for RG management purposes.
The following differences exist, compared to 5G-RG case:
  • The W-AGF use SUCI as defined in clause 4.7.3 and clause 4.7.4.
  • The Authenticated Indication indicates to AMF and 5GC that the FN-RG has been authenticated by the access network.
The SUCI is built by the W-AGF based on:
  • In the case of a BBF access: the GLI as defined in clause 4.7.8 together with an identifier of the Home network as described in TS 23.003.
  • In the case of a Cable access: the GCI as defined in clause 4.7.8 together with an identifier of the Home network as described in TS 23.003.
NOTE 1:
Further description for how W-AGF obtain parameters required in AS and NAS message e.g. to build the SUCI is defined in BBF WT-456 [9], WT-457 [10] and CableLabs WR-TR-5WWC-ARCH [27].
Step 4.
If the AMF receives a SUCI, the AMF shall select an AUSF as specified in TS 23.501, clause 6.3.4 based on SUCI. If 5G-GUTI is provided, there is no need to map SUCI to SUPI and steps 5-9 can be skipped.
Step 5.
AMF sends an authentication request to the AUSF in the form of, Nausf_UEAuthentication_Authenticate. It contains the SUCI of the FN-RG. It also contains an indication that the W-5GAN has authenticated the FN-RG.
Step 6.
AUSF selects a UDM as described in TS 23.501, clause 6.3.8 and sends a Nudm_UEAuthentication_Get Request to the UDM. It contains the SUCI of the FN-RG and indication that the W-5GAN has authenticated the FN-RG.
Step 7.
UDM invokes the SIDF to map the SUCI to a SUPI.
Step 8.
UDM sends a Nudm_UEAuthentication_Get Response to the AUSF. It contains the SUPI corresponding to the SUCI. It also contains an indication that authentication is not required for the FN-RG.
Step 9.
AUSF sends a Nausf_UEAuthentication_Authenticate Response to the AMF. This response from AUSF indicates that authentication is successful. The response contains the SUPI corresponding to the SUCI.
The procedure described in TS 23.502, clause 4.2.2.2.3 may apply (the AMF decides if the Registration Request needs to be rerouted, where the initial AMF refers to the AMF).
Step 10a.
AMF initiates a NAS security mode command procedure upon successful authentication as defined in TS 33.501.
The NAS security mode command is sent from the AMF to the W-AGF.
Step 10b.
W-AGF responds to the AMF with a NAS Security Mode Complete message in a N2 Uplink NAS transport message. A NAS security context is created between W-AGF and AMF.
Step 11.
The AMF performs steps 11-16 in TS 23.502, clause 4.2.2.2.2.
The AMF may be configured by local policies to issue EIR check:
  • Only if the PEI is an IMEI; or
  • Only if the PEI is an IMEI or a user device trusted MAC address.
These local policies may be defined on a per RAT Type basis.
At FN-RG registration to UDM, the Access Type non-3GPP access is used. The UDM, based on Access and Mobility Subscription information authorizes the FN-RG to access the 5GC. For FN-CRG, the AMF compares the list of serving area restrictions it receives from the UDM against the ULI from the W-AGF to check if the location information is allowed for the FN-CRG, as defined in clause 9.5.1. The AMF may also interact with the PCF for obtaining the Access and Mobility policy for the FN-RG.
Step 12a.
Upon receiving NAS Security Mode Complete, the AMF shall send an N2 Initial Context Setup Request message as defined in TS 38.413 and TS 29.413 including possibly as additional W-AGF specific parameter the RG TMBR, RG Level Wireline Access Characteristics to the W-AGF.
Step 12b.
W-AGF notifies to the AMF that the FN-RG context was created by sending a N2 Initial Context Setup Response.
Step 13.
The AMF sends the N2 Downlink NAS transport with NAS Registration Accept message (5GS registration result, 5G-GUTI, Equivalent PLMNs, Non-3GPP TAI, Allowed NSSAI, Rejected NSSAI, Configured NSSAI, 5GS network feature support, network slicing indication, Non-3GPP de-registration timer value, Emergency number lists, SOR transport container, NSSAI inclusion mode) to the W-AGF.
The following parameters are ignored by the W-AGF if received from the AMF: Emergency number lists, SOR transport container, NSSAI inclusion mode.
NOTE 2:
Further description on how W-AGF handles the parameters received from 5GC is provided in BBF WT-456 [9], WT-457 [10] and CableLabs WR-TR-5WWC-ARCH [27].
Step 14.
The W-AGF sends a N2 Uplink NAS Registration Complete message back to the AMF when the procedure is completed. The W-AGF shall store the 5G-GUTI to be able to send it in potential later NAS procedures.
Step 15.
The AMF performs step 23-24 in TS 23.502, clause 4.2.2.2.2.
The W-AGF may continue by establishing PDU session(s) on behalf of the FN-RG.
Up
7.2.1.4  FN-RG Deregistration via W-5GANWord-p. 39
The deregistration procedure for the FN-RG is similar to that of 5G-RG described in clause 7.2.1.2 but with the following differences:
  • The 5G-RG is replaced with a FN-RG.
  • In step 1a and 1b, the W-AGF sends and receives NAS deregistration request/accept messages on behalf of FN-RG.
  • UE-initiated deregistration procedure can be initiated by the W-AGF, when it has lost connectivity to the FN-RG.
  • For both UE/Network-initiated deregistration procedures, the W-AGF may initiate the release of the signalling connection between the FN-RG and W-AGF based on legacy protocols.
NOTE:
As described in clause 6.2.2, the message exchanges between the FN-RG and W-AGF are based on legacy protocols in the wireline access network.
Up

Up   Top   ToC