SNPN 5GS deployments are based on the architecture depicted in clause 4.2.3, the architecture for 5GC with untrusted non-3GPP access (Figure 188.8.131.52.1-1) for access to SNPN services via a PLMN (and vice versa) and the additional functionality covered in clause 5.30.2. In this Release, direct access to SNPN is specified for 3GPP access only.
Interworking with EPS is not supported for SNPN. Also, emergency services are not supported for SNPN. Furthermore, roaming is not supported for SNPN, e.g. roaming between SNPNs. Handover between SNPNs, between SNPN and PLMN or PNI NPN are not supported. CIoT 5GS optimizations are not supported in SNPNs.
The combination of a PLMN ID and Network identifier (NID) identifies an SNPN.
The NID shall support two assignment models:
Self-assignment: NIDs are chosen individually by SNPNs at deployment time (and may therefore not be unique) but use a different numbering space than the coordinated assignment NIDs as defined in TS 23.003.
Coordinated assignment: NIDs are assigned using one of the following two options:
The NID is assigned such that it is globally unique independent of the PLMN ID used; or
The NID is assigned such that the combination of the NID and the PLMN ID is globally unique.
An optional human-readable network name helps to identify an SNPN during manual SNPN selection. The human-readable network name and how it is used for SNPN manual selection is specified in TS 22.261 and TS 23.122.
NG-RAN nodes which provide access to SNPNs broadcast the following information:
One or multiple PLMN IDs
List of NIDs per PLMN ID identifying the non-public networks NG-RAN provides access to
Optionally a human-readable network name per NID.
Optionally information, as described in TS 38.300, TS 38.331 and in TS 38.304, to prevent UEs not supporting SNPNs from accessing the cell, e.g. if the cell only provides access to non-public networks.
An SNPN-enabled UE is configured with subscriber identifier (SUPI), credentials for each subscribed SNPN identified by the combination of PLMN ID and NID. If an SNPN-enabled UE is configured with an N3IWF, it is also configured with an identifier of the country where the configured N3IWF is located.
A subscriber of an SNPN is either:
identified by a SUPI containing a network-specific identifier that takes the form of a Network Access Identifier (NAI) using the NAI RFC 7542 based user identification as defined in TS 23.003, clause 28.7.2. The realm part of the NAI may include the NID of the SNPN; or
identified by a SUPI containing an IMSI.
An SNPN-enabled UE supports the SNPN access mode. When the UE is set to operate in SNPN access mode the UE only selects and registers with SNPNs over Uu as described in clause 184.108.40.206.
Emergency services are not supported in SNPN access mode.
If a UE is not set to operate in SNPN access mode, even if it is SNPN-enabled, the UE does not select and register with SNPNs. A UE not set to operate in SNPN access mode performs PLMN selection procedures as defined in clause 4.4 of TS 23.122. For a UE capable of simultaneously connecting to an SNPN and a PLMN, the setting for operation in SNPN access mode is applied only to the Uu interface for connection to the SNPN. Annex D.4 provides more details.
When a UE is set to operate in SNPN access mode the UE does not perform normal PLMN selection procedures as defined in clause 4.4 of TS 23.122.
UEs operating in SNPN access mode read the available PLMN IDs and list of available NIDs from the broadcast system information and take them into account during network selection.
For automatic network selection, the UE selects and attempts to register with the available SNPN identified by a PLMN ID and NID for which the UE has SUPI and credentials. If multiple SNPNs are available that the UE has respective SUPI and credentials for, then how the UE selects an SNPN is based on UE implementation.
For manual network selection UEs operating in SNPN access mode provide to the user the list of SNPNs (each is identified by a PLMN ID and NID) and related human-readable names (if available) of the available SNPNs the UE has respective SUPI and credentials for.
When a UE performs Initial Registration to an SNPN, the UE shall indicate the selected NID and the corresponding PLMN ID to NG-RAN. NG-RAN shall inform the AMF of the selected PLMN ID and NID.
If a UE performs the registration or service request procedure in an SNPN identified by a PLMN ID and a self-assigned NID and there is no subscription for the UE, then the AMF shall reject the UE with an appropriate cause code to temporarily prevent the UE from automatically selecting and registering with the same SNPN.
If a UE performs the registration or service request procedure in an SNPN identified by a PLMN ID and a coordinated assigned NID and there is no subscription for the UE, then the AMF shall reject the UE with an appropriate cause code to permanently prevent the UE from automatically selecting and registering with the same SNPN.
In order to prevent access to SNPNs for authorized UE(s) in the case of network congestion/overload, Unified Access Control information is configured per SNPN (i.e. as part of the subscription information that the UE has for a given SNPN) and provided to the UE as described in TS 24.501.
To access PLMN services, a UE in SNPN access mode that has successfully registered with an SNPN may perform another registration via the SNPN User Plane with a PLMN (using the credentials of that PLMN) following the same architectural principles as specified in clause 4.2.8 (including the optional support for PDU Session continuity between PLMN and SNPN using the Handover of a PDU Session procedures in TS 23.502, clauses 220.127.116.11 and 18.104.22.168) and the SNPN taking the role of "Untrusted non-3GPP access". Annex D, clause D.3 provides additional details.
To access SNPN services, a UE that has successfully registered with a PLMN over 3GPP access may perform another registration via the PLMN User Plane with an SNPN (using the credentials of that SNPN) following the same architectural principles as specified in clause 4.2.8 (including the optional support for PDU Session continuity between PLMN and SNPN using the Handover of a PDU Session procedures in TS 23.502, clauses 22.214.171.124 and 126.96.36.199) and the PLMN taking the role of "Untrusted non-3GPP access" of the SNPN, i.e. using the procedures for Untrusted non-3GPP access in clause 4.12.2 of TS 23.502. Annex D, clause D.3 provides additional details. The case where UE that has successfully registered with a PLMN over non-3GPP access to access SNPN services is not specified in this Release.
Public Network Integrated NPNs are NPNs made available via PLMNs e.g. by means of dedicated DNNs, or by one (or more) Network Slice instances allocated for the NPN. The existing network slicing functionalities apply as described in clause 5.15. When a PNI-NPN is made available via a PLMN, then the UE shall have a subscription for the PLMN in order to access PNI-NPN.
As network slicing does not enable the possibility to prevent UEs from trying to access the network in areas where the UE is not allowed to use the Network Slice allocated for the NPN, Closed Access Groups may optionally be used to apply access control.
A Closed Access Group identifies a group of subscribers who are permitted to access one or more CAG cells associated to the CAG.
CAG is used for the PNI-NPNs to prevent UE(s), which are not allowed to access the NPN via the associated cell(s), from automatically selecting and accessing the associated CAG cell(s).
The following clauses describes the functionality needed for supporting CAGs.
To use CAG, the UE, that supports CAG as indicated as part of the UE 5GMM Core Network Capability, may be pre-configured or (re)configured with the following CAG information, included in the subscription as part of the Mobility Restrictions:
an Allowed CAG list i.e. a list of CAG Identifiers the UE is allowed to access; and
optionally, a CAG-only indication whether the UE is only allowed to access 5GS via CAG cells (see TS 38.304 for how the UE identifies whether a cell is a CAG cell);
The HPLMN may configure or re-configure a UE with the above CAG information using the UE Configuration Update procedure for access and mobility management related parameters described in TS 23.502, clause 188.8.131.52.,
The above CAG information is provided by the HPLMN on a per PLMN basis. In a PLMN the UE shall only consider the CAG information provided for this PLMN.
When the subscribed CAG information changes, UDM sets a CAG information Subscription Change Indication and sends it to the AMF. The AMF shall provide the UE with the CAG information when the UDM indicates that the CAG information within the Access and Mobility Subscription data has been changed. When AMF receives the indication from the UDM that the CAG information within the Access and Mobility Subscription has changed, the AMF uses the CAG information received from the UDM to update the UE. Once the AMF updates the UE and obtains an acknowledgment from the UE, the AMF informs the UDM that the update was successful and the UDM clears the CAG information Subscription Change Indication flag.
The AMF may update the UE using either the UE Configuration Update procedure after registration procedure is completed, or by including the new CAG information in the Registration Accept or in the Registration Reject or in the Deregistration Request or in the Service Reject.
When the UE is roaming and the Serving PLMN provides CAG information, the UE shall update only the CAG information provided for the Serving PLMN while the stored CAG information for other PLMNs are not updated. When the UE is not roaming and the HPLMN provides CAG information, the UE shall update the CAG information stored in the UE with the received CAG information for all the PLMNs.
The UE shall store the latest available CAG information for every PLMN for which it is provided and keep it stored when the UE is de-registered or switched off, as described in TS 24.501.
The CAG information is only applicable with 5GS.
The following is assumed for network and cell selection, and access control:
The CAG cell shall broadcast information such that only UEs supporting CAG are accessing the cell (see TS 38.300, TS 38.304);
In order to prevent access to NPNs for authorized UE(s) in the case of network congestion/overload, existing mechanisms defined for Control Plane load control, congestion and overload control in clause 5.19 can be used, as well as the access control and barring functionality described in clause 5.2.5, or Unified Access Control using the access categories as defined in TS 24.501 can be used.
For aspects of automatic and manual network selection in relation to CAG, see TS 23.122;
For aspects related to cell (re-)selection, see TS 38.304;
The Mobility Restrictions shall be able to restrict the UE's mobility according to the Allowed CAG list (if configured in the subscription) and include an indication whether the UE is only allowed to access 5GS via CAG cells (if configured in the subscription) as described in clause 184.108.40.206;
During transition from CM-IDLE to CM-CONNECTED, if the UE is accessing the 5GS via a CAG cell:
The AMF shall verify whether UE access is allowed by Mobility Restrictions:
If at least one of the CAG Identifier(s) received from the NG-RAN is part of the UE's Allowed CAG list, then the AMF accepts the NAS request;
If none of the CAG Identifier(s) received from the NG-RAN are part of the UE's Allowed CAG list, then the AMF rejects the NAS request and the AMF should include CAG information in the NAS reject message. The AMF shall then release the NAS signalling connection for the UE by triggering the AN release procedure; and
If the UE is accessing the network via a non-CAG cell and the UE's subscription contains an indication that the UE is only allowed to access CAG cells, then the AMF rejects the NAS request and the AMF should include CAG information in the NAS reject message. The AMF shall then release the NAS signalling connection for the UE by triggering the AN release procedure.
During transition from RRC Inactive to RRC Connected state:
When the UE initiates the RRC Resume procedure for RRC Inactive to RRC Connected state transition in a CAG cell, NG-RAN shall reject the RRC Resume request from the UE if none of the CAG Identifiers supported by the CAG cell are part of the UE's Allowed CAG list according to the Mobility Restrictions received from the AMF.
When the UE initiates the RRC Resume procedure for RRC Inactive to RRC Connected state transition in a non-CAG cell, NG-RAN shall reject the UE's Resume request if the UE is only allowed to access CAG cells according to the Mobility Restrictions received from the AMF.
During connected mode mobility procedures:
Based on the Mobility Restrictions received from the AMF:
Source NG-RAN shall not handover the UE to a target NG-RAN node if the target is a CAG cell and none of the CAG Identifiers supported by the CAG cell are part of the UE's Allowed CAG list;
Source NG-RAN shall not handover the UE to a non-CAG cell if the UE is only allowed to access CAG cells;
If the target cell is a CAG cell, target NG-RAN shall reject the N2 based handover procedure if none of the CAG Identifiers supported by the CAG cell are part of the UE's Allowed CAG list in the Mobility Restriction List;
If the target cell is a non-CAG cell, target NG-RAN shall reject the N2 based handover procedure if the UE is only allowed to access CAG cells based on the Mobility Restriction List.
Update of Mobility Restrictions:
When the AMF receives the Nudm_SDM_Notification from the UDM and the AMF determines that the Allowed CAG list or the indication whether the UE is only allowed to access CAG cells have changed;
The AMF shall update the Mobility Restrictions in the UE and NG-RAN accordingly under the conditions as described in TS 23.502, clause 220.127.116.11.
Emergency Services are supported in CAG cells, for UEs supporting CAG, whether normally registered or emergency registered as described in clause 5.16.4 and TS 23.502, clause 4.13.4.
A UE may camp on an acceptable CAG cell in limited service state as specified in TS 23.122 and TS 38.304, based on operator policy defined in TS 38.300.
For UEs not supporting CAG, but are emergency registered as described in clause 5.16.4 and TS 23.502, clause 4.13.4, Emergency Services may be supported based on operator policy as defined in TS 38.300.
The UE shall select a PLMN (of a CAG cell or non-CAG cell), as described in TS 23.122 and TS 23.167, when initiating emergency services from limited service state.
During handover to a CAG cell, if the UE is not authorized to access the target CAG cell and has emergency services, the target NG-RAN node only accepts the emergency PDU sessions and the target AMF releases the non-emergency PDU connections that were not accepted by the NG-RAN node. Upon completion of handover the UE behave as emergency registered.