Tech-invite3GPPspaceIETF RFCsSIP
Quick21222324252627282931323334353637384‑5x

Content for  TS 23.502  Word version:  17.6.0

Top   Top   Up   Prev   Next
1…   4.2.2.2.2   4.2.2.2.3…   4.2.3…   4.2.3.3   4.2.4…   4.2.6   4.2.7…   4.2.9…   4.3…   4.3.2.2.2   4.3.2.2.3…   4.3.3…   4.3.4…   4.3.5…   4.3.5.2…   4.3.5.4…   4.3.5.6…   4.3.6…   4.4…   4.5…   4.9…   4.9.1.3…   4.9.2…   4.11…   4.11.1.2.2…   4.11.1.3…   4.11.1.4…   4.11.1.5…   4.11.2…   4.11.3…   4.12…   4.12.6…   4.12a…   4.12b…   4.13…   4.13.4…   4.13.6…   4.14…   4.15…   4.15.3.2.5…   4.15.4…   4.15.6.7…   4.15.7…   4.16…   4.16.4…   4.16.8…   4.16.11…   4.17…   4.17.9…   4.18…   4.19…   4.23…   4.23.7…   4.23.9…   4.23.11…   4.24…   4.25…   4.26…   5…   5.2.3…   5.2.5…   5.2.6…   5.2.7…   5.2.8…   5.2.9…   5.2.12…   5.2.18…   A…   E…   F…

 

4.2.9  Network Slice-Specific Authentication and Authorization procedure |R16|p. 94

4.2.9.1  Generalp. 94

The Network Slice-Specific Authentication and Authorization procedure is triggered for an S-NSSAI requiring Network Slice-Specific Authentication and Authorization with an AAA Server (AAA-S) which may be hosted by the H-PLMN operator or by a third party which has a business relationship with the H-PLMN, using the EAP framework as described in TS 33.501. An AAA Proxy (AAA-P) in the HPLMN may be involved e.g. if the AAA Server belongs to a third party.
This procedure is triggered by the AMF during a Registration procedure when some Network Slices require Slice-Specific Authentication and Authorization, when AMF determines that Network Slice-Specific Authentication and Authorization is requires for an S-NSSAI in the current Allowed NSSAI (e.g. subscription change), or when the AAA Server that authenticated the Network Slice triggers a re-authentication.
The AMF performs the role of the EAP Authenticator and communicates with the AAA-S via the Network Slice specific and SNPN Authentication and Authorization Function (NSSAAF). The NSSAAF undertakes any AAA protocol interworking with the AAA protocol supported by the AAA-S.
The Network Slice-Specific Authentication and Authorization procedure requires the use of a GPSI. In other words, a subscription that contains S-NSSAIs subject to Network Slice-Specific Authentication and Authorization shall include at least one GPSI.
After a successful or unsuccessful UE Network Slice-Specific Authentication and Authorization, the AMF store the NSSAA result status for the related S-NSSAI in the UE context.
Up

4.2.9.2  Network Slice-Specific Authentication and Authorizationp. 95

Reproduction of 3GPP TS 23.502, Fig. 4.2.9.2-1: Network Slice-Specific Authentication and Authorization procedure
Up
Step 1.
For S-NSSAIs that are requiring Network Slice-Specific Authentication and Authorization, based on change of subscription information, or triggered by the AAA-S, the AMF may trigger the start of the Network Slice Specific Authentication and Authorization procedure.
If Network Slice Specific Authentication and Authorization is triggered as a result of Registration procedure, the AMF may determine, based on UE Context in the AMF, that for some or all S-NSSAI(s) subject to Network Slice Specific Authentication and Authorization, the UE has already been authenticated following a Registration procedure on a first access. Depending on Network Slice Specific Authentication and Authorization result (e.g. success/failure) from the previous Registration, the AMF may decide, based on Network policies, to skip Network Slice Specific Authentication and Authorization for these S-NSSAIs during the Registration on a second access.
If the Network Slice Specific Authentication and Authorization procedure corresponds to a re-authentication and re-authorization procedure triggered as a result of AAA Server-triggered UE re-authentication and re-authorization for one or more S-NSSAIs, as described in 4.2.9.2, or triggered by the AMF based on operator policy or a subscription change and if S-NSSAIs that are requiring Network Slice-Specific Authentication and Authorization are included in the Allowed NSSAI for each Access Type, the AMF selects an Access Type to be used to perform the Network Slice Specific Authentication and Authorization procedure based on network policies.
Step 2.
The AMF may send an EAP Identity Request for the S-NSSAI in a NAS MM Transport message including the S-NSSAI. This is the S-NSSAI of the H-PLMN, not the locally mapped S-NSSAI value.
Step 3.
The UE provides the EAP Identity Response for the S-NSSAI alongside the S-NSSAI in an NAS MM Transport message towards the AMF.
Step 4.
The AMF sends the EAP Identity Response to the NSSAAF in a Nnssaaf_NSSAA_Authenticate Request (EAP Identity Response, GPSI, S-NSSAI).
Step 5.
If the AAA-P is present (e.g. because the AAA-S belongs to a third party and the operator deploys a proxy towards third parties), the NSSAAF forwards the EAP ID Response message to the AAA-P, otherwise the NSSAAF forwards the message directly to the AAA-S. The NSSAAF is responsible to send the NSSAA requests to the appropriate AAA-S based on local configuration of AAA-S address per S-NSSAI. The NSSAAF uses towards the AAA-P or the AAA-S an AAA protocol message of the same protocol supported by the AAA-S.
Step 6.
The AAA-P forwards the EAP Identity message to the AAA-S addressable by the AAA-S address together with S-NSSAI and GPSI. The AAA-S stores the GPSI to create an association with the EAP Identity in the EAP ID response message, so the AAA-S can later use it to revoke authorization or to trigger reauthentication.
Step 7-14.
EAP-messages are exchanged with the UE. One or more than one iteration of these steps may occur.
Step 15.
EAP authentication completes. The AAA-S stores the S-NSSAI for which the authorisation has been granted, so it may decide to trigger reauthentication and reauthorization based on its local policies. An EAP-Success/Failure message is delivered to the AAA-P (or if the AAA-P is not present, directly to the NSSAAF) with GPSI and S-NSSAI.
Step 16.
If the AAA-P is used, the AAA-P sends an AAA Protocol message including (EAP-Success/Failure, S-NSSAI, GPSI) to the NSSAAF.
Step 17.
The NSSAAF sends the Nnssaaf_NSSAA_Authenticate Response (EAP-Success/Failure, S-NSSAI, GPSI) to the AMF.
Step 18.
The AMF transmits a NAS MM Transport message (EAP-Success/Failure) to the UE. The AMF shall store the EAP result for each S-NSSAI for which the NSSAA procedure in steps 1-17 was executed.
Step 19a.
[Conditional] If a new Allowed NSSAI (i.e. including any new S-NSSAIs in a Requested NSSAI for which the NSSAA procedure succeeded and/or excluding any S-NSSAI(s) in the existing Allowed NSSAI for the UE for which the procedure has failed, or including default S-NSSAI(s) if all S-NSSAIs in a Requested NSSAI or in the existing Allowed NSSAI are subject to NSSAA and, due to failure of the NSSAA procedures, they cannot be in the Allowed NSSAI)) and/or new Rejected S-NSSAIs (i.e. including any S-NSSAI(s) in the existing Allowed NSSAI for the UE for which the procedure has failed, or any new requested S-NSSAI(s) for which the NSSAA procedure failed) need to be delivered to the UE, or if the AMF re-allocation is required, the AMF initiates the UE Configuration Update procedure, for each Access Type, as described in clause 4.2.4.2. If the Network Slice-Specific Re-Authentication and Re-Authorization fails and there are PDU session(s) established that are associated with the S-NSSAI for which the NSSAA procedure failed, the AMF shall initiate the PDU Session Release procedure as specified in clause 4.3.4 to release the PDU sessions with the appropriate cause value.
Step 19b.
[Conditional] If the Network Slice-Specific Authentication and Authorization fails for all S-NSSAIs (if any) in the existing Allowed NSSAI for the UE and (if any) for all S-NSSAIs in the Requested NSSAI and no default S-NSSAI could be added in the Allowed NSSAI, the AMF shall execute the Network-initiated Deregistration procedure described in clause 4.2.2.3.3 and it shall include in the explicit De-Registration Request the list of Rejected S-NSSAIs, each of them with the appropriate rejection cause value.
Up

4.2.9.3  AAA Server triggered Network Slice-Specific Re-authentication and Re-authorization procedurep. 97

Reproduction of 3GPP TS 23.502, Fig. 4.2.9.3-1: AAA Server initiated Network Slice-Specific Re-authentication and Re-authorization procedure
Up
Step 1.
The AAA-S requests the re-authentication and re-authorization for the Network Slice specified by the S-NSSAI in the AAA protocol Re-Auth Request message, for the UE identified by the GPSI in this message. This message is sent to a AAA-P, if the AAA-P is used (e.g. the AAA Server belongs to a third party), otherwise it is sent directly to the NSSAAF.
Step 2.
The AAA-P, if present, relays the request to the NSSAAF.
Step 3a-3b.
NSSAAF gets AMF ID from UDM using Nudm_UECM_Get with the GPSI in the received AAA message. If NSSAAF receives two different AMF address then the NSSAAF either decide to notify both AMFs or the NSSAF may decide to notify one AMF first and if NSSAA fails also notify the other AMF.
Step 3c.
The NSSAAF provides an acknowledgement to the AAA protocol Re-Auth Request message. If the AMF is not registered in UDM the procedure is stopped here.
Step 4.
If the AMF is registered in UDM, the NSSAAF notifies the AMF to re-authenticate/re-authorize the S-NSSAI for the UE using Nnssaaf_NSSAA_Re-AuthNotification with the GPSI and S-NSSAI in the received AAA message. The callback URI of the notification for the AMF is derived via NRF as specified in TS 29.501.
Step 5.
If the UE is registered with the S-NSSAI in the Mapping Of Allowed NSSAI, the AMF triggers the Network Slice-Specific Authentication and Authorization procedure defined in clause 4.2.9.1. If the S-NSSAI is included in the Allowed NSSAI for 3GPP access and non-3GPP access, AMF selects an access type to perform NSSAA based on network policies. If the S-NSSAI is only included in the Allowed NSSAI of non-3GPP access and UE is CM-IDLE in non-3GPP access, the AMF marks the S-NSSAI as pending. In this case, when UE becomes CM-CONNECTED in non-3GPP access, the AMF initiates NSSAA if needed.
If the UE is registered but the S-NSSAI is not in the Mapping Of Allowed NSSAI, the AMF removes any status of the corresponding S-NSSAI subject to Network Slice-Specific Authentication and Authorization in the UE context it may have kept, so that an NSSAA is executed next time the UE requests to register with the S-NSSAI.
Up

4.2.9.4  AAA Server triggered Slice-Specific Authorization Revocationp. 98

Reproduction of 3GPP TS 23.502, Fig. 4.2.9.4-1: AAA Server-initiated Network Slice-Specific Authorization Revocation procedure
Up
Step 1.
The AAA-S requests the revocation of authorization for the Network Slice specified by the S-NSSAI in the AAA protocol Revoke Auth Request message, for the UE identified by the GPSI in this message. This message is sent to AAA-P if it is used.
Step 2.
The AAA-P, if present, relays the request to the NSSAAF.
Step 3a-3b.
The NSSAAF gets AMF ID from UDM using Nudm_UECM_Get with the GPSI in the received AAA message. If two different AMF addresses are received, the NSSAAF initiates the step 4 towards both AMFs.
Step 3c.
The NSSAAF provides an acknowledgement to the AAA protocol Re-Auth Request message. If the AMF is not registered in UDM the procedure is stopped here.
Step 4.
If the AMF is registered in UDM, the NSSAAF notifies the AMF to revoke the S-NSSAI authorization for the UE using Nnssaaf_NSSAA_RevocationNotification with the GPSI and S-NSSAI in the received AAA message. The callback URI of the notification for the AMF is derived via NRF as specified in TS 29.501.
Step 5.
If the UE is registered with the S-NSSAI in the Mapping Of Allowed NSSAI, the AMF updates the UE configuration to revoke the S-NSSAI from the current Allowed NSSAI, for any Access Type for which Network Slice Specific Authentication and Authorization had been successfully run on this S-NSSAI. The UE Configuration Update may include a request to Register if the AMF needs to be re-allocated. The AMF provides a new Allowed NSSAI to the UE by removing the S-NSSAI for which authorization has been revoked. The AMF provides new rejected NSSAIs to the UE including the S-NSSAI for which authorization has been revoked. If no S-NSSAI is left in Allowed NSSAI for an access after the revocation and a Default NSSAI exists that requires no Network Slice Specific Authentication or for which a Network Slice Specific Authentication did not previously fail over this access, then the AMF may provide a new Allowed NSSAI to the UE containing the Default NSSAI. If no S-NSSAI is left in Allowed NSSAI for an access after the revocation and no Default NSSAI can be provided to the UE in the Allowed NSSAI or a previous Network Slice Specific Authentication failed for the Default NSSAI over this access, then the AMF shall execute the Network-initiated Deregistration procedure for the access as described in clause 4.2.2.3.3 and it shall include in the explicit De-Registration Request message the list of Rejected S-NSSAIs, each of them with the appropriate rejection cause value. If there are PDU session(s) established that are associated with the revoked S-NSSAI, the AMF shall initiate the PDU Session Release procedure as specified in clause 4.3.4 to release the PDU sessions with the appropriate cause value.
If the UE is registered but the S-NSSAI is not in the Mapping Of Allowed NSSAI, the AMF removes any status it may have kept of the corresponding S-NSSAI subject to Network Slice-Specific Authentication and Authorization in the UE context.
Up

4.2.10  N3 data transfer establishment procedure when Control Plane CIoT 5GS Optimisation is enabled |R16|p. 99

4.2.10.1  UE triggered N3 data transfer establishment procedurep. 99

If UE and AMF successfully negotiate N3 data transfer in addition to Control Plane CIoT 5GS Optimisation based on the Preferred and Supported Network Behaviour as defined in clause 5.31.2 of TS 23.501, then the UE may, e.g. based on the amount of data to be transferred in uplink, initiate N3 data transfer establishment procedure for any PDU session for which Control Plane Only Indicator was not included.
The UE triggered N3 data transfer establishment procedure may be initiated by the UE in CM-IDLE or CM-CONNECTED state and follows the UE triggered Service Request procedure as defined in clause 4.2.3.2 with the following differences.
Step 1.
The UE includes in the AN message a Service Request for Control Plane CIoT 5GS Optimisation (List Of PDU Sessions To Be Activated, List Of Allowed PDU Sessions, security parameters, PDU Session status, [NAS message container])).
The List Of PDU Sessions To Be Activated is provided by UE when the UE wants to activate user plane resources for the PDU Session(s). The UE shall not include PDU sessions for which Control Plane Only Indicator was received in the List Of PDU Sessions To Be Activated. If the UE is camping on NB-IoT, the UE shall construct the List of PDU Sessions To Be Activated to not exceed 2 PDU session(s) with active user plane resources.
If this procedure is triggered for paging response and the UE has at the same time some user data to be transferred, the UE may decide to request N3 data transfer establishment for one of more PDU sessions. The UE indicates this in the List Of PDU Sessions To Be Activated. Otherwise the UE does not identify any PDU Session in the List Of PDU Sessions To Be Activated.
Step 4 or 5a.
Upon reception of Nsmf_PDUSession_UpdateSMContext Request or after SMF initiated SM Policy Association Modification, based on UE request and local policies, the SMF decides whether to establish N3 data transfer for the PDU session. The SMF shall not decide to establish N3 data transfer for a PDU session for which Control Plane Only Inidcator was received.
Step 11.
The SMF indicates in Nsmf_PDUSession_UpdateSMContext Response whether to establish N3 data transfer, i.e. activate Data Radio Bearer and N3 tunnel, for the PDU session.
Step 12.
If the RAT type is NB-IoT, the AMF shall ensure that number of PDU Sessions with active user plane resources does not exceed 2. If the AMF decides to not include a PDU Session to be activated in the N2 message, the AMF indicates this to the SMF in step 15 Nsmf_PDUSession_UpdateSMContext Request in the List of PDU Sessions that failed to be established with the failure cause given in the N2 SM information element.
The AMF includes a NAS service accept for Control Plane CIoT 5GS Optimisation containing information on the PDU sessions with established N3 data transfer, based on the request(s) from the SMF(s) in step 11.
The network starts using N3 bearers for all DL data on this PDU session. Control Plane CIoT 5GS Optimisation is considered enabled for data transfer for all PDU sessions without established N3 data transfer.
Step 13.
The UE starts using N3 bearears for all UL data on this PDU session.
Up

4.2.10.2  SMF triggered N3 data transfer establishment procedurep. 99

If UE and AMF successfully negotiate N3 data transfer in addition to Control Plane CIoT 5GS Optimisation based on the Preferred and Supported Network Behaviour as defined in clause 5.31.2 of TS 23.501, then the SMF may, e.g. based on the amount of data to be transferred or due to congestion, initiate N3 data transfer establishment procedure for any PDU session for which Control Plane Only Indicator was not included.
The SMF triggered N3 data transfer establishment procedure may be initiated by the SMF while the UE is in CM-IDLE or CM-CONNECTED state and follows the Network Triggered Service Request procedure defined in clause 4.2.3.3 with the following differences:
Step 3a.
The SMF request the activation of Data Radio Bearer and N3 tunnel for the PDU session in Namf_Communication_N1N2MessageTransfer.
Step 3b.
If the RAT type is NB-IoT and the UE already has 2 PDU Sessions with active user plane resources, the AMF shall not proceed with the rest of the procedure and instead the AMF shall respond with Namf_Communication_N1N2MessageTransfer Response with appropriate failure message.
Step 6.
The UE triggered N3 data transfer establishment procedure defined in clause 4.2.10.1 is applied instead of Service Request procedure from clause 4.2.3.2.
Step 7.
When the N3 data transfer is set up for a PDU session, the UE and the network shall only use user plane radio bearers to transfer data PDUs on that PDU Session.
Up

4.2.11  Network Slice Admission Control Function (NSACF) procedures |R17|p. 100

4.2.11.1  Generalp. 100

The Network Slice Admission Control Function procedures are performed for an S-NSSAI which is subject to Network Slice Admission Control (NSAC) as described in TS 23.501. If charging needs to be enabled, the NSACF may act as a NF (CTF) and interact with the CHF to support the Event based charging as defined in TS 32.290.

4.2.11.2  Number of UEs per network slice availability check and update procedurep. 100

The number of UEs per network slice availability check and update procedure is to update (i.e. increase or decrease) the number of UEs registered with an S-NSSAI which is subject to NSAC. The AMF is configured with the information indicating which network slice is subject to NSAC.
Reproduction of 3GPP TS 23.502, Fig. 4.2.11.2-1: Number of UEs per network slice availability check and update procedure
Up
Step 1.
If the AMF is not aware of which NSACF to communicate, the AMF performs NSACF discovery as described in clause 6.3.22 of TS 23.501 and in clause 5.2.7.3.2. The AMF triggers the Number of UEs per network slice availability check and update procedure to update the number of UEs registered with a network slice when a network slice subject to NSAC is included in the Allowed NSSAI (i.e. the AMF requests to register the UE with the S-NSSAI) or removed from the Allowed NSSAI (i.e. the AMF requests to de-register the UE from the S-NSSAI) for a UE. The trigger event at the AMF also includes the change of Allowed NSSAI in case of inter-AMF mobility. The procedure is triggered in the following cases:
  • At UE Registration procedure, according to clause 4.2.2.2.2 (including Registration types of Initial Registration or Mobility Registration Update in inter-AMF mobility in CM-CONNECTED or CM-IDLE state):
    • before the Registration Accept in step 21 if the EAC mode is active; or
    • after the Registration Accept message if the EAC mode is not active;
  • At UE Deregistration procedure, as per clause 4.2.2.3, after the Deregistration procedure is completed;
  • At UE Configuration Update procedure (which may result from NSSAA procedure or subscribed S-NSSAI change):
    • before the UE Configuration Update message if the EAC mode is active and the update flag is to increase; or
    • after the UE Configuration Update message if the EAC mode is active and the update flag is to decrease; or
    • after the UE Configuration Update message if the EAC mode is not active.
Step 2.
The AMF sends Nnsacf_NSAC_NumOfUEsUpdate_Request message to the NSACF. The AMF includes in the message the UE ID, Access Type to which the Allowed NSSAI is applied, the S-NSSAI(s), the NF ID and the update flag which indicates whether the number of UEs registered with the S-NSSAI(s) is to be increased when the UE has gained registration to network slice(s) subject to NSAC or the number of UEs registered with the S-NSSAI(s) is to be decreased when the UE has deregistered from S-NSSAI(s) or could not renew its registration to an S-NSSAI subject to NSAC.
If this is the first time to perform NSAC procedure for the S-NSSAI towards the NSACF, the AMF includes notification endpoint for EAC Notification to implicitly subscribe the EAC notification for the S-NSSAI from the NSACF.
Step 3.
The NSACF determines whether the Access Type provided by the AMF is configured for the NSAC based on its configuration. If the Access Type is not configured for the NSAC, the NSACF always accepts the request from the AMF without increasing or decreasing the number of UEs. If the Access Type is configured for the NSAC, the NSACF updates the current number of UEs registered for the S-NSSAI, i.e. increases or decrease the number of UEs registered per network slice based on the information provided by the AMF in the update flag parameter.
If the update flag parameter from the AMF indicates increase, the following applies:
  • If the UE ID is already in the list of UEs registered with the network slice, the current number of UEs is not increased as the UE has already been counted as registered with the network slice. The NSACF creates a new entry associated with this new update and shall also maintain the old entry associated with previous update. The multiple entries for the same UE ID in the NSACF are differentiated based on the NF ID of the NF sending the update request. The NSACF removes the entry associated with the NF ID upon reception of a request having update flag indicating decrease.
  • If the UE ID is not in the list of UE IDs registered with the network slice and the maximum number of UEs registered with the network slice has not been reached yet, the NSACF adds the UE ID in the list of UEs registered with the network slice as a new entry associated with this new update and increases the current number of the UEs registered with the network slice. If the UE ID is not in the list of UEs registered with that S-NSSAI and the maximum number of UEs for that S-NSSAI has already been reached, then the NSACF returns a result parameter indicating that the maximum number of UEs registered with the network slice has been reached.
If the update flag parameter from the AMF indicates decrease and if there is only one entry associated with the UE ID, the NSACF removes the UE ID from the list of UEs registered with the network slice for each of the S-NSSAI(s) indicated in the request from the AMF and also the NSACF decreases the number of UEs per network slice that is maintained by the NSACF for each of these network slices. If there are multiple entries associated with the UE ID, the NSACF removes the entry associated with the NF ID but the UE ID is kept in the list of UEs registered with the S-NSSAI.
The NSACF takes access type into account for increasing and decreasing the number of UEs per network slice as described in clause 5.15.11.1 of TS 23.501.
The NSACF stores the notification endpoint for EAC Notification associated with the S-NSSAI if it is received from the AMF. The NSACF can use this AMF notification endpoint to update the EAC mode as described in clause 4.2.11.3.
Step 4.
The NSACF returns the Nnsacf_NSAC_NumOfUEsUpdate_Response message including Result indication per S-NSSAI. The Result indication includes either 'maximum number of UEs registered with the network slice reached' or 'maximum number of UEs registered with the network slice not reached'.
At UE Registration procedure, if only some of the S-NSSAIs reached the maximum number of UEs per S-NSSAI, the AMF sends a Registration Accept message to the UE in which the AMF includes the rejected S-NSSAI(s) in the rejected NSSAI list for which the NSACF has indicated that the maximum number of UEs per network slice has been reached and for each rejected S-NSSAI the AMF includes a reject cause set to 'maximum number of UEs per network slice reached' and optionally a back-off timer.
When for all the Requested S-NSSAI(s) provided in step 2 the NSACF returned the maximum number of UEs per network slice has been reached and if one or more subscribed S-NSSAIs are marked as default in the subscription data and not subject to NSAC, the AMF can decide to include these Default Subscribed S-NSSAIs in the Allowed NSSAI. Otherwise, the AMF rejects the UE request for registration. In the Registration Reject message, the AMF includes the rejected S-NSSAI(s) in the rejected NSSAI parameter and for each rejected S-NSSAI the AMF includes a reject cause to indicate that the maximum number of UEs per network slice has been reached and optionally a back-off timer.
Up

4.2.11.3  Configuration for Early Admission Control (EAC) update procedurep. 103

The configuration for Early Admission Control (EAC) update procedure indicates to the AMF the activation or the deactivation of the EAC mode for the S-NSSAI subject to NSAC. EAC mode means that the AMF is required to perform the number of UEs per network slice availability check and update procedure before the S-NSSAI subject to NSAC is included in the Allowed NSSAI and sent to the UE. EAC mode is only applicable in the AMF when the update flag is set to increase.
The AMF implicitly subscribes to the EAC notification for the S-NSSAI when it performs the first network slice availability check and update procedure for the S-NSSAI with the NSACF. The NSACF sends the EAC mode notification towards all notification endpoints associated with the S-NSSAI.
Reproduction of 3GPP TS 23.502, Fig. 4.2.11.3-1: Early Admission Control (EAC) update procedure
Up
Step 1.
The number of UEs registered with a network slice subject to NSAC crosses a certain operator defined threshold. The NSACF determines whether to activate or deactivate the EAC mode.
Step 2.
The NSACF triggers Nnsacf_NSAC_EACNotify operation including the S-NSSAI(s) for which the EAC mode is to be activated or deactivated and a EAC flag(s) set to activated if the number of UEs registered with the network slice is above certain threshold or set to deactivated if the number of the UEs registered with the network slice is below certain threshold which may be same or different with respect to the activation threshold.
Step 3.
The AMF uses the EAC flag to decide when to trigger the number of UEs per network slice availability check and update procedure so that delays to the registration procedure and impact to the already allowed network slices are avoided.
If the EAC flag indicates EAC mode activated, the AMF triggers the number of UEs per network slice availability check and update procedure before the Registration Accept step of the registration procedure or before the UE Configuration Update message.
If the EAC flag indicates EAC mode deactivated, the AMF triggers the number of UEs per network slice availability check and update procedure after Registration Accept step of the registration procedure or after the UE Configuration Update.
Up

4.2.11.4  Number of PDU Sessions per network slice availability check and update procedurep. 104

The number of PDU Sessions per network slice availability check and update procedure is to update (i.e. increase or decrease) the number of PDU Sessions established on S-NSSAI which is subject to NSAC. The SMF is configured with the information indicating which network slice is subject to NSAC.
Reproduction of 3GPP TS 23.502, Fig. 4.2.11.4-1: Number of PDU Sessions per network slice availability check and update procedure
Up
Step 1.
If the SMF is not aware of which NSACF to communicate, the SMF performs NSACF discovery as described in clause 6.3.22 of TS 23.501 and in clause 5.2.7.3.2. The SMF anchoring the PDU session triggers the Number of PDU Sessions per network slice availability check and update procedure for the network slices that are subject to NSAC at the beginning of a PDU Session Establishment procedure (clause 4.3.2.2.1 and clause 4.3.2.2.2) only for new PDU Sessions to be established and as a last step of successful PDU Session Release procedure (clause 4.3.4.2 and clause 4.3.4.3).
Step 2.
The SMF anchoring the PDU session sends Nnsacf_NSAC_NumOfPDUsUpdate_Request message to the NSACF. The SMF includes in the message the UE-ID, the PDU session ID, S-NSSAI for which the number of PDU Sessions per network slice update is required, Access Type and the update flag. The update flag may include one of the following values:
  • 'increase' which indicates that the number of PDUs established on the S-NSSAI is to be increased when the procedure is triggered at the beginning of PDU Session Establishment procedure or when a new user plane leg is to be established for an MA-PDU Session;
  • 'decrease' which indicates that the number of PDU Sessions on the S-NSSAI is to be decreased when the procedure is triggered at the end of PDU Sessions Release procedure or when an existing user plane leg is to be released for an MA-PDU Session; or
  • 'update' which indicates that for existing PDU Session the Access Type is to be replaced with a new Access Type during inter access mobility.
Step 3.
The NSACF updates the current number of PDU Sessions established on the S-NSSAI, i.e. increase or decrease the number of PDU Sessions per network slice based on the information provided by the anchor SMF in the update flag parameter.
If the update flag parameter from the SMF anchoring the PDU session indicates increase value and the maximum number of PDU Sessions established on the S-NSSAI has already been reached, then the NSACF returns a result parameter indicating that the maximum number of PDU Sessions per network slice has been reached. If the maximum number of PDU Sessions established on the S-NSSAI has not been reached, the NSACF checks the UE ID. If the UE ID is located, the NSACF, stores the PDU Session ID and the Access Type and increases the number of PDU Sessions for that S-NSSAI. If the NSACF did not locate the UE ID, it creates an entry for the UE ID, stores the PDU Session ID and Access Type and increases the number of PDU Sessions for that S-NSSAI.
If the update flag parameter from the SMF anchoring the PDU session indicates decrease value, the current number of PDU Sessions per S-NSSAI, the NSACF locates the UE ID and decreases the number of PDU Sessions for that S-NSSAI and its related PDU Session ID. If the UE ID has no more PDU sessions, after the decrease, the NSACF removes the UE ID entry.
If the update flag parameter from the SMF anchoring the PDU session indicates update value, the NSACF locates the existing entry with UE ID and PDU Session ID and replaces the Access Type in the existing entry.
The NSACF takes the Access Type parameter into account for increasing and decreasing the number of PDU Sessions per S-NSSAI as described in clause 5.15.11.2 of TS 23.501. For MA-PDU Session, if the SMF received information that the UE is registered over both accesses, the SMF provides multiple Access Types to the NSACF. If the NSACF receives a request containing multiple Access Types, the NSACF provides a Result indication for each Access Type.
Step 4.
The NSACF acknowledges the update to the anchor SMF with Nnsacf_NSAC_NumOfPDUsUpdate_Response message including a Result indication. If the NSACF returns a Result indication including ' maximum number of PDU Sessions per S-NSSAI reached', the SMF rejects the PDU Session establishment request with reject cause set to 'maximum number of PDU Sessions per S-NSSAI reached' and optionally a back-off timer and the Access Type.
For MA-PDU Session, the NSACF may accept the MA-PDU Session and may provide to the SMF a Result indicating 'maximum number of PDU Sessions per S-NSSAI reached' or 'maximum number of PDU Sessions per S-NSSAI not reached' associated with an Access Type. If the NSACF indicates a failure that is associated with the Access Type over which the UE sent the MA-PDU Session Establishment Request, the SMF sends to the UE a PDU Session Establishment Reject with a Result indication including 'maximum number of PDU Sessions per S-NSSAI reached' ,optionally a back-off timer and the Access Type. When the SMF rejects the MA-PDU Session, the SMF sets the Access Type parameter as follows:
  • If the UE is registered via both accesses and:
    • If the NSACF indicates failure for both accesses, the Access Type indicates both accesses;
    • If the NSACF indicates failure for the access over which the MA-PDU Session Establishment Request is received, the Access Type indicates the access over which the MA-PDU Session Request is received.
  • If the UE is registered via a single access, the Access Type indicates the access over which the MA-PDU Session Request is received.
If the UE receives back-off timer, the UE shall not request the establishment of user-plane resources on the restricted Access Type until the back-off timer expires. The UE may request a PDU Session via the Access Type which is not restricted.
In the case of a PDU Session Establishment failure, the anchor SMF triggers another request to the NSACF with the update flag parameter equal to decrease in order to re-adjust back the PDU Session counter in the NSACF.
Up

4.2.11.5  Network Slice Admission Control Support for Roamingp. 106

4.2.11.5.1  Network Slice Admission Control Support for Roaming by VPLMNp. 106
For NSAC for roaming UEs, a maximum number of allowed UEs per mapped S-NSSAI in HPLMN and/or a maximum number of allowed PDU Sessions in LBO mode per mapped S-NSSAI in HPLMN is allocated to the VPLMN for each S-NSSAI in HPLMN and stored in one NSCAF in the VPLMN responsible for NSAC for the S-NSSAI in the HPLMN, subject to NSAC.
The maximum number of UEs registered with a network slice monitoring and enforcement is done in the VPLMN by the NSACF in the VPLMN as per the description in Figure 4.2.11.2-1 with the following differences:
  • Step 2, in the Nnsacf_NSAC_NumOfPDUsUpdate_Request service operation the V-SMF provides both the S-NSSAI in VPLMN and the corresponding mapped S-NSSAI in HPLMN to the NSACF in the VPLMN.
  • Step 3, the NSACF in the VPLMN performs NSAC for both the S-NSSAI in VPLMN and the corresponding mapped S-NSSAI in HPLMN based on the SLA between VPLMN and HPLMN.
For LBO, enforcement of the maximum number of PDU Sessions established for an S-NSSAI is performed in the VPLMN by the NSACF in the VPLMN as per the description in Figure 4.2.11.4-1 with the following differences:
  • Step 2, in the Nnsacf_NumberOfPDUsPerSliceAvailabilityCheckAndUpdate_Request service operation the V-SMF provides both the S-NSSAI in VPLMN and the corresponding mapped S-NSSAI in HPLMN to the NSACF in the VPLMN.
  • Step 3, the NSACF in the VPLMN performs NSAC for both the S-NSSAI in VPLMN and the corresponding mapped S-NSSAI in HPLMN based on the SLA between VPLMN and HPLMN.
Up
4.2.11.5.2  Network Slice Admission Control Support for Roaming by HPLMNp. 106
For PDU sessions in the home-routed roaming case, the SMF in HPLMN performs NSAC for the S-NSSAI(s) subject to NSAC.

Up   Top   ToC