Network Access Control
The user uses the network access to get connected to the CN of 5G. The following functionalities are comprised in the network access control:
- Network selection: It is performed by a UE in order to determine the PLMN to which registration should take place. Two main parts are comprised in the network selection procedure, i.e. PLMN selection and access network selection.
- Identification and authentication: The UE has been authenticated by the network during any procedure of establishment of a NAS signalling connection with the UE.
- Authorisation: Once the identification and authentication of the user is performed, there is evaluation of authorisation for connectivity to the 5GC and for services. There is execution of this authorisation during UE Registration procedure.
- Access control and barring: First of all, a request for establishment of an RRC Connection shall be made by UE and the RRC establishment has been provided by the NAS related information to the lower layer when there is a need for transmission of an initial NAS message by UE. The RRC Connection with priority has been handled by the RAN during and after RRC Connection Establishment procedure when priority is indicated by UE in Establishment related information.
- Policy control: It influences the network access control including service authorization.
- Lawful Interception
Registration and Connection Management
The use of the Registration Management is registration or deregistration of UE with the network and establishment of the context of the user in the network. The establishment and release of the signalling connection between the UE and the AMF is performed by the connection management.
There is no registration of UE with the network in the RM‑DEREGISTERED state and there is registration of the UE with the network in the RM‑REGISTERED state. The functions are comprised in registration area management so that a Registration area can be allocated and reallocated to a UE. The management of registration area has been done as per access type i.e., 3GPP access or Non-3GPP access.
There are two states of CM that are used for reflecting UE’s NAS signalling Connection with the AMF:
There is no establishment of the NAS signalling connection of a UE in CM-IDLE state with the AMF over N1. The cell selection/cell reselection and PLMN selection is performed by the UE. A NAS signalling connection has been established with the AMF over N1 by a UE in CM-CONNECTED state. An RRC Connection has been used between the UE and the NG-RAN by a NAS signalling connection and for 3GPP access, an NGAP UE association is used between the AN and the AMF between the AN and the AMF.
The figure below shows the transition of CM state in UE.
The figure below shows the transition of CM state in AMF.
There is deactivation of the UP connection of the PDU Sessions when a UE enters CM-IDLE state.
A UE mobility handling or service access is restricted by the mobility restrictions. The UE, the radio access network and the core network provides the functionality of Mobility Restriction. It can be applied only to 3GPP access and not to Non-3GPP access. RAT restriction, Forbidden Area, Service Area Restrictions and Core Network type restriction is consisted in the mobility restrictions.
UE reachability in CM-IDLE
Reachability management is used to detect the reachability of UE and to provide location of the UE so that the network can reach the UE. To perform this, UE paging and UE location tracking are used. Both UE registration area tracking and UE reachability tracking are included in the UE location tracking. The UE reachability characteristics are negotiated by the UE and the AMF during Registration procedures for CM-IDLE state. For CM-IDLE state, UE and AMF negotiate two UE reachability categories as follows:
- Mobile Terminated data is allowed by UE reachability while the UE is in CM-IDLE state.
- Mobile Initiated Connection Only (MICO) mode
A periodic registration timer is started by UE according to the periodic registration timer value that has been received during a Registration procedure from the AMF when it enters CM-IDLE state from RM-REGISTERED state. A periodic registration timer value is allocated to UE by the AMF on the basis of local policies, subscription information and information that has been provided by the UE. A periodic registration shall be performed by the UE after the periodic registration timer has expired. A UE Mobile Reachable timer has been ran by the AMF.
UE reachability in CM-CONNECTED
For UE in CM-CONNECTED state:
- The UE location is known to the AMF
- The AMF is notified by the NG-RAN when UE becomes unreachable.
RAN uses UE RAN reachability management for UEs in RRC Inactive state. The RAN knows the UE’s location in RRC Inactive state on a RAN Notification area granularity. RAN Notification Area Update is performed by UE in RRC Inactive state when enters in a cell that is not a part of RAN Notification area. The UE is configured by the RAN with a periodic RAN Notification Area Update timer value at transition into RRC Inactive state and there is restart of timer in the UE with this initial timer value. A guard timer is used by RAN with a value longer than the RAN Notification Area Update timer value so that the UE reachability management has been aided in the AMF.
Paging strategy handling
The AMF and NG-RAN are supported by 5GS for applying different paging strategies for different traffic types on the basis of operator configuration. Paging is performed by the AMF when UE is in CM-IDLE mode and also the paging strategy is determined by the AMF on the basis of local configuration. Paging is performed by the NG-RAN when UE is in CM-CONNECTED with RRC Inactive state and also the paging strategy is determined on the basis of local configuration. The 5QI and ARP are determined by the SMF downlink data or the notification of downlink data received from UPF when SMF sends Network Triggered Service Request.
UE radio capability information storage in the AMF
The information on RATs that is supported by the UE is contained in the UE Radio Capability information. It is undesirable for sending this information across the radio interface as it is very large. The UE Capability information shall be stored by the AMF during CM‑IDLE state for the UE and RM-REGISTERED state for the UE so that this radio overhead can be avoided. The UE radio capability is deleted by the AMF when there is transitioning of the UE RM state to RM-DEREGISTERED. During AMF reselection, the core network maintains the UE Radio Capability. The Registration procedure shall be performed by the UE if there is change in the UE’s NG-RAN UE Radio Capability information in CM-IDLE state. When Mobility Registration Update Request is received by the AMF with UE Radio Capability Update, any UE Radio Capability information, stored for the UE, shall be deleted by it.
Paging assistance information
UE radio related information is contained in the paging assistance information so that the RAN assisted efficient paging. The Paging assistance information contains:
- Paging information that requires UE radio capability
- Paging that requires information On Recommended Cells And RAN nodes
UE MM Core Network Capability handling
There is splitting of the MM Core Network Capability of the UE into the S1 UE network capability and the Core Network Capability and non radio-related capabilities are also contained. There is a transferring of the S1 UE network capability between all CN nodes. the UE MM Core Network Capability information shall be sent by the UE to he AMF so that the up to date storage of the UE MM Core Network Capability information in the AMF shall be ensured. The latest UE MM Core Network Capability that a UE can receive shall always be stored in the AMF. the UE 5GMM Core Network Capability shall be indicated by the UE if the UE supports:
- EPC attach
- EPC NAS
- SMS over NAS
UE 5GSM Core Network Capability handling
PDU Session Establishment Request includes the UE 5GSM Core Network Capability. The UE 5GSM Core Network Capability indicates whether the UE supports:
- PDU Session Type of IP, IPv4, IPv6, IPv4v6 or Ethernet
- Reflective QoS
- PDU Session of multi-homed IPv6
At PDU Session Establishment, there is a transferring of 5GSM Core Network Capability from V-SMF to H-SMF when needed. The PDU Session Modification also includes the 5GSM Core Network Capability after the change of first inter-system from EPS to 5GS when EPS establishes a PDU session.
DRX (Discontinuous Reception) framework
DRX architecture is supported by the 5G system in which Idle mode DRX cycle is allowed to negotiate between UE and the AMF. To use UE specific DRX parameters, the UE’s preferred values shall be included consistently in every Initial Registration and Mobility Registration procedure. Accepted DRX parameters shall be determined by the AMF on the basis of the received UE specific DRX parameters and the UE requested values should be accepted by the AMF. The Accepted DRX parameters shall be used by the UE to respond to the AMF.
Core Network assistance information for RAN optimization
The RAN is used by the Core Network assistance information for RAN so that the state transition steering of the UE and RRC Inactive state’s RAN paging strategy formulation can be optimized. The information set, Core Network assisted tuning of RAN parameters to assist RAN for the UE RRC state transition optimization and CM state transition decision is included in the Core Network assistance information. The information set, Core Network assisted paging information of RAN, to assist RAN for formulation of an optimized paging strategy when there is triggering of RAN paging is also included in it.
NG-RAN location reporting
The NG-RAN location reporting is supported by the NG-RAN to provide services in which accurate cell identification is required. The AMF may use the NG-RAN location reporting when the target UE is in CM-CONNECTED state. The NG-RAN location reporting may be requested by the AMF with event reporting type, reporting mode and its related parameters. The current UE location is reported by the NG-RAN on the basis of the requested reporting parameter if UE location is requested by the AMF. the NG-RAN location reporting may be re-requested by the AMF.
A PDU Connectivity Service is supported by the 5GC. PDU Sessions support the PDU Connectivity Service that are established when UE requested for it. Each S-NSSAI’s Subscription Information may contain a Subscribed DNN list and one default DNN. When a DNN is not provided by the UE, the DNN has been determined by the serving AMF to request PDU Session for selection of the default DNN. A single PDU Session type is supported by each PDU Session. IPv4, IPv6, IPv4v6, Ethernet, Unstructured PDU session types are defined. NAS SM signalling are used to establish, modify and release the PDU sessions to exchange over N1 between the UE and the SMF. A specific application is triggered by the 5GC in the UE when requested from an application server.
Single PDU Session with multiple PDU Session Anchors
The data path of a PDU Session may be controlled by the SMF so that multiple N6 interfaces may be simultaneously corresponded by the PDU Session. Each of these interfaces are terminated by the UPF that supports PDU Session Anchor functionality. A different access is provided to the same DN by each PDU Session Anchor that supports a PDU Session.
Support for Local Area Data Network
There is an availability of an access to a DN by using a PDU Session for a LADN in a specific service area of LADN. A LADN service area is a Tracking Areas set. The serving PLMN provides a LADN service. It includes:
- Only 3GPP accesses have LADN service
- An explicit subscription is required for the usage of LADN DNN
- an attribute of a DNN corresponds to a LADN service
There can be a configuration of the UE so that it can know whether a DNN is a LADN DNN or there is an association between application and LADN DNN. The AMF configures LADN service area and LADN DNN on a per DN basis. During the Registration procedure or UE Configuration Update procedure, AMF provides LADN Information to the UE. A set of Tracking Areas is included in the corresponding LADN Service Area Information. The Registration Area shall not be created by the AMF on the basis of the availability of LADNs. When registration procedure is successfully performed by the UE, the LADN Information is provided for the list of available LADN to the UE by the AMF.
Secondary authentication/authorization by a DN-AAA server during the establishment of a PDU Session
The DN authenticates/authorizes the DN-specific identity of a UE. The UE’s authentication/authorization information has been passed by the SMF to the DN-AAA server by using the UPF if the location of the DN-AAA server is within the DN. The PDU Session Establishment is rejected by the SMF if the SMF determines that there is requirement of authentication of the PDU Session Establishment but authentication/authorization information is not provided to the UE. The PDU Session Establishment may be authenticated/authorized by the DN-AAA server. DN authorization data may be sent by the DN-AAA server or the established PDU Session to the SMF when the PDU Session Establishment is authorized by it. DN authorization may be required without DN authentication by the SMF policies. A session is kept between the SMF and the DN-AAA when DN authentication/authorization has been performed successfully. There is a requirement of information provided by the UE so that user authentication by the DN can be supported over NAS SM.
Application Function influence on traffic routing
The requests may be sent to influence SMF routing decisions by an AMF for PDU session traffic. UPF (re)selection may also be influenced by the AF requests and user traffic is allowed to route towards a local access to a Data Network. The requests may be issued on the behalf of applications not owned by the PLMN serving the UE by the AF. If an AF is not allowed by the operator so the network is accessed directly, the NEF shall be used by the AF to interact with the 5GC. N5 or NEF is used to send the AF requests to the PCF. The AF requests are transformed by the PCF into policies that apply to PDU Sessions.
Selective activation and deactivation of UP connection of existing PDU Session
The activation of UE-CN User Plane connection is caused by an existing PDU Session’s UP connection activation. An existing PDU Session’s UP connection independent activation may be supported either by UE or Network-Triggered Service Request procedure in CM-IDLE state for the UE in 3GPP access state. The re-activation of UP connection of existing PDU Sessions is allowed by UE-Triggered Service Request procedure and its independent activation may also be supported in non-3GPP access for the UE in the CM-IDLE state. The independent activation of the UP connection of existing PDU Sessions are requested by a UE in the CM-CONNECTED state so that a Service Request procedure can be invoked.
Session and Service Continuity
In 5G System architecture, UE’s different applications continuity requirements are addressed by the support for session and service continuity. Different session and service continuity (SSC) modes are supported by the 5G system. There are the three modes that are defined below:
- The UE’s connectivity service is preserved by the network in SSC mode 1.
- The connectivity service delivered to the UE may be released by the network and the corresponding PDU sessions may also be released in SSC mode 2.
- There is a visibility of changes to the user plane to UE in SSC mode 3.
5G QoS Parameters
- 5QI: it is a scalar and is used as a reference to the characteristics of 5G QoS. There is one-to-one mapping of standardized 5QI values to a standardized combination of 5G QoS characteristics.
- ARP: It is a 5G QoS parameter in which information about the priority level, the pre-emption capability and the pre-emption vulnerability is contained.
- RQA: The Reflective QoS attribute is an optional parameter. Certain traffic carried on the QoS Flow is indicated by RQA. The transfer of the RQI for AN resource is enabled by the (R)AN corresponding to the QoS Flow only when there is signalling of RQA for a QoS Flow.
- Notification control: It is indicated by the notification control that whether there is a request of notification from the NG-RAN or not. A GBR QoS Flow uses the notification control if the change in the QoS is adapted by the application traffic.
- Flow Bit Rates: The following additional QoS parameters exist only for GBR QoS Flows i.e. Guaranteed Flow Bit Rate (GFBR) and Maximum Flow Bit Rate (MFBR). The GFBR denotes the bit rate using which the QoS Flow is provided over the Averaging Time Window by the network. The bit rate is limited to the highest bit rate that is expected by the QoS Flow by the MFBR.
- Aggregate Bit Rates: Per UE Aggregate Maximum Bit Rate (UE-AMBR) aggregate rate limit QoS parameter that is used by each UE.
- Maximum Packet Loss Rate: The maximum rate for lost packets of the QoS flow is indicated by the Maximum Packet Loss Rate. The QoS is provided by this if compliant to the GFBR.
Packet Filter Set
One or more packet flows are identified by the Packet Filter Set that is used in the QoS rule and the PDR. One or more Packet Filters are contained in the Packet Filter Set. IP Packet Filter Set, and Ethernet Packet Filter Set are the two types of Packet Filter Set.
User Plane Management
The PDU sessions’ user plane path is handled by the User Plane Function. The deployments are supported by the 3GPP specifications for a given PDU Session with a single UPF or multiple UPFs. SMF performs UPF selection. The UE is allocated with IP anchor point of the IP address/prefix by the PDU Session Anchor for PDU Sessions of type IPv4 or IPv6 or IPv4v6. If the UPF is requested by SMF for an Ethernet DNN to proxy ARP or IPv6 Neighbour Solicitation, the UPF should itself respond to the ARP or IPv6 Neighbour Solicitation Request.
In the 5G System, one 5G Subscription Permanent Identifier (SUPI) shall be allocated to each subscriber that can be used within the 3GPP system. The subscriptions identification is supported by the 5G system, independent of UE identification. A Permanent Equipment Identifier (PEI) shall be assigned to each UE that can access the 5G system. A temporary identifier, 5G-GUTI, is allocated so that user confidentiality protection can be supported by the 5G system.
The 5G System includes the following security features, such as:
- UE authentication by the network
- Generation and distribution of security context
- Confidentiality and integrity protection of user plane data
- Confidentiality and integrity protection of control plane signalling
- Confidentiality of identity of user
- LI requirements support
Support for Dual Connectivity, Multi-Connectivity
The two radio network nodes are involved in Dual Connectivity to provide radio resources to a given UE. All necessary N2 related functions are performed by the RAN node where the N2 terminates. If Mobility Restriction is there in UE, these restrictions are signalled by the AMF as Mobility Restriction List to the Master RAN Node.
The charging information collection and reporting is supported by the 5GC for network resource usage. The interactions towards the charging system are supported by the SMF. The functionality of collecting and reporting the usage data to SMF is supported by the UPF. The SMF control to collect and report the usage data of the UPF is supported by the N4 reference point.
Support for Edge Computing
The operator and 3rd party services are enabled to host closer to the access point of attachment of UE by edge computing so that efficient service delivery can be achieved through the reduced end-to-end latency and load on the transport network. a UPF close to the UE can be selected by the CN of 5G and the traffic steering has been executed from the UPF to the local Data Network via a N6 interface on the basis of subscription data and location of UE, and the information from Application Function (AF). one or a combination of the following enablers support the edge computing:
- Re-selection of user plane
- Local Routing and Traffic Steering
- Session and service continuity
- Network capability exposure
- QoS and Charging
- Local Area Data Network support
a PLMN has a defined Network Slice that shall include:
- the Core Network Control Plane and User Plane Network Functions
- the NG Radio Access Network
- the N3IWF functions to the non-3GPP Access Network
multiple participating operators shall be allowed by the architecture of a network sharing so that resources of a single shared network are shared according to agreed allocation schemes. a radio access network is included in the shared network. radio resources are included in the shared resources. shared resources to the participating operators are allocated by the operator of shared network on the basis of their planned and current needs and according to service level agreements.
Control Plane Load Control, Congestion and Overload Control
Under normal capacity, there operates the network functions within 5G System to provide connectivity and necessary services to the UE. the various measures are supported by it to guard itself. load re-balancing, overload control and NAS level congestion control are supported by it.