8.2.10 Activation of enhanced security for S2c

23.1393GPP3GPP system - fixed broadband access network interworkingRelease 17Stage 2TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

This clause is related to the case that UE creates the child SA to protect the user plane traffic exchanged over the S2c tunnel when the UE is in a trusted Fixed Broadband access.

Figure 8.2.10-1 Activation of enhanced security for S2c

1. The UE has performed the Initial S2c attach procedure as defined in clause 8.2.1 and has an established PDN connection.

2. The UE repeats the procedure steps 2-4 of clause 6.16.1, Figure 6.16.1-1 to establish the child SA with the following additions: UDP source port number of IPSec tunnel as according to RFC 5996 is included in IP-CAN session modification.

3. The Gateway Control and QoS Rules provision procedure is initiated by the PCRF towards the BPCF as specified in TS 23.203 [4] Annex P, with the following additions: UDP source port number of IPSec tunnel as according to RFC 5996.

4. The BPCF may interact with the BNG, e.g. to download policies, as defined by Fixed Broadband Access Policy Framework specifications BBF TR-134 [11] and BBF TR-203 [6]. This step is out of 3GPP scope.