7.2.5 Initial Attach for emergency session (GTP on S2b)

23.4023GPPArchitecture enhancements for non-3GPP accessesRelease 18TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

When the UE needs to establish an IMS emergency session over Untrusted WLAN access, the procedure described in this clause applies. The Initial Attach for emergency session follows the same steps that the Initial Attach for a non emergency session, so only the differences with regard to the procedures described in clauses 7.2.1 and 7.2.4 are documented.

Figure 7.2.5-1: Initial attachment for emergency services over GTP based S2b

1) As in step 1 of Figure 7.2.1 with following modifications:

As part of procedures for Authentication and Authorization on an Access Point based NAI defined in clause 4.6.3,the 3GPP AAA server may store WLAN Location Information defined in clause 4.5.7.2.8.

2) The UE releases any connectivity it may have over Un-trusted access to EPC per the procedure defined in clause 7.4.3. The UE does not need to wait the procedure defined in clause 7.4.3 to be completed to proceed with following steps: the UE shall select an ePDG that supports emergency services as defined in clause 4.5.4a and initiate an IKEv2 tunnel establishment procedure as in step 2 of clause 7.2.1 but with following specificities:

– The behaviour defined in clause 4.5.7.2.1 shall apply.

– The UE provides an indication that the EPC access is for emergency services.The indication is used by the 3GPP AAA server to give precedence to this session in case of signalling congestion (over SWx) and for authenticated UE without roaming permission to not carry out roaming and location checks for this UE. The indication is used by the ePDG to apply specific policies related with emergency PDN connection (e.g. stored in Emergency Configuration Data).

– For an Emergency Attach, the IMEI check to the EIR may be performed. Dependent upon the result, the 3GPP AAA server or 3GPP AAA proxy (roaming case with ePDG in VPLMN) decides whether to continue or to stop the authentication and authorization procedure is based on operator policies.

– Any APN received by the ePDG from the UE is ignored as the ePDG uses its Emergency Configuration Data to determine the APN to be associated with the emergency PDN connection and possibly to determine the PDN GW to use.

NOTE 1: No procedure for additional authentication and authorisation with an external AAA Server as specified in RFC 4739 [50] and in TS 33.402 [45] is expected.

– During the IKE tunnel establishment procedure, the identity provided by the UE in IKE_AUTH message to the ePDG is defined in clause 4.6.3. When local policies (related with local regulations) allow unauthenticated emergency sessions, the ePDG forwards the EAP payload received from the UE to the 3GPP AAA Server in the VPLMN serving the specific domain for unauthenticated emergency access.

– if the UE includes an identity based on IMEI and the ePDG is not configured to support Unauthenticated Emergency Attach (i.e for supporting cases c and d as defined in TS 23.401 [4] clause 4.3.12), the ePDG shall reject the Emergency Attach Request.

– if the UE did not include the IMEI in the identity and the ePDG is configured for supporting Unauthenticated Emergency Attach (per cases c and d as defined in TS 23.401 [4] clause 4.3.12), the ePDG shall request the IMEI from the UE.

Editor’s note: The enhancement of authentication procedure defined in TS 33.402 [45] for an unthenticated UE, i.e. UE without valid IMSI or without IMSI, is outside the scope of SA2. The reference to SA3 specification will be added when available.

– Upon a successful authorization by the 3GPP AAA server, the ePDG stores subscription information if they are received from the 3GPP AAA, but does not use this information for the emergency PDN connection. It instead uses Emergency Configuration Data to get information on the APN and possibly PDN GW and / or QoS (APN-AMBR, default QoS) to use for the emergency PDN connection.

3) The ePDG sends a Create Session Request message to the PGW as described in step B.1 of clause 7.2.4 but with following specificities:

– No parameter sent in the Create Session Request message is related with the user subscription. Parameters in the Emergency Configuration Data are used instead.

– No Additional Parameters are provided for additional authentication and authorisation with an external AAA Server.

– The PDN GW deduces the emergency related policies to apply from the APN received in the Create Session Request message.

– For emergency attached UEs, if the IMSI cannot be authenticated or the UE has not provided it (according to cases c) and d) as defined in TS 23.401 [4] clause 4.3.12), then the IMEI shall be used as UE identifier.

4) As Step 4 of clause 7.2.1, with the following specificities:

– The PCRF deduces the emergency related policies to apply from the APN received in the IP‑CAN Session Establishment message.

5) As in step C.1 of clause 7.2.4, with the following specificities:

– The PDN GW sends an Emergency indication over S6b in order for the 3GPP AAA server to be able to apply specific policies for emergency services. For a UE without UICC or with an unauthenticated IMSI or a roaming authenticated UE, the 3GPP AAA server does not update the HSS with the identity of the PDN GW. For a non-roaming authenticated UE, based on operator policy, this indication may be sent together with the "PDN GW currently in use for emergency services", which comprises the PDN GW address and the indication that the PDN connection is for emergency services to the HSS, which stores it as part of the UE context for emergency services.

6) As in step D.1 of clause 7.2.4.

7) As in step E.1 of clause 7.2.4, with the following specificities:

– No APN is provided by the ePDG in the IDr payload of the final IKEv2 message.