C.6 Detection of UE not using 5GC provided DNS server

23.5483GPP5G System Enhancements for Edge ComputingRelease 17Stage 2TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

The UPF Traffic detection and traffic reporting capabilities specified in clause 5.8 in TS 23.501 [2] can be used to monitor if the UE uses a DNS resolver that is different than the one provided by the 5GC, e.g.:

– the SMF can install Packet Detection Rule(s) in the UPF to report when the traffic matches certain well known public DNS service IP addresses;

– the UPF can have an Application Filter defined to detect DNS ports as well as if the DNS traffic not destined to operator provided DNS servers (e.g. EASDF). The SMF can refer to this filter using an application ID.

Annex D (Informative):
Examples of AF Guidance to PCF for Determination of URSP Rules

a) The UE is to use a specific (DNN, S-NSSAI) (e.g. working in SSC mode 2 or 3 with the Distributed Anchor deployment) when trying to reach some domains while it should use another (DNN, S-NSSAI) (e.g. working in SSC mode 1) for other domains. In this example, the AF can indicate two FQDN filters, optionally with corresponding filtering rule priorities, if the FQDN filters overlap. For each FQDN filter, the AF can indicate a corresponding DNN, S-NSSAI.

b) Corporate applications only reachable via a specific (DNN, S-NSSAI) negotiated with the operator; corresponding URSP rules (URSP rules referring to domains of these corporate applications) shall only point to this specific (DNN, S-NSSAI). In this example, the AF can indicate one FQDN filter for the corporate applications. Optionally, the AF can indicate also the corresponding DNN, S-NSSAI for the FQDN filter. If DNN, S-NSSAI is not provided by the AF, the NEF can determine it based on the AF identity.

c) Corporate applications reachable via a (DNN, S-NSSAI) but only in some location; e.g. the corporate applications are only accessible when the UE is in some location corresponding to the corporate premises. In this example, the AF can provide information as in bullet b) and additionally provides where the corporate applications are accessible. URSP Rules will guide the UE select the (DNN, S-NSSAI) when the UE is in the geographical zone.

d) Internet applications not reachable via a specific (DNN, S-NSSAI) negotiated with the operator but that should be only reachable via a general purpose (DNN, S-NSSAI); e.g. traffic of UE(s) of a third party targeting Internet applications is not to be sent to a specific (DNN, S-NSSAI) negotiated with the operator as this traffic is not expected to cross the Intranet of the corporate. In this example, the default operator rules are used generate a "match all" URSP rule with a low filtering rule priority and a corresponding generic purpose DNN, S-NSSAI.

e) Internet applications reachable via both a specific (DNN, S-NSSAI) negotiated with the operator and via a general purpose (DNN, S-NSSAI) for which the third party may want to set preferences between these 2 kinds of connectivity. These preferences may depend on the UE location. In this example, the AF can indicate FQDN filters as in bullet b), but the FQDN filters are for Internet applications. In addition, the AF can indicate where the Internet applications are accessible via the specific DNN, S-NSSAI. In addition, the default operator rules are used generate a "match all" URSP rule with a low filtering rule priority and a generic purpose DNN, S-NSSAI.

f) Combination of bullets c) and e). In this example, the AF can indicate one FQDN filter for corporate applications as in bullet c) and another FQDN filter for Internet applications as in bullet c), In addition, the AF can indicate filtering rule priorities for the FQDN filters, if the FQDN filters overlap.

g) Corporate applications reachable via a (DNN, S-NSSAI) in some location and via another DNN, S-NSSAI in another location; e.g. the corporate applications are only accessible via a location specific corporate DNN, S-NSSAI. In this example, the AF can indicate an FQDN filter as in bullet c), but indicates two or more sets of location conditions for the FQDN filter and indicates different DNN, S-NSSAI for each. In addition, if the geographical zones overlap, the AF can indicate a Route Selection Descriptor Precedence for each of them.

The examples b) to e) above can correspond to different AF(s) representing different corporate that have different policies. How the rule precedence between rules for different AFs are set in the URSP rules is up to the operator policy.

In the examples above, when a location specific corporate DNN, S-NSSAI has been agreed, as an alternative, the location area where the DNN is accessible can also be set as part of the SLA agreement configured on the NEF.

Annex E (informative):
EPS Interworking Considerations