4 General

24.5023GPPAccess to the 3GPP 5G Core Network (5GCN) via non-3GPP access networksRelease 18TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

4.1 Overview

The 5G core network (5GCN) supports the connectivity of the UE via non-3GPP access networks. These non-3GPP access networks can be trusted non-3GPP access networks, untrusted non-3GPP access networks or wireline access networks. A trusted or untrusted non-3GPP access network can advertise the PLMNs for which it supports trusted connectivity and the type of supported trusted connectivity. Different types of trusted connectivity can be advertised so that the UE can discover the non-3GPP access networks that can provide trusted connectivity to one or more PLMNs:

a) information about PLMN list with 5G connectivity using trusted non-3GPP access;

b) information about PLMN list with 5G connectivity without NAS using trusted non-3GPP access; or

c) information about PLMN list with S2a connectivity using trusted non-3GPP access (access via non-3GPP access to EPC); or

d) information about SNPN list with 5G connectivity using trusted non-3GPP access.

NOTE: A wireline access network does not indicate PLMNs for which it supports connectivity.

4.2 Untrusted access

For an untrusted non-3GPP access network, the communication between the UE and the 5GCN is not trusted to be secure.

For an untrusted non-3GPP access network, to secure communication between the UE and the 5GCN, a UE establishes secure connection to the 5G core network over untrusted non-3GPP access via the N3IWF. The UE performs registration to the 5G core network during the IKEv2 SA establishment procedure as specified in 3GPP TS 24.501 [4] and IETF RFC 7296 [6]. After the registration, the UE supports NAS signalling with 5GCN using the N1 reference point as specified in 3GPP TS 24.501 [4]. The N3IWF interfaces the 5GCN CP function via the N2 interface to the AMF and the 5GCN UP functions via N3 interface to the UPF as described in 3GPP TS 23.501 [2].

4.3 Identities

4.3.1 User identities

When the UE accesses the 5GCN over non-3GPP access networks, the same permanent identities for 3GPP access are used to identify the subscriber for non-3GPP access authentication, authorization and accounting services.

The Subscription Permanent Identifier (SUPI) is defined in 3GPP TS 33.501 [5]. The SUPI can contain an IMSI, a network specific identifier, a GCI or a GLI as specified in 3GPP TS 23.501 [2]. A SUPI containing an IMSI is defined in 3GPP TS 23.003 [8]. A SUPI containing a network specific identifier, a GCI or a GLI always takes the form of a NAI as defined in 3GPP TS 23.003 [8].

The Subscription Concealed Identifier (SUCI) is a privacy preserving identifier containing the concealed SUPI as specified in 3GPP TS 33.501 [5]. SUCI is calculated from SUPI. When the SUPI contains an IMSI, the corresponding SUCI is derived as specified in 3GPP TS 23.003 [8]. When the SUPI contains a network specific identifier, a GCI or a GLI, the corresponding SUCI in NAI format is derived as specified in 3GPP TS 23.003 [8].

User identification in non-3GPP accesses can require additional identities that are out of the scope of 3GPP.

4.3.2 FQDN for N3IWF Selection

An N3IWF FQDN is either provisioned by the home operator or constructed by the UE in either the Operator Identifier FQDN format or the Tracking Area Identity FQDN format as specified in clause 6.3.6.2 in 3GPP TS 23.501 [2].

The detailed format of the N3IWF FQDN is specified in clause 28.3.2.2 of 3GPP TS 23.003 [8].

The N3IWF FQDN is used as input to the DNS mechanism for N3IWF selection.

In order to access PLMN services via an SNPN, a UE operating in SNPN access operation mode registered to an SNPN has the following restrictions on N3IWF FQDN:

a) the UE shall only use TAIs from a PLMN to construct a Tracking Area Identity based N3IWF FQDN; and

b) the UE shall not consider an N3IWF FQDN for N3IWF selection configured by an SNPN.

4.4 Quality of service support

4.4.1 General

When the UE accesses the 3GPP 5G System (5GS) via non-3GPP access networks, the same QoS flow based 5G QoS model and principles are followed as described in 3GPP TS 23.501 [2]. For PDU sessions that were established over non-3GPP access, the QoS flow remains to be the finest granularity of QoS differentiation in the PDU Session.

4.4.2 QoS differentiation in non-3GPP access

4.4.2.1 General

For untrusted non-3GPP access, the N3IWF is the access network node that provides QoS signalling to support QoS differentiation and mapping of QoS flows to non-3GPP access resources.

For trusted non-3GPP access, the TNGF is the access network node that provides QoS signalling to support QoS differentiation and mapping of QoS flows to non-3GPP access resources.

For wireline access, the W-AGF serving the 5G-RG is the access network node that provides QoS signalling to support QoS differentiation and mapping of QoS flows to non-3GPP access resources.

4.4.2.2 QoS signalling

A QoS flow is controlled by the SMF and can be preconfigured, or established via the UE requested PDU Session establishment via non-3GPP access procedure, the UE or network requested PDU session modification via non-3GPP access procedure (see 3GPP TS 23.502 [3]) .

During PDU session establishment, based on local policies, pre-configuration and the QoS profiles received:

a) the N3IWF or the TNGF (depending on whether the UE is connected to untrusted non-3GPP access or trusted non-3GPP access, respectively):

1) shall determine the number of IPsec child SAs to establish and the QoS profiles associated with each IPsec child SA; and

2) shall then initiate IPsec SA creation procedure to establish child SAs associating to the QoS flows of the PDU session; or

b) the W-AGF serving the 5G-RG:

1) shall determine the number of W-UP resources to establish and the QoS profiles associated with each W-UP resource; and

2) shall initiate creation of one or more W-UP resources using means out of scope of the present document. The W-AGF serving the 5G-RG shall associate each W-UP resource with a PDU session, zero or more QFIs, and optionally an indication of whether the W-UP resource is the default W-UP resource. For each W-UP resource, the 5G-RG becomes aware using means out of scope of the present document about association of the W-UP resource and the PDU session, the zero or more QFIs, and optionally the indication of whether the W-UP resource is the default W-UP resource.

In order to support QoS differentiation in case of access to PLMN services via an SNPN and access to SNPN services via a PLMN, the N3IWF is preconfigured with one or more QoS profiles requiring a dedicated IPsec child SA which can be associated with a DSCP value.

In order to support QoS differentiation in case of access to PLMN services via 5G ProSe layer-3 UE-to-network relay with N3IWF as specified in clause 5.6.2.2 of 3GPP TS 23.304 [41], the N3IWF is preconfigured with one or more QoS profiles requiring a dedicated IPsec child SA which can be associated with a DSCP value.

4.4.2.3 QoS differentiation in user plane

For uplink of trusted and untrusted non-3GPP accesses, the UE associates an uplink user data packet with a QFI as specified in 3GPP TS 24.501 [4]. In both cases of untrusted non-3GPP access and trusted non-3GPP access, the UE shall then encapsulate the uplink user data packet and the QFI associated with the uplink user data packet in the GRE header and select IPsec child SA based on PDU session and QFI associated with the uplink user data packet as specified in clause 8.3. In case of trusted non-3GPP access, the UE shall reserve non-3GPP access network QoS resources for the IPsec child SA according to the received Additional QoS Information when the selected IPsec child SA is established. In case of untrusted non-3GPP access, the UE may receive an Additional QoS Information from the N3IWF during IPsec child SA establishment. If the UE receives the Additional QoS Information from the N3IWF, the UE may reserve non-3GPP access network QoS resources for the IPsec child SA according to the received Additional QoS Information when the selected IPsec child SA is established.

For uplink of wireline access, the 5G-RG associates an uplink user data packet with a QFI as specified in 3GPP TS 24.501 [4], shall select a W-UP resource based on the PDU session and the QFI associated with the uplink user data as specified in clause 8.3 and shall transport the uplink user data packet via the selected W-UP resource using means out of scope of the present specification.

For downlink of trusted and untrusted non-3GPP accesses, the UPF maps the user data packet to a QoS flow. In case of untrusted non-3GPP access, the N3IWF shall determine the IPsec child SA to use for sending of the downlink user data packet over NWu based on mapping of the QoS flow to the IPsec child SA based on QFI of the QoS flow of the user data packet and the identity of the PDU session of the user data packet. In case of trusted non-3GPP access, the TNGF shall determine the IPsec child SA to use for sending of the downlink user data packet over NWt based on mapping of the QoS flow to the IPsec child SA based on QFI of the QoS flow of the user data packet and the identity of the PDU session of the user data packet. Furthermore, TNGF may reserve non-3GPP access network QoS resources for the IPsec child SA.

For downlink of wireline access, the UPF maps the user data packet to a QoS flow. In case of wireline access, the W-AGF serving the 5G-RG shall select a W-UP resource for a downlink user data packet based on mapping of the QoS flow to the W-UP resources, based on QFI of the QoS flow of the user data packet and the identity of the PDU session of the user data packet, and shall transport the downlink user data packet and the QFI associated with the downlink user data packet via the selected W-UP resource using means out of scope of the present specification.

4.4.2.4 Reflective QoS

Reflective QoS is also supported when the UE accesses the 5GCN via non-3GPP access network as specified in 3GPP TS 23.502 [3]. If the N3IWF for untrusted non-3GPP access or the TNGF for trusted non-3GPP access receives a downlink user packet associated with Reflective QoS Indicator (RQI), the N3IWF or the TNGF shall set the RQI in the GRE header when encapsulating the downlink user data packet into a GRE encapsulated user data packet as specified in clause 8.3. If the W-AGF serving the 5G-RG receives a downlink user packet associated with Reflective QoS Indicator (RQI), the W-AGF shall transport the RQI together with the downlink user data packet and the QFI associated with the downlink user data packet via the selected W-UP resource over NWu, as described in clause 4.4.2.3.

4.4.2.5 QoS enforcement

If the UE is provided with maximum flow bit rate (MFBR) for UL for a QFI as specified in 3GPP TS 24.501 [4], the UE should send user data packets associated with the QFI with a bitrate lower than or equal to the maximum flow bit rate (MFBR) for UL.

4.5 Trusted access

For a trusted non-3GPP access network, the communication between the UE and the 5GCN is secure. A trusted non-3GPP access network is connected to the 5GCN via a trusted non-3GPP gateway function (TNGF) as specified in 3GPP 23.501 [2]. The TNGF interfaces the 5GCN CP function via the N2 interface to the AMF and the 5GCN UP functions via N3 interface to the UPF as described in 3GPP TS 23.501 [2].

For a trusted non-3GPP access network, the UE establishes secure connection to the 5GCN over trusted non-3GPP access to the TNGF. The UE uses 3GPP-based authentication for connecting to a non-3GPP access and establishes an IPsec Security Association (SA) with the TNGF in order to register to the 5GCN by using the registration procedure as specified in 3GPP TS 24.501 [4]. After the registration, the UE supports NAS signalling with the 5GCN using the N1 reference point as specified in 3GPP TS 24.501 [4].

4.6 Forbidden PLMNs for non-3GPP access to 5GCN

A list of "forbidden PLMNs for non-3GPP access to 5GCN" contains a list of VPLMNs, 5GCN of which the UE is forbidden to access via non-3GPP access.

The HPLMN (if the equivalent HPLMN list is not present or is empty) or an equivalent HPLMN (if equivalent HPLMN list is present) shall not be stored on the list of "forbidden PLMNs for non-3GPP access".

3GPP TS 24.501 [4] specifies when a VPLMN is added to the list of "forbidden PLMNs for non-3GPP access to 5GCN".

When the UE is configured to use timer T3245 (see 3GPP TS 24.368 [38] or 3GPP TS 31.102 [35]), the UE adds a PLMN identity to the list of "forbidden PLMNs for non-3GPP access to 5GCN" and timer T3245 (see 3GPP TS 24.008 [28]) is not running, then the UE shall start timer T3245 as specified in 3GPP TS 24.008 [28], clause 4.1.1.6.

If the list of "forbidden PLMNs for non-3GPP access to 5GCN" is stored in a non-volatile memory in the ME together with the SUPI from the USIM, this list can only be used if the SUPI from the USIM matches the SUPI stored in the non-volatile memory; else the UE shall delete this list.

A VPLMN is removed from the list of "forbidden PLMNs for non-3GPP access to 5GCN" if:

– there is a successful registration as specified in 3GPP TS 24.501 [4] over a non-3GPP access after a manual selection of the VPLMN for non-3GPP access connected to 5GCN;

– the UE is not configured to use timer T3245, and the value of the PLMN-specific attempt counter for non-3GPP access for the PLMN has a value greater than zero and less than the UE implementation-specific maximum value as defined in clause 5.3.20 in 3GPP TS 24.501 [4] and T3247 expires;

– upon expiry of the timer T3245 if the UE is configured to use timer T3245; or