6 Specification Level Requirements
28.3143GPPConcepts and requirementsManagement and orchestrationPlug and ConnectRelease 17TS
6.1 Use Cases
6.1.1 Use case Plug and Connect
Table 6.1.1.1
|
Use Case Stage |
Evolution / Specification |
<<Uses>> Related use |
|---|---|---|
|
Goal |
After physical installation, connect the NE to its SCS as automatically as possible. |
|
|
Actors and Roles |
NE as user. In this use case NE is the RAN NE. Other types of NE might also be compliant and use this use case. Examples of NEs are: – gNB – eNB The NE within virtualization is not addressed. |
|
|
Telecom resources |
NE; IP networks: Non-Secure Operator Network, External Network, and its elements like DHCP server optionally DNS, CA/RA servers, Security Gateway(s) (each protecting one or more Secure Operator Networks), Secure Operator Network(s) including SCS(s) |
|
|
Assumptions |
There is a functional power supply for the NE. There may be one or more IP Autoconfiguration Services like DHCP and Router Advertisements and zero or more DNS servers. |
|
|
Pre conditions |
The NE is physically installed. IP connectivity exists between the involved telecom resources. The involved telecom resources are functional. The relevant information is stored and available: – Vendor Certificate at the NE – Operator Certificate at the CA/RA – For the External Network or Non-Secure Operator Network: – (Outer) IP autoconfiguration information at the IP Autoconfiguration Service – FQDN of the initial OAM SeGW at the NE – FQDN of the CA/RA servers at the NE – If FQDNs need to be resolved, corresponding IP address(es) at the DNS server(s) – For the Secure Operator Network: – (Inner) IP autoconfiguration information at the IP Autoconfiguration Service or at the initial OAM SeGW – FQDN or IP address of the initial SCS at the NE and/or DHCP Server of the Secure Operator Network. – If FQDNs need to be resolved, corresponding IP address(es) at the DNS server(s) – Configuration and software for the NE at the SCS(s) |
|
|
Begins when |
The NE is powered up. |
|
|
Step 1 (M) |
If a VLAN ID is available the NE uses it. Otherwise the NE uses the native VLAN where PnC traffic is sent and received untagged |
|
|
Step 2 (M) |
The NE acquires its IP address through stateful or stateless IP autoconfiguration. This may provide 0 or more DNS server addresses. |
|
|
Step 3 (M) |
The NE acquires the IP address of the CA/RA server. The FQDN of the CA/RA server may be pre-configured in the NE or the FQDN or IP address of the CA/RA server may be provided by the IP Autoconfiguration Service. FQDNs are resolved through the DNS if necessary. Information provided by the IP Autoconfiguration Services shall supersede those pre-configured at the NE. |
|
|
Step 4 (M) |
The NE performs Certificate Enrolment. |
|
|
Step 5 (M) |
The NE acquires the IP address of the OAM SeGW. The FQDN of the OAM SeGW may be pre-configured in the NE or the FQDN or the IP address of the OAM SeGW may be provided by the IP Autoconfiguration Service. FQDNs are resolved through the DNS if necessary. |
|
|
Step 6 (M) |
The NE establishes a secure connection (tunnel) to the Security Gateway given by Step 5. The NE receives its (inner) IP autoconfiguration information (which may be the same as the outer IP address obtained in step2) and optionally the address of one or more DNS servers within the Secure Operator Network from the Configuration Parameters of IKEv2 during tunnel establishment. |
|
|
Step 7 (M) |
The NE acquires the IP address of the correct Element Manager by either, issuing a DHCP request including the NE’s vendor information, resolving FQDNs via DNS if necessary, or by having a pre-configured FQDN (including the NE’s vendor information) resolved via DNS. |
Secure connection |
|
Step 8 (M) |
The NE establishes a connection to the provided SCS and acquires its configuration and software if any. The configuration may contain an address to another SCS that this specific node shall use as SCS. The configuration may contain an address to another SeGW that should be used before connecting to the SCS. The NE may then – release the connection to the current SCS and OAM SeGW and then restart (returning to step 1), – release the connection to the current SCS and OAM SeGW and then return to step 6, – release the connection to the current SCS and then repeat step 8. |
Secure connection |
|
Ends when |
Ends when all mandatory steps identified above are successfully completed or when an exception occurs. |
|
|
Exceptions |
One of the steps identified above fails. |
|
|
Post Conditions |
One or more secure connections exist between the NE and the SCS. Via the connection to the SCS the NE can receive further instructions to become operational and carry user traffic, e.g. the administrativeState is set to "unlocked". |
|
|
Traceability |
All requirements of clauses 5.1 and 6.2.1. |
Security aspects – e.g. prevention of unauthorized network access and of fake parameters supplied to the NEs, etc. -have special importance. Security related sub-steps to establish secure connections are not shown in table 6.1.1.1. More security aspects are described in clause 4.1.3.
6.2 Requirements
6.2.1 Specification Requirements for Plug and Connect
REQ_PnC_FUN_1 The establishment of secure tunnels from the NE to the OAM shall support NAT traversal.
Annex A (informative): Graphical representation of the PnC Use Case
The NE Plug and Connect procedure, given in clause 6.1.1 are classified into two sets corresponding to those conducted at External Network (or Non-secure Operator Network) and those conducted at the Secure Operator Network. An interpretation of these procedures is depicted in figures A.1 and A.2 respectively.
Figure A.1: PnC procedure for the External Network or Non-secure Operator Network
Figure A.2: PnC Procedure for the secure Operator Network
Annex B (informative):
Change history
|
Change history |
|||||||
|
Date |
Meeting |
TDoc |
CR |
Rev |
Cat |
Subject/Comment |
New version |
|
2021-06 |
SA5#137-e |
S5-213662 |
0.1.0 |
||||
|
2021-09 |
SA5#138-e |
S5-214659 |
0.2.0 |
||||
|
2021-10 |
SA5#139-e |
S5-215628 |
0.3.0 |
||||
|
2021-12 |
SA5#140-e |
S5-216602 |
0.4.0 |
||||
|
2022-01 |
SA5#141-e |
S5-221749 |
0.5.0 |
||||
|
2022-03 |
SA#95e |
SP-220122 |
Presented for information and approval |
1.0.0 |
|||
|
2022-03 |
SA#95e |
Upgrade to change control version |
17.0.0 |
||||