5.27 Inter-PLMN User Plane Security

29.2443GPPInterface between the Control Plane and the User Plane nodesRelease 17TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

Stage 2 requirements for support of the Inter-PLMN User Plane Security (IPUPS) functionality are defined in clauses 4.2.4, 5.8.2.14, 6.2.3, and 6.3.3.3 of 3GPP TS 23.501 [28], and in clauses 4.2.2 and 5.9.3.4 of 3GPP TS 33.501 [64].

The IPUPS functionality shall be activated for the user plane traffic received over N9 interface across PLMNs, according to operator’s policy. The SMF shall provision UL/DL PDR(s) to identify the user plane traffic received at the local F-TEID in the UPF and provision UL/DL FAR(s) to forward the user plane traffic to the remote F-TEID in the GTP-U peer. User plane packets not matching any PDR shall be dropped, using mechanisms defined in this specification, see e.g. clause 5.2.1.

During a PFCP Association Setup procedure, an UPF, which is configured to be used for IPUPS shall indicate this with the UPF configured for IPUPS (UUPSI) flag, as specified in clause 7.4.4.2.

NOTE: Any UPF can support the IPUPS functionality. In network deployments where specific UPFs are used to provide IPUPS, UPFs configured for providing IPUPS services (i.e. reporting the UUPSI flag) are selected to provide IPUPS function.