9 S6b Description

29.2733GPP3GPP EPS AAA interfacesEvolved Packet System (EPS)Release 18TS

9.1 Functionality

9.1.1 General

The S6b reference point is defined between the 3GPP AAA Server and the PDN-GW. The definition of the reference point and its functionality is given in 3GPP TS 23.402 [3].

When the UE attaches to the EPC using the S2c reference point, the S6b reference point is used to authenticate and authorize the UE, and update the PDN-GW address to the 3GPP AAA server and HSS.

When the UE attaches to the EPC using the S2a/S2b reference point in the PMIPv6 or GTPv2 mode, the S6b reference point is used to update the 3GPP AAA server or the 3GPP AAA proxy with the PDN-GW address information and with the selected S2a/S2b protocol variant. Furthermore, this reference point may be used to retrieve and update other mobility related parameters including static QoS profiles for non-3GPP accesses.

The S6b reference point is also used to authenticate and authorize the incoming MIPv4 Registration Request in the case the UE attaches to the EPC over the S2a reference point using MIPv4 FACoA procedures.

The S6b reference point is used by the 3GPP AAA Server in the case the UE attaches to the EPC using the S2c reference point to indicate to the PDN GW that a PDN GW reallocation shall be performed. This indication triggers the actual Home Agent reallocation procedure as specified in 3GPP TS 24.303 [13].

The S6b reference point is also used to download subscriber and equipment trace information to the PDN GW.

The S6b reference point is also used by the 3GPP AAA Server to indicate to the PDN GW that the HSS-based P-CSCF restoration procedure for WLAN shall be executed as described in 3GPP TS 23.380 [52] clause 5.6.

9.1.2 Procedures Description

9.1.2.1 Authentication and Authorization Procedures when using DSMIPv6

9.1.2.1.1 General

The S6b interface shall enable the authentication and authorization between the UE and the 3GPP AAA Server/Proxy for DSMIPv6.

When an UE performs the DSMIPv6 initial attach, it runs an IKEv2 exchange with the PDN GW as specified in 3GPP TS 24.303 [13]. In this exchange EAP AKA is used for UE authentication over IKEv2. The PDN GW acts as an IKEv2 responder and an EAP pass-through authenticator for this authentication.

The S6b authentication and authorization procedure is invoked by the PDN GW after receiving an IKE_SA_AUTH message from the UE. The S6b reference point performs authentication based on reuse of the DER/DEA command set defined in Diameter EAP. The exact procedure follows the steps specified in IETF RFC 5778 [11].

NOTE: This procedure is only used with DSMIPv6-capable UEs; therefore, only PDNs with PDN Types IPv6 or IPv4v6 are accessible in this case.

Table 9.1.2.1/1: Authentication and Authorization Request

Information Element Name	Mapping to Diameter AVP	Cat.	Description
User identity	User-Name	M	This information element shall contain the identity of the user. The identity shall be represented in NAI form as specified in IETF RFC 4282 [15] and shall be formatted as defined in clause 19 of 3GPP TS 23.003 [14]. This IE shall include the leading digit used to differentiate between authentication schemes.
Authentication Request Type	Auth-Request-Type	M	This IE shall define whether the UE is to be authenticated only, authorized only or both. AUTHORIZE_AUTHENTICATE shall be used in this case.
EAP Payload	EAP-Payload	M	This IE shall contain the Encapsulated payload for UE – 3GPP AAA Server mutual authentication
PGW PLMN ID	Visited-Network-Identifier	C	This IE shall contain the identifier that allows the home network to identify the PLMN where the PGW is located. It shall be present when the PGW Identity does not contain an FQDN.
Access Type	RAT-Type	C	This Information Element shall contain the non-3GPP access network technology type that is serving the UE. This IE shall be present if it is available when the PDN GW sends the request.
PDN GW Identity	MIP6 -Agent-Info	M	This IE shall contain the FQDN and/or IPv6 address(es) of the PDN GW that the user shall be connected to. If the PDN GW includes the IP address in the PDN GW Identity, it shall include the HA IPv6 address and, if used, the IPv4 address, as DSMIPv6 is used.
MIP Subscriber Profile	MIP6-Feature-Vector	M	This AVP shall be included to inform the 3GPP AAA Server about the used mobility protocol. None of the PMIP6_SUPPORTED or MIP4_SUPPORTED flags shall be set, since DSMIPv6 is used in this case.
APN	Service-Selection	O	If present, this IE shall contain the Network Identifier part of the APN extracted from the IKE_AUTH message. It shall include the APN that the user shall be connected to. It shall be only included if received from UE. In case it is not received, the 3GPP AAA Server shall assign the received PDN-GW identity to the default APN.
QoS capabilities	QoS-Capability	O	This IE shall be included if present in the request message. It shall indicate to the 3GPP AAA Server that the PGW requests downloading a static QoS profile for the UE. The PGW may include this IE only at the initial attach of the UE.
Supported Features (See 3GPP TS 29.229 [24])	Supported-Features	O	If present, this information element shall contain the list of features supported by the origin host for the lifetime of the Diameter session.
Care of Address	MIP-Careof-Address	O	If present, this IE shall contain the IPv4 or the IPv6 Care of Address of the UE as defined in IETF RFC 5778 [11]
AAA Failure Indication	AAA-Failure-Indication	O	If present, this information element shall indicate that the request is sent after the PDN-GW has determined that a previously assigned 3GPP AAA Server is unavailable.
DER S6b Flags	DER-S6b-Flags	O	This Information Element contains a bit mask. See 9.2.3.7 for the meaning of the bits.
UE local IP address	UE-Local-IP-Address	O	The PDN GW shall include this IE based on local policy for Fixed Broadband access network interworking as specified in 3GPP TS 23.139 [39]. If present, it shall contain the source IPv4 or IPv6 address of the IKE_SA_AUTH message from the UE.

Table 9.1.2.1/2: Authentication and Authorization Answer

Information Element Name	Mapping to Diameter AVP	Cat.	Description
User Identity	User-Name	O	This information element, if present, shall contain the identity of the user. The identity shall be represented in NAI form as specified in IETF RFC 4282 [15] and shall be formatted as defined in clause 19 of 3GPP TS 23.003 [14]. This IE shall include the leading digit used to differentiate between authentication schemes.
EAP Payload	EAP-Payload	O	If present, this IE shall contain the Encapsulated payload for UE – 3GPP AAA Server mutual authentication
Master Session Key	EAP-Master-Session-Key	C	This IE shall contain the Keying material for protecting the communication between the UE and PDN GW. It shall be present only if the result code is set to success.
Authentication Request Type	Auth-Request-Type	M	It shall contain the value AUTHORIZE_AUTHENTICATE. See IETF RFC 4072 [5].
Result Code	Result-Code / Experimental-Result-Code	M	This IE shall contain the result of the operation. The Result-Code AVP shall be used for errors defined in the Diameter base protocol (see IETF RFC 6733 [58]) or as per in NASREQ (see IETF RFC 4005 [58]). The Result-Code DIAMETER_MULTI_ROUND_AUTH shall be used in the responses that trigger further requests from the PDN GW and DIAMETER_SUCCESS shall be included at the successful completion of the authentication and authorization procedure. The Experimental-Result AVP shall be used for S6b errors. This is a grouped AVP which shall contain the 3GPP Vendor ID in the Vendor-Id AVP, and the error code in the Experimental-Result-Code AVP. If the Result-Code is set to DIAMETER_SUCCESS_RELOCATE_HA as defined in IETF RFC 5778 [11], then the 3GPP AAA server is indicating to the PGW that it shall initiate a HA switch procedure towards the UE.
MIP Subscriber Profile	MIP6-Feature-Vector	C	This AVP shall be present if the authorization was successful. None of the PMIP6_SUPPORTED or MIP4_SUPPORTED flags shall be set, since DSMIPv6 is used in this case.
Permanent User Identity	Mobile-Node-Identifier	C	This information element shall only be sent if the Result-Code AVP is set to DIAMETER_SUCCESS. This IE shall contain an AAA/HSS assigned permanent user identity (i.e. an IMSI in root NAI format as defined in clause 19 of 3GPP TS 23.003 [14]). This IE shall not include the leading digit prepended in front of the IMSI used to differentiate between authentication schemes.
APN and PGW Data	APN-Configuration	C	This information element shall only be sent if the Result-Code AVP is set to DIAMETER_SUCCESS. This AVP shall contain the default APN, the list of authorized APNs, user profile information. APN-Configuration is a grouped AVP including the following information elements per APN: – APN – Authorized 3GPP QoS profile – Statically allocated User IP Address (IPv4 and/or IPv6) – Allowed PDN type (IPv4, IPv6, IPv4v6, IPv4_OR_IPv6) – APN-AMBR
Reallocated PGW Address	MIP6-Agent-Info	C	This information element shall only be sent if the Result-Code AVP is set to DIAMETER_SUCCESS_RELOCATE_HA indicating to the PDN GW that it shall initiate a HA switch procedure towards the UE. This information element shall contain the PDN GW identity of the target PDN GW.
Session Time	Session-Timeout	C	If the authentication and authorization succeeded, then this IE shall contain the time this authorization is valid for.
QoS resources	QoS-Resources	C	This AVP shall be included only if the QoS-Capability AVP was received in the authorization request and the authorization succeeded. Then the 3GPP AAA server shall include a static QoS profile in this IE during the UE initial attach if the PDN GW included QoS-Capabilities AVP in the request message and the UE has been provisioned with a static QoS profile. The QoS profile template value in this IE shall be set to 0.
UE Charging Data	3GPP-Charging-Characteristics	O	If present, this information element shall contain the type of charging method to be applied to the user (see 3GPP TS 29.061 [31]).
3GPP AAA Server URI	Redirect-Host	C	This information element shall be sent if the Result-Code value is set to DIAMETER_REDIRECT_INDICATION. When the user has previously been authenticated by another 3GPP AAA Server, it shall contain the Diameter URI of the 3GPP AAA Server currently serving the user. The node receiving this IE shall behave as defined in the Diameter base protocol (see IETF RFC 6733 [58]). The command shall contain zero or more occurrences of this information element. When choosing a destination for the redirected message from multiple Redirect-Host AVPs, the receiver shall send the Diameter request to the first 3GPP AAA Server in the ordered list received in the Diameter response. If no successful response to the Diameter request is received, the receiver shall send the Diameter request to the next 3GPP AAA Server in the ordered list. This procedure shall be repeated until a successful response is received from a 3GPP AAA Server.
Trust Relationship Indicator	AN-Trusted	C	This AVP shall contain the 3GPP AAA Server’s decision on handling the non-3GPP access network, i.e. trusted, or untrusted. This AVP shall be present if the 3GPP AAA Server is able to make decision on whether the access network is Trusted or Untrusted.
Trace information	Trace-Info	C	This AVP shall be included if the subscriber and equipment trace has been activated for the user in the HSS and signalling based activation is to be used to download the trace activation from the HSS to the PDN GW. Only the Trace-Data AVP shall be included to the Trace-Info AVP and shall contain the following AVPs: – Trace-Reference – Trace-Depth – Trace-Event-List, for PGW – Trace-Collection-Entity The following AVPs may also be included in the Trace-Data AVP: – Trace-Interface-List,for PGW, if this AVP is not present, trace report generation is requested for all interfaces for PGW listed in 3GPP TS 32.422 [32] – Trace-NE-Type-List, with the only allowed value being "PDN GW". If this AVP is not included, trace activation in PDN GW is required.
Supported Features (See 3GPP TS 29.229 [24])	Supported-Features	O	If present, this information element shall contain the list of features supported by the origin host for the lifetime of the Diameter session.

9.1.2.1.2 PDN GW Detailed Behaviour

After completing the IKE_SA_INIT exchange, upon receipt of an IKE_AUTH message, including the IDi payload but not the AUTH payload, the PDN GW shall send an Diameter-EAP-Request (DER) message towards the 3GPP AAA Server / Proxy. The EAP Payload AVP shall contain an EAP-Response/Identity with the identity extracted from the IDi field.

Upon receipt of an IKE_AUTH message with an EAP payload from the UE, the PDN GW shall send an Diameter-EAP-Request (DER) with the EAP Payload AVP containing the according EAP-Response to the 3GPP AAA Server / Proxy.

Upon receipt of a Diameter-EAP-Answer (DEA) message from the 3GPP AAA Server / Proxy, the PDN GW shall then send an IKE_AUTH message containing the according EAP Payload to the UE.

Upon receipt of an IKE_AUTH message with the AUTH payload after the EAP authentication was successful, the PDN_GW shall proceed as specified in 3GPP TS 24.303 [13].

If the handover indication to the PGW is missing, i.e. IPv6 Home Network Prefix assigned to the UE is not included in IKE_AUTH request message as specified in 3GPP TS 24.303 [13], the PGW shall notify 3GPP AAA Server that the UE performs initial attach by setting Initial-Attach-Indicator in the DER-S6b-flags AVP.

The PDN GW shall utilize the downloaded APN configuration data, among others, to decide whether the user’s request for an IPv4 home address and/or IPv6 home address prefix shall be accepted or rejected.

If the Result-Code AVP is set to DIAMETER_SUCCESS_RELOCATE_HA and if the PGW has received a PGW identity in form of the FQDN from the 3GPP AAA server, then the PGW may obtain the IP address of the Home Agent functionality of that PGW as described in 3GPP TS 29.303 [34].

If Trace-Info AVP has been received in the authentication and authorization response, the PDN GW shall start a trace session for the user. For details, see 3GPP TS 32.422 [32].

If the PDN-GW determines that a previously assigned 3GPP AAA Sever is unavailable, it may attempt to send a new authentication and authorization request to an alternate 3GPP AAA Server. If the PDN-GW receives from this new server a redirect indication towards the former server (due to the HSS having stored the former 3GPP AAA Server identity), it shall terminate all previously existing sessions and PDN connections for that user, and it shall re-send again the request towards the new server, but it shall include the AAA-Failure-Indication AVP in the new request.

9.1.2.1.3 3GPP AAA Server Detailed Behaviour

For S6b, on receipt of the DER message, the 3GPP AAA Server shall process the DER message according to 3GPP TS 33.402 [19].

Upon successful completion, a DIAMETER_SUCCESS shall be returned to indicate successful authentication procedure and authentication information shall be returned. If the APN requested by the PDN GW is authorized by the wildcard APN, the 3GPP AAA Server shall include the wildcard APN in the Service-Selection AVP of the APN-Configuration AVP. The AAA server shall also include, among others, the MIP6-Feature-Vector AVP, including the subscriber profile of the UE in terms of DSMIPv6 feature the UE is authorized to use.

If the HSS indicates that the user is currently being served by a different PDN GW, the 3GPP AAA Server shall respond to to the PDN GW with the Result-Code set to DIAMETER_SUCCESS_RELOCATE_HA and include the new assigned PDN GW identity in the MIP6-Agent-Info AVP.

If receiving the UE Care of Address from the PDN GW and Initial-Attach-Indicator set by the PGW in DER-S6b-flags, the 3GPP AAA Server may select a different PDN GW which is closer to the UE than the currently serving PDN GW as specified in 3GPP TS 23.402 [3] based on the received UE Care of Address. In this case, the 3GPP AAA Server shall respond to the PDN GW with the Result-Code set to DIAMETER_SUCCESS_RELOCATE_HA and include the selected PDN GW identity in the MIP6-Agent-Info AVP.

If the HSS indicates that the user is currently being served by a different 3GPP AAA Server, the 3GPP AAA Server shall respond to the PDG-GW with the Result-Code set to DIAMETER_REDIRECT_INDICATION and Redirect-Host set to the Diameter URI of the 3GPP AAA Server currently serving the user (this Diameter URI shall be constructed based on the Diameter Identity included in the 3GPP-AAA-Server-Name AVP returned in the SWx authentication response from the HSS).

If the 3GPP AAA Server receives a request message not related to any existing session and is able to recognize that the PDN-GW included the AAA-Failure-Indication AVP in the request, the 3GPP AAA Server shall also include the AAA-Failure-Indication AVP over the SWx interface, while retrieving the access authentication and authorization data from the HSS.

The 3GPP AAA Server shall run EAP-AKA as specified in 3GPP TS 33.402 [19]. Exceptions shall be treated as error situations and the result code shall be set to DIAMETER_UNABLE_TO_COMPLY.

Before sending out the AKA challenge, the 3GPP AAA Server shall decide whether the access network is handled as Trusted or Untrusted and set the value of the AN-Trusted AVP correspondingly in the answer message to indicate the trust relationship of the access network to the PDN GW. The 3GPP AAA Server shall make the decision based on the UE Identity and the trust relationship information marked during the authentication and authorization procedure over STa, SWa or SWm. If the 3GPP AAA server is unable to determine the trust relationship of the access network, it shall not include the AN-Trusted AVP in the answer message to the PDN GW.

For Fixed Broadband access network interworking as specified in 3GPP TS 23.139 [39],

– For trusted access, the 3GPP AAA server shall determine if the UE is connected via a BBF-defined WLAN access according to the UE local IP address in UE-Local-IP-Address AVP from the PDN GW. If the UE is connected via a BBF-defined WLAN access, the 3GPP AAA server shall perform the enabling UE reflective QoS function as specified in 3GPP TS 24.139 [43].

– For untrusted access, the UE local IP address is assigned by the ePDG and not by the non-3GPP access network. Hence, in this case the 3GPP AAA Server shall ignore the UE local IP address in UE-Local-IP-Address AVP from the PDN GW.

9.1.2.1.4 3GPP AAA Proxy Detailed Behaviour

The 3GPP AAA Proxy is required to handle roaming cases in which the PDN GW is in the VPLMN. The 3GPP AAA Proxy shall act as a stateful proxy.

On receipt of the authentication answer that completes a successful authentication, the 3GPP AAA Proxy shall record the state of the connection (i.e. Authentication Successful).

If receiving the UE Care of Address from the PDN GW which is in the VPLMN, the 3GPP AAA Proxy may select a different PDN GW which is closer to the UE than the currently serving PDN GW as specified in 3GPP TS 23.402 [3] based on the received UE Care of Address. In this case, the 3GPP AAA Proxy shall respond to the PDN GW with the Result-Code set to DIAMETER_SUCCESS_RELOCATE_HA and include the selected PDN GW identity in the MIP6-Agent-Info AVP.

9.1.2.2 Authorization Procedures when using PMIPv6 or GTPv2

9.1.2.2.1 General

The following authorization procedures take place upon a reception of a PBU at the PDN GW from the MAG or upon a reception of a Create Session Request at the PDN GW from the trusted non-3GPP access network or from the ePDG.

The PDN GW shall update its identity to the 3GPP AAA Server and HSS. Static QoS profile information may also be downloaded at the same time. If the PDN GW reports to the 3GPP AAA server that GTPv2 is used over the S2a or S2b interface, the 3GPP AAA Server may decide not to download parameters to the PDN GW on the S6b interface which are already provided to the PGW via the trusted non-3GPP access network through the STa and GTPv2 based S2a interfaces or via the ePDG through the SWm and the GTPv2 based S2b interfaces (e.g, static QoS profile, Trace Information, APN-AMBR).

The procedures are based on the reuse of NASREQ IETF RFC 4005 [4] AAR and AAA commands and the Diameter extensions defined for PMIP in IETF RFC 5779 [2].

Table 9.1.2.2.1/1: Authorization request

Information Element Name	Mapping to Diameter AVP	Cat.	Description
Permanent User Identity	User-Name	M	This information element shall contain the permanent identity of the user. The identity shall be represented in NAI form as specified in IETF RFC 4282 [15] and shall be formatted as defined in clause 19 of 3GPP TS 23.003 [14]; this IE shall not include the leading digit prepended in front of the IMSI used to differentiate between authentication schemes.
Authentication Request Type	Auth-Request-Type	M	This IE shall defines whether the UE is to be authenticated only, authorized only or both. AUTHORIZE_ONLY shall be used in this case.
PDN GW Identity	MIP6-Agent-Info	C	If present, this IE shall contain the identity of the selected PDN GW for the UE and the corresponding PDN connection. It shall be present on the first authorization request sent by the PGW to the 3GPP AAA Server for a given APN. Also, it shall be present to communicate to the 3GPP AAA Server the identity of the PDN GW used for the establishment of emergency PDN connections.
PGW PLMN ID	Visited-Network-Identifier	C	This IE shall contain the identifier that allows the home network to identify the PLMN where the PGW is located. It shall be present when the PGW Identity is present and does not contain an FQDN.
Mobility features	MIP6-Feature-Vector	M	This IE shall contain the mobility features used by the PDN GW. The PDN GW shall set the PMIP6_SUPPORTED flag or the GTPv2_SUPPORTED flag according to the protocol variant used over the S2a or the S2b interface.
APN	Service-Selection	M	This IE shall contain the Network Identifier part of the APN extracted from the PBU or the Create Session Request message. For emergency PDN connection establishment (i.e., when Emergency-Services AVP is present, with the Emergency-Indication bit set), this IE may be ignored by the 3GPP AAA Server.
QoS capabilities	QoS-Capability	O	If included in the request message, this IE shall indicate to the 3GPP AAA server that the PDN GW requests downloading a static QoS profile for the UE. The PDN GW may include this IE only at the initial attach of the UE. The PDN GW should not include this IE if GTPv2 is used over the S2a or the S2b interface. The PDN GW shall not include this IE if the Emergency-Indication bit of the Emergency-Services AVP is set in the message.
Supported Features (See 3GPP TS 29.229 [24])	Supported-Features	O	If present, this information element shall contain the list of features supported by the origin host for the lifetime of the Diameter session.
Origination Time Stamp	Origination-Time-Stamp	C	The PGW shall include this IE if it received the Origination Time Stamp from the MME/SGSN or TWAN/ePDG and if the PGW supports the procedure specified in clause 13.2 of 3GPP TS 29.274 [38]. If included in the request message, this IE shall contain the Origination Time Stamp value provided to the PGW in the Create Session Request or PBU message. This indicates the time at which the originating entity initiated the request.
Maximum Wait Time	Maximum-Wait-Time	C	The PGW shall include this IE if it received the Maximum Wait Time from the MME/SGSN or TWAN/ePDG, and the PGW supports the procedure specified in clause 13.3 of 3GPP TS 29.274 [38], and the 3GPP AAA Server pertains to the same PLMN as the PGW or if the 3GPP AAA Server pertains to a different PLMN and operator policy in the PGW allows to use this procedure towards this PLMN. If included in the request message, this IE shall contain the Maximum Wait Time provided to the PGW in the Create Session Request or PBU message.This indicates the duration during which the originator of the request waits for a response.
Emergency Services	Emergency-Services	C	The PGW shall include this information element, with the Emergency-Indication bit set, during the establishment of an emergency PDN connection.

Table 9.1.2.2.1/2: Authorization answer

Information Element Name	Mapping to Diameter AVP	Cat.	Description
Result code	Result-Code	M	This IE shall contain the result of the operation. The possible values of the Result-Code AVP are defined in IETF RFC 6733 [58]. This IE shall be set to DIAMETER_SUCCESS if the update of the PDN GW identity succeeded. It shall be set to DIAMETER_AUTHORIZATION_REJECTED if the update of the PDN GW identity failed.
Authentication Request Type	Auth-Request-Type	M	It shall contain the value AUTHORIZE_ONLY. See IETF RFC 4072 [5].
Authorized mobility features	MIP6-Feature-Vector	C	The 3GPP AAA Server shall insert this AVP if the authorization was successful. The PMIP6_SUPPORTED or the GTPv2_SUPPORTED flag shall be set according to the value received in the Authorization request.
Session time	Session-Timeout	C	If the authorization succeeded, then this IE shall contain the time this authorization is valid for.
APN and PGW Data	APN-Configuration	C	This information element shall only be sent if the Result-Code AVP is set to DIAMETER_SUCCESS. This AVP shall contain the user profile information. APN-Configuration is a grouped AVP and shall include the following information elements: – APN – Authorized 3GPP QoS profile – APN-AMBR This information element need not be included in the Authorization answer, if the MIP6-Feature-Vector in the Authorization request indicates that GTPv2 is used over S2a or S2b. This information element shall not be included in the Authorization Answer if the Emergency-Indication bit of the Emergency-Services AVP is set in the Authorization Request.
QoS resources	QoS-Resources	C	This AVP shall be included only if the QoS-Capability AVP was received in the authorization request and the authorization succeeded. Then the 3GPP AAA server shall include a static QoS profile in this IE during the UE initial attach if the PDN GW included a QoS-Capabilities AVP in the request message and the UE has been provisioned with a static QoS profile. The QoS profile template value in this IE shall be set to 0.
3GPP AAA Server URI	Redirect-Host	C	This information element shall be sent if the Result-Code value is set to DIAMETER_REDIRECT_INDICATION. When the user has previously been authenticated by another 3GPP AAA Server, it shall contain the Diameter URI of the 3GPP AAA Server currently serving the user. The node receiving this IE shall behave as defined in the Diameter base protocol (see IETF RFC 6733 [58]). The command shall contain zero or more occurrences of this information element. When choosing a destination for the redirected message from multiple Redirect-Host AVPs, the receiver shall send the Diameter request to the first 3GPP AAA Server in the ordered list received in the Diameter response. If no successful response to the Diameter request is received, the receiver shall send the Diameter request to the next 3GPP AAA Server in the ordered list. This procedure shall be repeated until a successful response is received from a 3GPP AAA Server.
Trace information	Trace-Info	C	This AVP shall be included if the MIP6-Feature-Vector in the Authorization request indicates that PMIPv6 is used over S2a or S2b and if the subscriber and equipment trace has been activated or deactivated for the user in the HSS GW and signalling based activation is used to download the trace (de)activation from the HSS to the PDN GW. In an authorization response sent during the authorization procedure at PDN connection setup, the Trace-Data AVP shall be included. In an authorization response sent during the service authorization information update procedure, – the Trace-data AVP shall be included if trace activation is requested – the Trace-Reference AVP shall be included, if trace deactivation is requested. If the Trace-Data AVP is included, it shall contain the following AVPs: – Trace-Reference – Trace-Depth – Trace-Event-List, for PGW – Trace-Collection-Entity The following AVPs may also be included in the Trace-Data AVP: – Trace-Interface-List,for PGW, if this AVP is not present, trace report generation is requested for all interfaces for PGW listed in 3GPP TS 32.422 [32] – Trace-NE-Type-List, with the only allowed value being "PDN GW". If this AVP is not included, trace activation in PDN GW is required.
Supported Features (See 3GPP TS 29.229 [24])	Supported-Features	O	If present, this information element shall contain the list of features supported by the origin host for the lifetime of the Diameter session.

9.1.2.2.2 PDN GW Detailed Behaviour

Upon receipt of a PBU message from the MAG or upon receipt of a Create Session Request from the trusted non-3GPP access network or the ePDG which requires the establishment of a new PDN connection via the non-3GPP access, the PDN GW shall initiate an authorization procedure, by sending an Authorization Request message to the 3GPP AAA server or to the 3GPP AAA Proxy, with the Auth-Request-Type set to AUTHORIZE_ONLY, in order to update the PGW Address for the APN and the selected S2a or S2b protocol variant, as well as to optionally download any UE specific APN profile information such as IP address allocation information, QoS Information, Session timeouts, Session Idle timeouts etc.

The Create Session Request received from the trusted non-3GPP access network or the ePDG may include the identities of the 3GPP AAA server assigned to the UE i.e. the Origin-Host and Origin-Realm of the 3GPP AAA server included in the DEA message received by the ePDG/TWAN over SWm or STa interface. If supported, the PDN GW shall use these identities to address the Authorization Request message to the selected 3GPP AAA server.

The PDN GW shall include in the request the APN where the user shall be connected to. The PGW shall additionally include the Emergency-Services AVP, with the Emergency-Indication bit set, during the establishment of an emergency PDN connection.

The PDN GW Identity and PLMN shall only be included in the initial request to the 3GPP AAA server; subsequent authorization messages (due to a handover to a different MAG, for instance) shall not include it again.

After reception of the Authorization Response message, the PDN GW shall check that the Result-Code is set to DIAMETER_SUCCESS and, if so, it shall proceed to connect the user to the specified APN.

For PMIPv6 based S2a or S2b, if Trace-Info AVP including Trace-Data has been received in the authorization response, the PDN GW shall start a trace session for the user. If Trace-Info including Trace-Reference (directly under the Trace-Info) has been received in the authorization response, the PDN GW shall stop the ongoing trace session, identified by the Trace-Reference. For details, see 3GPP TS 32.422 [32].

For GTPv2 based S2a or S2b, the PDN GW shall ignore the Trace-Info AVP if received in the authorization response.

NOTE: For GTPv2 based S2a or S2b, trace is activated and deactivated via the STa and S2a interfaces or via the SWm and S2b interfaces.

9.1.2.2.3 3GPP AAA Server Detailed Behaviour

Upon receipt of the Authorization Request message from the PDN GW, the 3GPP AAA Server shall check whether the user’s profile is available.

If the user’s data exist in the 3GPP AAA Server, it shall check, whether it also has an active access authorization session for the user.

– If not, the 3GPP AAA Server shall reject the authorization request, including the Result-Code DIAMETER_AUTHORIZATION_REJECTED.

– If the 3GPP AAA Server has an existing authorization session,

– If the APN requested by the PDN GW is included in the list of authorized APNs of the user or if the Emergency-Indication bit of the Emergency-Services AVP is set in the Authorization Request, then the 3GPP AAA Server shall:

– set the Result-Code to DIAMETER_SUCCESS;

– include the APN-Configuration AVP in the authorization answer if PMIP is used over S2a or S2b; the APN-Configuration AVP may also be included if GTPv2 is used over S2a or S2b. When the APN-Configuration AVP is included in the authorization answer, the Service-Selection AVP within the APN-Configuration AVP shall contain the wildcard APN if the APN requested by the PDN GW is authorized by the wildcard APN;

– update the PDN GW information for the APN for the UE on the HSS as specified in clause 8.1.2.2.2, if the Emergency-Indication bit of the Emergency-Services AVP is not set in the Authorization Request; and

– update on the HSS the PDN GW Identity used for the establishment of emergency PDN connections for the UE, as specified in clause 8.1.2.2.2, based on operator policy (e.g. on whether the operator uses a static PDN GW or not for emergency services), if the Emergency-Services AVP is present, with the Emergency-Indication bit set, in the Authorization Request and the user is non-roaming and authenticated.

– If the APN requested by the PDN GW is not included in the list of authorized APNs and the Emergency-Indication AVP is not present in the Authorization Request, then the status code DIAMETER_AUTHORIZATION_REJECTED shall be returned to the PDN GW to indicate an unsuccessful authorization.

If the user’s profile does not exist in the 3GPP AAA Server, it shall retrieve the Diameter identity of the 3GPP AAA Server currently serving the user from the HSS following the procedures for subscriber profile download as specified in clause 8.1.2.2.2. Depending on the HSS response,

– If the HSS indicates that the user is currently being served by a different 3GPP AAA Server, the 3GPP AAA Server shall respond to the PDN-GW with the Result-Code set to DIAMETER_REDIRECT_INDICATION and Redirect-Host set to the Diameter URI of the 3GPP AAA Server currently serving the user (this Diameter URI shall be constructed based on the Diameter Identity included in the 3GPP-AAA-Server-Name AVP returned in the SWx authentication response from the HSS).

– If the HSS returns DIAMETER_ERROR_USER_UNKNOWN, the 3GPP AAA Server shall return the same error to the PDN GW.

– If the HSS sends the user’s profile to the 3GPP AAA Server, the authorization shall be rejected by setting the Result-Code to DIAMETER_AUTHORIZATION_REJECTED. The 3GPP AAA Server shall delete the downloaded user profile.

NOTE 1: The last outcome corresponds to the case that the user has no active access authorization procedure. This is considered as an error situation, e.g. the Trusted Non-3GPP access network may have sent PBU without authorizing the user.

NOTE 2: After the 3GPP AAA Server has accepted a new S6b session from a particular PGW, the 3GPP AAA server can consider that any existing S6b session(s) for the same UE – APN combination supported via a different PGW (i.e. with a different Origin-Host AVP) is obsolete and can send ASR command(s) to initiate the termination of the hanging session(s) in that PGW.

If the 3GPP AAA Server supports the detection and handling of late arriving requests as specified in clause 13.2 of 3GPP TS 29.274 [38], upon receipt of an Authorization Request which collides with an existing session context, for the same UE and APN but a different PGW (i.e. different Origin-Host AVP), the 3GPP AAA Server shall accept the new Authorization Request only if it contains a more recent Origination Time Stamp than the Origination Time Stamp stored for the existing S6b session. An incoming Authorization Request shall be considered as more recent than an existing session and be accepted if no Origination Time Stamp information was provided for at least one of the two sessions. The 3GPP AAA Server shall reject an incoming Authorization Request whose Origination Time Stamp is less recent than the Origination Time Stamp of the existing session by setting the Experimental-Result-Code to DIAMETER_ERROR_LATE_OVERLAPPING_REQUEST.

If the 3GPP AAA Server supports the detection and handling of late arriving requests as specified in clause 13.3 of 3GPP TS 29.274 [38], upon receipt of an Authorization Request which contains the Origination Time Stamp and the Maximum Wait Time parameters, the 3GPP AAA Server should check that the request has not already timed out at the originating entity. The 3GPP AAA Server may perform additional similar checks before sending the answer, e.g. upon receipt of a response from the HSS. The 3GPP-AAA Server should reject an Authorization Request that is known to have timed out by setting the Experimental-Result-Code to DIAMETER_ERROR_TIMED_OUT_REQUEST.

9.1.2.2.4 3GPP AAA Proxy Detailed Behaviour

The 3GPP AAA Proxy is required to handle roaming cases in which the PDN GW is located in the VPLMN. The 3GPP AAA Proxy shall act as a stateful proxy.

On receipt of the authorization answer, the 3GPP AAA Proxy

– shall check locally configured information for the maximum allowed static QoS parameters valid for visitors from the given HPLMN and modify the QoS parameters received from the 3GPP AAA Server, to enforce the policy limitations.

– shall record the state of the connection (i.e. Authorization Successful).

9.1.2.3 PDN GW Initiated Session Termination Procedures

9.1.2.3.1 General

The S6b reference point allows the PDN GW to inform the 3GPP AAA server that the UE disconnected a PDN connection associated to an APN, or that the PDN connection was handed over to the 3GPP access, and therefore the mobility session established for this PDN connection is to be removed.

The procedure shall be initiated by the PDN GW. These procedures are based on the reuse of Diameter STR and STA commands as specified in IETF RFC 6733 [58].

Each PDN connection shall be identified by the Diameter Session-Id parameter.

Table 9.1.2.3.1/1: S6b Session Termination Request

Information Element name	Mapping to Diameter AVP	Cat.	Description
Permanent User Identity	User-Name	M	This information element shall contain the permanent identity of the user. The identity shall be represented in NAI form as specified in IETF RFC 4282 [15] and shall be formatted as defined in clause 19 of 3GPP TS 23.003 [14]; this IE shall not include the leading digit prepended in front of the IMSI used to differentiate between authentication schemes.
Termination Cause	Termination-Cause	M	This IE shall contain the reason for the disconnection, according to the values and reasons described in IETF RFC 6733 [58]. In particular: – If the session is terminated as a result of a PDN disconnection initiated by the UE, the Termination-Cause shall be set to the value DIAMETER_LOGOUT (1) – If the session is terminated as a result of a PDN handover towards 3GPP access, the Termination-Cause shall be set to the value DIAMETER_USER_MOVED (7)

Table 9.1.2.3.1/2: S6b Session Termination Answer

Information Element name	Mapping to Diameter AVP	Cat.	Description
Result	Result-Code / Experimental-Result	M	This IE shall contain the result of the operation. The Result-Code AVP shall be used for errors defined in the Diameter base protocol (see IETF RFC 6733 [58]). The Experimental-Result AVP shall be used for S6b errors.

9.1.2.3.2 PDN GW Detailed Behaviour

The PDN GW shall make use of this procedure when the PDN Connection associated to the diameter session is, either disconnected, or handed over to the 3GPP access.

Upon receipt of the Session Termination Answer message from the 3GPP AAA Server or from the 3GPP AAA Proxy, the PDN GW shall check the Result Code AVP, and in case of a DIAMETER_SUCCESS code, it shall release the context associated to the active session identified by the Session-Id parameter used in the initial authorization exchange.

9.1.2.3.3 3GPP AAA Server Detailed Behaviour

Upon receipt of the Session Termination Request message from the PDN GW or from the 3GPP AAA Proxy, the 3GPP AAA Server shall check that there is an ongoing session associated to any of the parameters received in the message (Session-Id and User Name).

If an active session is found, the 3GPP AAA Server shall release the session context associated to the specified session, and a Session Termination Answer message shall be sent to the PDN GW or 3GPP AAA Proxy, indicating DIAMETER_SUCCESS.

If the Session-Id included in the request does not correspond with any active session, or if an active session is found but it does not belong to the user identified by the User Name parameter, then a Session Termination Answer message shall be sent to the PDN GW or 3GPP AAA Proxy, indicating DIAMETER_UNKNOWN_SESSION_ID.

9.1.2.3.4 3GPP AAA Proxy Detailed Behaviour

The 3GPP AAA Proxy is required to handle roaming cases in which the PDN GW is located in the VPLMN. The 3GPP AAA Proxy shall act as a stateful proxy.

On receipt of the Session Termination Request message from the PDN GW, the 3GPP AAA Proxy shall route the message to the 3GPP AAA Server.

On receipt of the Session Termination Answer message from the 3GPP AAA Server, the 3GPP AAA Proxy shall route the message to the PDN GW, and it shall release any local resources associated to the specified sessions only if the result code is set to DIAMETER_SUCCESS.

9.1.2.4 3GPP AAA Initiated Session Termination Procedures

9.1.2.4.1 General

The S6b reference point allows the 3GPP AAA server to order a PDN GW to remove a PDN connection previously activated by the UE.

This procedure shall be initiated by the 3GPP AAA server. This indicates to the PDN GW to remove the corresponding PDN connection (identified by Session-ID AVP and User-Name AVP). This procedure is based on the reuse of NASREQ IETF RFC 4005 [4] ASR, ASA, STR and STA commands.

The 3GPP AAA Server shall include the Auth-Session-State AVP in the ASR command with a value of NO_STATE_MAINTAINED if it does not require a STR from the PDN GW. If it does require a STR from the PDN GW, the 3GPP AAA Server shall either omit the Auth-Session-State AVP from the ASR command or include the Auth-Session-State AVP in the ASR command with a value of STATE_MAINTAINED.

Table 9.1.2.4.1/1: S6b Abort Session Request

Information Element name	Mapping to Diameter AVP	Cat.	Description
Permanent User Identity	User-Name	M	This information element shall contain the permanent identity of the user. The identity shall be represented in NAI form as specified in IETF RFC 4282 [15] and shall be formatted as defined in clause 19 of 3GPP TS 23.003 [14]; this IE shall not include the leading digit prepended in front of the IMSI used to differentiate between authentication schemes.
Auth-Session-State	Auth-Session-State	O	If present, this information element shall indicate to the PDN GW whether the 3GPP AAA Server requires an STR message.

Table 9.1.2.4.1/2: S6b Abort Session Answer

Information Element name	Mapping to Diameter AVP	Cat.	Description
Result	Result-Code / Experimental-Result	M	This IE shall contain the result of the operation. The Result-Code AVP shall be used for errors defined in the Diameter base protocol (see IETF RFC 6733 [58]). The Experimental-Result AVP shall be used for S6b errors. This is a grouped AVP which shall contain the 3GPP Vendor ID in the Vendor-Id AVP, and the error code in the Experimental-Result-Code AVP.

Table 9.1.2.4.1/3: S6b Session Termination Request

Information element name	Mapping to Diameter AVP	Cat.	Description
Termination-Cause	Termination-Cause	M	This information element shall contain the reason why the session was terminated. It shall be set to "DIAMETER_ADMINISTRATIVE" to indicate that the session was terminated in response to an ASR message.

Table 9.1.2.4.1/4: S6b Session Termination Answer

Information element name	Mapping to Diameter AVP	Cat.	Description
Result-Code	Result-Code	M	This IE shall indicate the result of the operation.

9.1.2.4.2 PDN GW Detailed Behaviour

Upon receipt of the Abort Session Request message from the 3GPP AAA Server or from the 3GPP AAA Proxy, the PDN GW shall check that there is an ongoing session with the received session-ID.

If an active session is found:

– In the PMIPv6 or GTPv2 or MIPv4 cases, the PDN GW shall release any resources associated with the identified diameter session, but it shall not terminate any associated PDN connection.

– In the DSMIPv6 case, the PDN GW shall initiate a termination procedure for the associated PDN connection, and shall release any resources associated with the identified diameter session.

If the termination procedure is successful for the identified session, an Abort Session Answer message shall be sent to the 3GPP AAA Server or 3GPP AAA Proxy, indicating DIAMETER_SUCCESS.

If the Session-Id included in the request does not correspond with any active session, or if an active session is found but it does not belong to the user identified by the User Name parameter, then an Abort Session Answer message shall be sent to the 3GPP AAA Server or 3GPP AAA Proxy, indicating DIAMETER_UNKNOWN_SESSION_ID.

If the termination procedure for the identified session cannot be completed successfully, an Abort Session Answer message shall be sent to the 3GPP AAA Server or 3GPP AAA Proxy, indicating DIAMETER_UNABLE_TO_COMPLY.

If the termination procedure was successful for the identified session and the STR is required by the 3GPP AAA Server, the PDN GW shall send an STR to the 3GPP AAA Server with the Termination-Cause set to DIAMETER_ADMINISTRATIVE.

9.1.2.4.3 3GPP AAA Server Detailed Behaviour

The 3GPP AAA Server shall intiate a separate procedure for each active PDN connection of the user, even if the user has several PDN connections via the same PDN GW.

Upon receipt of the Abort Session Answer message from the PDN GW or from the 3GPP AAA Proxy, the 3GPP AAA Server shall check the Result Code AVP, and in case of a DIAMETER_SUCCESS code, it shall release the context associated to the active session identified by the Session-Id parameter.

If the error code DIAMETER_UNABLE_TO_COMPLY is received in the Result Code AVP, the 3GPP AAA Server shall not release the context for the identified session.

If the error code DIAMETER_UNKNOWN_SESSION_ID is received in the Result Code AVP, the 3GPP AAA Server shall release the context for the identified session.

On receipt of the STR from PDN GW, the 3GPP AAA Server shall return an STA command with the Result-Code set to DIAMETER_SUCCESS.

9.1.2.4.4 3GPP AAA Proxy Detailed Behaviour

The 3GPP AAA Proxy is required to handle roaming cases in which the PDN GW is located in the VPLMN. The 3GPP AAA Proxy shall act as a stateful proxy.

On receipt of the Abort Session Request message from the 3GPP AAA Server, the 3GPP AAA Proxy shall route the message to the PDN GW.

If the 3GPP AAA Proxy requires an STR but the 3GPP AAA Server does not, the 3GPP AAA Proxy may override the value of the Auth-Session-State in the ASR and set it to STATE_MAINTAINED. In this case, the 3GPP AAA Proxy shall not forward the STR received from the PDN GW onto the 3GPP AAA Server and shall return an STA command to the PDN GW with the Result-Code set to DIAMETER_SUCCESS. The 3GPP AAA Proxy shall not override the value of the Auth-Session-State AVP under any other circumstances.

On receipt of the Abort Session Answer message from the PDN GW, the 3GPP AAA Proxy shall route the message to the 3GPP AAA Server, and it shall release any local resources associated to the specified session only if the result code is set to DIAMETER_SUCCESS.

When the 3GPP AAA Proxy receives the STR from PDN GW, it shall route the request to the 3GPP AAA Server. On receipt of the STA message, the 3GPP AAA Proxy shall route the response to the PDN GW.

9.1.2.5 Service Authorization Information Update Procedures

9.1.2.5.1 General

The S6b reference point allows the 3GPP AAA server to modify the authorization information previously provided to the PDN GW, i.e. during Service Authentication and Authorization when using DSMIPv6, or Service Authorization using PMIPv6 or GTPv2 or MIPv4, or the service authorization information provided during a previous Service Authorization update. This procedure is triggered by the modification of the non-3GPP profile of the UE or by activating or deactivating subscriber and equipment trace in the HSS or by the request of a P-CSCF restoration for WLAN. This procedure is also triggered by the authentication and authorization via STa or SWm, when the 3GPP AAA Server detects that an S6b session already exists for the UE, as specified in clause 5.1.2.1.2 and 7.1.2.1.2. In this case, the 3GPP AAA Server shall use this procedure to send the trust relationship to the PDN GW.

The Service Authorization Information Update procedure is performed in two steps:

1. The 3GPP AAA server issues an unsolicited re-authentication and/or re-authorization request towards the PDN GW. Upon receipt of this request, the PDN GW responds to the request and indicates the disposition of the request. If the re-authorization request is used for the purpose of the P-CSCF restoration for WLAN, only the P-CSCF Restoration Request bit shall be set in the RAR Flags. This procedure is based on the reuse of Diameter RAR and RAA commands as specified in IETF RFC 6733 [58]. The information element content for these messages is shown in tables 9.1.2.5.1/1 and 9.1.2.5.1/2.

2. After receiving the re-authorization request, the PDN GW invokes the authorization procedure for the APN identified by the session ID included in the former re-authorization request message. The authorization procedure for PMIPv6 or GTPv2 is described in the clause 9.1.2.2. Tables 9.1.2.5.1/3 and 9.1.2.5.1/4 describe the message contents in case of DSMIPv6.

Table 9.1.2.5.1/1: S6b Re-authorization request

Information Element Name	Mapping to Diameter AVP	Cat.	Description
Permanent User Identity	User-Name	M	This information element shall contain the permanent identity of the user. The identity shall be represented in NAI form as specified in IETF RFC 4282 [15] and shall be formatted as defined in clause 19 of 3GPP TS 23.003 [14]; this IE shall not include the leading digit prepended in front of the IMSI used to differentiate between authentication schemes.
Request Type	Re-Auth-Request-Type	M	This shall define whether re-authentication or re-authorization is required. AUTHORIZE_ONLY shall be used in this case.
RAR Flags	RAR-Flags	C	This Information Element contains a bit mask. See 9.2.3.1.5 for the meaning of the bits.

Table 9.1.2.5.1/2: S6b Re-authorization response

Information Element Name	Mapping to Diameter AVP	Cat.	Description
Result	Result-Code / Experimental-Result	M	This IE shall contain the result of the operation. The Result-Code AVP shall be used for errors defined in the Diameter base protocol (see IETF RFC 6733 [58]). The Experimental-Result AVP shall be used for S6b errors. This is a grouped AVP which shall contain the 3GPP Vendor ID in the Vendor-Id AVP, and the error code in the Experimental-Result-Code AVP.

Table 9.1.2.5.1/3: Authorization Request when using DSMIPv6

Information Element Name	Mapping to Diameter AVP	Cat.	Description
User identity	User-Name	M	This information element shall contain the permanent identity of the user. The identity shall be represented in NAI form as specified in IETF RFC 4282 [15] and shall be formatted as defined in clause 19 of 3GPP TS 23.003 [14]; this IE shall not include the leading digit prepended in front of the IMSI used to differentiate between authentication schemes.
Authentication Request Type	Auth-Request-Type	M	This IE defines whether the UE is to be authenticated only, authorized only or both. AUTHORIZE_ONLY shall be used in this case.
PGW PLMN ID	Visited-Network-Identifier	C	This IE shall contain the identifier that allows the home network to identify the PLMN where the PGW is located. It shall be present when the PGW Identity does not contain an FQDN.
Access Type	RAT-Type	M	This IE shall contain the non-3GPP access network technology type that is serving the UE.
PDN GW Identity	MIP6 -Agent-Info	M	This IE shall contain the FQDN and/or IP address(es) of the PDN GW that the user is connected to.
APN	Service-Selection	O	This IE shall contain the Network Identifier part of the APN extracted from the IKE_AUTH message. It shall include the APN that the user shall be connected to. It shall be only included if received from UE. In case it is not received, the 3GPP AAA server shall assign the received PDN-GW identity to the default APN.
QoS capabilities	QoS-Capability	C	If included in the request message, this IE shall indicate to the 3GPP AAA server that the PGW is capable of downloading a static QoS profile for the UE. The PGW shall include this IE only during UE the initial attach.

Table 9.1.2.5.1/4: Authorization Answer when using DSMIPv6

Information Element Name	Mapping to Diameter AVP	Cat.	Description
Result Code	Result-Code / Experimental-Result-Code	M	This IE shall contain the result of the operation. The Result-Code AVP shall be used for errors defined in the Diameter base protocol (see IETF RFC 6733 [58]) or as per in NASREQ (see IETF RFC 4005 [4]). 1xxx should be used for multi-round, 2xxx for success. The Experimental-Result AVP shall be used for S6b errors. This is a grouped AVP which shall contain the 3GPP Vendor ID in the Vendor-Id AVP, and the error code in the Experimental-Result-Code AVP.
Authentication Request Type	Auth-Request-Type	M	It shall contain the value AUTHORIZE_ONLY. See IETF RFC 4072 [5].
APN and PGW Data	APN-Configuration	C	This information element shall only be sent if the Result-Code AVP is set to DIAMETER_SUCCESS. This AVP shall contain the default APN, the list of authorized APNs, and user profile information. The APN-Configuration is a grouped AVP and shall include the following information elements per APN: – APN – Authorized 3GPP QoS profile – Statically allocated User IP Address (IPv4 and/or IPv6) – VPLMN Dynamic Address Allowed. This information element might not be present if the authorization procedure is triggered by the 3GPP AAA Server to send the trust relationship to the PDN GW.
Session Time	Session-Timeout	C	If the authentication and authorization succeeded, then this IE shall contain the time this authorization is valid for. This information element might not be present if the authorization procedure is triggered by the 3GPP AAA Server to send the trust relationship to the PDN GW.
QoS resources	QoS-Resources	C	If the authentication and authorization succeeded, then the 3GPP AAA server shall include a static QoS profile in this IE during the UE initial attach if the PGW included QoS-Capabilities AVP in the request message and the UE has been provisioned with a static QoS profile. The QoS profile template value in this IE shall be set to 0. This IE shall contain the QoS Profile authorized by the 3GPP AAA server for the requested APN based on the subscribed QoS parameters. This information element might not be present if the authorization procedure is triggered by the 3GPP AAA Server to send the trust relationship to the PDN GW.
Trace information	Trace-Info	C	This AVP shall be included if the subscriber and equipment trace has been activated or deactivated for the user in the HSS and signaling based activation is used to download the trace (de)activation from the HSS to the PDN GW. Trace-data AVP shall be included (directly under the Trace-Info) if trace activation is requested Trace-Reference AVP shall be included, if trace deactivation is requested. If the Trace-Data AVP is included, it shall contain the following AVPs: – Trace-Reference – Trace-Depth – Trace-Event-List, for PGW – Trace-Collection-Entity The following AVPs may also be included in the Trace-Data AVP: – Trace-Interface-List,for PGW, if this AVP is not present, trace report generation is requested for all interfaces for PGW listed in 3GPP TS 32.422 [32] – Trace-NE-Type-List, with the only allowed value being "PDN GW". If this AVP is not included, trace activation in PDN GW is required.
Trust Relationship Indicator	AN-Trusted	C	This AVP shall contain the 3GPP AAA Server’s decision on handling the non-3GPP access network, i.e. trusted, or untrusted. This AVP shall be sent if this re-authorization procedure is triggered by the authentication and authorization via STa or SWm, when the 3GPP AAA Server detects that an S6b session already exists for the UE and the S6b session was established as a result of an authentication request for DSMIPv6.

9.1.2.5.2 Detailed Behaviour

The 3GPP AAA server shall make use of this procedure in two steps to indicate and update relevant service authorization information in the PDN GW.

The 3GPP AAA server shall send a re-authorization request for all authorization sessions that are active for the user except for the request of a P-CSCF restoration for WLAN which only applies to the session related to the IMS APN.

Each PDN GW, upon reception of an unsolicited re-authentication and/or re-authorization request shall perform the following check and if there is an error detected, the PDN GW shall stop processing and return the corresponding error code.

Check the Re-Auth-Request-Type AVP:

1. If it indicates AUTHENTICATE_ONLY, Result-Code shall be set to DIAMETER_INVALID_AVP_VALUE.

2. If it indicates AUTHORIZE_ONLY, then, depending on the used IP mobility protocol:

– In case of PMIPv6 or GTPv2, the PDN GW shall perform an authorization procedure as described in clause 9.1.2.2. If the P-CSCF Restoration Request bit in the RAR Flags is set:

– for the case where the PDN GW triggers the extended P-CSCF restoration mechanism, the PDN GW may send the authorisation request with only mandatory AVPs.

– for the case where the PDN GW triggers the basic P-CSCF restoration mechanism, the PDN GW shall send a Session Termination Request to the 3GPP AAA Server.

– In case of DSMIPv6, the PDN GW shall perform an authorization procedure, sending an authorization request described in Tables 9.1.5.1/3 and 9.1.5.1/4. If the Trust-Relationship-Update flag is set in the RAR Flags present in the request, the PDN GW may send an authorization request with only mandatory AVPs.

3. If it indicates AUTHORIZE_AUTHENTICATE, Result-Code shall be set to DIAMETER_INVALID_AVP_VALUE.

When receiving the authorization request, if the authorization procedure is triggered by the 3GPP AAA Server to send the trust relationship to the PDN GW, the 3GPP AAA Server shall send the trust relationship of the access network for the subscriber to the PDN GW with Result-Code DIAMETER_SUCCESS. If the received AA-Request is triggered by the P-CSCF Restoration Request bit set in the RAR Flags sent to the PDN GW, the 3GPP AAA Server may send an authorization answer to the PDN GW with Result-Code DIAMETER_SUCCESS with only the mandatory AVPs described in Table 9.1.2.2.1/2. Otherwise, the 3GPP AAA Server shall check, whether

– the subscriber still has non-3GPP subscription to access EPC network

– the non-3GPP APNs are enabled for the user, and

– the updated user profile contains the APN, for which the given authorization session was created.

If any of the checked conditions are not met, the 3GPP AAA Server shall set the Result-Code to DIAMETER_AUTHORIZATION_REJECTED. Otherwise, it shall respond with Result-Code DIAMETER_SUCCESS.

After successful service authorization information update procedure, the PDN GW shall overwrite the stored user and APN data, for the subscriber identity indicated in the request, with the information received from the 3GPP AAA server. A session termination shall be initiated if the subscriber is no longer authorized to use the activated APN. If only trust relationship of the access network is received, the PDN GW shall keep all stored user and APN data for the subscriber identity as indicated in the request.

If the P-CSCF-Restoration-Request bit in the RAR Flags is set, the PDN GW shall keep all stored user data and APN data for the subscriber identity indicated in the request unless this data is present in the authorisation answer and proceed with the P-CSCF restoration for WLAN as specified in 3GPP TS 23.380 [52].

For PMIPv6 based S2a or S2b, if Trace-Info AVP including Trace-Data has been received in the authorization response, the PDN GW shall start a trace session for the user. If Trace-Info including Trace-Reference (directly under the Trace-Info) has been received in the authorization response, the PDN GW shall stop the ongoing trace session, identified by the Trace-Reference. For details, see 3GPP TS 32.422 [32].

For GTPv2 based S2a or S2b, the PDN GW shall ignore the Trace-Info AVP if received in the authorization response.

NOTE: For GTPv2 based S2a or S2b, trace is activated and deactivated via the STa and S2a interfaces or via the SWm and S2b interfaces.

9.1.2.6 Authorization Procedures when using MIPv4 FACoA

9.1.2.6.1 General

The following authorization procedures take place upon a reception of a RRQ at the PDN GW from the FA.

The PDN GW shall update its identity to the 3GPP AAA Server and HSS. Static QoS profile information may also be downloaded at the same time.

MIPv4 security parameters shall be exchanged between the PDN GW and the 3GPP AAA Server.

The procedures are based on the reuse of NASREQ IETF RFC 4005 [4] AAR and AAA commands.

Table 9.1.2.6.1/1: Authorization request

Information Element Name	Mapping to Diameter AVP	Cat.	Description
Permanent User Identity	User-Name	M	This IE shall contain the permanent user identity. The identity shall be represented in NAI form as specified in IETF RFC 4282 [15] and shall be formatted as defined in clause 19 of 3GPP TS 23.003 [14]; this IE shall not include the leading digit prepended in front of the IMSI used to differentiate between authentication schemes.
Authentication Request Type	Auth-Request-Type	M	This IE shall define whether the UE is to be authenticated only, authorized only or both. AUTHORIZE_ONLY shall be used in this case.
PDN GW Identity	MIP6-Agent-Info	O	This IE shall contain the address and possibly the FQDN of the selected PDN GW for the UE and the corresponding PDN connection
PGW PLMN ID	Visited-Network-Identifier	C	This IE shall contain the identifier that allows the home network to identify the PLMN where the PGW is located. It shall be present when the PGW Identity is present and does not contain an FQDN.
Mobility features	MIP6-Feature-Vector	M	This IE shall contain the mobility features used by the PDN GW. The MIP4_SUPPORTED flag shall be set
APN	Service-Selection	C	If present this IE shall contain the Network Identifier part of the APN extracted from the RRQ message. In case it is not received, the 3GPP AAA Server shall assign the received PDN-GW identity to the default APN.
QoS capabilities	QoS-Capability	O	If included in the request message, this IE shall indicate to the 3GPP AAA Server that the PDN GW requests downloading of a static QoS profile for the UE. The PDN GW may include this IE only at the initial attach of the UE.
Supported Features (See 3GPP TS 29.229 [24])	Supported-Features	O	If present, this information element shall contain the list of features supported by the origin host for the lifetime of the Diameter session.
MN-HA security parameter index	MIP-MN-HA-SPI	C	This IE shall contain the MN-HA security parameter index which is used in identifying MN-HA shared key as defined by 3GPP TS 33.402 [19]. It shall be included when the PDN-GW does not have the MN-HA shared key required to verify the MIPv4 RRQ message.

Table 9.1.2.6.1/2: Authorization answer

Information Element Name	Mapping to Diameter AVP	Cat.	Description
Result code	Result-Code	M	This IE shall contain the result of the operation. The possible values of the Result-Code AVP are defined in IETF RFC 6733 [58]. This IE shall be set to DIAMETER_SUCCESS if the authorization of a MAG or the update of the PDN GW identity succeeded. It shall be set to DIAMETER_AUTHORIZATION_REJECTED if the authorization of a new MAG or the update of the PDN GW identity failed.
Authentication Request Type	Auth-Request-Type	M	It shall contain the value AUTHORIZE_ONLY. See IETF RFC 4072 [5].
Authorized mobility features	MIP6-Feature-Vector	C	The 3GPP AAA Server shall insert this AVP if the authorization was successful. The MIP4_SUPPORTED flag shall be set.
Session time	Session-Timeout	C	If the authorization succeeded, then this IE shall contain the time this authorization is valid for.
QoS resources	QoS-Resources	C	This AVP shall be included only if the QoS-Capability AVP was received in the authorization request and the authorization succeeded. Then the 3GPP AAA Server shall include a static QoS profile in this IE during the UE initial attach if the PDN GW included QoS-Capabilities AVP in the request message and the UE has been provisioned with a static QoS profile. The QoS profile template value in this IE shall be set to 0.
3GPP AAA Server URI	Redirect-Host	C	This information element shall be sent if the Result-Code value is set to DIAMETER_REDIRECT_INDICATION. When the user has previously been authenticated by another 3GPP AAA Server, it shall contain the Diameter URI of the 3GPP AAA Server currently serving the user. The node receiving this IE shall behave as defined in the Diameter base protocol (see IETF RFC 6733 [58]). The command shall contain zero or more occurrences of this information element. When choosing a destination for the redirected message from multiple Redirect-Host AVPs, the receiver shall send the Diameter request to the first 3GPP AAA Server in the ordered list received in the Diameter response. If no successful response to the Diameter request is received, the receiver shall send the Diameter request to the next 3GPP AAA Server in the ordered list. This procedure shall be repeated until a successful response is received from a 3GPP AAA Server.
Supported Features (See 3GPP TS 29.229 [24])	Supported-Features	O	If present, this information element shall contain the list of features supported by the origin host for the lifetime of the Diameter session.
MN-HA shared key	MIP-Session-Key	C	This information element contains the MN-HA shared key as defined by 3GPP TS 33.402 [19], it shall be included if the Result-Code value is set to DIAMETER_SUCCESS and the MIP-MN-HA-SPI was sent in the authorization request..
APN Data	APN-Configuration	C	This information element shall only be sent if the Result-Code AVP is set to DIAMETER_SUCCESS. This AVP shall contain the user profile information. APN-Configuration is a grouped AVP and shall include the following information elements: – APN – Authorized 3GPP QoS profile – APN-AMBR

9.1.2.6.2 PDN GW Detailed Behaviour

Upon receipt of a RRQ message from the FA, the PDN GW shall initiate an authorization procedure, by sending an Authorization Request message to the 3GPP AAA Server or to the 3GPP AAA Proxy, with the Auth-Request-Type set to AUTHORIZE_ONLY, in order to update the PGW Address for the APN, as well as to download any UE specific APN profile information such as IP address allocation information, QoS Information, Session timeouts, Session Idle timeouts, MIPv4 security parameters etc.

If the APN was included in the RRQ message, the PDN GW shall include in the request the APN where the user shall be connected.

The PDN GW Identity shall only be included in the initial request to the 3GPP AAA Server; subsequent authorization messages (due to a handover to a different FA, for instance) shall not include it again.

If the PDN GW does not have a MN-HA shared key associated with the SPI received in the RRQ MN-HA-AE, the PDN GW shall include the SPI in the Authorization Request to the 3GPP AAA Server.

After successful reception of the Authorization Request message, the PDN GW shall check that the Result-Code is set to DIAMETER_SUCCESS and, if so, it shall use the MN-HA key to verify the MN-HA AE of the RRQ received from the FA.

If the PDN-GW successfully verifies the MN-HA-AE it shall proceed to connect the user to the specified APN, and will send the RRP message to the FA.

9.1.2.6.3 3GPP AAA Server Detailed Behaviour

Upon receipt of the Authorization Request message from the PDN GW, the 3GPP AAA Server shall update the PDN GW information for the APN for the UE on the HSS. If the APN was not received from the PDN GW the 3GPP AAA Server shall assign the received PDN-GW identity to the default APN .

The 3GPP AAA Server must check that the user exists. If the user’s data exists in the 3GPP AAA Server, it shall check, whether it also has an active access authorization session for the user.

– If not, the 3GPP AAA Server shall reject the authorization request, including the Result-Code DIAMETER_AUTHORIZATION_REJECTED.

– If the 3GPP AAA Server has an existing authorization session,

– If the APN requested by the PDN GW is included in the list of authorized APNs of the user, then the 3GPP AAA Server shall include the Service-Selection AVP in the authorization answer. If no APN was requested the Service-Selection AVP shall contain the default APN.

– If the MN-HA-SPI was included in the request and it matches the SPI belonging to a SA of the user then the 3GPP AAA Server shall include the MIP-Session-Key of the SA in the authorization answer and set the Result-Code to DIAMETER_SUCCESS.

– If the MN-HA-SPI was included in the request and there is no match with a SPI belonging to a SA of the user then the status code DIAMETER_AUTHORIZATION_REJECTED shall be returned to the PDN GW to indicate an unsuccessful authorization.

– If the APN requested by the PDN GW is not included in the list of authorized APNs, then the status code DIAMETER_AUTHORIZATION_REJECTED shall be returned to the PDN GW to indicate an unsuccessful authorization.

If the user’s profile does not exist in the 3GPP AAA Server, it shall retrieve the Diameter identity of the 3GPP AAA Server currently serving the user from the HSS following the procedures for subscriber profile download as specified in clause 8.1.2.2.2. Depending on the HSS response,

– If the HSS indicates that the user is currently being served by a different 3GPP AAA Server, the 3GPP AAA Server shall respond to the PDG-GW with the Result-Code set to DIAMETER_REDIRECT_INDICATION and Redirect-Host set to the Diameter URI of the 3GPP AAA Server currently serving the user (this Diameter URI shall be constructed based on the Diameter Identity included in the 3GPP-AAA-Server-Name AVP returned in the SWx authentication response from the HSS).

– If the HSS returns DIAMETER_ERROR_USER_UNKNOWN, the 3GPP AAA Server shall return the same error to the PDN GW.

– If the HSS sends the user’s profile to the 3GPP AAA Server, the authorization shall be rejected by setting the Result-Code to DIAMETER_AUTHORIZATION_REJECTED. The 3GPP AAA Server shall delete the downloaded user profile.

NOTE: The last outcome corresponds to the case that the user has no active access authorization procedure. This is considered as an error situation, e.g. the Trusted Non-3GPP access network may have sent RRQ without authorizing the user.

9.1.2.6.4 3GPP AAA Proxy Detailed Behaviour

The 3GPP AAA Proxy is required to handle roaming cases in which the PDN GW is located in the VPLMN. The 3GPP AAA Proxy shall act as a stateful proxy.

On receipt of the authorization answer, the 3GPP AAA Proxy

– shall check locally configured information for the maximum allowed static QoS parameters valid for visitors from the given HPLMN and modify the QoS parameters received from the 3GPP AAA Server, to enforce the policy limitations.

– shall record the state of the connection (i.e. Authorization Successful).

9.2 Protocol Specification

9.2.1 General

The S6b reference point shall be based on Diameter, as defined in IETF RFC 6733 [58], and contain the following additions and extensions:

– IETF RFC 4005 [4], which defines a Diameter protocol application used for Authentication, Authorization and Accounting (AAA) services in the Network Access Server (NAS) environment.

– IETF RFC 5779 [2], which defines a Diameter extensions and application for PMIPv6 MAG to AAA and LMA to AAA interfaces.

– IETF RFC 5777 [9], which defines attribute value pairs to convey QoS information between Diameter peers.

The PDN GW to 3GPP AAA server or the PDN GW to 3GPP AAA proxy communication shall use the LMA to AAA interface functionality defined in IETF RFC 5779 [2] to update the 3GPP AAA server with PDN GW identity, indicate the protocol selected on S2a or S2b and optionally retrieve mobility related parameters and static QoS profiles, when PMIPv6 or GTPv2 based S2a or S2b is used.

The PDN-GW acts as a LMA when the UE attaches to the EPC using the S2a or S2b reference points and PMIPv6 is used. The PDN GW also follows the LMA to AAA interface functionality defined in IETF RFC 5779 [2] when UE attaches to the EPC using S2a or S2b reference point and GTPv2 is used. The PDN GW acts as HA when the UE attaches to the EPC using the S2a reference point and MIPv4 is used.

In the case the UE attached to the EPC using the S2c reference point, then the communication between the PDN GW and HA, IETF RFC 5778 [11] shall be used. The Application Id to be advertised over the S6b reference point corresponds to the DSMIPv6 "Diameter Mobile IPv6 IKE (MIP6I)" Application Id as defined in IETF RFC 5778 [11].

IKEv2 EAP-based initiator authentication is used for authenticating and authorizing the UE and updating the PDN-GW identity. In this case, the PDN GW shall behave as described in 3GPP TS 33.402 [19].

9.2.2 Commands

9.2.2.1 Commands for S6b DSMIPv6 Authorization Procedures

9.2.2.1.1 Diameter-EAP-Request (DER) Command

The Diameter-EAP-Request (DER) command, indicated by the Command-Code field set to 268 and the "R" bit set in the Command Flags field, is sent from a PGW to a 3GPP AAA server. The Command Code value and the ABNF are re-used from the IETF RFC 5778 [11].

< Diameter-EAP-Request > ::= < Diameter Header: 268, REQ, PXY, 16777272 >

< Session-Id >

[ DRMP ]

{ Auth-Application-Id }

{ Origin-Host }

{ Origin-Realm }

{ Destination-Realm }

{ Auth-Request-Type }

[ RAT-Type ]

[ User-Name ]

[ Service-Selection ]

{ EAP-Payload }

[ MIP6-Feature-Vector ]

[ MIP6-Agent-Info ]

[ QoS-Capability ]

[ Visited-Network-Identifier ]

[ MIP-Careof-Address ]

[ AAA-Failure-Indication ]

*[ Supported-Features ]

[DER-S6b-Flags]

[ UE-Local-IP-Address]

…

*[ AVP ]

9.2.2.1.2 Diameter-EAP-Answer (DEA) Command

The Diameter-EAP-Answer (DEA) command, indicated by the Command-Code field set to 268 and the "R" bit cleared in the Command Flags field, is sent from a 3GPP AAA server to a PGW. The Command Code value and the ABNF are re-used from the IETF RFC 5778 [11].

<Diameter-EAP-Answer> ::= < Diameter Header: 268, PXY, 16777272 >

< Session-Id >

[ DRMP ]

{ Auth-Application-Id }

{ Auth-Request-Type }

{ Result-Code }

{ Origin-Host }

{ Origin-Realm }

[ User-Name ]

[ EAP-Payload ]

[ EAP-Master-Session-Key ]

[ Mobile-Node-Identifier ]

[ APN-Configuration ]

[ MIP6-Agent-Info ]

[ MIP6-Feature-Vector ]

[ 3GPP-Charging-Characteristics ]

*[ QoS-Resources ]

*[ Redirect-Host ]

[ Trace-Info ]

*[ Supported-Features ]

…

*[ AVP ]

9.2.2.2 Commands for S6b PMIPv6, GTPv2 or DSMIPv6 Authorization Procedures

9.2.2.2.1 AA-Request (AAR) Command

The AA-Request (AAR) command, indicated by the Command-Code field set to 265 and the "R" bit set in the Command Flags field, is sent from the PDN GW to the 3GPP AAA Server. The Command Code value and ABNF are re-used from the IETF RFC 4005 [4] AA-Request command. New AVPs are added using the *[AVP] extension mechanism in the original ABNF.

NOTE: This command is used for the S6b Authorization Procedure for PMIPv6 or GTPv2, and also for the S6b Service Authorization Information Update procedure for PMIPv6, GTPv2 or DSMIPv6 following a previous RAR/RAA command exchange initiated by the 3GPP AAA Server.

<AA-Request> ::= < Diameter Header: 265, REQ, PXY, 16777272 >

< Session-Id >

[ DRMP ]

{ Auth-Application-Id }

{ Origin-Host }

{ Origin-Realm }

{ Destination-Realm }

{ Auth-Request-Type }

[ User-Name ]

[ MIP6-Agent-Info ]

[ MIP6-Feature-Vector ]

[ Visited-Network-Identifier ]

[ QoS-Capability ]

[ Service-Selection ]

[ OC-Supported-Features ]

[ Origination-Time-Stamp ]

[ Maximum-Wait-Time ]

*[ Supported-Features ]

[ Emergency- Services ]

…

*[ AVP ]

9.2.2.2.2 AA-Answer (AAA) Command

The AA-Answer (AAA) command, indicated by the Command-Code field set to 265 and the "R" bit cleared in the Command Flags field, is sent from the 3GPP AAA Server to the PDN GW. The Command Code value and ABNF are re-used from the IETF RFC 4005 [4] AA-Answer command. New AVPs are added using the *[AVP] extension mechanism in the original ABNF.

NOTE: This command is used for the S6b Authorization Procedure for PMIPv6 or GTPv2, and also for the S6b Service Authorization Information Update procedure for PMIPv6, GTPv2 or DSMIPv6 following a previous RAR/RAA command exchange initiated by the 3GPP AAA Server.

<AA-Answer> ::= < Diameter Header: 265, PXY, 16777272 >

< Session-Id >

[ DRMP ]

{ Auth-Application-Id }

{ Auth-Request-Type }

{ Result-Code }

{ Origin-Host }

{ Origin-Realm }

…

[ MIP6-Feature-Vector ]

[ Session-Timeout ]

[ APN-Configuration ]

[ QoS-Resources ]

[ AN-Trusted ]

*[ Redirect-Host ]

[ Trace-Info ]

[ OC-Supported-Features ]

[ OC-OLR ]

*[ Load ]

*[ Supported-Features ]

…

*[ AVP ]

9.2.2.3 Commands for PDN GW Initiated Session Termination

9.2.2.3.1 Session-Termination-Request (STR) Command

The Session-Termination-Request (STR) command, indicated by the Command-Code field set to 275 and the "R" bit set in the Command Flags field, is sent from a PDN GW to a 3GPP AAA server. The Command Code value and ABNF are re-used from the IETF RFC 6733 [58] Session-Termination-Request command. New AVPs are added using the *[AVP] extension mechanism in the original ABNF.

<Session-Termination-Request> ::= < Diameter Header: 275, REQ, PXY, 16777272 >

< Session-Id >

[ DRMP ]

{ Auth-Application-Id }

{ Origin-Host }

{ Origin-Realm }

{ Destination-Realm }

{ Termination-Cause }

[ User-Name ]

[ OC-Supported-Features ]

…

*[ AVP ]

9.2.2.3.2 Session-Termination-Answer (STA) Command

The Session-Termination-Answer (STA) command, indicated by the Command-Code field set to 275 and the "R" bit cleared in the Command Flags field, is sent from a 3GPP AAA server to a PDN GW. The Command Code value and ABNF are re-used from the IETF RFC 6733 [58] Session-Termination-Answer command.

<Session-Termination-Answer> ::= < Diameter Header: 275, PXY, 16777272 >

< Session-Id >

[ DRMP ]

{ Result-Code }

{ Origin-Host }

{ Origin-Realm }

[ OC-Supported-Features ]

[ OC-OLR ]

*[ Load ]

*[ AVP ]

9.2.2.4 Commands for 3GPP AAA Server Initiated Session Termination

9.2.2.4.1 Abort-Session-Request (ASR) Command

The Abort-Session-Request (ASR) command, indicated by the Command-Code field set to 274 and the "R" bit set in the Command Flags field, is sent from a 3GPP AAA Server/Proxy to a PDN GW. The ABNF is based on the one in IETF RFC 4005 [4].

< Abort-Session-Request > ::= < Diameter Header: 274, REQ, PXY, 16777272 >

< Session-Id >

[ DRMP ]

{ Origin-Host }

{ Origin-Realm }

{ Destination-Realm }

{ Destination-Host }

{ Auth-Application-Id }

[ User-Name ]

[ Auth-Session-State ]

…

*[ AVP ]

9.2.2.4.2 Abort-Session-Answer (ASA) Command

The Abort-Session-Answer (ASA) command, indicated by the Command-Code field set to 274 and the "R" bit cleared in the Command Flags field, is sent from a PDN GW to a 3GPP AAA Server/Proxy. The ABNF is based on the one in IETF RFC 4005 [4].

< Abort-Session-Answer > ::= < Diameter Header: 274, PXY, 16777272 >

< Session-Id >

[ DRMP ]

{ Result-Code }

{ Origin-Host }

{ Origin-Realm }

…

*[ AVP ]

9.2.2.4.3 Session-Termination-Request (STR) Command

The Session-Termination-Request (STR) command, indicated by the Command-Code field set to 275 and the "R" bit set in the Command Flags field, is sent from an PDN GW to a 3GPP AAA Server/Proxy. The Command Code value and ABNF are re-used from the IETF RFC 6733 [58] Session-Termination-Request command.

<Session-Termination-Request> ::= < Diameter Header: 275, REQ, PXY, 16777272 >

< Session-Id >

[ DRMP ]

{ Origin-Host }

{ Origin-Realm }

{ Destination-Realm }

{ Auth-Application-Id }

{ Termination-Cause }

[ User-Name ]

[ OC-Supported-Features ]

…

*[ AVP ]

9.2.2.4.4 Session-Termination-Answer (STA) Command

The Session-Termination-Answer (STA) command, indicated by the Command-Code field set to 275 and the "R" bit cleared in the Command Flags field, is sent from a 3GPP AAA Server/Proxy to an PDN GW. The Command Code value and ABNF are re-used from the IETF RFC 6733 [58] Session-Termination-Answer command.

<Session-Termination-Answer> ::= < Diameter Header: 275, PXY, 16777272 >

< Session-Id >

[ DRMP ]

{ Result-Code }

{ Origin-Host }

{ Origin-Realm }

[ OC-Supported-Features ]

[ OC-OLR ]

*[ Load ]

*[ AVP ]

9.2.2.5 Commands for S6b MIPv4 FACoA Authorization Procedures

9.2.2.5.1 AA-Request (AAR) Command

The AA-Request (AAR) command, indicated by the Command-Code field set to 265 and the "R" bit set in the Command Flags field, is sent from a PDN GW to a 3GPP AAA Server. The Command Code value and ABNF are re-used from the IETF RFC 4005 [4] AA-Request command. New AVPs are added using the *[AVP] extension mechanism in the original ABNF.

<AA-Request> ::= < Diameter Header: 265, REQ, PXY, 16777272 >

< Session-Id >

[ DRMP ]

{ Auth-Application-Id }

{ Origin-Host }

{ Origin-Realm }

{ Destination-Realm }

{ Auth-Request-Type }

[ User-Name ]

[ MIP6-Agent-Info ]

[ MIP6-Feature-Vector ]

[ Visited-Network-Identifier ]

[ QoS-Capability ]

[ Service-Selection ]

*[ Supported-Features ]

[MIP-MN-HA-SPI]

[ OC-Supported-Features ]

…

*[ AVP ]

9.2.2.5.2 AA-Answer (AAA) Command

The AA-Answer (AAA) command, indicated by the Command-Code field set to 265 and the "R" bit cleared in the Command Flags field, is sent from a 3GPP AAA Server to a PDN GW. The Command Code value and ABNF are re-used from the IETF RFC 4005 [4] AA-Answer command. New AVPs are added using the *[AVP] extension mechanism in the original ABNF.

<AA-Answer> ::= < Diameter Header: 265, PXY, 16777272 >

< Session-Id >

[ DRMP ]

{ Auth-Application-Id }

{ Auth-Request-Type }

{ Result-Code }

{ Origin-Host }

{ Origin-Realm }

[ OC-Supported-Features ]

[ OC-OLR ]

*[ Load ]

…

[ MIP6-Feature-Vector ]

[ Session-Timeout ]

[ APN-Configuration ]

[ QoS-Resources ]

*[ Redirect-Host ]

*[ Supported-Features ]

[MIP-Session-Key]

…

*[ AVP ]

9.2.2.6 Commands for S6b Service Authorization Information Update Procedures

9.2.2.6.1 Re-Auth-Request (RAR) Command

The Diameter Re-Auth-Request (RAR) command shall be indicated by the Command-Code field set to 258 and the "R" bit set in the Command Flags field and is sent from a 3GPP AAA Server or 3GPP AAA Proxy to a PDN-GW. The ABNF for the RAR command shall be as follows:

< Re-Auth-Request > ::= < Diameter Header: 258, REQ, PXY, 16777272 >

< Session-Id >

[ DRMP ]

{ Origin-Host }

{ Origin-Realm }

{ Destination-Realm }

{ Destination-Host }

{ Auth-Application-Id }

{ Re-Auth-Request-Type }

[ User-Name ]

[RAR-Flags ]

…

*[ AVP ]

9.2.2.6.2 Re-Auth-Answer (RAA) Command

The Diameter Re-Auth-Answer (ASA) command shall be indicated by the Command-Code field set to 258 and the "R" bit cleared in the Command Flags field and is sent from a PDN-GW to a 3GPP AAA Server or 3GPP AAA Proxy. The ABNF for the RAA commands shall be as follows:

< Re-Auth-Answer > ::= < Diameter Header: 258, PXY, 16777272 >

< Session-Id >

[ DRMP ]

{ Result-Code }

{ Origin-Host }

{ Origin-Realm }

[ User-Name ]

…

*[ AVP ]

9.2.3 Information Elements

9.2.3.0 General

The following clauses describes the Diameter AVPs defined for the S6b interface protocol in the different modes of operation (DSMIPv6, PMIPv6/GTPv2, MIPv4…).

For all AVPs which contain bit masks and are of the type Unsigned32, bit 0 shall be the least significant bit. For example, to get the value of bit 0, a bit mask of 0x00000001 should be used.

9.2.3.1 S6b DSMIPv6 procedures

9.2.3.1.1 General

The following table describes the Diameter AVPs defined for the S6b interface protocol in DSMIPv6 mode, their AVP Code values, types, possible flag values and whether or not the AVP may be encrypted.

Table 9.2.3.1.1/1: Diameter S6b AVPs for DSMIPv6

				AVP Flag rules
Attribute Name	AVP Code	Clause defined	Value Type	Must	May	Should not	Must not
MIP6-Agent-Info	486	9.2.3.2.2	Grouped	M			V,P
MIP6-Feature-Vector	124	9.2.3.2.3	Unsigned64	M			V,P
Visited-Network-Identifier	600	9.2.3.1.2	OctetString	M,V			P
RAR-Flags	1522	9.2.3.1.5	Unsigned32	V			M,P
QoS-Capability	578	9.2.3.2.4	Grouped	M			V,P
QoS-Resources	508	9.2.3.2.5	Grouped	M			V,P
Trace-Info	1505	8.2.3.13	Grouped	V			M,P
Service-Selection	493	5.2.3.5	UTF8String	M			V,P
Trust-Relationship-Update	1515	9.2.3.1.4	Enumerated	V			M,P
AAA-Failure-Indication	1518	8.2.3.21	Unsigned32	V			M,P
DER-S6b-Flags	1523	9.2.3.7	Unsigned32	V			M,P
NOTE 1: The AVP header bit denoted as "M", indicates whether support of the AVP is required. The AVP header bit denoted as "V", indicates whether the optional Vendor-ID field is present in the AVP header. For further details, see IETF RFC 6733 [58]. NOTE 2: If the M-bit is set for an AVP and the receiver does not understand the AVP, it shall return a rejection. If the M-bit is not set for an AVP, the receiver shall not return a rejection, whether or not it understands the AVP. If the receiver understands the AVP but the M-bit value does not match with the definition in this table, the receiver shall ignore the M-bit.

9.2.3.1.2 Visited-Network-Identifier

The Visited-Network-Identifier AVP contains an identifier that helps the home network to identify the visited network (e.g. the visited network domain name). The Vendor-Id shall be set to 10415 (3GPP).

The AVP shall be encoded as:

mnc<MNC>.mcc<MCC>.3gppnetwork.org

If MNC consists of only 2 digits, a leading digit "0" shall be added to the MNC value (e.g., if MNC=15 and MCC=234, the value of Visited-Network-Identifier shall be "mnc015.mcc234.3gppnetwork.org").

9.2.3.1.3 Void

9.2.3.1.4 Void

9.2.3.1.5 RAR-Flags

The RAR-Flags AVP is of type Unsigned32 and it shall contain a bit mask. The meaning of the bits shall be as defined in table 9.2.3.1.5/1:

Table 9.2.3.1.5/1: RAR-Flags

Bit	Name	Description
0	Trust-Relationship-Update-indication	This bit, when set, indicates to the PDN GW that the 3GPP AAA server only initiates the re-authorization procedure send the trust relationship to the PDN GW, and the PDN GW shall not perform any authorization procedure towards the UE.
1	P-CSCF Restoration Request	This bit, when set, shall indicate to the PDN GW that the 3GPP AAA Server requests the execution of the HSS-based P-CSCF restoration procedures for WLAN, as described in 3GPP TS 23.380 [52] clause 5.6.
NOTE: Bits not defined in this table shall be cleared by the sender and discarded by the recever of the command.

9.2.3.2 S6b PMIPv6 or GTPv2 procedures

9.2.3.2.1 General

The following table describes the Diameter AVPs defined for the S6b interface protocol in PMIPv6 or GTPv2 mode, their AVP Code values, types, possible flag values and whether or not the AVP may be encrypted.

Table 9.2.3.2.1/1: Diameter S6b AVPs for PMIPv6 or GTPv2

				AVP Flag rules
Attribute Name	AVP Code	Clause defined	Value Type	Must	May	Should not	Must not
MIP6-Agent-Info	486	9.2.3.2.2	Grouped	M			V,P
MIP6-Feature-Vector	124	9.2.3.2.3	Unsigned64	M			V,P
QoS-Capability	578	9.2.3.2.4	Grouped	M			V,P
QoS-Resources	508	9.2.3.2.5	Grouped	M			V,P
Trace-Info	1505	8.2.3.13	Grouped	V			M,P
Service-Selection	493	5.2.3.5	UTF8String	M			V,P
Visited-Network-Identifier	600	9.2.3.1.2	OctetString	M,V			P
Origination-Time-Stamp	1536	9.2.3.2.6	Unsigned64	V			M,P
Maximum-Wait-Time	1537	9.2.3.2.7	Unsigned32	V			M,P
Emergency- Services	1538	7.2.3.5	Unsigned32	V			M,P
NOTE 1: The AVP header bit denoted as "M", indicates whether support of the AVP is required. The AVP header bit denoted as "V", indicates whether the optional Vendor-ID field is present in the AVP header. For further details, see IETF RFC 6733 [58]. NOTE 2: If the M-bit is set for an AVP and the receiver does not understand the AVP, it shall return a rejection. If the M-bit is not set for an AVP, the receiver shall not return a rejection, whether or not it understands the AVP. If the receiver understands the AVP but the M-bit value does not match with the definition in this table, the receiver shall ignore the M-bit.

9.2.3.2.2 MIP6-Agent-Info

The MIP6-Agent-Info AVP contains the PDN GW identity or (for the chained S2 – PMIP based S8 case) the Serving GW address information. This AVP is defined in IETF RFC 5447 [6]. The identity of PDN GW is either an IP address transported in MIP-Home-Agent-Address or an FQDN transported in MIP-Home-Agent-Host. The PDN GW may use its IP address if a single IP address can be used for all Access Networks and protocols towards the PDN GW. In all other cases the PDN GW shall use its FQDN. MAG/AAA/HSS shall use FQDN if known. The grouped AVP has the following grammar:

MIP6-Agent-Info ::= < AVP Header: 486 >

*2[ MIP-Home-Agent-Address ]

[ MIP-Home-Agent-Host ]

[ MIP6-Home-Link-Prefix ]

*[ AVP ]

NOTE: The AVP MIP6-Home-Link-Prefix is not used in S6b, but it is included here to reflect the complete IETF definition of the grouped AVP.

9.2.3.2.3 MIP6-Feature-Vector

The MIP6-Feature-Vector AVP contains a 64 bit flags field of supported mobility capabilities of the NAS. This AVP is defined in IETF RFC 5447 [6]. The NAS may include this AVP in a request message to indicate the mobility capabilities of the NAS to the 3GPP AAA server. Similarly, the Diameter server may include this AVP in an answer message to inform the NAS about which of the NAS indicated capabilities are supported or authorized by the 3GPP AAA Server.

Following capabilities are supported on S6b reference point in PMIPv6 or GTPv2 mode:

– PMIP6_SUPPORTED

– IP4_HOA_SUPPORTED

– GTPv2_SUPPORTED

9.2.3.2.4 QoS-Capability

The QoS-Capability AVP contains a list of supported Quality of Service profile templates (and therefore the support of the respective parameter AVPs). This AVP is defined in IETF RFC 5777 [9].

9.2.3.2.5 QoS-Resources

The QoS-Resources AVP includes a description of the Quality of Service resources for policing traffic flows. This AVP is defined in IETF RFC 5777 [9].

9.2.3.2.6 Origination-Time-Stamp

The Origination-Time-Stamp is of type Unsigned64. It indicates the UTC time when the originating entity initiated the request. It shall contain the number of milliseconds since 00:00:00 on 1 January 1900 UTC.

NOTE: This AVP contains the same numeric value, in milliseconds, as received over the GTPv2 protocol from the originating entity (see 3GPP TS 29.274 [38], clause 8.119).

9.2.3.2.7 Maximum-Wait-Time

The Maximum-Wait-Time is of type Unsigned32. It indicates the number of milliseconds since the Origination-Time-Stamp during which the originator of a request waits for a response. See 3GPP TS 29.274 [38].

9.2.3.3 S6b Re-used Diameter AVPs

Table 9.2.3.3/1: S6b re-used Diameter AVPs

Attribute Name	Reference	Comments
Supported-Features	3GPP TS 29.229 [24]
Feature-List-ID	3GPP TS 29.229 [24]	See clause 9.2.3.4
Feature-List	3GPP TS 29.229 [24]	See clause 9.2.3.5
MIP-Careof-Address	IETF RFC 5778 [11]
UE-Local-IP-Address	3GPP TS 29.212 [23]
OC-Supported-Features	IETF RFC 7683 [47]	See clause 8.2.3.22
OC-OLR	IETF RFC 7683 [47]	See clause 8.2.3.23
DRMP	IETF RFC 7944 [53]	See clause 8.2.3.25
Load	IETF RFC 8583 [54]	See clause 8.2.3.26
NOTE 1: The M-bit settings for re-used AVPs override those of the defining specifications that are referenced. Values include: "Must set", "Must not set". If the M-bit setting is blank, then the defining specification applies. NOTE 2: If the M-bit is set for an AVP and the receiver does not understand the AVP, it shall return a rejection. If the M-bit is not set for an AVP, the receiver shall not return a rejection, whether or not it understands the AVP. If the receiver understands the AVP but the M-bit value does not match with the definition in this table, the receiver shall ignore the M-bit.

9.2.3.4 Feature-List-ID AVP

The syntax of this AVP is defined in 3GPP TS 29.229 [24]. For this release, the Feature-List-ID AVP value shall be set to 1 for the S6b application.

9.2.3.5 Feature-List AVP

The syntax of this AVP is defined in 3GPP TS 29.229 [24]. A null value indicates that there is no feature used by the S6b application. The meaning of the bits shall be as defined in table 9.2.3.5/1.

Table 9.2.3.5/1: Features of Feature-List-ID 1 used in S6b

Feature bit	Feature	M/O	Description
0	P-CSCF Restoration for WLAN	O	Support of P-CSCF Restoration for WLAN This feature is applicable to the AAR/AAA and RAR/RAA command pairs over the S6b interface, when the PDN GW supports the execution of the P-CSCF restoration procedures for WLAN for the related IMS PDN connection as described in 3GPP TS 23.380 [52] clause 5.6. If the PDN-GW does not indicate support of this feature in a former AAR command, the 3GPP AAA Server shall not send a RAR command requesting the execution of the HSS-based P-CSCF restoration procedures for WLAN,
Feature bit: The order number of the bit within the Supported-Features AVP, e.g. "1". Feature: A short name that can be used to refer to the bit and to the feature. M/O: Defines if the implementation of the feature is mandatory ("M") or optional ("O"). Description: A clear textual description of the feature.

Features that are not indicated in the Supported-Features AVPs within a given application message shall not be used to construct that message.

9.2.3.6 S6b MIPv4 FACoA procedures

9.2.3.6.1 General

The following table describes the Diameter AVPs defined for the S6b interface protocol in MIPv4 mode, their AVP Code values, types, possible flag values and whether or not the AVP may be encrypted.

Table 9.2.3.6.1/1: Diameter S6b AVPs for MIPv4 FACoA

				AVP Flag rules
Attribute Name	AVP Code	Clause defined	Value Type	Must	May	Should not	Must not
MIP6-Agent-Info	486	9.2.3.6.2	Grouped	M			V,P
MIP6-Feature-Vector	124	9.2.3.6.3	Unsigned64	M			V,P
QoS-Capability	578	9.2.3.6.4	Grouped	M			V,P
QoS-Resources	508	9.2.3.6.5	Grouped	M			V,P
MIP-MN-HA-SPI	491	9.2.3.6.6	Unsigned32	M			V,P
MIP-Session-Key	343	9.2.3.6.7	OctetString	M			V,P
Service-Selection	493	5.2.3.5	UTF8String	M			V,P
NOTE 1: The AVP header bit denoted as "M", indicates whether support of the AVP is required. The AVP header bit denoted as "V", indicates whether the optional Vendor-ID field is present in the AVP header. For further details, see IETF RFC 6733 [58]. NOTE 2: If the M-bit is set for an AVP and the receiver does not understand the AVP, it shall return a rejection. If the M-bit is not set for an AVP, the receiver shall not return a rejection, whether or not it understands the AVP. If the receiver understands the AVP but the M-bit value does not match with the definition in this table, the receiver shall ignore the M-bit.

9.2.3.6.2 MIP6-Agent-Info

The MIP6-Agent-Info AVP contains the PDN GW identity. This AVP is defined in IETF RFC 5447 [6]. The identity of PDN GW is either an IP address transported in MIP-Home-Agent-Address or an FQDN transported in MIP-Home-Agent-Host. The PDN GW may use its IP address if a single IP address can be used for all Access Networks and protocols towards the PDN GW. In all other cases the PDN GW shall use its FQDN. The FA/3GPP AAA Server/HSS shall use FQDN if known. The grouped AVP has the following grammar:

MIP6-Agent-Info ::= < AVP Header: 486 >

*2[ MIP-Home-Agent-Address ]

[ MIP-Home-Agent-Host ]

[ MIP6-Home-Link-Prefix ]

*[ AVP ]

NOTE: The AVP MIP6-Home-Link-Prefix is not used in S6b, but it is included here to reflect the complete IETF definition of the grouped AVP.

9.2.3.6.3 MIP6-Feature-Vector

The MIP6-Feature-Vector AVP contains a 64 bit flags field of supported mobility capabilities of the NAS. This AVP is defined in IETF RFC 5447 [6]. The NAS may include this AVP in a request message to indicate the mobility capabilities of the NAS to the 3GPP AAA Server. Similarly, the Diameter server may include this AVP in an answer message to inform the NAS about which of the NAS indicated capabilities are supported or authorized by the 3GPP AAA Server.

Following capabilities are supported on S6b reference point in MIPv4 FACoA mode:

– MIP4_SUPPORTED

9.2.3.6.4 QoS-Capability

The QoS-Capability AVP contains a list of supported Quality of Service profile templates (and therefore the support of the respective parameter AVPs). This AVP is defined in IETF RFC 5777 [9].

9.2.3.6.5 QoS-Resources

The QoS-Resources AVP includes a description of the Quality of Service resources for policing traffic flows. This AVP is defined in IETF RFC 5777 [9].

9.2.3.6.6 MIP-MN-HA-SPI

The MIP-MN-HA-SPI AVP contains the index of the security association between the Mobile Node and the HA. This AVP is defined in IETF RFC 5778 [11].

9.2.3.6.7 MIP-Session-Key

The MIP-Session-Key AVP contains the MN-HA shared key. This AVP is defined in IETF RFC 4004 [18].

9.2.3.7 DER-S6b-Flags

The DER-S6b-Flags AVP is of type Unsigned32 and it shall contain a bit mask. The meaning of the bits shall be asdefined in table 9.2.3.7/1:

Table 9.2.3.7/1: DER-S6b-Flags

Bit	Name	Description
0	Initial-Attach-Indicator	This bit, when set, indicates that a UE performs the Initial Attach procedure from non-3GPP access network. When not set, it indicates that a UE performs the Handover procedure.
NOTE: Bits not defined in this table shall be cleared by the sender and discarded by the receiver of the command.

9.2.4 Session Handling

The Diameter protocol between the PDN-GW and the 3GPP AAA Server or the 3GPP AAA Proxy shall always keep session state, and use the same Session-Id parameter for the lifetime of each Diameter session.

A Diameter session shall identify a PDN Connection for a given user and an APN, while the PDN Connection is kept alive in the non-3GPP access. When the PDN Connection is either disconnected on the non-3GPP access, or handed over to the 3GPP access, the diameter session shall be terminated. In order to indicate that the session state is to be maintained, the Diameter client and server shall not include the Auth-Session-State AVP, either in the request or in the response messages (see IETF RFC 6733 [58]).