11.8
38.523-13GPP5GSPart 1: ProtocolRelease 17TSUser Equipment (UE) conformance specification
11.8.1 to 11.8.4
11.8.5 Inter-system mobility between untrusted Non-3GPP and 3GPP system/Handover from 5GS to EPC/ePDG
11.8.5.1 Test Purpose (TP)
(1)
With { the UE supports N1 mode and S1 mode and IP address preservation between EPC/ePDG and 5GS, at least one PDU Sessions have been established between the UE and the SMF/UPF via NG-RAN }
ensure that {
when { When UE detect cellular not available and performs a handover of existing PDU session to ePDG/EPC }
then { the UE shall include the CFG_REQUEST Configuration payload containing the type of IP address, the "IDr" payload containing the APN in the Identification Data, the "IDi" payload containing the NAI, the N1_MODE_CAPABILITY Notify payload. }
}
11.8.5.2 Conformance requirements
[Rel-15, TS 24.302, clause 7.2.2.1]
Once the ePDG has been selected, the UE shall initiate the IPsec tunnel establishment procedure using the IKEv2 protocol as defined in IETF RFC 7296 [28] and 3GPP TS 33.402 [15].
The UE shall send an IKE_SA_INIT request message to the selected ePDG in order to setup an IKEv2 security association. Upon receipt of an IKE_SA_INIT response, the UE shall send an IKE_AUTH request message to the ePDG, including:
– The type of IP address (IPv4 address or IPv6 prefix or both) that needs to be configured in an IKEv2 CFG_REQUEST Configuration Payload. If the UE requests for both IPv4 address and IPv6 prefix, the UE shall send two configuration attributes in the CFG_REQUEST Configuration Payload: one for the IPv4 address and the other for the IPv6 prefix;
– The "IDr" payload, containing the APN in the Identification Data, for non-emergency session establishment. For emergency session establishment, the UE shall format the "IDr" payload according to clause 7.2.5. The UE shall set the ID Type field of the "IDr" payload to ID_FQDN as defined in IETF RFC 7296 [28]. The UE indicates a request for the default APN by omitting the "IDr" payload, which is in accordance with IKEv2 protocol as defined in IETF RFC 7296 [28]; and
– The "IDi" payload containing the NAI.
If the UE supports N1 mode, the UE shall indicate the PDU session ID in the IKE_AUTH request message. If N1 mode capability is disabled, the UE may indicate the PDU session ID in the IKE_AUTH request message.
In order to indicate the PDU session ID in the IKE_AUTH request message, the UE shall include the N1_MODE_CAPABILITY Notify payload as defined in clause 8.2.9.15 in the IKE_AUTH request message and shall:
– if the UE is establishing a PDN connection not related to any existing PDU session or any existing PDN connection, allocate a PDU session ID which is not currently being used by another PDU session over either 3GPP access or non-3GPP access, set the PDU Session ID field of the N1_MODE_CAPABILITY Notify payload to the allocated PDU session ID, and associate the allocated PDU session ID with the PDN connection that is being established;
if the UE is transferring an existing PDU session from 5GS, set the PDU Session ID field of the N1_MODE_CAPABILITY Notify payload to the PDU session ID of the existing PDU session that is being transferred, and associate the PDU session ID with the PDN connection that is being established. If the existing PDU session is a non-emergency PDU session, the UE shall in addition associate the S-NSSAI of the existing PDU session that is being transferred and the related PLMN ID with the PDN connection that is being established; or
– if the UE is transferring an existing PDN connection from EPS and a PDU session ID is associated with the PDN connection that is being transferred, set the PDU Session ID field of the N1_MODE_CAPABILITY Notify payload to the PDU session ID associated with the existing PDN connection. If the existing PDN connection is a non-emergency PDN connection and an S-NSSAI and a related PLMN ID are associated with the existing PDN connection, the UE shall in addition associate the S-NSSAI and the related PLMN ID with the PDN connection that is being established.
…
During the IKEv2 authentication and security association establishment for handover, the UE supporting IP address preservation for NBM, shall provide an indication about Attach Type, which indicates Handover Attach. During the IKEv2 authentication and security association establishment for transfer of an existing PDU session from 5GS, the UE shall provide an indication about Attach Type, which indicates Handover Attach. To indicate attach due to handover, the UE shall include the previously allocated home address information during the IPSec tunnel establishment. Depending on the IP version, the UE shall include either the INTERNAL_IP4_ADDRESS or the INTERNAL_IP6_ADDRESS attribute or both in the CFG_REQUEST Configuration Payload within the IKE_AUTH request message to indicate the home address information which is in accordance with IKEv2 protocol as defined in IETF RFC 7296 [28]. If the previously allocated home address information consists of both an IPv4 address and an IPv6 prefix, then the UE shall include the INTERNAL_IP4_ADDRESS attribute and the INTERNAL_IP6_ADDRESS attribute in the CFG_REQUEST configuration payload within the IKE_AUTH request message. If the previously allocated home address information consists of an IPv4 address only, then the UE shall include the INTERNAL_IP4_ADDRESS attribute and shall not include the INTERNAL_IP6_ADDRESS attribute in the CFG_REQUEST configuration payload within the IKE_AUTH request message. If the previously allocated home address information consists of an IPv6 prefix only, then the UE shall include the INTERNAL_IP6_ADDRESS attribute and shall not include the INTERNAL_IP4_ADDRESS attribute in the CFG_REQUEST configuration payload within the IKE_AUTH request message. The UE shall support IPSec ESP (see IETF RFC 4303 [32]) in order to provide secure tunnels between the UE and the ePDG as specified in 3GPP TS 33.402 [15].
…
After the successful authentication with the 3GPP AAA server, the UE receives from the ePDG an IKE_AUTH response message containing a single CFG_REPLY Configuration Payload including the assigned remote IP address information (IPv4 address or IPv6 prefix) as described in clause 7.4.1. Depending on the used IP mobility management mechanism the following cases can be differentiated:
– If DSMIPv6 is used for IP mobility management, the UE configures a remote IP address based on the IP address information contained in the INTERNAL_IP4_ADDRESS or INTERNAL_IP6_SUBNET attribute of the CFG_REPLY Configuration Payload. The UE uses the remote IP address as Care-of-Address to contact the HA.
– If NBM is used for IP mobility management and the UE performs an initial attach, the UE configures a home address based on the address information from the CFG_REPLY Configuration Payload. Otherwise, if NBM is used and the UE performs a handover attach, the UE continues to use its IP address configured before the handover, if the address information provided in the CFG_REPLY Configuration Payload does match with the UE’s IP address configured before the handover. If the UE’s IP address (IPv4 address or IPv6 prefix) does not match with the address information of the CFG_REPLY Configuration Payload, the UE shall configure a new home address based on the IP address information contained in the INTERNAL_IP4_ADDRESS, INTERNAL_IP6_SUBNET or INTERNAL_IP6_ADDRESS attribute of the CFG_REPLY Configuration Payload. In the latter case, the IP address preservation is not possible.
NOTE 3: In case of IPv6 address, the UE performs the match only on the IPv6 prefix provided within the CFG_REPLY Configuration Payload contained in the INTERNAL_IP6_SUBNET or INTERNAL_IP6_ADDRESS.
…
During the IKEv2 authentication and security association establishment, following the UE’s initial IKE_AUTH request message to the ePDG, if the UE subsequently receives an IKE_AUTH response message from the ePDG containing the EAP-Request/AKA-Challenge, after verifying the received authentication parameters and successfully authenticating the ePDG as specified in 3GPP TS 33.402 [15], the UE shall send a new IKE_AUTH request message to the ePDG including the EAP-Response/AKA-Challenge. In addition, the UE shall provide the requested mobile device identity if available, as specified in clause 7.2.6.
If the UE supports P-CSCF restoration extension for untrusted WLAN as specified in 3GPP TS 23.380 [66], the UE shall send its capability indication of the support of P-CSCF restoration to the ePDG by including the P-CSCF_RESELECTION_SUPPORT Notify payload within an IKE_AUTH request message. The content of the P-CSCF_RESELECTION_SUPPORT Notify payload is described in clause 8.2.9.4.
If the UE supports N1 mode and the UE receives the N1_MODE_INFORMATION Notify payload as defined in clause 8.2.9.16 in the IKE_AUTH response message, the UE shall delete the associated S-NSSAI, if any, and (re‑)associate the S-NSSAI in the S-NSSAI Value field of the N1_MODE_INFORMATION Notify payload with the PDU session associated with the IKEv2 security association that was established, and if the UE receives the N1_MODE_S_NSSAI_PLMN_ID Notify payload as defined in clause 8.2.9.17 in the IKE_AUTH response message, the UE shall delete the associated PLMN ID, if any, and (re-)associate the PLMN ID that the S-NSSAI relates to in the S-NSSAI PLMN ID field of the N1_MODE_S_NSSAI_PLMN_ID Notify payload with the PDU session associated with the IKEv2 security association that was established.
11.8.5.3 Test description
11.8.5.3.1 Pre-test conditions
System Simulator:
– WLAN Cell 27 is configured according to TS 36.508[18], Table 4.4.8-1 with condition IMSoWLAN.
– NR Cell 1 is configured according to TS 38.508-1 [4], Table 4.4.2-3.
– NR Cell 1 is set to "Serving cell".
UE:
– The UE is configured to use IMS preconditions.
Preamble:
– The UE is brought to state 1N-A according to TS 38.508-1 [4], Table 4.4A.2-1. The UE is initially attached to the 3GPP Access network and establish at least an IMS PDU session with 5GC network.
11.8.5.3.2 Test procedure sequence
Table 11.8.5.3.2-1: Main behaviour
|
St |
Procedure |
Message Sequence |
TP |
Verdict |
|
|
U – S |
Message |
||||
|
1 |
NR Cell is set ”“Off” cell”, WLAN Cell is set to “Serving cell ” |
– |
– |
– |
|
|
2 |
UE associates with the WLAN AP and obtains the local IP address. |
– |
– |
– |
– |
|
3 |
UE transmit a DNS Query message with QNAME set to FQDN of the ePDG |
–> |
DNS Query |
– |
– |
|
4 |
The SS transmits a DNS Response message with the IP address of the ePDG. |
<– |
DNS Response |
– |
– |
|
5 |
UE transmit an IKE_SA_INIT request message to the ePDG |
–> |
IKE_SA_INIT Request |
– |
– |
|
6 |
SS transmits an IKE_SA_INIT response message to UE |
<– |
IKE_SA_INIT Response |
– |
– |
|
7 |
Check: Does UE transmit an IKE_AUTH request including the CFG_REQUEST Configuration payload containing the type of IP address, the "IDr" payload containing the APN in the Identification Data, the "IDi" payload containing the NAI, N1_MODE_CAPABILITY Notify payload? |
–> |
IKE_AUTH Request |
1 |
P |
|
8 |
The SS transmits an IKE_AUTH Response message including an EAP-Request/AKA-Challenge. |
<– |
IKE_AUTH Response |
– |
– |
|
9 |
UE transmit an IKE_AUTH Request message including the EAP-Response/AKA-Challenge |
–> |
IKE_AUTH Request |
– |
– |
|
10 |
The SS transmits an IKE_AUTH Response message including EAP-Success. |
<– |
IKE_AUTH Response |
– |
– |
|
11 |
UE transmit an IKE_AUTH Request message with Authentication payload. |
–> |
IKE_AUTH Request |
– |
– |
|
12 |
The SS transmits an IKE_AUTH Response message with Authentication and Configuration payloads. |
<– |
IKE_AUTH Response |
– |
– |
11.8.5.3.3 Specific message contents
Table 11.8.5.3.3-1: Message DNS Query (step 3, Table 11.8.5.3.2-1)
|
Derivation path: IETF RFC 1035 [56] |
|||
|
Information Element |
Value/remark |
Comment |
Condition |
|
QR= |
‘0’ |
Query |
|
|
OPCODE= |
‘0000’ |
QUERY |
|
|
QNAME= |
Operator provisioned FQDN of the ePDG. |
pc_ePDG_FQDN_Provisioned |
|
|
Operator Identifier FQDN format shall be "epdg.epc.mnc<MNC>.mcc<MCC>.pub.3gppnetwork.org" |
pc_ePDG_FQDN_constructed |
||
|
QTYPE= |
A |
query for the IPv4 address |
IPv4 |
|
AAAA |
query for the IPv6 address |
IPv6 |
|
|
QCLASS= |
IN |
||
|
Condition |
Explanation |
|
IPv4 |
DNS query for IPv4 address |
|
IPv6 |
DNS query for IPv6 address |
Table 11.8.5.3.3-2: Message DNS Response (step 4, Table 11.8.5.3.2-1)
|
Derivation path: IETF RFC 1035 [56] |
|||
|
Information Element |
Value/remark |
Comment |
Condition |
|
QR= |
‘1’ |
Response |
|
|
OPCODE= |
‘0000’ |
QUERY |
|
|
QNAME= |
Same as received in DNS Query |
||
|
QTYPE= |
A |
||
|
QCLASS= |
IN |
||
|
RR { |
|||
|
NAME |
Same as received in DNS Query |
||
|
TYPE |
Same as received in DNS Query |
A for IPv4 AAAA for IPv6 |
|
|
CLASS |
IN |
||
|
RDATA |
IP address of ePDG |
||
|
} |
|||
Table 11.8.5.3.3-2A: IKE_AUTH request (step 7, Table 11.8.5.3.2-1)
|
Derivation path: 36.508 table 4.7G-3 |
|||
|
Information Element |
Value/remark |
Comment |
Condition |
|
IKE Header |
|||
|
Next Payload |
‘00101111’B |
CP |
|
|
Exchange Type |
‘00100011’B |
IKE_AUTH |
|
|
Configuration Payload |
|||
|
Next Payload |
‘00000000’B |
Notify payload |
|
|
CFG Type |
‘00000001’B |
CFG_REQUEST |
|
|
Attribute Type |
‘00000001’B |
INTERNAL_IP4_ADDRESS |
IPv4 |
|
IPv4 Address |
Previously allocated IPv4 address in cellular network |
IPv4 |
|
|
Attribute Type |
‘00001000’B |
INTERNAL_IP6_ADDRESS |
IPv6 |
|
IPv6 Address |
Previously allocated IPv6 address in cellular network |
IPv6 |
|
|
Attribute Type |
‘00010100’B |
P_CSCF_IP4_ADDRESS |
IPv4 |
|
IPv4 Address |
Not checked |
IPv4 |
|
|
Attribute Type |
‘00010101’B |
P_CSCF_IP6_ADDRESS |
IPv6 |
|
IPv6 Address |
Not checked |
IPv6 |
|
|
Notify payload |
‘000101001’B |
||
|
Next Payload |
‘00100100’B |
IDr payload |
|
|
Notify Message Type |
‘1100011101000111’B |
N1_MODE_CAPABILITY Notify payload |
|
|
PDU Session ID |
PDU Session ID of the transferred PDU session from 5GC |
||
|
IDr payload |
‘00100100’B |
||
|
Next Payload |
‘00100011’B |
IDi payload |
|
|
ID Type |
‘00000010’B |
ID_FQDN |
|
|
Identification Data |
APN |
||
|
IDi payload |
‘00100011’B |
||
|
Next Payload |
‘00000000’B |
No Next Payload if Notify payload is the last payload |
|
|
ID Type |
‘00000011’B |
NAI |
|
|
Identification Data |
Not checked |
||
|
NOTE 1: The order of Payloads/fields is not checked, unless explicitly specified. Additional Payloads/fields are ignored. |
|||
|
Condition |
Explanation |
|
IPv4 |
If the UE requests an IPv4 address |
|
IPv6 |
If the UE requests an IPv6 address |
|
NOTE: At least one of IPv4 and IPv6 shall be true. |
|
Table 11.8.5.3.3-2B: IKE_AUTH request (step 9, Table 11.8.5.3.2-1)
|
Derivation path: 36.508 table 4.7G-3 |
|||
|
Information Element |
Value/remark |
Comment |
Condition |
|
IKE Header |
|||
|
Next Payload |
‘00110000’B |
EAP |
|
|
Exchange Type |
‘00100011’B |
IKE_AUTH |
|
|
Extensible Authentication Payload |
|||
|
Next Payload |
‘00000000’B |
No Next Payload if EAP is the last payload |
|
|
Code |
‘00000010’B |
Response |
|
|
Identifier |
Not checked |
||
|
Type |
Not checked |
||
|
Type_Data |
Not checked |
||
|
NOTE 1: The order of Payloads/fields is not checked, unless explicitly specified. Additional Payloads/fields are ignored. |
|||
Table 11.8.5.3.3-3: IKE_AUTH request (step 11, Table 11.8.5.3.2-1)
|
Derivation path: 36.508 table 4.7G-3 |
|||
|
Information Element |
Value/remark |
Comment |
Condition |
|
IKE Header |
|||
|
Next Payload |
‘00101111’B |
AUTH |
|
|
Exchange Type |
‘00100011’B |
IKE_AUTH |
|
|
Authentication Payload |
|||
|
Next Payload |
‘00000000’B |
No Next Payload if AUTH is the last payload |
|
|
Authentication Method |
Not checked |
||
|
Authentication Data |
Not checked |
||
|
NOTE 1: The order of Payloads/fields is not checked, unless explicitly specified. Additional Payloads/fields are ignored. |
|||
Table11.8.5.3.3-4: IKE_AUTH response (step 12, Table 11.8.5.3.2-1)
|
Derivation path: 36.508 table 4.7G-4 |
|||
|
Information Element |
Value/remark |
Comment |
Condition |
|
IKE Header |
|||
|
Next Payload |
‘00101111’B |
CP |
|
|
Exchange Type |
‘00100011’B |
IKE_AUTH |
|
|
Configuration Payload |
|||
|
Next Payload |
Set by the SS |
||
|
CFG Type |
‘00000010’B |
CFG_REPLY |
|
|
Attribute Type |
‘00000001’B |
INTERNAL_IP4_ADDRESS |
IPv4 |
|
IPv4 Address |
Previously allocated IPv4 address in cellular network |
IPv4 |
|
|
Attribute Type |
‘00001000’B |
INTERNAL_IP6_ADDRESS |
IPv6 |
|
IPv6 Address |
Previously allocated IPv6 address in cellular network |
IPv6 |
|
|
Attribute Type |
‘00010100’B |
P_CSCF_IP4_ADDRESS |
|
|
IPv4 Address |
Set by the SS |
||
|
Attribute Type |
‘00010101’B |
P_CSCF_IP6_ADDRESS |
|
|
IPv6 Address |
Set by the SS |
||
|
Condition |
Explanation |
|
IPv4 |
If the UE requested an IPv4 address |
|
IPv6 |
If the UE requested an IPv6 address |