My 3GPP 23.501 Notes

From Got Opinion Wiki
Jump to navigation Jump to search

My 3GPP 23.501 Notes

Definition and abbreviations

See My 3GPP definition notes for definitions

See My 3GPP abbreviation notes for abbreviations

§ 4.2.1 General

23.501 describes the architecture for the 5G System. The 5G architecture is defined as service-based and the interaction between network functions is represented in two ways.

  • A service-based representation, where network functions (e.g. AMF) within the Control Plane enables other authorized network functions to access their services. This representation also includes point-to-point reference points where necessary.
  • A reference point representation, shows the interaction exist between the NF services in the network functions described by point-to-point reference point (e.g. N11) between any two network functions (e.g. AMF and SMF).

Service-based interfaces are listed in clause 4.2.6. Reference points are listed in clause 4.2.7.

Network functions within the 5GC Control Plane shall only use service-based interfaces for their interactions.

NOTE 1: The interactions between NF services within one NF are not specified in this Release of the specification.
NOTE 2: UPF does not provide any services in this Release of the specification, but can consume services provided by 5GC Control Plane NFs.

NFs and NF services can communicate directly, referred to as Direct Communication, or indirectly via the Service Communication Proxy (SCP), referred to as Indirect Communication. For more information on communication options, see Annex E and clauses under 6.3.1 and 7.1.2.

In addition to the architecture descriptions in clause 4, the following areas are further described in other specifications:

  • NG-RAN architecture is described in TS 38.300 and TS 38.401.
  • Security architecture is described in TS 33.501 and TS 33.535.
  • Charging architecture is described in TS 32.240.
  • 5G Media streaming architecture is described in TS 26.501.
NOTE 3: The NFs listed in clause 4.2.2 are described in the following clauses or in the specifications above.


§ 4.2.2 Network Functions and entities

The 5G System architecture consists of the following network functions (NF):

  • Authentication Server Function (AUSF).
  • Access and Mobility Management Function (AMF).
  • Data Network (DN), e.g. operator services, Internet access or 3rd party services.
  • Unstructured Data Storage Function (UDSF).
  • Network Exposure Function (NEF).
  • Network Repository Function (NRF).
  • Network Slice Admission Control Function (NSACF).
  • Network Slice-specific and SNPN Authentication and Authorization Function (NSSAAF).
  • Network Slice Selection Function (NSSF).
  • Policy Control Function (PCF).
  • Session Management Function (SMF).
  • Unified Data Management (UDM).
  • Unified Data Repository (UDR).
  • User Plane Function (UPF).
  • UE radio Capability Management Function (UCMF).
  • Application Function (AF).
  • User Equipment (UE).
  • (Radio) Access Network ((R)AN).
  • 5G-Equipment Identity Register (5G-EIR).
  • Network Data Analytics Function (NWDAF).
  • CHarging Function (CHF).
  • Time Sensitive Networking AF (TSN AF).
  • Time Sensitive Communication and Time Synchronization Function (TSCTSF).
  • Data Collection Coordination Function (DCCF).
  • Analytics Data Repository Function (ADRF).
  • Messaging Framework Adaptor Function (MFAF).
  • Non-Seamless WLAN Offload Function (NSWOF).
NOTE: The functionalities provided by DCCF and/or ADRF can also be hosted by an NWDAF.
  • Edge Application Server Discovery Function (EASDF).

The 5G System architecture also comprises the following network entities:

  • Service Communication Proxy (SCP).
  • Security Edge Protection Proxy (SEPP).

The functional descriptions of these Network Functions and entities are specified in clause 6.

  • Non-3GPP InterWorking Function (N3IWF).
  • Trusted Non-3GPP Gateway Function (TNGF).
  • Wireline Access Gateway Function (W-AGF).
  • Trusted WLAN Interworking Function (TWIF).

§ 4.2.3 Non-roaming reference architecture

See spec for diagrams and details.

§ 4.2.6 Service-based interfaces

See spec for full list. The 5G System Architecture contains the following service-based interfaces that are of interest to me:

Service-based interfaces
Reference Exhibited by Notes
Namf AMF
Nsmf SMF
Nudm UDM

§ 4.2.7 Reference Points

The 5G System Architecture reference points:

Reference Points
Reference Endpoints Notes
N1 UE and AMF
N2 (R)AN and AMF
N3 (R)AN and UPF
N4 SMF and UPF
N6 UPF and Data Network
N9 UPF and UPF

The following reference points are of interest to me and show the interactions that exist between the NF services in the NFs. See spec for full list of reference points. These reference points are realized by corresponding NF service-based interfaces and by specifying the identified consumer and producer NF service as well as their interaction in order to realize a particular system procedure.

Reference Points
Reference Endpoints Notes
N8 UDM and AMF
N10 UDM and SMF
N11 AMF and SMF
N12 AMF and AUSF
N14 AMF and AMF

§ 4.2.8 Support for non-3GPP access

4.2.8.0 General

The following types of non-3GPP access networks are defined (as of V17.5.0):

  • Untrusted non-3GPP access networks;
  • Trusted non-3GPP access networks; and
  • Wireline access networks.

The architecture to support Untrusted and Trusted non-3GPP access networks is defined in clause 4.2.8.2. The architecture to support Wireline access networks is defined in clause 4.2.8.2.4 and in TS 23.316.

4.2.8.1 General Concepts to Support Trusted and Untrusted Non-3GPP Access

The 5G Core Network supports connectivity of UEs via non-3GPP access networks, e.g. WLAN access networks.

Only the support of non-3GPP access networks deployed outside the NG-RAN is described in this clause.

The 5G Core Network supports both untrusted non-3GPP access networks and trusted non-3GPP access networks (TNANs).

An untrusted non-3GPP access network shall be connected to the 5G Core Network via a Non-3GPP InterWorking Function (N3IWF), whereas a trusted non-3GPP access network shall be connected to the 5G Core Network via a Trusted Non-3GPP Gateway Function (TNGF). Both the N3IWF and the TNGF interface with the 5G Core Network Control Plane (CP) and User Plane (UP) functions via the N2 and N3 interfaces, respectively.

A non-3GPP access network may advertise the PLMNs for which it supports trusted connectivity and the type of supported trusted connectivity (e.g. "5G connectivity"). Therefore, the UEs can discover the non-3GPP access networks that can provide trusted connectivity to one or more PLMNs. This is further specified in clause 6.3.12 (Trusted Non-3GPP Access Network selection).

The UE decides to use trusted or untrusted non-3GPP access for connecting to a 5G PLMN by using procedures not specified in this document. Examples of such procedures are defined in clause 6.3.12.1.

When the UE decides to use untrusted non-3GPP access to connect to a 5G Core Network in a PLMN:

  • the UE first selects and connects with a non-3GPP access network; and then
  • the UE selects a PLMN and an N3IWF in this PLMN. The PLMN/N3IWF selection and the non-3GPP access network selection are independent. The N3IWF selection is defined in clause 6.3.6.

When the UE decides to use trusted non-3GPP access to connect to a 5G Core Network in a PLMN:

  • the UE first selects a PLMN; and then
  • the UE selects a non-3GPP access network (a TNAN) that supports trusted connectivity to the selected PLMN. In this case, the non-3GPP access network selection is affected by the PLMN selection.

A UE that accesses the 5G Core Network over a non-3GPP access shall, after UE registration, support NAS signalling with 5G Core Network control-plane functions using the N1 reference point.

When a UE is connected via a NG-RAN and via a non-3GPP access, multiple N1 instances shall exist for the UE i.e. there shall be one N1 instance over NG-RAN and one N1 instance over non-3GPP access.

A UE simultaneously connected to the same 5G Core Network of a PLMN over a 3GPP access and a non-3GPP access shall be served by a single AMF in this 5G Core Network.

When a UE is connected to a 3GPP access of a PLMN, if the UE selects a N3IWF and the N3IWF is located in a PLMN different from the PLMN of the 3GPP access, e.g. in a different VPLMN or in the HPLMN, the UE is served separately by the two PLMNs. The UE is registered with two separate AMFs. PDU Sessions over the 3GPP access are served by V-SMFs different from the V-SMF serving the PDU Sessions over the non-3GPP access. The same can be true when the UE uses trusted non-3GPP access, i.e. the UE may select one PLMN for 3GPP access and a different PLMN for trusted non-3GPP access.

NOTE: The registrations with different PLMNs over different Access Types doesn't apply to UE registered for Disaster Roaming service as described in the clause 5.40.

The PLMN selection for the 3GPP access does not depend on the PLMN that is used for non-3GPP access. In other words, if a UE is registered with a PLMN over a non-3GPP access, the UE performs PLMN selection for the 3GPP access independently of this PLMN.

A UE shall establish an IPsec tunnel with the N3IWF or with the TNGF in order to register with the 5G Core Network over non-3GPP access. Further details about the UE registration to 5G Core Network over untrusted non-3GPP access and over trusted non-3GPP access are described in clause 4.12.2 and in clause 4.12.2a of TS 23.502, respectively.

It shall be possible to maintain the UE NAS signalling connection with the AMF over the non-3GPP access after all the PDU Sessions for the UE over that access have been released or handed over to 3GPP access.

N1 NAS signalling over non-3GPP accesses shall be protected with the same security mechanism applied for N1 over a 3GPP access.

User plane QoS differentiation between UE and N3IWF is supported as described in clause 5.7 and clause 4.12.5 of TS 23.502. QoS differentiation between UE and TNGF is supported as described in clause 5.7 and clause 4.12a.5 of TS 23.502.

4.3 Interworking with EPC

4.3.1 Non-roaming architecture

See figure 4.3.1-1 in specification, it represents the non-roaming architecture for interworking between 5GS and EPC/E-UTRAN.

N26 interface is an inter-CN interface between the MME and 5GS AMF in order to enable interworking between EPC and the NG core. Support of N26 interface in the network is optional for interworking. N26 supports subset of the functionalities (essential for interworking) that are supported over S10.

4.3.2 Roaming architecture

See figure 4.3.2-1 in specification, it represents the Roaming architecture with local breakout and Figure 4.3.2-2 represents the Roaming architecture with home-routed traffic for interworking between 5GS and EPC/E-UTRAN.

4.3.3 Interworking between 5GC via non-3GPP access and E-UTRAN connected to EPC

4.3.4 Interworking between ePDG connected to EPC and 5GS

4.3.5 Service Exposure in Interworking Scenarios

§ 5.2.1 General

Network access is the means for user to connect to 5G Core Network (CN). Network access control comprises the following functionality:

  • Network selection,
  • Identification and authentication,
  • Authorization,
  • Access control and barring,
  • Policy control,
  • Lawful Interception.

§ 5.2.2 Network Selection

To determine which PLMN to attempt registration, UE performs network selection. The network selection procedure comprises two main parts, PLMN selection and access network (AN) selection. The requirements for PLMN selection are specified in TS 22.011 § 3.2 and the procedures are in TS 23.122. The access network (AN) selection part for the 3GPP access networks is specified in TS 36.300 for E-UTRAN and in TS 38.300 for the NR. The network selection for Disaster Roaming is described in TS 23.122 and TS 24.501.

§ 5.2.3 Identification and authentication

The network may authenticate the UE during any procedure establishing a NAS signalling connection with the UE. The security architecture is specified in TS 33.501. The network may optionally perform an PEI check with 5G-EIR.

§ 5.2.4 Authorization

The authorization for connectivity of the subscriber to the 5GC and the authorization for the services that the user is allowed to access based on subscription (e.g. Operator Determined Barring, Roaming restrictions, Access Type and RAT Type currently in use) is evaluated once the user is successfully identified and authenticated. This authorization is executed during UE Registration procedure.

§ 5.2.5 Access control and barring see spec

§ 5.2.6 Policy control

Network access control including service authorization may be influenced by Policy control, as specified in clause 5.14.

§ 5.2.7 Lawful Interception

For definition and functionality of Lawful Interception, see TS 33.126.

5.3 Registration and Connection Management

5.3.1 General

The Registration Management is used to register or deregister a UE/user with the network (via AMF), and establish the user context in the network. The Connection Management is used to establish and release the signalling connection between the UE and the AMF.

5.3.2 Registration Management

5.3.2.1 General

A UE/user needs to register with the network to receive services that requires registration. Once registered and if applicable the UE updates its registration with the network (see TS 23.502):

  • periodically, in order to remain reachable (Periodic Registration Update); or
  • upon mobility (Mobility Registration Update); or
  • to update its capabilities or re-negotiate protocol parameters (Mobility Registration Update).

The Initial Registration procedure involves execution of Network Access Control functions as defined in clause 5.2 (i.e. user authentication and access authorization based on subscription profiles in UDM). As result of the Registration procedure, the identifier of the serving AMF serving the UE in the access through which the UE has registered will be registered in UDM.

The registration management procedures are applicable over both 3GPP access and Non-3GPP access. The 3GPP and Non-3GPP RM states are independent of each other, see clause 5.3.2.4.

5.3.2.2 5GS Registration Management states

5.3.2.2.1 General

Two RM states are used in the UE and the AMF that reflect the registration status of the UE in the selected PLMN:

  • RM-DEREGISTERED.
  • RM-REGISTERED.
5.3.2.2.2 RM-DEREGISTERED state

In the RM DEREGISTERED state, the UE is not registered with the network. The UE context in AMF holds no valid location or routing information for the UE so the UE is not reachable by the AMF. However, some parts of UE context may still be stored in the UE and the AMF e.g. to avoid running an authentication procedure during every Registration procedure.

In the RM-DEREGISTERED state, the UE shall:

  • attempt to register with the selected PLMN using the Initial Registration procedure if it needs to receive service that requires registration (see clause 4.2.2.2 of TS 23.502).
  • remain in RM-DEREGISTERED state if receiving a Registration Reject upon Initial Registration (see clause 4.2.2.2 of TS 23.502).
  • enter RM-REGISTERED state upon receiving a Registration Accept (see clause 4.2.2.2 of TS 23.502).

When the UE RM state in the AMF is RM-DEREGISTERED, the AMF shall:

  • when applicable, accept the Initial Registration of a UE by sending a Registration Accept to this UE and enter RM-REGISTERED state for the UE (see clause 4.2.2.2 of TS 23.502); or
  • when applicable, reject the Initial Registration of a UE by sending a Registration Reject to this UE (see clause 4.2.2.2 of TS 23.502).
5.3.2.2.3 RM-REGISTERED state

In the RM REGISTERED state, the UE is registered with the network. In the RM-REGISTERED state, the UE can receive services that require registration with the network.

In the RM-REGISTERED state, the UE shall:

  • perform Mobility Registration Update procedure if the current TAI of the serving cell (see TS 37.340 [31]) is not in the list of TAIs that the UE has received from the network in order to maintain the registration and enable the AMF to page the UE;
NOTE: Additional considerations for Mobility Registration Update in case of NR satellite access are provided in clause 5.4.11.6.
  • perform Periodic Registration Update procedure triggered by expiration of the periodic update timer to notify the network that the UE is still active.
  • perform a Mobility Registration Update procedure to update its capability information or to re-negotiate protocol parameters with the network;
  • perform Deregistration procedure (see clause 4.2.2.3.1 of TS 23.502), and enter RM-DEREGISTERED state, when the UE needs to be no longer registered with the PLMN. The UE may decide to deregister from the network at any time.
  • enter RM-DEREGISTERED state when receiving a Registration Reject message or a Deregistration message. The actions of the UE depend upon the cause value' in the Registration Reject or Deregistration message. See clause 4.2.2 of TS 23.502.

When the UE RM state in the AMF is RM-REGISTERED, the AMF shall:

  • perform Deregistration procedure (see clauses 4.2.2.3.2, 4.2.2.3.3 of TS 23.502), and enter RM-DEREGISTERED state for the UE, when the UE needs to be no longer registered with the PLMN. The network may decide to deregister the UE at any time;
  • perform Implicit Deregistration at any time after the Implicit Deregistration timer expires. The AMF shall enter RM-DEREGISTERED state for the UE after Implicit Deregistration;
  • when applicable, accept or reject Registration Requests or Service Requests from the UE.

5.3.3 Connection Management

5.3.3.1 General

Connection management comprises the functions of establishing and releasing a NAS signalling connection between a UE and the AMF over N1. This NAS signalling connection is used to enable NAS signalling exchange between the UE and the core network. It comprises both the AN signalling connection between the UE and the AN (RRC Connection over 3GPP access or UE-N3IWF connection over untrusted N3GPP access or UE-TNGF connection over trusted N3GPP access) and the N2 connection for this UE between the AN and the AMF.

5.3.3.2 5GS Connection Management states

5.3.3.2.1 General

Two CM states are used to reflect the NAS signalling Connection of the UE with the AMF:

  • CM-IDLE
  • CM-CONNECTED

The CM state for 3GPP access and Non-3GPP access are independent of each other, i.e. one can be in CM-IDLE state at the same time when the other is in CM-CONNECTED state.

§ 5.4.7 NG-RAN location reporting

NG-RAN supports the NG-RAN location reporting for the services that require accurate cell identification (e.g. emergency services, lawful intercept, charging) or for the UE mobility event notification service subscribed to the AMF by other NFs. The NG-RAN location reporting may be used by the AMF when the target UE is in CM-CONNECTED state. The NG-RAN location reporting may be used by the AMF to determine the geographically located TAI in the case of NR satellite access.

The AMF may request the NG-RAN location reporting with event reporting type (e.g. UE location or UE presence in Area of Interest), reporting mode and its related parameters (e.g. number of reporting).

If the AMF requests UE location, the NG-RAN reports the current UE location (or last known UE location with time stamp if the UE is in RRC Inactive state) based on the requested reporting parameter (e.g. one-time reporting or continuous reporting).

If the AMF requests UE location, in the case of NR satellite access, the NG-RAN provides all broadcast TAIs to the AMF as part of the ULI. The NG-RAN also reports the TAI where the UE is geographically located if this TAI can be determined.

If the AMF requests UE presence in the Area Of Interest, the NG-RAN reports the UE location and the indication (i.e. IN, OUT or UNKNOWN) when the NG-RAN determines the change of UE presence in Area Of Interest. After N2 based Handover, if the NG-RAN location reporting information is required, the AMF shall re-request the NG-RAN location reporting to the target NG-RAN node. For Xn based Handover, the source NG-RAN shall transfer the requested NG-RAN location reporting information to target NG-RAN node.

The AMF requests the location information of the UE either through independent N2 procedure (i.e. NG-RAN location reporting as specified in clause 4.10 of TS 23.502), or by including the request in some specific N2 messages as specified in TS 38.413.

5.5 Non-3GPP access specific aspects

5.5.0 General

This clause describe the specific aspects for untrusted non-3GPP access, trusted non-3GPP access and W-5GAN access.

5.5.1 Registration Management

This clause applies to Non-3GPP access network corresponding to the Untrusted Non-3GPP access network, to the Trusted Non-3GPP access network and to the W-5GAN (Wireline 5G Access Network). In the case of W-5GAN the UE mentioned in this clause corresponds to 5G-RG (5G Residential Gateway) or to the W-AGF (Wireline Access Gateway Function) in the case of FN-RG (Fixed Network Residential Gateway). In the case of N5CW (Non-5G-Capable over WLAN) devices access 5GC (5G Core Network) via trusted WLAN access networks, the UE mentioned in this clause corresponds to TWIF (Trusted WLAN Interworking Function).

5.9 Identifiers

5.9.1 General

Each subscriber in the 5G System shall be allocated one 5G Subscription Permanent Identifier (SUPI) for use within the 3GPP system. The 5G System supports identification of subscriptions independently of identification of the user equipment. Each UE accessing the 5G System shall be assigned a Permanent Equipment Identifier (PEI).

The 5G System supports allocation of a temporary identifier (5G-GUTI) in order to support user confidentiality protection.

5.9.2 Subscription Permanent Identifier (SUPI)

A globally unique 5G Subscription Permanent Identifier (SUPI) shall be allocated to each subscriber in the 5G System and provisioned in the UDM/UDR. The SUPI is used only inside 3GPP system, and its privacy is specified in TS 33.501.

See spec for details.

5.9.2a Subscription Concealed Identifier (SUCI)

The Subscription Concealed Identifier (SUCI) is a privacy preserving identifier containing the concealed SUPI. It is specified in TS 33.501.

The usage of SUCI for W-5GAN access is further specified in TS 23.316.

5.9.3 Permanent Equipment Identifier (PEI)

A Permanent Equipment Identifier (PEI) is defined for the 3GPP UE accessing the 5G System.

The PEI can assume different formats for different UE types and use cases. The UE shall present the PEI to the network together with an indication of the PEI format being used.

If the UE supports at least one 3GPP access technology (i.e. NG-RAN, E-UTRAN, UTRAN or GERAN), the UE must be allocated a PEI in the IMEI or IMEISV format.

See spec for details.

5.9.4 5G Globally Unique Temporary Identifier

The AMF shall allocate a 5G Globally Unique Temporary Identifier (5G-GUTI) to the UE that is common to both 3GPP and non-3GPP access. It shall be possible to use the same 5G-GUTI for accessing 3GPP access and non-3GPP access security context within the AMF for the given UE. An AMF may re-assign a new 5G-GUTI to the UE at any time. The AMF provides a new 5G-GUTI to the UE under the conditions specified in clause 6.12.3 of TS 33.501. When the UE is in CM-IDLE, the AMF may delay providing the UE with a new 5G-GUTI until the next NAS transaction.

The 5G-GUTI shall be structured as:

<5G-GUTI> := <GUAMI> <5G-TMSI>

where GUAMI identifies one or more AMF(s).

7.2 Network Function Services

7.2.2 AMF Services

NF Services provided by AMF
Service Name Description Reference in TS 23.502 or indicated other TS
Namf_Communication Enables an NF consumer to communicate with the UE and/or the AN through the AMF. This service enables SMF to request EBI allocation to support interworking with EPS. This service also supports PWS functionality as described in TS 23.041. 5.2.2.2
Namf_EventExposure Enables other NF consumers to subscribe or get notified of the mobility related events and statistics. 5.2.2.3
Namf_MT Enables an NF consumer to make sure UE is reachable. 5.2.2.4
Namf_Location Enables an NF consumer to request location information for a target UE. 5.2.2.5
Namf_MBSBroadcast Enables the NF consumer to communicate with the NG-RAN for broadcast communication. TS 23.247
Namf_MBSCommunication Enables NF consumer to communicate with the NG-RAN for multicast communication. TS 23.247
To Telecommunications Info