1 – the registration of the mobile;
2 – the access control and the management of mobility on both the NG-RAN and Wi-Fi network access (non-3GPP access);
3 – network slicing.
The mobile and the AMF exchange data using the NAS (Non-Access Stratum) protocol.
The registration function allows the attachment of the mobile, the detachment of the mobile and the update of its location.
During the attachment, the AMF records the TAI (Tracking Area Identity) location and private identity of the mobile and assigns a 5G-GUTI (5G Globally Unique Temporary Identifier) to the mobile.
5G-GUTI replaces the encrypted private identifier SUCI (Subscription Concealed Identifier) and the private identifier SUPI (Subscription Private Identifier).
Once the attachment procedure is completed, the AMF selects the SMF, according to the DNN (Data Network Name) and the network slice indicator NSSAI (Network Slice Selection Assistance Information).
A load balancing procedure is applied when different SMF can be selected.
The DNN is either communicated by the mobile to the AMF during attachment, or retrieved from the subscriber’s profile from the UDR (Unified Data Repository).
The AMF manages a list of TAIs allocated to mobiles, in which the mobile, in the standby state, can move without contacting the AMF to update its location.
The AMF manages the addition and removal of the TNL (Transport Network Layer) association with the entities of the NG-RAN node. In the event of a handover, the source AMF will release the TNL association with the source NG-RAN node and redirect the TNL association to the target NG-RAN node.
1.2.3. SMF (Session Management Function)
The SMF (Session Management Function) is responsible for creating, updating and removing PDU (Protocol Data Unit) sessions and managing session context with the UPF (User Plane Function). The SMF injects routing rules to the selected UPFs.
A routing rule corresponds to an entry in the context table of the UPF. This context table contains four fields:
1 – a correspondence field (PDR (Packet Detection Rule));
2 – a routing field NH (next hop: IP address, tunnel number TEID (Tunnel End Identifier) or SR (Segment Routing)) to find the next node;
3 – the quality of service to be applied to the flow (QER (QoS Enhancement Rules));
4 – the measurement reports to be applied to the flow (URR (Usage Reporting Rules)).
The SMF is responsible for the session management for each DNN and by network slice (S-NSSAI), based on the user profile stored at the UDR.
When requesting a session to be established, the SMF selects a UPF or queries the NRF (Network Repository Function) to obtain the address of the UPF.
The SMF grants an IPv4 or IPv6 address to the mobile. An IP address is provided for each PDU session, based on the address range of the PSA (PDU Session Anchor) selected to join the IP data network. The address range is obtained by either directly querying the selected UPF or by querying the NRF. If the assigned IPv4 address is a private address, the UPF entity performs NAPT (Network Address and Port Translation) in order to translate the IP address and TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) port numbers.
At the end of the IP session, when the mobile enters the standby state, the SMF releases the session by removing the context at the UPF.
In the event of incoming packets, if the mobile is in the idle state, the SMF sends a notification to the AMF (Downlink Data Notification).
1.2.4. UPF (User Plane Function)
The UPF (User Plane Function) manages the routing of user traffic and implements traffic filtering functions.
The PSA UPF is the traffic gateway connecting the 5GC network to the DN (Data Network). The PSA constitutes the anchor point for inter-UPF mobility.
The UPF is the anchor point for traffic when the mobile is moving from one NG-RAN node to another.
The UPF measures the quantity of data consumed for each UE.
The UPF can also implement traffic optimization functions and NAT (Network Address Translation), either from a private IPv4 address to a public IPv4 address, or from an IPv4 address to an IPv6 address and vice versa.
When the UPF receives data from the DN:
1 – in the absence of a routing context concerning the incoming flow, the UPF informs the SMF. The UPF either stores the data or transmits it to the SMF;
2 – in the presence of a routing context stored at the UPF level concerning the incoming flow, the flow is either transmitted to an NG-RAN node or to another UPF.
The UPF implements traffic routing rules by configuring the DSCP field of the IP based on the QFI. The QFI is defined by QoS rules which are injected by the SMF to the UPF when establishment of a session is requested. For each incoming piece of data, the UPF performs a traffic inspection (DPI (Deep Packet Inspection)) and classifies the packets into IP flow groups according to the SDF (Service Data Flow) service templates.
The UPF is a branch point supporting the multi-homing function.
The UPF performs replications of the mobile traffic data within the framework of lawful interception.
1.3. Functional separation between the NG-RAN radio interface and the 5G core network
The AMF is in charge of managing the 5G core network and services. It authenticates and registers each mobile and manages their mobility. Once registered, the AMF authorizes services according to the user’s profile.
Figure 1.7 summarizes the functions managed on the NG-RAN and on the 5GC.
Figure 1.7. The functional separation between NG-RAN and 5GC
1.3.1. Mobile identities
1.3.1.1. The identity of the mobile at the level of the AMF
Registration procedure occurs when the mobile switches on. If authentication succeeds, the state of the mobile changes from the RM-DEREGISTERED state to the RM-REGISTERED state and a user context (UE Context) is created on the AMF.
During the registration procedure, the AMF registers the IMSI (International Mobile Subscriber Identity) from its private identifier SUPI or private and hidden identifier SUCI.
The SUPI and SUCI identifiers allow the core network to identify the subscription associated with the mobile. The identifier format matches with the description of the NAI (Network Access Identifier) in order to be compatible with the DNS (Domain Name Server) servers by respecting the RFC7542 specification.
The SUPI identifier consists of two fields: the type of SUPI identifier (IMSI Identifier (International Mobile Subscriber Identity) or an identifier specific to the operator network) and the IMSI identity value or specific NAI value.
The SUCI identifier is made up of six fields defined as follows (Figure 1.8):
type <supi type>.hni <home network identifier>.rid <routing indicator>.schid