ETSI TS 129 561 V15.3.0 (2019-10)

TECHNICAL SPECIFICATION
5G;
5G System;
Interworking between 5G Network and external Data Networks;
Stage 3
(3GPP TS 29.561 version 15.3.0 Release 15)

3GPP TS 29.561 version 15.3.0 Release 15 1 ETSI TS 129 561 V15.3.0 (2019-10)

Reference
RTS/TSGC-0329561vf30
Keywords
5G
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2019.
All rights reserved.
DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.

3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and
of the oneM2M Partners. ®
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI
3GPP TS 29.561 version 15.3.0 Release 15 2 ETSI TS 129 561 V15.3.0 (2019-10)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Legal Notice
This Technical Specification (TS) has been produced by ETSI 3rd Generation Partnership Project (3GPP).
The present document may refer to technical specifications or reports using their 3GPP identities. These shall be
interpreted as being references to the corresponding ETSI deliverables.
The cross reference between 3GPP and ETSI identities can be found under http://webapp.etsi.org/key/queryform.asp.
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
ETSI
3GPP TS 29.561 version 15.3.0 Release 15 3 ETSI TS 129 561 V15.3.0 (2019-10)
Contents
Intellectual Property Rights . 2
Legal Notice . 2
Modal verbs terminology . 2
Foreword . 5
1 Scope . 6
2 References . 6
3 Definitions and abbreviations . 7
3.1 Definitions . 7
3.2 Abbreviations . 8
4 Network Characteristics . 8
4.1 Key characteristics of PLMN . 8
4.2 Key characteristics of IP Networks . 8
4.3 Key characteristics of Ethernet . 8
5 Interworking Classifications. 8
5.1 Service Interworking . 8
5.2 Network Interworking . 8
6 Reference Architecture . 9
7 Interface to 5G Network services (User Plane) . 9
8 Interworking with DN (IP) . 9
8.1 General . 9
8.2 DN Interworking Model . 9
8.2.1 General . 9
8.2.2 Access to DN through 5G Network . 10
8.2.2.1 Transparent access to DN . 10
8.2.2.2 IPv4 Non-transparent access to DN . 11
8.2.2.3 IPv6 Non-transparent access to DN . 12
9 Interworking with DN (Unstructured) . 13
9.1 General . 13
9.2 N6 PtP tunnelling based on UDP/IP . 13
9.3 Other N6 tunnelling mechanism . 15
10 Interworking with DN (DHCP) . 15
10.1 General . 15
10.2 DN interworking Model of SMF for DHCP . 15
10.2.1 Introduction. 15
10.2.2 IPv4 Address allocation and IPv4 parameter configuration via DHCPv4 . 16
10.2.3 IPv6 Prefix allocation via IPv6 stateless address autoconfiguration via DHCPv6 . 17
10.2.4 IPv6 parameter configuration via stateless DHCPv6 . 19
11 Interworking with DN (RADIUS) . . 19
11.1 RADIUS procedures. 19
11.1.1 RADIUS Authentication and Authorization . 19
11.1.2 RADIUS Accounting . 20
11.2 Message flows on N6 interface . 21
11.2.1 Authentication, Authorization and Accounting procedures . 21
11.2.2 Accounting Update . 23
11.2.3 DN-AAA initiated QoS flow termination . 24
11.2.4 DN-AAA initiated re-authorization . 25
11.3 List of RADIUS attributes . 25
11.3.1 General . 25
11.3.2 Change-of-Authorization Request (optionally sent from DN-AAA server to SMF) . 32
ETSI
3GPP TS 29.561 version 15.3.0 Release 15 4 ETSI TS 129 561 V15.3.0 (2019-10)
11.3.3 Access-Challenge (sent from DN-AAA server to SMF) . 33
12 Interworking with DN (Diameter) . 33
12.1 Diameter Procedures . 33
12.1.1 Diameter Authentication and Authorization . 33
12.1.2 Diameter Accounting . 34
12.2 Message flows on N6 interface . 35
12.2.1 Authentication, Authorization and Accounting procedures . 35
12.2.2 Accounting Update . 37
12.2.3 DN-AAA initiated QoS flow termination . 38
12.2.4 DN-AAA initiated re-authorization . 38
12.3 N6 specific AVPs . 39
12.4 N6 re-used AVPs . 39
12.4.0 General . 39
12.4.1 Use of the Supported-Features AVP on the N6 reference point . 42
12.5 N6 specific Experimental-Result-Code AVP . 43
12.6 N6 Diameter messages . 43
12.6.1 General . 43
12.6.2 DER Command . 44
12.6.3 DEA Command . 45
12.6.4 RAR Command . 46
12.6.5 RAA Command . 46
13 Interworking with IMS . 47
13.1 General . 47
13.2 IMS interworking Model . 47
13.2.1 Introduction. 47
13.2.2 IMS specific configuration in the SMF . 47
13.2.3 IMS specific procedures in the SMF . 48
13.2.3.1 Provisioning of Signalling Server Address . 48
13.2.3.2 Failure of Signalling Server Address . 48
14 Interworking with DN (Ethernet) . 48
Annex A (informative): Change history . 50
History . 51

ETSI
3GPP TS 29.561 version 15.3.0 Release 15 5 ETSI TS 129 561 V15.3.0 (2019-10)
Foreword
rd
This Technical Specification has been produced by the 3 Generation Partnership Project (3GPP).
The contents of the present document are subject to continuing work within the TSG and may change following formal
TSG approval. Should the TSG modify the contents of the present document, it will be re-released by the TSG with an
identifying change of release date and an increase in version number as follows:
Version x.y.z
where:
x the first digit:
1 presented to TSG for information;
2 presented to TSG for approval;
3 or greater indicates TSG approved document under change control.
y the second digit is incremented for all changes of substance, i.e. technical enhancements, corrections,
updates, etc.
z the third digit is incremented when editorial only changes have been incorporated in the document.
ETSI
3GPP TS 29.561 version 15.3.0 Release 15 6 ETSI TS 129 561 V15.3.0 (2019-10)
1 Scope
The present specification defines the stage 3 interworking procedures for 5G Network interworking between PLMN and
external DN.
The stage 2 requirements and procedures are contained in 3GPP TS 23.501 [2] and 3GPP TS 23.502 [3].
For interworking between 5G PLMN and external DNs, the present document is valid for both 3GPP accesses and non-
3GPP accesses.
2 References
The following documents contain provisions which, through reference in this text, constitute provisions of the present
document.
- References are either specific (identified by date of publication, edition number, version number, etc.) or
non-specific.
- For a specific reference, subsequent revisions do not apply.
- For a non-specific reference, the latest version applies. In the case of a reference to a 3GPP document (including
a GSM document), a non-specific reference implicitly refers to the latest version of that document in the same
Release as the present document.
[1] 3GPP TR 21.905: "Vocabulary for 3GPP Specifications".
[2] 3GPP TS 23.501: "System Architecture for the 5G System; Stage 2".
[3] 3GPP TS 23.502: "Procedures for the 5G System; Stage 2".
[4] 3GPP TS 29.281: "General Packet Radio System (GPRS) Tunnelling Protocol User Plane
(GTPv1-U)".
[5] 3GPP TS 29.061: "Interworking between the Public Land Mobile Network (PLMN) supporting
packet based services and Packet Data Networks (PDN)".
[6] IETF RFC 3748: "Extensible Authentication Protocol (EAP)".
[7] IETF RFC 3579: "RADIUS (Remote Authentication Dial In User Service) Support For Extensible
Authentication Protocol (EAP)".
[8] IETF RFC 2865: "Remote Authentication Dial In User Service (RADIUS)".
[9] IETF RFC 3162: "RADIUS and IPv6".
[10] IETF RFC 4818: "RADIUS Delegated-IPv6-Prefix Attribute".
[11] IETF RFC 5216: "The EAP-TLS Authentication Protocol".
[12] 3GPP TS 23.228: "IP Multimedia Subsystem (IMS); Stage 2".
[13] 3GPP TS 24.229: "IP Multimedia Call Control Protocol based on SIP and SDP; Stage 3".
[14] IETF RFC 2132: "DHCP Options and BOOTP Vendor Extensions".
[15] IETF RFC 3361: "Dynamic Host Configuration Protocol (DHCP-for-IPv4) Option for Session
Initiation Protocol (SIP) Servers".
[16] IETF RFC 3646: "DNS Configuration options for Dynamic Host Configuration Protocol for IPv6
(DHCPv6)".
[17] IETF RFC 3319: "Dynamic Host Configuration Protocol (DHCPv6) Options for Session Initiation
Protocol (SIP) Servers".
ETSI
3GPP TS 29.561 version 15.3.0 Release 15 7 ETSI TS 129 561 V15.3.0 (2019-10)
[18] IETF RFC 2131: "Dynamic Host Configuration Protocol".
[19] IETF RFC 1542: "Clarification and Extensions for the Bootstrap Protocol".
[20] IETF RFC 4039: "Rapid Commit Option for the Dynamic Host Configuration Protocol version 4
(DHCPv4)".
[21] IETF RFC 3315: "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)".
[22] IETF RFC 3736: "Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6".
[23] IETF RFC 7155: "Diameter Network Access Server Application".
[24] IETF RFC 6733: "Diameter Base Protocol".
[25] IETF RFC 4072: "Diameter Extensible Authentication Protocol (EAP) Application".
[26] IETF RFC 2866: "RADIUS Accounting".
[27] IETF RFC 5176: "Dynamic Authorization Extentions to Remote Authentication Dial In User
Service (RADIUS)".
[28] 3GPP TS 23.003: "Numbering, addressing and identification".
[29] IETF RFC 1825: "Security Architecture for the Internet Protocol".
[30] IETF RFC 1826: "IP Authentication Header".
[31] IETF RFC 1827: "IP Encapsulating Security Payload (ESP)".
[32] IETF RFC 4291: "IP Version 6 Addressing Architecture".
[33] IETF RFC 4861: "Neighbor Discovery for IP Version 6 (IPv6)".
[34] IETF RFC 4862: "IPv6 Stateless Address Autoconfiguration".
[35] IETF RFC 1027: "Using ARP to Implement Transparent Subnet Gateways".
[36] 802.3-2015 - IEEE Standard for Ethernet.
[37] IETF RFC 5281: "Extensible Authentication Protocol Tunneled Transport Layer Security
Authenticated Protocol Version 0 (EAP-TTLSv0)".
[38] 3GPP TS 23.380: "IMS Restoration Procedures".
[39] 3GPP TS 29.571: "5G System; Common Data Types for Service Based Interfaces; Stage 3".
[40] 3GPP TS 29.502: "5G System; Session Management Services; Stage 3".
[41] 3GPP TS 29.229: "Cx and Dx interfaces based on Diameter protocol; Protocol details".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the terms and definitions given in 3GPP TR 21.905 [1] and the following
apply. A term defined in the present document takes precedence over the definition of the same term, if any, in
3GPP TR 21.905 [1].
ETSI
3GPP TS 29.561 version 15.3.0 Release 15 8 ETSI TS 129 561 V15.3.0 (2019-10)
3.2 Abbreviations
For the purposes of the present document, the abbreviations given in 3GPP TR 21.905 [1] and the following apply. An
abbreviation defined in the present document takes precedence over the definition of the same abbreviation, if any, in
3GPP TR 21.905 [1].
CSMA/CD Carrier Sense Multiple Access/Collision Detection
DHCPv4 Dynamic Host Configuration Protocol version 4
DHCPv6 Dynamic Host Configuration Protocol version 6
DN Data Network
GPSI Generic Public Subscription Identifier
N3IWF Non-3GPP InterWorking Function
PtP Point-to-Point
SFD Start Frame Delimiter
SMF Session Management Function
SSC Session and Service Continuity
UPF User Plane Function
WAN Wide Area Network
4 Network Characteristics
4.1 Key characteristics of PLMN
The PLMN is fully defined in the 3GPP technical specifications. The 5G Network related key characteristics are
defined in 3GPP TS 23.501 [2].
4.2 Key characteristics of IP Networks
The Internet is a conglomeration of networks utilising a common set of protocols. IP protocols are defined in the
relevant IETF RFCs. The networks topologies may be based on LANs (e.g. Ethernet), Point to Point leased lines,
PSTN, ISDN, X.25 or WANs using switched technology (e.g. SMDS, ATM).
4.3 Key characteristics of Ethernet
The Ethernet is a family of computer networking technologies commonly used in LAN and is often used to refer to all
Carrier Sense Multiple Access/Collision Detection (CSMA/CD) LANs that generally conform to Ethernet
Specifications, including IEEE 802.3 [36]. The key characteristics for Ethernet are defined in IEEE 802.3 [36].
5 Interworking Classifications
5.1 Service Interworking
Service interworking is required when the Teleservice at the calling and called terminals are different. No service
interworking is specified in this specification.
5.2 Network Interworking
Network interworking is required whenever a PLMN is involved in communications with another network to provide
end-to-end communications. The PLMN shall interconnect in a manner consistent with that of a normal Data Network
(type defined by the requirements e.g. IP). Interworking appears exactly like that of Data Networks.
ETSI
3GPP TS 29.561 version 15.3.0 Release 15 9 ETSI TS 129 561 V15.3.0 (2019-10)
6 Reference Architecture
Figure 6-1 shows the access interfaces for the 5G Network. The 5G Network includes both the 3GPP access and the
non-3GPP access.
SMF
NG-RAN UPF Data Networks
UE
5G network
N6
Figure 6-1: Reference Architecture for 5G Network Interworking
7 Interface to 5G Network services (User Plane)
The user plane for 5G Network services is defined in subclause 8.3 of 3GPP TS 23.501 [2] and 3GPP TS 29.281 [4].
8 Interworking with DN (IP)
8.1 General
5GS shall support interworking with DNs based on the Internet Protocol (IP). These interworked networks may be
either intranets or the Internet.
8.2 DN Interworking Model
8.2.1 General
When interworking with the IP networks, the 5GS can operate IPv4 and/or IPv6. The interworking point is shown in
clause 6.
The UPF for interworking with the IP network is the 5GS access point (see figure 8.2.1-1).
ETSI
3GPP TS 29.561 version 15.3.0 Release 15 10 ETSI TS 129 561 V15.3.0 (2019-10)

UPF
N6
IP IP
L2
5G protocol layers
L1
Figure 8.2.1-1: The protocol stacks of UPF for the IP network interworking
Typically, in the IP networks, the interworking with subnetworks is done via IP routers. The N6 reference point is
between the UPF and the external IP network. From the external IP network's point of view, the UPF is seen as a
normal IP router. The L2 and L1 layers are operator specific.
It is out of the scope of the present document to standardise the router functions and the used protocols in the N6
reference point.
Interworking with user defined ISPs and private/public IP networks is subject to interconnect agreements between the
network operators.
8.2.2 Access to DN through 5G Network
8.2.2.1 Transparent access to DN

N6
5GS UPF
Operator
specific
External IP
DHCP
IP Firewall /
Network
Network Proxy
DNS
Figure 8.2.2.1-1: Example of the DN Interworking Model, transparent case
In figure 8.2.2.1-1, an example DN interworking model for transparent access to the Internet is provided for an UPF in
the 5GS and its N6 reference point.
In transparent access to the Internet case:
- the UE is given an IPv4 address and/or an IPv6 prefix belonging to the operator addressing space. The IPv4
address and/or IPv6 prefix is assigned either at subscription in which case it is a static address or at PDU session
establishment in which case it is a dynamic address. This IPv4 address and/or IPv6 prefix if applicable is used
for packet forwarding between the Internet and the UPF and within the 5GS. With IPv6, Stateless Address
Autoconfiguration shall be used to assign an IPv6 address to the UE. These procedures are as described in the
IPv6 non-transparent access case except that the addresses belong to the operator addressing space.
ETSI
3GPP TS 29.561 version 15.3.0 Release 15 11 ETSI TS 129 561 V15.3.0 (2019-10)
- the UE need not send any authentication request at PDU session establishment procedure and the SMF/UPF need
not take any part in the user authentication/authorization process.
The transparent case provides at least a basic ISP service. As a consequence of this it may therefore provide a QoS flow
service for a tunnel to a private Intranet. The user level configuration may be carried out between the UE and the
intranet, the 5GS is transparent to this procedure. The used protocol stack is depicted in figure 8.2.2.1-2.
In tran et In tra n e t
p rotoc o l pro toc ol
IP  IP  IP  IP
L2/L1  L2/L1
5G proto c ol lay ers
UE UPF Intranet
Figure 8.2.2.1-2: Transparent access to an Intranet
The communication between the PLMN and the Intranet may be performed over any network, even an insecure network
e.g. the Internet. There is no specific security protocol between the UPF and the Intranet because security is ensured on
an end to end basis between the UE and the intranet by the "Intranet Protocol".
User authentication and encryption of user data are done within the "Intranet Protocol" if either of them is needed. This
"Intranet Protocol" may also carry private (IP) addresses belonging to the address space of the Intranet.
An example of an "Intranet Protocol" is IPsec (see IETF RFC 1825 [29]). If IPsec is used for this purpose, then IPsec
authentication header or security header may be used for user (data) authentication and for the confidentiality of user
data (see IETF RFC 1826 [30] and IETF RFC 1827 [31]). In this case private IP tunnelling within public IP takes place.
8.2.2.2 IPv4 Non-transparent access to DN
In this case:
- a static or a dynamic IPv4 address belonging to the Intranet/ISP addressing space is allocated to a UE at PDU
session establishment. The methods of allocating IP address to the UE are specified in 3GPP TS 23.501 [2]. The
allocated IPv4 address is used for packet forwarding within the UPF and for packet forwarding on the
Intranet/ISP;
- as a part of the PDU session establishment, the SMF may request user authentication from an external DN-AAA
server (i.e. RADIUS, Diameter) belonging to the Intranet/ISP;
- the IPv4 address allocation to the UE may be performed based on the subscription or a local address pool, which
belongs to the Intranet/ISP addressing space, provisioned in the SMF; or via the address allocation servers (i.e.
DHCPv4, RADIUS DN-AAA, Diameter DN-AAA) belonging to the Intranet/ISP;
- if requested by the UE at PDU session establishment, the SMF may retrieve the Protocol Configuration Options
or IPv4 configuration parameters from a locally provisioned database in SMF and/or from some external server
(i.e. DHCPv4, RADIUS DN-AAA, Diameter DN-AAA) belonging to the Intranet/ISP;
- the communication between the 5GS and the Intranet/ISP may be performed over any network, even an insecure
network, e.g. the Internet. In case of an insecure connection between the UPF and the Intranet/ISP, there may be
a specific security protocol in between. This security protocol is defined by mutual agreement between PLMN
operator and Intranet/ISP administrator.
Table 8.2.2.2-1 summarizes the IPv4 address allocation and parameter configuration use cases between the UE and the
SMF that may lead the SMF to interwork with the external DHCPv4, DN-AAA servers. For detailed description of the
signalling flows between the UE and the SMF, see the references in the table.
ETSI
3GPP TS 29.561 version 15.3.0 Release 15 12 ETSI TS 129 561 V15.3.0 (2019-10)
Table 8.2.2.2-1: IPv4 address allocation and parameter configuration use cases
Signalling use cases between UE and SMF Signalling use cases between SMF and external servers
Authentication IPv4 Address IPv4 parameter
via RADIUS or allocation via configuration via
Diameter DN- DHCPv4 or RADIUS DHCPv4 or RADIUS
AAA server or Diameter DN- or Diameter DN-
(clauses 11 or AAA server AAA server
12) (clauses 10, 11 or (clauses 10, 11 or
12) 12)
(NOTE 1 and (NOTE 1 and (NOTE 1 and
NOTE 2) NOTE 2)
NOTE 2)
(1) IPv4 address allocation and parameter
configuration via activation of QoS flow associated with
the default QoS rule
X X X
(2) IPv4 address allocation and parameter
configuration via DHCPv4 signalling from UE towards
SMF (NOTE 3)
(3) IPv4 address allocation and parameter
X X X
configuration in untrusted non-3GPP IP access
NOTE 1: When the SMF interworks with AAA servers, the DNN may be configured to interwork with either Diameter DN-
AAA or RADIUS DN-AAA server.
NOTE 2: If RADIUS DN-AAA or Diameter DN-AAA server is used, the authentication, IPv4 address allocation and
parameter configuration signalling may be combined. Similarly, if DHCPv4 server is used for IPv4 address
allocation and parameter configuration, the signalling towards the DHCPv4 server may be combined.
NOTE 3: If the authentication and authorization procedure towards RADIUS DN-AAA or Diameter DN-AAA is required, it
is performed by the SMF before the DHCPv4 signalling when it receives the initial access request (i.e.
Nsmf_PDUSession_CreateSMContext).

8.2.2.3 IPv6 Non-transparent access to DN
When using IPv6 Address Autoconfiguration, the process of setting up the access to an Intranet or ISP involves two
signalling phases. The first signalling phase is done in the control plane and consists of the PDU session establishment
for 5GS 3GPP or non-3GPP based access, followed by a second signalling phase done in the user plane.
The user plane signalling phase shall be stateless. The stateless procedure, which involves only the UE and the SMF, is
described in subclause 10.2. 3.
For DNNs that are configured for IPv6 address allocation, the SMF shall only use the Prefix part of the IPv6 address for
forwarding of mobile terminated IP packets. The size of the prefix shall be according to the maximum prefix length for
a global IPv6 address as specified in the IPv6 Addressing Architecture, see IETF RFC 4291 [32].
The SMF indicates to the UE that Stateless Autoconfiguration shall be performed by sending Router Advertisements as
described in subclause 10.2.3 and according to the principles defined in IETF RFC 4861 [33] and IETF RFC 4862 [34].
For UE supporting IPv6, IPv6 Stateless Address Autoconfiguration is mandatory.
In this case, the SMF provides the UE with an IPv6 Prefix belonging to the Intranet/ISP addressing space. A dynamic
IPv6 address is given using stateless address autoconfiguration. This IPv6 address is used for packet forwarding within
the UPF and for packet forwarding on the Intranet/ISP.
When an SMF receives an initial access request (i.e. Nsmf_PDUSession_CreateSMContext) message, the SMF deduces
from local configuration data associated with the DNN:
- The source of IPv6 Prefixes (SMF internal prefix pool, or external address allocation server);
- Any server(s) to be used for address allocation, authentication and/or protocol configuration options retrieval
(e.g. IMS related configuration, see 3GPP TS 24.229 [13]);
- The protocol, i.e. RADIUS, Diameter or DHCPv6, to be used with the server(s);
- The communication and security feature needed to communicate with the server(s).
As an example, the SMF may use one of the following options:
- SMF internal Prefix pool for IPv6 prefixes allocation and no authentication;
ETSI
3GPP TS 29.561 version 15.3.0 Release 15 13 ETSI TS 129 561 V15.3.0 (2019-10)
- SMF internal Prefix pool for IPv6 prefixes allocation and RADIUS for authentication. The RADIUS DN-AAA
server responds with either an Access-Accept or an Access-Reject to the RADIUS client in the SMF;
- RADIUS for authentication and IPv6 prefix allocation. The RADIUS DN-AAA server responds with either an
Access-Accept or an Access-Reject to the RADIUS client in the SMF.
The SMF includes the IPv6 address composed of a Prefix and an Interface-Identifier in the initial access response
(Namf_Communication_N1N2MessageTransfer). The Interface-Identifier may have any value and it does not need to
be unique within or across DNNs. It shall however not conflict with the Interface-Identifier that the SMF has selected
for its own side of the UE-SMF link. The Prefix assigned by the SMF or the external DN-AAA server shall be globally
or site-local unique (see the Note in subclause 11.3 of this document regarding the usage of site-local addresses).
Table 8.2.2.3-1 summarizes the IPv6 prefix allocation and parameter configuration use cases between the UE and the
SMF that may lead the SMF to interwork with the external RADIUS DN-AAA, Diameter DN-AAA and DHCPv6
servers. For detailed description of the signalling flows between the UE and the SMF, see the references in the table.
Table 8.2.2.3-1: IPv6 prefix allocation and parameter configuration use cases
Signalling use cases between UE and SMF Signalling use cases between SMF and external servers
Authentication IPv6 prefix IPv6 parameter
via RADIUS or allocation via configuration via
Diameter DN- DHCPv6 or DHCPv6 or RADIUS
AAA server RADIUS or or Diameter DN-
(clauses 11 or Diameter DN-AAA AAA server
12) server (clauses 10, (clauses 10, 11 or
11 or 12) 12)
(NOTE 1 and (NOTE 1 and
(NOTE 1 and
NOTE 2) NOTE 2) NOTE 2)
(1) IPv6 address allocation and parameter
configuration X X X
(2) IPv6 parameter configuration via stateless DHCPv6
(3) IPv6 address allocation and parameter
X X X
configuration in untrusted non-3GPP IP access
NOTE 1: When the SMF interworks with DN-AAA servers, the DNN may be configured to interwork with either Diameter
DN-AAA or RADIUS DN-AAA server.
NOTE 2: If RADIUS DN-AAA or Diameter DN-AAA server is used, the authentication, IPv6 prefix allocation and
parameter configuration signalling may be combined. Similarly, if DHCPv6 server is used for IPv6 prefix
allocation and parameter configuration, the signalling towards the DHCPv6 server may be combined.

For IPv6 the PDU session establishment phase is followed by an address autoconfiguration phase. IPv6 prefix is
delivered to UE in Router Advertisement message from the SMF which acts as an access router, in the process of IPv6
Stateless Address Autoconfiguration as described in subclause 10.2.2. Besides DHCPv6 protocol, the SMF may also
use RADIUS or Diameter protocol for the retrieval of an IPv6 prefix from external DN.
9 Interworking with DN (Unstructured)
9.1 General
When support of unstructured PDU type data is provided at the N6 interface, different Point-to-Point (PtP) tunneling
techniques may be used. When using PtP tunneling by UDP/IPv6 encapsulation subclause 9.2 below shall be followed.
Other techniques as described in subclause 9.3 below may be used.
In the following subclauses, the AS is used as an example for the destination in the external DN.
9.2 N6 PtP tunnelling based on UDP/IP
N6 PtP tunnelling based on UDP/IPv6 may be used to deliver unstructured PDU type data to the AS.
ETSI
3GPP TS 29.561 version 15.3.0 Release 15 14 ETSI TS 129 561 V15.3.0 (2019-10)
The PtP tunnel is set up by configuration of tunnel parameters in both end of the tunnel. The following parameters are
pre-configured in the UPF per DNN:
- the UDP destination port number to use when sending unstructured PDU type data;
- the UDP port number it wants to receive unstructured PDU type data;
- the destination IP address to be used for sending unstructured PDU type data.
The following is pre-configured in the AS:
- the UDP destination port number to use when sending unstructured PDU type data;
- the UDP port number it wants to receive unstructured PDU type data.
NOTE 1: The UPF as well as the AS can use any UDP port numbers not assigned by IANA. The port numbers used
need to be aligned between peers.
IP address allocation procedures for the UE (i.e. PDU session) are performed by the SMF as described in
subclause 6.3.2, but the IPv6 prefix is not provided to the UE, i.e. Router Advertisements and DHCPv6 are not
performed. The SMF assigns a suffix (i.e. IPv6 Interface Identifier) for the PDU session. For the N6 PtP tunnel, the
IPv6 prefix allocated for the PDU session plus suffix assigned for the PtP tunnel is used as source address for the uplink
data and as destination address for the downlink data.
During the PDU session establishment, the UPF associates the GTP-U tunnel for the PDU session with the N6 PtP
tunnel.
The UPF acts as a transparent forwarding node between the UE and the AS.
For uplink delivery, if the uplink data is received from the GTP-U tunnel, the UPF shall forward the received data to the
AS over the N6 PtP tunnel associated with the GTP-U tunnel with the destination address of the AS and the configured
UDP destination port number for unstructured PDU type data.
For downlink delivery, the AS shall send the data using UDP/IP encapsulation with the IPv6 prefix plus suffix as
destination address and the configured UDP destination port number for unstructured PDU type data.
NOTE 2: The UPF decapsulates the received data (i.e. removes the UDP/IPv6 headers) and forwards the data on
the GTP-U tunnel identified by the IPv6 prefix of the UE (i.e. PDU session) for delivery to the UE.
Unstructured
data
Relay
UDP
GTP-U UDP
UDP/IP IP IP
L2 L2 L2
L1 L1 L1
N3 N6
UPF DN
Figure 9.2-1: Protocol configuration for unstructured PDU type data (user plane) using N6 UDP/IPv6
PtP tunneling
ETSI
3GPP TS 29.561 version 15.3.0 Release 15 15 ETSI TS 129 561 V15.3.0 (2019-10)
9.3 Other N6 tunnelling mechanism
N6 PtP tunnelling mechanisms such as PMIPv6/GRE, L2TP, etc, may be used to deliver unstructured PDU type data to
AS. The general handling of such delivery mechanisms is as described below.
A PtP tunnel is established by the UPF towards the AS. Depending on the type of protocol employed on the N6 PtP
tunnel, the N6 PtP tunnel setup may be done at the time of PDU Session establishment or at the time of first MO
datagram being sent by the UE. The UPF selects the AS based on its configuration (e.g. per DNN, or per PtP tunnel
type, etc). However, IP address allocation procedures for the UE (according to subclause 6.3.2) are not performed by
the SMF.
NOTE: An AS can be dedicated for handling a specific protocol for unstructured PDU type data.
The UPF acts as a transparent forwarding node between the UE and the AS.
For uplink delivery, the UPF forwards the received data to the AS over the established N6 PtP tunnel.
For downlink delivery, the AS locates the right N6 PtP tunnel for the UE (using information such as UE identifiers in
the unstructured PDU type protocol itself, etc) to forward the data. The AS sends the data to UPF over the established
N6 PtP tunnel. The UPF in turn sends the data on the GTP-U tunnel identified by the associated N6 PtP tunnel for
delivery to the UE.
10 Interworking with DN (DHCP)
10.1 General
In current LAN environments the most commonly used configuration protocol is DHCP (Dynamic Host Configuration
Protocol, RFC 2131 [18]) and DHCPv6 (Dynamic Host Configuration Protocol for IPv6, IETF RFC 3315 [21]). It
provides a mechanism for passing a large set of configuration parameters to hosts connected to a TCP/IP network (IP
address, sub-net mask, domain name, MTU, etc.) in an automatic manner. Moreover, DHCP may assign IP addresses to
clients for a finite lease time, allowing for sequential reassignment of addresses to different users.
The lease time is chosen by the administrator of the DHCP server (in the external network), and is therefore out of the
scope of the present document.
The 3GPP network may obtain IP address via external DHCP server during the PDU establishment procedure, the SMF
acts a DHCP server towards the UE and it acts as a DHCP client towards the external DHCP server.
In the following c
...