ETSI ES 282 004 V3.4.1 (2010-03)

ETSI Standard
Telecommunications and Internet converged Services and
Protocols for Advanced Networking (TISPAN);
NGN Functional Architecture;
Network Attachment Sub-System (NASS)

2 ETSI ES 282 004 V3.4.1 (2010-03)

Reference
RES/TISPAN-02068-NGN-R3
Keywords
access, system
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2010.
All rights reserved.
TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
LTE™ is a Trade Mark of ETSI currently being registered
for the benefit of its Members and of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
3 ETSI ES 282 004 V3.4.1 (2010-03)
Contents
Intellectual Property Rights . 5
Foreword . 5
1 Scope . 6
2 References . 6
2.1 Normative references . 6
2.2 Informative references . 7
3 Definitions and abbreviations . 7
3.1 Definitions . 7
3.2 Abbreviations . 7
4 General Description of NASS . 8
4.1 High level functional overview . 8
4.2 High level concepts of NASS . 9
4.3 Mobility, Nomadism . 9
4.4 Access network level registration . 9
4.4.1 Implicit authentication . 10
4.4.1.1 Line authentication . 10
4.4.2 Explicit authentication . 10
4.4.3 CNG remote network configuration . 10
4.4.4 TISPAN NGN Service/Applications Subsystems discovery . 10
5 Functional Architecture . 11
5.1 Overview . 11
5.2 Functional Entities . 12
5.2.1 Network Access Configuration Function (NACF) . 12
5.2.2 Void . 12
5.2.3 Connectivity session Location and repository Function (CLF) . 12
5.2.3.1 Information Model . 13
5.2.3.2 State Model . 14
5.2.4 User Authentication and Authorization Function (UAAF) . 16
5.2.5 Profile Data Base Function (PDBF) . 16
5.2.6 CNG Configuration Function (CNGCF) . 17
5.2.7 Void . 17
5.3 Internal Reference points . 17
5.3.1 Void . 17
5.3.2 Reference Point NACF - CLF (a2) . 17
5.3.2.1 Bind Indication . 17
5.3.2.2 Bind Acknowledgement . 18
5.3.2.3 Unbind Indication . 18
5.3.2.4 Bind Information Query . 18
5.3.2.5 Bind Information Query Acknowledgement . 18
5.3.3 Void . 19
5.3.4 Reference Point UAAF - CLF (a4) . 19
5.3.4.1 Access Profile Push . 19
5.3.4.2 Access Profile Pull . 21
5.3.4.3 Remove Access Profile . 21
5.3.5 Reference Point NACF - UAAF . 21
5.3.6 Reference Point UAAF - UAAF (e5) . 21
5.3.6.1 Information exchanged on e5 . 22
5.4 Interface with the Resource and Admission Control Subsystem (RACS) . 23
5.4.1 Interface between CLF and RACF (e4) . 23
5.4.1.1 Access Profile Push . 23
5.4.1.2 Access Profile Pull . 25
5.4.1.3 IP Connectivity Release Indication . 25
5.5 Interfaces between NASS and the application plane and service control subsystems . 25
ETSI
4 ETSI ES 282 004 V3.4.1 (2010-03)
5.5.1 Interface between CLF and Application Functions (e2) . 25
5.5.1.1 Information Query Request . 26
5.5.1.2 Information Query Response . 26
5.5.1.3 Event Registration Request . 27
5.5.1.4 Event Registration Response . 27
5.5.1.5 Notification Event Request . 27
5.5.1.6 Notification Event Response . 28
5.6 Reference points between NASS and User Equipment . 28
5.6.1 Authentication and IP address allocation (e1) . 28
5.6.2 Interface between CNGCF and CNG (e3) . 28
5.6.3 Reference points with the AMF . 29
6 Mapping onto network roles. 29
7 Information flows . 32
7.1 High level information flows. 32
7.2 PPP related procedures . 33
7.4 IEEE 802 Ethernet access . 39
7.5 PANA-based related . 40
Annex A (informative): Physical Configurations . 43
A.1 PPP case . 43
A.2 PPP with DHCP configuration . 44
A.3 DHCP (option 1) . 45
A.4 DHCP (option 2) . 46
A.5 PANA-based configuration . 46
Annex B (informative): Recovery procedures for functional elements within NASS . 48
B.1 Conceptual information exchange flow for CLF state recovery . 48
Annex C (informative): Bibliography . 49
Annex D (informative): Change history . 50
History . 51

ETSI
5 ETSI ES 282 004 V3.4.1 (2010-03)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This ETSI Standard (ES) has been produced by ETSI Technical Committee Telecommunications and Internet
converged Services and Protocols for Advanced Networking (TISPAN).
The present document describes the architecture of the Network Attachment Subsystem (NASS) identified in the overall
TISPAN NGN architecture.
ETSI
6 ETSI ES 282 004 V3.4.1 (2010-03)
1 Scope
The present document describes the architecture of the Network Attachment Subsystem (NASS) and its role in the
TISPAN NGN architecture as defined in ES 282 001 [2].
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• Non-specific reference may be made only to a complete document or a part thereof and only in the following
cases:
- if it is accepted that it will be possible to use all future changes of the referenced document for the
purposes of the referring document;
- for informative references.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are indispensable for the application of the present document. For dated
references, only the edition cited applies. For non-specific references, the latest edition of the referenced document
(including any amendments) applies.
[1] ETSI TS 133 203: "Digital cellular telecommunications system (Phase 2+); Universal Mobile
Telecommunications System (UMTS); 3G security; Access security for IP-based services
(3GPP TS 33.203)".
[2] ETSI ES 282 001: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); NGN Functional Architecture".
[3] IETF RFC 1661: "The Point-to-Point Protocol (PPP)".
[4] ISO/IEC 7498-2: "Information Processing Systems - Open Systems Interconnection - Basic
Reference Model - Part 2: Security Architecture".
[5] IEEE 802.1X: "IEEE Standard for Local and metropolitan area networks - Port Based Network
Access Control".
[6] ETSI TS 182 008: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Presence Service; Architecture and functional description
[Endorsement of 3GPP TS 23.141 and OMA-AD-Presence-SIMPLE-V1-0]".
ETSI
7 ETSI ES 282 004 V3.4.1 (2010-03)
2.2 Informative references
The following referenced documents are not essential to the use of the present document but they assist the user with
regard to a particular subject area. For non-specific references, the latest version of the referenced document (including
any amendments) applies.
[i.1] ETSI TR 121 905: "Digital cellular telecommunications system (Phase 2+); Universal Mobile
Telecommunications System (UMTS); Vocabulary for 3GPP Specifications (3GPP TR 21.905
Release 7)".
[i.2] ETSI ES 282 007: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); IP Multimedia Subsystem (IMS); Functional architecture".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
authentication: property by which the correct identity of an entity or party is established with a required assurance
NOTE: The party being authenticated could be a user, subscriber, home environment or serving network
(see TR 121 905 [i.1]).
authorization: granting of permission based on authenticated identification (see ISO/IEC 7498-2 [4])
NOTE: In some contexts, authorization may be granted without requiring authentication or identification
e.g. emergency call services.
Customer Network Gateway (CNG): gateway between the Customer Premises Network (CPN) and the Access
Network
NOTE: A Customer Network Gateway may be in its simplest form a bridged or routed modem, and in a more
advanced form be an IAD.
explicit authentication: authentication that requires that the party to be authenticated performs an authentication
procedure (to verify the claimed identity of the party)
NOTE: For example, in IMS security (TS 133 203 [1]), explicit authentication is provided with full AKA directed
towards the IMS client entity (represented by IMPI/IMPU and USIM/ISIM) and also implicit
authentication is provided by means of the IPsec security associations.
implicit authentication: authentication based on a trusted relationship already established between two parties, or based
on one or more outputs of an authentication procedure already established between two parties
line identification: process that establishes the identity of the line based on the trusted configuration
NASS user: entity requesting authorization, authentication and allocation of the IP-Address from the NASS
User Equipment (UE): one or more devices allowing a user to access services delivered by TISPAN NGN networks
NOTE: This includes devices under user control commonly referred to as CPE, IAD, ATA, RGW, TE, etc., but
not network controlled entities such as access gateways.
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AAA Authentication Authorization and Accounting
AF Application Functions
AMF Access Management Function
ETSI
8 ETSI ES 282 004 V3.4.1 (2010-03)
AN Access Network
API Application Programming Interface
A-RACF Access-Resource and Admission Control Function
ARF Access Relay Function
ASF Application Server Functions
ATM Asynchronous Transfer Mode
BGF Border Gateway Function
CLF Connectivity session Location and repository Function
CNG Customer Network Gateway
CNGCF CNG Configuration Function
CPE Customer Premises Equipment
CPN Customer Premises Network
DHCP Dynamic Host Configuration Protocol
DNS Domain Name Server
EAP Extensible Authentication Protocol
EP Enforcement Point
FQDN Fully Qualified Domain Name
IBCF Interconnection Border Control Function
IMS IP Multimedia SubSystem
IP Internet Protocol
LIF Location Information Forum
NACF Network Access Configuration Function
NASS Network Attachment SubSystem
PAA PANA Authentication Agent
PaC PANA Client
PANA Protocol for carrying Authentication for Network Access
P-CSCF Proxy-Call Session Control Function
PDBF Profile Data Base Function
PNA Presence Network Agent
PPP Point-to-Point Protocol
RACS Resource Admission Control Subsystem
RCEF Resource Control Emulation Function
TE Terminal Equipment
UAAF User Access Authorization Function
UE User Equipment
VC Virtual Circuit
VP Virtual Path
4 General Description of NASS
4.1 High level functional overview
The Network Attachment Subsystem provides the following functionalities:
• Dynamic provision of IP address and other user equipment configuration parameters (e.g. using DHCP).
• User authentication, prior or during the IP address allocation procedure.
• Authorization of network access, based on user profile.
• Access network configuration, based on user profile.
• Location management.
ETSI
Other networks
User Equipment
9 ETSI ES 282 004 V3.4.1 (2010-03)
The location of this subsystem in the overall TISPAN architecture can be found in ES 282 001 [2] and is shown here for
information in figure 4.1.
Applications
Service Layer
Other
Subsyst ems
User
profiles
Core IMS
PSTN/ISDN
Emulat ion
Subsyst em
Transport Layer
Network
Attachment
Resource and
Subsyst em
Admission Control
Subsyst em
Transport processing functions

Figure 4.1: TISPAN NGN Architecture overview
4.2 High level concepts of NASS
The Network Attachment Subsystem (NASS) provides registration at access level and initialization of
User Equipment (UE) for accessing to the TISPAN NGN services. The NASS provides network level identification and
authentication, manages the IP address space of the Access Network and authenticates access sessions. The NASS also
announces the contact point of the TISPAN NGN Service/Applications Subsystems to the UE.
Network attachment through NASS is based on implicit or explicit user identity and authentication credentials stored in
the NASS.
4.3 Mobility, Nomadism
Mobility management functions provided by the NASS in the current TISPAN NGN release are limited to the ability of
a terminal to be moved to different access points and access networks (which may be owned by a different access
network provider) and a user to utilize different terminal, access points and access networks to retrieve their TISPAN
NGN services (even from another network operator). The current TISPAN NGN release does not require the support of
handover and session continuity between access networks without excluding autonomous mobility capabilities provided
within the access networks.
The impact of these nomadism requirements are defined in clause 6.
4.4 Access network level registration
NASS registration involves the identification, authentication, and authorization procedures between the UE and the
NASS to control the access to the NASS. Two authentication types are defined for NASS: Implicit authentication, for
example based on line identification, and explicit authentication, for example based on EAP. The relationship between
the identity and the credentials used for authentication must be known to the NASS for any authentication solution to be
possible.
ETSI
10 ETSI ES 282 004 V3.4.1 (2010-03)
Explicit authentication is required between the UE and the NASS. It requires a signalling procedure to be performed
between the UE and the NASS. Implicit authentication may be performed by the NASS based on the line identification
of the connection to the UE. It is a matter of operator policy which form of authentication is applied.
Both implicit authentication and explicit authentication may be used independently as NASS authentication
mechanisms.
4.4.1 Implicit authentication
Depending on the access network configuration, especially for wired broadband access networks, the implicit access
authentication may rely only on an implicit authentication through physical or logic identity on the layer 2 (L2)
transport layer. A UE can directly gain access to access network without an explicit authentication procedure.
A CNG shall be able to directly access an access network without an explicit authentication procedure.
Which implicit authentication method applies depends on the operator policies.
4.4.1.1 Line authentication
Line authentication is a form of implicit authentication. Line authentication ensures that an access line is authenticated
and can be accessed from the CNG. Line authentication shall be based on the activation of the L2 connection between
the CNG and the access network.
Line authentication ensures that an access line is authenticated and can be accessed from the CNG. The line ID shall be
used for line authentication. The operator's policy shall decide whether line authentication applies.
4.4.2 Explicit authentication
In case the CNG is a routing modem and the Customer Premises Network (CPN) is a private IP realm, authentication
shall be initiated from the CNG. In case the CNG is a bridge, each UE shall authenticate with the NASS as the IP realm
in the CPN is known to the access network.
The relationship between the identity and the credentials used for authentication must be known to the NASS for any
explicit authentication solution to be possible. The identity used for explicit authentication may depend on the
authentication mechanism applied and on the access network which the UE is connected to. Two examples of these
identities are:
• User identity and credentials.
• UE identity.
The type of explicit authentication mechanisms used shall depend on the access network configuration and on the
operator policy.
4.4.3 CNG remote network configuration
This procedure is needed for the initialization of the CNGs accessing to the TISPAN NGN service subsystems.
4.4.4 TISPAN NGN Service/Applications Subsystems discovery
As part of the network registration process, the NASS shall have the possibility to announce the contact information of
the TISPAN NGN Service/Applications Subsystems to the UE. In case the TISPAN NGN Subsystem is the IMS, the
contact information provided by the NASS shall identify the P-CSCF.
The contact information provided by the NASS should either be in the form of the IP address of the contact point or in
the form of the FQDN of the contact point (in which case the NASS provides the IP address of the DNS server that is
able to resolve this FQDN into the IP address of the contact point).
Alternatively, the contact point to the TISPAN NGN Service/Applications Subsystems may be statically configured in
the UE e.g. using Fully Qualified Domain Names (FQDN) and DNS resolution to retrieve the contact points IP
addresses. This option applies in the non-roaming case.
ETSI
11 ETSI ES 282 004 V3.4.1 (2010-03)
5 Functional Architecture
5.1 Overview
The Network Attachment Subsystem (NASS) comprises the following functional entities:
• Network Access Configuration Function (NACF).
• Connectivity session Location and repository Function (CLF).
• User Authentication and Authorization Function (UAAF).
• Profile Data Base Function (PDBF).
• CNG Configuration Function (CNGCF).
The NASS has interaction with the following TISPAN NGN functional entities:
• TISPAN Service control subsystems and applications.
• Resource Admission Control Subsystem (RACS).
• Access Relay Function (ARF) and Access Management Function (AMF).
• User Equipment (UE).
One or more functional entities may be mapped onto a single physical entity. If one functional entity is implemented by
two physical entities, the interface between these physical entities is outside the scope of standardization.
Functional entities in the Network Attachment Subsystem (NASS) may be distributed over two administrative domains.
See clause 6 for the impact of roaming on the distribution of NASS.
Figure 5.1 provides an overview of the relationships between these functional entities and other subsystems of the NGN
architecture. Interfaces to charging systems are not represented. Annex A provides informative, potential physical
configurations in which the functional NASS architecture can be applied.
Service control
subsystems and
applications
e2
Resource
e2
e4
Admission
CLF
Control
e2
Subsystem
e5
a2 a4
CNGCF NACF UAAF PDBF
e3
a1 a3
e1 e1
TE CNG
ARF AMF
UE
Figure 5.1: Network Attachment Subsystem architecture
ETSI
12 ETSI ES 282 004 V3.4.1 (2010-03)
5.2 Functional Entities
5.2.1 Network Access Configuration Function (NACF)
The Network Access Configuration Function (NACF) is responsible for the IP address allocation to the UE. It may also
distribute other network configuration parameters such as address of DNS server(s), address of signalling proxies for
specific protocols (e.g. address of the P-CSCF when accessing to the IMS).
The NACF should be able to provide to the UE an access network identifier. This information uniquely identifies the
access network to which the UE is attached. The UE may send this information to applications as a hint to locate the
CLF.
NOTE 1: The transport of the access identifier depends on extension in existing protocols (e.g. new DHCP option
or usage of DHCP option 120). If NASS does not have the means to convey this parameter to the UE, this
function will not be supported.
NOTE 2: DHCP servers or RADIUS servers are typical implementations of the NACF.
5.2.2 Void
5.2.3 Connectivity session Location and repository Function (CLF)
The Connectivity session Location and repository Function (CLF) registers the association between the IP address
allocated to the UE and related network location information provided by the NACF, i.e.: access transport equipment
characteristics, line identifier (Logical Access ID), IP Edge identity, etc. The CLF registers the association between
network location information received from the NACF and geographical location information. The CLF may also store
the identity of the NASS User to which the IP address has been allocated (information received from the UAAF), as
well as the associated network QoS profile and preferences regarding the privacy of location information. In case the
CLF does not store the identity/profile of the NASS User, the CLF shall be able to retrieve this information from the
UAAF. For detailed CLF information model and state model see clauses 5.2.3.1 and 5.2.3.2.
The CLF responds to location queries from service control subsystems and applications. The actual information
delivered by the CLF may take various forms (e.g. network location, geographical coordinates, post mail address etc.),
depending on agreements with the requestor and on NASS User preferences regarding the privacy of its location. Any
privacy information, that may indicate a level of accuracy of the location information to be delivered, is also sent with
the actual location information.
NOTE 1: The implications and impacts of the extension of allowing the privacy indication to be sent over the e2
reference point to the application service control function on functions in the application layer and from
the access (PBX networks etc.) are FFS.
NOTE 2: The decision over allowing this to change earlier versions of the present document as an essential change
is FFS.
NOTE 3: The retrieval by the CLF of geographical information from related NASS User network location
characteristics is outside of the scope of the present document.
NOTE 4: Geographical information may take several different forms depending on the access type and the
application. The definition of this format shall also be lined up with OCG EMTEL who has decided that
the LIF (Location Information Forum) is required in certain environments according to regulatory
requirements. This data field is intended to be a placeholder for this information
The CLF interfaces with the NACF to get the association between the IP address allocated by the NACF to the NASS
User and the Line ID.
The CLF also registers NASS User network profile information (received from the UAAF at authentication) to make
this profile information available to the RACS at authentication of the UE.
The CLF is able to correlate the information received from NACF and UAAF based on the Logical Access ID.
ETSI
13 ETSI ES 282 004 V3.4.1 (2010-03)
5.2.3.1 Information Model
The CLF holds a number of records representing active sessions. These records contain information received from the
NACF and the UAAF, information on the list of AFs having subscribed to particular events, and additional statically
configured data. The following table identifies which information elements are stored for each of these sessions
NOTE: In case PPP is used the Physical access ID may be provided from the UAAF to the CLF.
Table 5.1
Access Session Description
Information Received from the NACF
Globally Unique Address
- Assigned IP Address The IP address of the attached NASS User.
- Address Realm The addressing domain in which the IP address is
significant.
Physical Access ID (optional) The identity of the physical access to which the NASS User
is connected.
Logical Access ID The identity of the logical access used by the attached
NASS User. In the xDSL case, the Logical Access ID may
explicitly contain the identity of the port, VP and/or VC
carrying the traffic.
Terminal Type The type of user equipment to which the IP address has
been allocated.
Information Received from the UAAF/PDBF
NASS User ID The identity of the attached NASS User.
Logical Access ID The identity of the logical access used by the attached
NASS User.
Physical Access ID The identity of the physical access to which the NASS User
(optional) is connected.
CNGCF Address The address of the CNGCF entity from which configuration
(optional) (see note 6) data may be retrieved by the user equipment.
P-CSCF Identity The identity of the P-CSCF for accessing IMS services.
(optional) (see note 7)
Privacy Indicator Whether location information can be exported to services
and applications (see note 1).
QoS Profile Information (see notes 2
and 3)
- Transport Service Class The transport service class subscribed by the attached
NASS User. The transport service class relates to a
forwarding behaviour at the transport plane.
- Media Type The media type(s) to which the QoS profile applies.
- UL Subscribed Bandwidth The maximum amount of bandwidth subscribed by the
attached NASS User in the uplink direction.
- DL Subscribed Bandwidth The maximum amount of bandwidth subscribed by the
attached NASS User in the downlink direction.
- Maximum priority The maximum priority allowed for any reservation request.
- Requestor Name Identifies the requestor(s) allowed by the QoS profile.
Initial Gate Settings (optional)
- List of allowed destinations In case of unicast data, the list of default destination IP
as well as multicast flows addresses and/or ports and/or port-ranges and/or prefixes to
which traffic can be sent. In case of multicast, the list of
IP-Multicast group addresses and/or the list of (Source IP
address, IP-Multicast group address) pairs which traffic can
be received from by the attached NASS User. Address
ranges are supported within the list (see note 4).
- List of denied destinations In case of unicast, the list of default destination IP
as well as multicast flows addresses, ports, prefixes and port ranges to which traffic is
denied. In case of multicast, the list of IP-Multicast group
addresses and/or the list of (Source IP address, IP-Multicast
group address) pairs for which traffic towards the attached
NASS User must be denied. Address ranges are supported
within the list (see note 4).
ETSI
14 ETSI ES 282 004 V3.4.1 (2010-03)
Access Session Description
- UL Default Bandwidth The maximum amount of bandwidth that can be used
without explicit authorization in the uplink direction.
- DL Default Bandwidth The maximum amount of bandwidth that can be used
without explicit authorization in the downlink direction.
Static Information derived from the Physical access ID
Location Information
Default NASS User ID
Static Information Derived from the Logical Access ID
RACS point of contact The address of the RACS element where the NASS User
profile should be pushed.
Access Network Type The type of access network over which IP connectivity is
provided to the NASS User.
Event Management Information
Event Management Information
(see note 5)
- Event Type The type of event to be monitored.
- AF Identities The list of AF to be notified of the occurrence of this event.
NOTE 1: An indication whether applications can access location information, depending on their
security level.
NOTE 2: The access profile may contain multiple QoS profiles.
NOTE 3: The actual available bandwidth is not known by the NASS. This information can be derived
by the RACS, based the logical access ID.
NOTE 4: If a unicast destination and/or multicast flow does not appear in either of the two lists, gate
setting decisions for those addresses is subject to control by RACS.
NOTE 5: More than Event Type and associated AF Identities may be stored.
NOTE 6: If the CNGCF address is configured on the CLF and the CNGCF address is received from
the UAAF/PDBF, it depends on operator policy which one should be used.
NOTE 7: If the P-CSCF Identity is configured on the CLF and the P-CSCF identity is received from
the UAAF/PDBF, it depends on operator policy which one should be used.

Several records may contain the same physical access ID and/or logical access ID and/or NASS User ID, as a NASS
User may establish more than one IP session, over the same or different logical access (e.g. ATM VC) using the same
or different physical access. The CLF does not need to establish any link between such records, although it may do it for
the purpose of optimizing its storage capacity.
5.2.3.2 State Model
The behaviour of the CLF when managing access records can be represented by the state model described in the present
clause. This state model is not intended to constrain implementations of a CLF. Implementations may use a different
model as long as they exhibit the same external behaviour.
This state model defines a Session State Machine (SSM) that comprises five states:
• Null: This state represents a non existing access record.
• Wait_For_Bind_Indication_and_Profile: This state is entered when an access record is created as a result of
receiving a request for subscription to an event (e.g. the logon event) while no session record exists for the
associated NASS User identifier or globally unique address. A partial record is created and the CLF waits for a
Bind_Indication event.
• Wait_For_Bind_Indication: This state is entered when an access record is created as a result of receiving
NASS User profile information while no session record exists for the associated NASS User identifier or
globally unique address. A partial record is created and the CLF waits for a Bind_Indication event.
• Wait_For_Profile_Information: This state represents a partial session record where NASS User profile
information is missing.
• Active_Session: This state represents a session record where the full description of an access sessions
available.
The CLF sends and receives information flows at the e2, e4, a2, and a4 reference points. Incoming information flows
are routed to Session State Machines (SSM) based on the NASS User identifier or the globally unique address they
contain.
ETSI
15 ETSI ES 282 004 V3.4.1 (2010-03)
An SSM instance is created when Bind_Indication or an Event_Subscription_Indication event indicating an unknown
NASS User identifier or globally unique address occurs.
The following events are handled by the CLF session state machine and cause transition between the states:
• Event_Subscription_Indication: This event occurs when an Event Registration Request information flow (see
clause 5.5.1) is received from an AF.
NOTE: When the actual CLF event occurs, a Notification Event Request information flow is sent back to the AF.
This does not cause any state transition.
• Bind_Indication: This event occurs when the Bind Indication information flow is received at the a2 reference
point (see clause 5.3.2).
• Unbind_Indication: This event occurs when the Unbind Indication information flow is received at the a2
reference point or when a negative acknowledgement is received in response to a Bind Information Query (see
clause 5.3.2).
• NASS_User_Profile_Received: This event occurs when an Access Profile Push information flow is received at
the a4 reference point asynchronously or as a result of sending an Access Profile Pull information flow, or
when internal configuration data indicate that a default NASS User profile applies.
• NASS_User_Profile_Removed: This event occurs when a Remove Access Profile information flow is received
at the a4 reference point.
• Session_Data_Requested: This event occurs when an Access Profile Pull information flow is received at the e4
reference point or an Information Query Request information flow is received at the e2 reference point. It
causes an Information Query Response or an Access Profile Push information flow to be sent over the e2 or e4
reference point.
Figure 5.1a provides an overview of the state transitions based on the above events.
NASS_User_Profile_Received
NULL
NASS_User_Profile
_Removed
Event_Subscription_Indication
Wait_for_Bind
Indication_and_ Wait_for_Bind
Bind_Indication
Profile Indication
NASS_User_
Profile_Received
NASS_User_Profile_Received
Bind_Indication
Session_Data_Requested
Event_Subscription_Indication
Unbind_Indication
Wait
Session_Data_Requested
For Profile
Event_Subscription_Indication
NASS_User_Profile_Received
NASS_User_Profile
_Removed
Bind_Indication
Session Active NASS_User_Profile_Received
Session_Data_Requested
Event_Subscription_Indication
Unbind_Indication
Figure 5.1a: CLF state model for access records management
ETSI
...

SLOVENSKI STANDARD
01-julij-2014
=OLWHWHOHNRPXQLNDFLMVNHLQLQWHUQHWQHVWRULWYHWHUSURWRNROL]DQDSUHGQRRPUHåHQMH
7,63$1)XQNFLMVNDDUKLWHNWXUDRPUHåMD1*13RGVLVWHPRPUHåQHSULNOMXþLWYH
1$66
Telecommunications and Internet converged Services and Protocols for Advanced
Networking (TISPAN) - NGN Functional Architecture - Network Attachment Sub-System
(NASS)
Ta slovenski standard je istoveten z: ES 282 004 Version 3.4.1
ICS:
33.040.01 Telekomunikacijski sistemi Telecommunication systems
na splošno in general
33.080 Digitalno omrežje z Integrated Services Digital
integriranimi storitvami Network (ISDN)
(ISDN)
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

ETSI Standard
Telecommunications and Internet converged Services and
Protocols for Advanced Networking (TISPAN);
NGN Functional Architecture;
Network Attachment Sub-System (NASS)

2 ETSI ES 282 004 V3.4.1 (2010-03)

Reference
RES/TISPAN-02068-NGN-R3
Keywords
access, system
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2010.
All rights reserved.
TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
LTE™ is a Trade Mark of ETSI currently being registered
for the benefit of its Members and of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
3 ETSI ES 282 004 V3.4.1 (2010-03)
Contents
Intellectual Property Rights . 5
Foreword . 5
1 Scope . 6
2 References . 6
2.1 Normative references . 6
2.2 Informative references . 7
3 Definitions and abbreviations . 7
3.1 Definitions . 7
3.2 Abbreviations . 7
4 General Description of NASS . 8
4.1 High level functional overview . 8
4.2 High level concepts of NASS . 9
4.3 Mobility, Nomadism . 9
4.4 Access network level registration . 9
4.4.1 Implicit authentication . 10
4.4.1.1 Line authentication . 10
4.4.2 Explicit authentication . 10
4.4.3 CNG remote network configuration . 10
4.4.4 TISPAN NGN Service/Applications Subsystems discovery . 10
5 Functional Architecture . 11
5.1 Overview . 11
5.2 Functional Entities . 12
5.2.1 Network Access Configuration Function (NACF) . 12
5.2.2 Void . 12
5.2.3 Connectivity session Location and repository Function (CLF) . 12
5.2.3.1 Information Model . 13
5.2.3.2 State Model . 14
5.2.4 User Authentication and Authorization Function (UAAF) . 16
5.2.5 Profile Data Base Function (PDBF) . 16
5.2.6 CNG Configuration Function (CNGCF) . 17
5.2.7 Void . 17
5.3 Internal Reference points . 17
5.3.1 Void . 17
5.3.2 Reference Point NACF - CLF (a2) . 17
5.3.2.1 Bind Indication . 17
5.3.2.2 Bind Acknowledgement . 18
5.3.2.3 Unbind Indication . 18
5.3.2.4 Bind Information Query . 18
5.3.2.5 Bind Information Query Acknowledgement . 18
5.3.3 Void . 19
5.3.4 Reference Point UAAF - CLF (a4) . 19
5.3.4.1 Access Profile Push . 19
5.3.4.2 Access Profile Pull . 21
5.3.4.3 Remove Access Profile . 21
5.3.5 Reference Point NACF - UAAF . 21
5.3.6 Reference Point UAAF - UAAF (e5) . 21
5.3.6.1 Information exchanged on e5 . 22
5.4 Interface with the Resource and Admission Control Subsystem (RACS) . 23
5.4.1 Interface between CLF and RACF (e4) . 23
5.4.1.1 Access Profile Push . 23
5.4.1.2 Access Profile Pull . 25
5.4.1.3 IP Connectivity Release Indication . 25
5.5 Interfaces between NASS and the application plane and service control subsystems . 25
ETSI
4 ETSI ES 282 004 V3.4.1 (2010-03)
5.5.1 Interface between CLF and Application Functions (e2) . 25
5.5.1.1 Information Query Request . 26
5.5.1.2 Information Query Response . 26
5.5.1.3 Event Registration Request . 27
5.5.1.4 Event Registration Response . 27
5.5.1.5 Notification Event Request . 27
5.5.1.6 Notification Event Response . 28
5.6 Reference points between NASS and User Equipment . 28
5.6.1 Authentication and IP address allocation (e1) . 28
5.6.2 Interface between CNGCF and CNG (e3) . 28
5.6.3 Reference points with the AMF . 29
6 Mapping onto network roles. 29
7 Information flows . 32
7.1 High level information flows. 32
7.2 PPP related procedures . 33
7.4 IEEE 802 Ethernet access . 39
7.5 PANA-based related . 40
Annex A (informative): Physical Configurations . 43
A.1 PPP case . 43
A.2 PPP with DHCP configuration . 44
A.3 DHCP (option 1) . 45
A.4 DHCP (option 2) . 46
A.5 PANA-based configuration . 46
Annex B (informative): Recovery procedures for functional elements within NASS . 48
B.1 Conceptual information exchange flow for CLF state recovery . 48
Annex C (informative): Bibliography . 49
Annex D (informative): Change history . 50
History . 51

ETSI
5 ETSI ES 282 004 V3.4.1 (2010-03)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This ETSI Standard (ES) has been produced by ETSI Technical Committee Telecommunications and Internet
converged Services and Protocols for Advanced Networking (TISPAN).
The present document describes the architecture of the Network Attachment Subsystem (NASS) identified in the overall
TISPAN NGN architecture.
ETSI
6 ETSI ES 282 004 V3.4.1 (2010-03)
1 Scope
The present document describes the architecture of the Network Attachment Subsystem (NASS) and its role in the
TISPAN NGN architecture as defined in ES 282 001 [2].
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• Non-specific reference may be made only to a complete document or a part thereof and only in the following
cases:
- if it is accepted that it will be possible to use all future changes of the referenced document for the
purposes of the referring document;
- for informative references.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are indispensable for the application of the present document. For dated
references, only the edition cited applies. For non-specific references, the latest edition of the referenced document
(including any amendments) applies.
[1] ETSI TS 133 203: "Digital cellular telecommunications system (Phase 2+); Universal Mobile
Telecommunications System (UMTS); 3G security; Access security for IP-based services
(3GPP TS 33.203)".
[2] ETSI ES 282 001: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); NGN Functional Architecture".
[3] IETF RFC 1661: "The Point-to-Point Protocol (PPP)".
[4] ISO/IEC 7498-2: "Information Processing Systems - Open Systems Interconnection - Basic
Reference Model - Part 2: Security Architecture".
[5] IEEE 802.1X: "IEEE Standard for Local and metropolitan area networks - Port Based Network
Access Control".
[6] ETSI TS 182 008: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Presence Service; Architecture and functional description
[Endorsement of 3GPP TS 23.141 and OMA-AD-Presence-SIMPLE-V1-0]".
ETSI
7 ETSI ES 282 004 V3.4.1 (2010-03)
2.2 Informative references
The following referenced documents are not essential to the use of the present document but they assist the user with
regard to a particular subject area. For non-specific references, the latest version of the referenced document (including
any amendments) applies.
[i.1] ETSI TR 121 905: "Digital cellular telecommunications system (Phase 2+); Universal Mobile
Telecommunications System (UMTS); Vocabulary for 3GPP Specifications (3GPP TR 21.905
Release 7)".
[i.2] ETSI ES 282 007: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); IP Multimedia Subsystem (IMS); Functional architecture".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
authentication: property by which the correct identity of an entity or party is established with a required assurance
NOTE: The party being authenticated could be a user, subscriber, home environment or serving network
(see TR 121 905 [i.1]).
authorization: granting of permission based on authenticated identification (see ISO/IEC 7498-2 [4])
NOTE: In some contexts, authorization may be granted without requiring authentication or identification
e.g. emergency call services.
Customer Network Gateway (CNG): gateway between the Customer Premises Network (CPN) and the Access
Network
NOTE: A Customer Network Gateway may be in its simplest form a bridged or routed modem, and in a more
advanced form be an IAD.
explicit authentication: authentication that requires that the party to be authenticated performs an authentication
procedure (to verify the claimed identity of the party)
NOTE: For example, in IMS security (TS 133 203 [1]), explicit authentication is provided with full AKA directed
towards the IMS client entity (represented by IMPI/IMPU and USIM/ISIM) and also implicit
authentication is provided by means of the IPsec security associations.
implicit authentication: authentication based on a trusted relationship already established between two parties, or based
on one or more outputs of an authentication procedure already established between two parties
line identification: process that establishes the identity of the line based on the trusted configuration
NASS user: entity requesting authorization, authentication and allocation of the IP-Address from the NASS
User Equipment (UE): one or more devices allowing a user to access services delivered by TISPAN NGN networks
NOTE: This includes devices under user control commonly referred to as CPE, IAD, ATA, RGW, TE, etc., but
not network controlled entities such as access gateways.
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AAA Authentication Authorization and Accounting
AF Application Functions
AMF Access Management Function
ETSI
8 ETSI ES 282 004 V3.4.1 (2010-03)
AN Access Network
API Application Programming Interface
A-RACF Access-Resource and Admission Control Function
ARF Access Relay Function
ASF Application Server Functions
ATM Asynchronous Transfer Mode
BGF Border Gateway Function
CLF Connectivity session Location and repository Function
CNG Customer Network Gateway
CNGCF CNG Configuration Function
CPE Customer Premises Equipment
CPN Customer Premises Network
DHCP Dynamic Host Configuration Protocol
DNS Domain Name Server
EAP Extensible Authentication Protocol
EP Enforcement Point
FQDN Fully Qualified Domain Name
IBCF Interconnection Border Control Function
IMS IP Multimedia SubSystem
IP Internet Protocol
LIF Location Information Forum
NACF Network Access Configuration Function
NASS Network Attachment SubSystem
PAA PANA Authentication Agent
PaC PANA Client
PANA Protocol for carrying Authentication for Network Access
P-CSCF Proxy-Call Session Control Function
PDBF Profile Data Base Function
PNA Presence Network Agent
PPP Point-to-Point Protocol
RACS Resource Admission Control Subsystem
RCEF Resource Control Emulation Function
TE Terminal Equipment
UAAF User Access Authorization Function
UE User Equipment
VC Virtual Circuit
VP Virtual Path
4 General Description of NASS
4.1 High level functional overview
The Network Attachment Subsystem provides the following functionalities:
• Dynamic provision of IP address and other user equipment configuration parameters (e.g. using DHCP).
• User authentication, prior or during the IP address allocation procedure.
• Authorization of network access, based on user profile.
• Access network configuration, based on user profile.
• Location management.
ETSI
Other networks
User Equipment
9 ETSI ES 282 004 V3.4.1 (2010-03)
The location of this subsystem in the overall TISPAN architecture can be found in ES 282 001 [2] and is shown here for
information in figure 4.1.
Applications
Service Layer
Other
Subsyst ems
User
profiles
Core IMS
PSTN/ISDN
Emulat ion
Subsyst em
Transport Layer
Network
Attachment
Resource and
Subsyst em
Admission Control
Subsyst em
Transport processing functions

Figure 4.1: TISPAN NGN Architecture overview
4.2 High level concepts of NASS
The Network Attachment Subsystem (NASS) provides registration at access level and initialization of
User Equipment (UE) for accessing to the TISPAN NGN services. The NASS provides network level identification and
authentication, manages the IP address space of the Access Network and authenticates access sessions. The NASS also
announces the contact point of the TISPAN NGN Service/Applications Subsystems to the UE.
Network attachment through NASS is based on implicit or explicit user identity and authentication credentials stored in
the NASS.
4.3 Mobility, Nomadism
Mobility management functions provided by the NASS in the current TISPAN NGN release are limited to the ability of
a terminal to be moved to different access points and access networks (which may be owned by a different access
network provider) and a user to utilize different terminal, access points and access networks to retrieve their TISPAN
NGN services (even from another network operator). The current TISPAN NGN release does not require the support of
handover and session continuity between access networks without excluding autonomous mobility capabilities provided
within the access networks.
The impact of these nomadism requirements are defined in clause 6.
4.4 Access network level registration
NASS registration involves the identification, authentication, and authorization procedures between the UE and the
NASS to control the access to the NASS. Two authentication types are defined for NASS: Implicit authentication, for
example based on line identification, and explicit authentication, for example based on EAP. The relationship between
the identity and the credentials used for authentication must be known to the NASS for any authentication solution to be
possible.
ETSI
10 ETSI ES 282 004 V3.4.1 (2010-03)
Explicit authentication is required between the UE and the NASS. It requires a signalling procedure to be performed
between the UE and the NASS. Implicit authentication may be performed by the NASS based on the line identification
of the connection to the UE. It is a matter of operator policy which form of authentication is applied.
Both implicit authentication and explicit authentication may be used independently as NASS authentication
mechanisms.
4.4.1 Implicit authentication
Depending on the access network configuration, especially for wired broadband access networks, the implicit access
authentication may rely only on an implicit authentication through physical or logic identity on the layer 2 (L2)
transport layer. A UE can directly gain access to access network without an explicit authentication procedure.
A CNG shall be able to directly access an access network without an explicit authentication procedure.
Which implicit authentication method applies depends on the operator policies.
4.4.1.1 Line authentication
Line authentication is a form of implicit authentication. Line authentication ensures that an access line is authenticated
and can be accessed from the CNG. Line authentication shall be based on the activation of the L2 connection between
the CNG and the access network.
Line authentication ensures that an access line is authenticated and can be accessed from the CNG. The line ID shall be
used for line authentication. The operator's policy shall decide whether line authentication applies.
4.4.2 Explicit authentication
In case the CNG is a routing modem and the Customer Premises Network (CPN) is a private IP realm, authentication
shall be initiated from the CNG. In case the CNG is a bridge, each UE shall authenticate with the NASS as the IP realm
in the CPN is known to the access network.
The relationship between the identity and the credentials used for authentication must be known to the NASS for any
explicit authentication solution to be possible. The identity used for explicit authentication may depend on the
authentication mechanism applied and on the access network which the UE is connected to. Two examples of these
identities are:
• User identity and credentials.
• UE identity.
The type of explicit authentication mechanisms used shall depend on the access network configuration and on the
operator policy.
4.4.3 CNG remote network configuration
This procedure is needed for the initialization of the CNGs accessing to the TISPAN NGN service subsystems.
4.4.4 TISPAN NGN Service/Applications Subsystems discovery
As part of the network registration process, the NASS shall have the possibility to announce the contact information of
the TISPAN NGN Service/Applications Subsystems to the UE. In case the TISPAN NGN Subsystem is the IMS, the
contact information provided by the NASS shall identify the P-CSCF.
The contact information provided by the NASS should either be in the form of the IP address of the contact point or in
the form of the FQDN of the contact point (in which case the NASS provides the IP address of the DNS server that is
able to resolve this FQDN into the IP address of the contact point).
Alternatively, the contact point to the TISPAN NGN Service/Applications Subsystems may be statically configured in
the UE e.g. using Fully Qualified Domain Names (FQDN) and DNS resolution to retrieve the contact points IP
addresses. This option applies in the non-roaming case.
ETSI
11 ETSI ES 282 004 V3.4.1 (2010-03)
5 Functional Architecture
5.1 Overview
The Network Attachment Subsystem (NASS) comprises the following functional entities:
• Network Access Configuration Function (NACF).
• Connectivity session Location and repository Function (CLF).
• User Authentication and Authorization Function (UAAF).
• Profile Data Base Function (PDBF).
• CNG Configuration Function (CNGCF).
The NASS has interaction with the following TISPAN NGN functional entities:
• TISPAN Service control subsystems and applications.
• Resource Admission Control Subsystem (RACS).
• Access Relay Function (ARF) and Access Management Function (AMF).
• User Equipment (UE).
One or more functional entities may be mapped onto a single physical entity. If one functional entity is implemented by
two physical entities, the interface between these physical entities is outside the scope of standardization.
Functional entities in the Network Attachment Subsystem (NASS) may be distributed over two administrative domains.
See clause 6 for the impact of roaming on the distribution of NASS.
Figure 5.1 provides an overview of the relationships between these functional entities and other subsystems of the NGN
architecture. Interfaces to charging systems are not represented. Annex A provides informative, potential physical
configurations in which the functional NASS architecture can be applied.
Service control
subsystems and
applications
e2
Resource
e2
e4
Admission
CLF
Control
e2
Subsystem
e5
a2 a4
CNGCF NACF UAAF PDBF
e3
a1 a3
e1 e1
TE CNG
ARF AMF
UE
Figure 5.1: Network Attachment Subsystem architecture
ETSI
12 ETSI ES 282 004 V3.4.1 (2010-03)
5.2 Functional Entities
5.2.1 Network Access Configuration Function (NACF)
The Network Access Configuration Function (NACF) is responsible for the IP address allocation to the UE. It may also
distribute other network configuration parameters such as address of DNS server(s), address of signalling proxies for
specific protocols (e.g. address of the P-CSCF when accessing to the IMS).
The NACF should be able to provide to the UE an access network identifier. This information uniquely identifies the
access network to which the UE is attached. The UE may send this information to applications as a hint to locate the
CLF.
NOTE 1: The transport of the access identifier depends on extension in existing protocols (e.g. new DHCP option
or usage of DHCP option 120). If NASS does not have the means to convey this parameter to the UE, this
function will not be supported.
NOTE 2: DHCP servers or RADIUS servers are typical implementations of the NACF.
5.2.2 Void
5.2.3 Connectivity session Location and repository Function (CLF)
The Connectivity session Location and repository Function (CLF) registers the association between the IP address
allocated to the UE and related network location information provided by the NACF, i.e.: access transport equipment
characteristics, line identifier (Logical Access ID), IP Edge identity, etc. The CLF registers the association between
network location information received from the NACF and geographical location information. The CLF may also store
the identity of the NASS User to which the IP address has been allocated (information received from the UAAF), as
well as the associated network QoS profile and preferences regarding the privacy of location information. In case the
CLF does not store the identity/profile of the NASS User, the CLF shall be able to retrieve this information from the
UAAF. For detailed CLF information model and state model see clauses 5.2.3.1 and 5.2.3.2.
The CLF responds to location queries from service control subsystems and applications. The actual information
delivered by the CLF may take various forms (e.g. network location, geographical coordinates, post mail address etc.),
depending on agreements with the requestor and on NASS User preferences regarding the privacy of its location. Any
privacy information, that may indicate a level of accuracy of the location information to be delivered, is also sent with
the actual location information.
NOTE 1: The implications and impacts of the extension of allowing the privacy indication to be sent over the e2
reference point to the application service control function on functions in the application layer and from
the access (PBX networks etc.) are FFS.
NOTE 2: The decision over allowing this to change earlier versions of the present document as an essential change
is FFS.
NOTE 3: The retrieval by the CLF of geographical information from related NASS User network location
characteristics is outside of the scope of the present document.
NOTE 4: Geographical information may take several different forms depending on the access type and the
application. The definition of this format shall also be lined up with OCG EMTEL who has decided that
the LIF (Location Information Forum) is required in certain environments according to regulatory
requirements. This data field is intended to be a placeholder for this information
The CLF interfaces with the NACF to get the association between the IP address allocated by the NACF to the NASS
User and the Line ID.
The CLF also registers NASS User network profile information (received from the UAAF at authentication) to make
this profile information available to the RACS at authentication of the UE.
The CLF is able to correlate the information received from NACF and UAAF based on the Logical Access ID.
ETSI
13 ETSI ES 282 004 V3.4.1 (2010-03)
5.2.3.1 Information Model
The CLF holds a number of records representing active sessions. These records contain information received from the
NACF and the UAAF, information on the list of AFs having subscribed to particular events, and additional statically
configured data. The following table identifies which information elements are stored for each of these sessions
NOTE: In case PPP is used the Physical access ID may be provided from the UAAF to the CLF.
Table 5.1
Access Session Description
Information Received from the NACF
Globally Unique Address
- Assigned IP Address The IP address of the attached NASS User.
- Address Realm The addressing domain in which the IP address is
significant.
Physical Access ID (optional) The identity of the physical access to which the NASS User
is connected.
Logical Access ID The identity of the logical access used by the attached
NASS User. In the xDSL case, the Logical Access ID may
explicitly contain the identity of the port, VP and/or VC
carrying the traffic.
Terminal Type The type of user equipment to which the IP address has
been allocated.
Information Received from the UAAF/PDBF
NASS User ID The identity of the attached NASS User.
Logical Access ID The identity of the logical access used by the attached
NASS User.
Physical Access ID The identity of the physical access to which the NASS User
(optional) is connected.
CNGCF Address The address of the CNGCF entity from which configuration
(optional) (see note 6) data may be retrieved by the user equipment.
P-CSCF Identity The identity of the P-CSCF for accessing IMS services.
(optional) (see note 7)
Privacy Indicator Whether location information can be exported to services
and applications (see note 1).
QoS Profile Information (see notes 2
and 3)
- Transport Service Class The transport service class subscribed by the attached
NASS User. The transport service class relates to a
forwarding behaviour at the transport plane.
- Media Type The media type(s) to which the QoS profile applies.
- UL Subscribed Bandwidth The maximum amount of bandwidth subscribed by the
attached NASS User in the uplink direction.
- DL Subscribed Bandwidth The maximum amount of bandwidth subscribed by the
attached NASS User in the downlink direction.
- Maximum priority The maximum priority allowed for any reservation request.
- Requestor Name Identifies the requestor(s) allowed by the QoS profile.
Initial Gate Settings (optional)
- List of allowed destinations In case of unicast data, the list of default destination IP
as well as multicast flows addresses and/or ports and/or port-ranges and/or prefixes to
which traffic can be sent. In case of multicast, the list of
IP-Multicast group addresses and/or the list of (Source IP
address, IP-Multicast group address) pairs which traffic can
be received from by the attached NASS User. Address
ranges are supported within the list (see note 4).
- List of denied destinations In case of unicast, the list of default destination IP
as well as multicast flows addresses, ports, prefixes and port ranges to which traffic is
denied. In case of multicast, the list of IP-Multicast group
addresses and/or the list of (Source IP address, IP-Multicast
group address) pairs for which traffic towards the attached
NASS User must be denied. Address ranges are supported
within the list (see note 4).
ETSI
14 ETSI ES 282 004 V3.4.1 (2010-03)
Access Session Description
- UL Default Bandwidth The maximum amount of bandwidth that can be used
without explicit authorization in the uplink direction.
- DL Default Bandwidth The maximum amount of bandwidth that can be used
without explicit authorization in the downlink direction.
Static Information derived from the Physical access ID
Location Information
Default NASS User ID
Static Information Derived from the Logical Access ID
RACS point of contact The address of the RACS element where the NASS User
profile should be pushed.
Access Network Type The type of access network over which IP connectivity is
provided to the NASS User.
Event Management Information
Event Management Information
(see note 5)
- Event Type The type of event to be monitored.
- AF Identities The list of AF to be notified of the occurrence of this event.
NOTE 1: An indication whether applications can access location information, depending on their
security level.
NOTE 2: The access profile may contain multiple QoS profiles.
NOTE 3: The actual available bandwidth is not known by the NASS. This information can be derived
by the RACS, based the logical access ID.
NOTE 4: If a unicast destination and/or multicast flow does not appear in either of the two lists, gate
setting decisions for those addresses is subject to control by RACS.
NOTE 5: More than Event Type and associated AF Identities may be stored.
NOTE 6: If the CNGCF address is configured on the CLF and the CNGCF address is received from
the UAAF/PDBF, it depends on operator policy which one should be used.
NOTE 7: If the P-CSCF Identity is configured on the CLF and the P-CSCF identity is received from
the UAAF/PDBF, it depends on operator policy which one should be used.

Several records may contain the same physical access ID and/or logical access ID and/or NASS User ID, as a NASS
User may establish more than one IP session, over the same or different logical access (e.g. ATM VC) using the same
or different physical access. The CLF does not need to establish any link between such records, although it may do it for
the purpose of optimizing its storage capacity.
5.2.3.2 State Model
The behaviour of the CLF when managing access records can be represented by the state model described in the present
clause. This state model is not intended to constrain implementations of a CLF. Implementations may use a different
model as long as they exhibit the same external behaviour.
This state model defines a Session State Machine (SSM) that comprises five states:
• Null: This state represents a non existing access record.
• Wait_For_Bind_Indication_and_Profile: This state is entered when an access record is created as a result of
receiving a request for subscription to an event (e.g. the logon event) while no session record exists for the
associated NASS User identifier or globally unique address. A partial record is created and the CLF waits for a
Bind_Indication event.
• Wait_For_Bind_Indication: This state is entered when an access record is created as a result of receiving
NASS User profile information while no session record exists for the associated NASS User identifier or
globally unique address. A partial record is created and the CLF waits for a Bind_Indication event.
• Wait_For_Profile_Information: This state represents a partial session record where NASS User profile
information is missing.
• Active_Session: This state represents a session record where the full description of an access sessions
available.
The CLF sends and receives information flows at the e2, e4, a2, and a4 reference points. Incoming information flows
are routed to Session State Machines (SSM) based on the NASS User identifier or the globally unique address they
contain.
ETSI
15 ETSI ES 282 004 V3.4.1 (2010-03)
An SSM instance is created when Bind_Indication or an Event_Subscription_Indication event indicating an unknown
NASS User identifier or globally unique address occurs.
The following events are handled by the CLF session state machine and cause transition between the states:
• Event_Subscription_Indication: This event occurs when an Event Registration Request information flow (see
clause 5.5.1) is received from an AF.
NOTE: When the actual CLF event occurs, a Notification Event Request information flow is sent back to the AF.
This does not cause any state transition.
• Bind_Indication: This event occurs when the Bind Indication information flow is received at the a2 reference
point (see clause 5.3.2).
• Unbind_Indication: This event occurs when the Unbind Indication information flow is received at the a2
reference point or when a negative acknowledgement is received in response to a Bind Information Query (see
clause 5.3.2).
• NASS_User_Profile_Received: This event occurs when an Access Profile Push information flow is received at
the a4 reference point as
...