Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN) - NGN Functional Architecture - Network Attachment Sub-System (NASS)

The present document describes the architecture of the Network Attachment Subsystem (NASS) and its role in the TISPAN NGN architecture as defined in ES 282 001 [2].

Zlite telekomunikacijske in internetne storitve ter protokoli za napredno omreženje (TISPAN) - Funkcijska arhitektura omrežja NGN - Podsistem omrežne priključitve (NASS)

Ta dokument opisuje arhitekturo podsistema omrežne priključitve (NASS) in njegovo vlogo v arhitekturi TISPAN NGN, kot je določeno v ES 282 001 [2].

General Information

Status
Published
Publication Date
08-Jun-2014
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
29-May-2014
Due Date
03-Aug-2014
Completion Date
09-Jun-2014

Buy Standard

Standard
ETSI ES 282 004 V3.4.1 (2010-03) - Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN Functional Architecture; Network Attachment Sub-System (NASS)
English language
51 pages
sale 15% off
Preview
sale 15% off
Preview
Standard
ETSI ES 282 004 V3.3.2 (2009-12) - Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN Functional Architecture; Network Attachment Sub-System (NASS)
English language
51 pages
sale 15% off
Preview
sale 15% off
Preview
Standardization document
SIST ES 282 004 V3.4.1:2014
English language
51 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

ETSI ES 282 004 V3.4.1 (2010-03)
ETSI Standard
Telecommunications and Internet converged Services and
Protocols for Advanced Networking (TISPAN);
NGN Functional Architecture;
Network Attachment Sub-System (NASS)
---------------------- Page: 1 ----------------------
2 ETSI ES 282 004 V3.4.1 (2010-03)
Reference
RES/TISPAN-02068-NGN-R3
Keywords
access, system
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org

The present document may be made available in more than one electronic version or in print. In any case of existing or

perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).

In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive

within ETSI Secretariat.

Users of the present document should be aware that the document may be subject to revision or change of status.

Information on the current status of this and other ETSI documents is available at

http://portal.etsi.org/tb/status/status.asp

If you find errors in the present document, please send your comment to one of the following services:

http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2010.
All rights reserved.
TM TM TM TM

DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered

for the benefit of its Members.

3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.

LTE™ is a Trade Mark of ETSI currently being registered
for the benefit of its Members and of the 3GPP Organizational Partners.

GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.

ETSI
---------------------- Page: 2 ----------------------
3 ETSI ES 282 004 V3.4.1 (2010-03)
Contents

Intellectual Property Rights ................................................................................................................................ 5

Foreword ............................................................................................................................................................. 5

1 Scope ........................................................................................................................................................ 6

2 References ................................................................................................................................................ 6

2.1 Normative references ......................................................................................................................................... 6

2.2 Informative references ........................................................................................................................................ 7

3 Definitions and abbreviations ................................................................................................................... 7

3.1 Definitions .......................................................................................................................................................... 7

3.2 Abbreviations ..................................................................................................................................................... 7

4 General Description of NASS .................................................................................................................. 8

4.1 High level functional overview .......................................................................................................................... 8

4.2 High level concepts of NASS ............................................................................................................................. 9

4.3 Mobility, Nomadism .......................................................................................................................................... 9

4.4 Access network level registration ....................................................................................................................... 9

4.4.1 Implicit authentication ................................................................................................................................ 10

4.4.1.1 Line authentication ................................................................................................................................ 10

4.4.2 Explicit authentication ................................................................................................................................ 10

4.4.3 CNG remote network configuration ........................................................................................................... 10

4.4.4 TISPAN NGN Service/Applications Subsystems discovery ...................................................................... 10

5 Functional Architecture .......................................................................................................................... 11

5.1 Overview .......................................................................................................................................................... 11

5.2 Functional Entities ............................................................................................................................................ 12

5.2.1 Network Access Configuration Function (NACF) ..................................................................................... 12

5.2.2 Void ............................................................................................................................................................ 12

5.2.3 Connectivity session Location and repository Function (CLF) .................................................................. 12

5.2.3.1 Information Model ................................................................................................................................ 13

5.2.3.2 State Model ........................................................................................................................................... 14

5.2.4 User Authentication and Authorization Function (UAAF) ......................................................................... 16

5.2.5 Profile Data Base Function (PDBF) ........................................................................................................... 16

5.2.6 CNG Configuration Function (CNGCF) ..................................................................................................... 17

5.2.7 Void ............................................................................................................................................................ 17

5.3 Internal Reference points .................................................................................................................................. 17

5.3.1 Void ............................................................................................................................................................ 17

5.3.2 Reference Point NACF - CLF (a2) ............................................................................................................. 17

5.3.2.1 Bind Indication ...................................................................................................................................... 17

5.3.2.2 Bind Acknowledgement ........................................................................................................................ 18

5.3.2.3 Unbind Indication ................................................................................................................................. 18

5.3.2.4 Bind Information Query ........................................................................................................................ 18

5.3.2.5 Bind Information Query Acknowledgement ......................................................................................... 18

5.3.3 Void ............................................................................................................................................................ 19

5.3.4 Reference Point UAAF - CLF (a4) ............................................................................................................. 19

5.3.4.1 Access Profile Push ............................................................................................................................... 19

5.3.4.2 Access Profile Pull ................................................................................................................................ 21

5.3.4.3 Remove Access Profile ......................................................................................................................... 21

5.3.5 Reference Point NACF - UAAF ................................................................................................................. 21

5.3.6 Reference Point UAAF - UAAF (e5) ......................................................................................................... 21

5.3.6.1 Information exchanged on e5 ................................................................................................................ 22

5.4 Interface with the Resource and Admission Control Subsystem (RACS) ........................................................ 23

5.4.1 Interface between CLF and RACF (e4) ...................................................................................................... 23

5.4.1.1 Access Profile Push ............................................................................................................................... 23

5.4.1.2 Access Profile Pull ................................................................................................................................ 25

5.4.1.3 IP Connectivity Release Indication ....................................................................................................... 25

5.5 Interfaces between NASS and the application plane and service control subsystems ...................................... 25

ETSI
---------------------- Page: 3 ----------------------
4 ETSI ES 282 004 V3.4.1 (2010-03)

5.5.1 Interface between CLF and Application Functions (e2) ............................................................................. 25

5.5.1.1 Information Query Request ................................................................................................................... 26

5.5.1.2 Information Query Response ................................................................................................................ 26

5.5.1.3 Event Registration Request ................................................................................................................... 27

5.5.1.4 Event Registration Response ................................................................................................................. 27

5.5.1.5 Notification Event Request ................................................................................................................... 27

5.5.1.6 Notification Event Response ................................................................................................................. 28

5.6 Reference points between NASS and User Equipment .................................................................................... 28

5.6.1 Authentication and IP address allocation (e1) ............................................................................................ 28

5.6.2 Interface between CNGCF and CNG (e3) .................................................................................................. 28

5.6.3 Reference points with the AMF .................................................................................................................. 29

6 Mapping onto network roles................................................................................................................... 29

7 Information flows ................................................................................................................................... 32

7.1 High level information flows............................................................................................................................ 32

7.2 PPP related procedures ..................................................................................................................................... 33

7.4 IEEE 802 Ethernet access ................................................................................................................................. 39

7.5 PANA-based related ......................................................................................................................................... 40

Annex A (informative): Physical Configurations ................................................................................ 43

A.1 PPP case ................................................................................................................................................. 43

A.2 PPP with DHCP configuration ............................................................................................................... 44

A.3 DHCP (option 1) .................................................................................................................................... 45

A.4 DHCP (option 2) .................................................................................................................................... 46

A.5 PANA-based configuration .................................................................................................................... 46

Annex B (informative): Recovery procedures for functional elements within NASS ...................... 48

B.1 Conceptual information exchange flow for CLF state recovery ............................................................ 48

Annex C (informative): Bibliography ................................................................................................... 49

Annex D (informative): Change history ............................................................................................... 50

History .............................................................................................................................................................. 51

ETSI
---------------------- Page: 4 ----------------------
5 ETSI ES 282 004 V3.4.1 (2010-03)
Intellectual Property Rights

IPRs essential or potentially essential to the present document may have been declared to ETSI. The information

pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found

in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in

respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web

server (http://webapp.etsi.org/IPR/home.asp).

Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee

can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web

server) which are, or may be, or may become, essential to the present document.
Foreword

This ETSI Standard (ES) has been produced by ETSI Technical Committee Telecommunications and Internet

converged Services and Protocols for Advanced Networking (TISPAN).

The present document describes the architecture of the Network Attachment Subsystem (NASS) identified in the overall

TISPAN NGN architecture.
ETSI
---------------------- Page: 5 ----------------------
6 ETSI ES 282 004 V3.4.1 (2010-03)
1 Scope

The present document describes the architecture of the Network Attachment Subsystem (NASS) and its role in the

TISPAN NGN architecture as defined in ES 282 001 [2].
2 References

References are either specific (identified by date of publication and/or edition number or version number) or

non-specific.
• For a specific reference, subsequent revisions do not apply.

• Non-specific reference may be made only to a complete document or a part thereof and only in the following

cases:

- if it is accepted that it will be possible to use all future changes of the referenced document for the

purposes of the referring document;
- for informative references.

Referenced documents which are not found to be publicly available in the expected location might be found at

http://docbox.etsi.org/Reference.

NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee

their long term validity.
2.1 Normative references

The following referenced documents are indispensable for the application of the present document. For dated

references, only the edition cited applies. For non-specific references, the latest edition of the referenced document

(including any amendments) applies.

[1] ETSI TS 133 203: "Digital cellular telecommunications system (Phase 2+); Universal Mobile

Telecommunications System (UMTS); 3G security; Access security for IP-based services

(3GPP TS 33.203)".

[2] ETSI ES 282 001: "Telecommunications and Internet converged Services and Protocols for

Advanced Networking (TISPAN); NGN Functional Architecture".
[3] IETF RFC 1661: "The Point-to-Point Protocol (PPP)".

[4] ISO/IEC 7498-2: "Information Processing Systems - Open Systems Interconnection - Basic

Reference Model - Part 2: Security Architecture".

[5] IEEE 802.1X: "IEEE Standard for Local and metropolitan area networks - Port Based Network

Access Control".

[6] ETSI TS 182 008: "Telecommunications and Internet converged Services and Protocols for

Advanced Networking (TISPAN); Presence Service; Architecture and functional description

[Endorsement of 3GPP TS 23.141 and OMA-AD-Presence-SIMPLE-V1-0]".
ETSI
---------------------- Page: 6 ----------------------
7 ETSI ES 282 004 V3.4.1 (2010-03)
2.2 Informative references

The following referenced documents are not essential to the use of the present document but they assist the user with

regard to a particular subject area. For non-specific references, the latest version of the referenced document (including

any amendments) applies.

[i.1] ETSI TR 121 905: "Digital cellular telecommunications system (Phase 2+); Universal Mobile

Telecommunications System (UMTS); Vocabulary for 3GPP Specifications (3GPP TR 21.905

Release 7)".

[i.2] ETSI ES 282 007: "Telecommunications and Internet converged Services and Protocols for

Advanced Networking (TISPAN); IP Multimedia Subsystem (IMS); Functional architecture".

3 Definitions and abbreviations
3.1 Definitions

For the purposes of the present document, the following terms and definitions apply:

authentication: property by which the correct identity of an entity or party is established with a required assurance

NOTE: The party being authenticated could be a user, subscriber, home environment or serving network

(see TR 121 905 [i.1]).

authorization: granting of permission based on authenticated identification (see ISO/IEC 7498-2 [4])

NOTE: In some contexts, authorization may be granted without requiring authentication or identification

e.g. emergency call services.

Customer Network Gateway (CNG): gateway between the Customer Premises Network (CPN) and the Access

Network

NOTE: A Customer Network Gateway may be in its simplest form a bridged or routed modem, and in a more

advanced form be an IAD.

explicit authentication: authentication that requires that the party to be authenticated performs an authentication

procedure (to verify the claimed identity of the party)

NOTE: For example, in IMS security (TS 133 203 [1]), explicit authentication is provided with full AKA directed

towards the IMS client entity (represented by IMPI/IMPU and USIM/ISIM) and also implicit

authentication is provided by means of the IPsec security associations.

implicit authentication: authentication based on a trusted relationship already established between two parties, or based

on one or more outputs of an authentication procedure already established between two parties

line identification: process that establishes the identity of the line based on the trusted configuration

NASS user: entity requesting authorization, authentication and allocation of the IP-Address from the NASS

User Equipment (UE): one or more devices allowing a user to access services delivered by TISPAN NGN networks

NOTE: This includes devices under user control commonly referred to as CPE, IAD, ATA, RGW, TE, etc., but

not network controlled entities such as access gateways.
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AAA Authentication Authorization and Accounting
AF Application Functions
AMF Access Management Function
ETSI
---------------------- Page: 7 ----------------------
8 ETSI ES 282 004 V3.4.1 (2010-03)
AN Access Network
API Application Programming Interface
A-RACF Access-Resource and Admission Control Function
ARF Access Relay Function
ASF Application Server Functions
ATM Asynchronous Transfer Mode
BGF Border Gateway Function
CLF Connectivity session Location and repository Function
CNG Customer Network Gateway
CNGCF CNG Configuration Function
CPE Customer Premises Equipment
CPN Customer Premises Network
DHCP Dynamic Host Configuration Protocol
DNS Domain Name Server
EAP Extensible Authentication Protocol
EP Enforcement Point
FQDN Fully Qualified Domain Name
IBCF Interconnection Border Control Function
IMS IP Multimedia SubSystem
IP Internet Protocol
LIF Location Information Forum
NACF Network Access Configuration Function
NASS Network Attachment SubSystem
PAA PANA Authentication Agent
PaC PANA Client
PANA Protocol for carrying Authentication for Network Access
P-CSCF Proxy-Call Session Control Function
PDBF Profile Data Base Function
PNA Presence Network Agent
PPP Point-to-Point Protocol
RACS Resource Admission Control Subsystem
RCEF Resource Control Emulation Function
TE Terminal Equipment
UAAF User Access Authorization Function
UE User Equipment
VC Virtual Circuit
VP Virtual Path
4 General Description of NASS
4.1 High level functional overview
The Network Attachment Subsystem provides the following functionalities:

• Dynamic provision of IP address and other user equipment configuration parameters (e.g. using DHCP).

• User authentication, prior or during the IP address allocation procedure.
• Authorization of network access, based on user profile.
• Access network configuration, based on user profile.
• Location management.
ETSI
---------------------- Page: 8 ----------------------
Other networks
User Equipment
9 ETSI ES 282 004 V3.4.1 (2010-03)

The location of this subsystem in the overall TISPAN architecture can be found in ES 282 001 [2] and is shown here for

information in figure 4.1.
Applications
Service Layer
Other
Subsyst ems
User
profiles
Core IMS
PSTN/ISDN
Emulat ion
Subsyst em
Transport Layer
Network
Attachment
Resource and
Subsyst em
Admission Control
Subsyst em
Transport processing functions
Figure 4.1: TISPAN NGN Architecture overview
4.2 High level concepts of NASS

The Network Attachment Subsystem (NASS) provides registration at access level and initialization of

User Equipment (UE) for accessing to the TISPAN NGN services. The NASS provides network level identification and

authentication, manages the IP address space of the Access Network and authenticates access sessions. The NASS also

announces the contact point of the TISPAN NGN Service/Applications Subsystems to the UE.

Network attachment through NASS is based on implicit or explicit user identity and authentication credentials stored in

the NASS.
4.3 Mobility, Nomadism

Mobility management functions provided by the NASS in the current TISPAN NGN release are limited to the ability of

a terminal to be moved to different access points and access networks (which may be owned by a different access

network provider) and a user to utilize different terminal, access points and access networks to retrieve their TISPAN

NGN services (even from another network operator). The current TISPAN NGN release does not require the support of

handover and session continuity between access networks without excluding autonomous mobility capabilities provided

within the access networks.
The impact of these nomadism requirements are defined in clause 6.
4.4 Access network level registration

NASS registration involves the identification, authentication, and authorization procedures between the UE and the

NASS to control the access to the NASS. Two authentication types are defined for NASS: Implicit authentication, for

example based on line identification, and explicit authentication, for example based on EAP. The relationship between

the identity and the credentials used for authentication must be known to the NASS for any authentication solution to be

possible.
ETSI
---------------------- Page: 9 ----------------------
10 ETSI ES 282 004 V3.4.1 (2010-03)

Explicit authentication is required between the UE and the NASS. It requires a signalling procedure to be performed

between the UE and the NASS. Implicit authentication may be performed by the NASS based on the line identification

of the connection to the UE. It is a matter of operator policy which form of authentication is applied.

Both implicit authentication and explicit authentication may be used independently as NASS authentication

mechanisms.
4.4.1 Implicit authentication

Depending on the access network configuration, especially for wired broadband access networks, the implicit access

authentication may rely only on an implicit authentication through physical or logic identity on the layer 2 (L2)

transport layer. A UE can directly gain access to access network without an explicit authentication procedure.

A CNG shall be able to directly access an access network without an explicit authentication procedure.

Which implicit authentication method applies depends on the operator policies.
4.4.1.1 Line authentication

Line authentication is a form of implicit authentication. Line authentication ensures that an access line is authenticated

and can be accessed from the CNG. Line authentication shall be based on the activation of the L2 connection between

the CNG and the access network.

Line authentication ensures that an access line is authenticated and can be accessed from the CNG. The line ID shall be

used for line authentication. The operator's policy shall decide whether line authentication applies.

4.4.2 Explicit authentication

In case the CNG is a routing modem and the Customer Premises Network (CPN) is a private IP realm, authentication

shall be initiated from the CNG. In case the CNG is a bridge, each UE shall authenticate with the NASS as the IP realm

in the CPN is known to the access network.

The relationship between the identity and the credentials used for authentication must be known to the NASS for any

explicit authentication solution to be possible. The identity used for explicit authentication may depend on the

authentication mechanism applied and on the access network which the UE is connected to. Two examples of these

identities are:
• User identity and credentials.
• UE identity.

The type of explicit authentication mechanisms used shall depend on the access network configuration and on the

operator policy.
4.4.3 CNG remote network configuration

This procedure is needed for the initialization of the CNGs accessing to the TISPAN NGN service subsystems.

4.4.4 TISPAN NGN Service/Applications Subsystems discovery

As part of the network registration process, the NASS shall have the possibility to announce the contact information of

the TISPAN NGN Service/Applications Subsystems to the UE. In case the TISPAN NGN Subsystem is the IMS, the

contact information provided by the NASS shall identify the P-CSCF.

The contact information provided by the NASS should either be in the form of the IP address of the contact point or in

the form of the FQDN of the contact point (in which case the NASS provides the IP address of the DNS server that is

able to resolve this FQDN into the IP address of the contact point).

Alternatively, the contact point to the TISPAN NGN Service/Applications Subsystems may be statically configured in

the UE e.g. using Fully Qualified Domain Names (FQDN) and DNS resolution to retrieve the contact points IP

addresses. This option applies in the non-roaming case.
ETSI
---------------------- Page: 10 ----------------------
11 ETSI ES 282 004 V3.4.1 (2010-03)
5 Functional Architecture
5.1 Overview

The Network Attachment Subsystem (NASS) comprises the following functional entities:

• Network Access Configuration Function (NACF).
• Connectivity session Location and repository Function (CLF).
• User Authentication and Authorization Function (UAAF).
• Profile Data Base Function (PDBF).
• CNG Configuration Function (CNGCF).
The NASS has interaction with the following TISPAN NGN functional entities:
• TISPAN Service control subsystems and applications.
• Resource Admission Control Subsystem (RACS).
• Access Relay Func
...

Final draft ETSI ES 282 004 V3.3.2 (2009-12)
ETSI Standard
Telecommunications and Internet converged Services and
Protocols for Advanced Networking (TISPAN);
NGN Functional Architecture;
Network Attachment Sub-System (NASS)
---------------------- Page: 1 ----------------------
2 Final draft ETSI ES 282 004 V3.3.2 (2009-12)
Reference
RES/TISPAN-02068-NGN-R3
Keywords
access, system
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org

The present document may be made available in more than one electronic version or in print. In any case of existing or

perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).

In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive

within ETSI Secretariat.

Users of the present document should be aware that the document may be subject to revision or change of status.

Information on the current status of this and other ETSI documents is available at

http://portal.etsi.org/tb/status/status.asp

If you find errors in the present document, please send your comment to one of the following services:

http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2009.
All rights reserved.
TM TM TM TM

DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered

for the benefit of its Members.

3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.

LTE™ is a Trade Mark of ETSI currently being registered
for the benefit of its Members and of the 3GPP Organizational Partners.

GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.

ETSI
---------------------- Page: 2 ----------------------
3 Final draft ETSI ES 282 004 V3.3.2 (2009-12)
Contents

Intellectual Property Rights ................................................................................................................................ 5

Foreword ............................................................................................................................................................. 5

1 Scope ........................................................................................................................................................ 6

2 References ................................................................................................................................................ 6

2.1 Normative references ......................................................................................................................................... 6

2.2 Informative references ........................................................................................................................................ 7

3 Definitions and abbreviations ................................................................................................................... 7

3.1 Definitions .......................................................................................................................................................... 7

3.2 Abbreviations ..................................................................................................................................................... 7

4 General Description of NASS .................................................................................................................. 8

4.1 High level functional overview .......................................................................................................................... 8

4.2 High level concepts of NASS ............................................................................................................................. 9

4.3 Mobility, Nomadism .......................................................................................................................................... 9

4.4 Access network level registration ....................................................................................................................... 9

4.4.1 Implicit authentication ................................................................................................................................ 10

4.4.1.1 Line authentication ................................................................................................................................ 10

4.4.2 Explicit authentication ................................................................................................................................ 10

4.4.3 CNG remote network configuration ........................................................................................................... 10

4.4.4 TISPAN NGN Service/Applications Subsystems discovery ...................................................................... 10

5 Functional Architecture .......................................................................................................................... 11

5.1 Overview .......................................................................................................................................................... 11

5.2 Functional Entities ............................................................................................................................................ 12

5.2.1 Network Access Configuration Function (NACF) ..................................................................................... 12

5.2.2 Void ............................................................................................................................................................ 12

5.2.3 Connectivity session Location and repository Function (CLF) .................................................................. 12

5.2.3.1 Information Model ................................................................................................................................ 13

5.2.3.2 State Model ........................................................................................................................................... 14

5.2.4 User Authentication and Authorization Function (UAAF) ......................................................................... 16

5.2.5 Profile Data Base Function (PDBF) ........................................................................................................... 16

5.2.6 CNG Configuration Function (CNGCF) ..................................................................................................... 17

5.2.7 Void ............................................................................................................................................................ 17

5.3 Internal Reference points .................................................................................................................................. 17

5.3.1 Void ............................................................................................................................................................ 17

5.3.2 Reference Point NACF - CLF (a2) ............................................................................................................. 17

5.3.2.1 Bind Indication ...................................................................................................................................... 17

5.3.2.2 Bind Acknowledgement ........................................................................................................................ 18

5.3.2.3 Unbind Indication ................................................................................................................................. 18

5.3.2.4 Bind Information Query ........................................................................................................................ 18

5.3.2.5 Bind Information Query Acknowledgement ......................................................................................... 18

5.3.3 Void ............................................................................................................................................................ 19

5.3.4 Reference Point UAAF - CLF (a4) ............................................................................................................. 19

5.3.4.1 Access Profile Push ............................................................................................................................... 19

5.3.4.2 Access Profile Pull ................................................................................................................................ 21

5.3.4.3 Remove Access Profile ......................................................................................................................... 21

5.3.5 Reference Point NACF - UAAF ................................................................................................................. 21

5.3.6 Reference Point UAAF - UAAF (e5) ......................................................................................................... 21

5.3.6.1 Information exchanged on e5 ................................................................................................................ 22

5.4 Interface with the Resource and Admission Control Subsystem (RACS) ........................................................ 23

5.4.1 Interface between CLF and RACF (e4) ...................................................................................................... 23

5.4.1.1 Access Profile Push ............................................................................................................................... 23

5.4.1.2 Access Profile Pull ................................................................................................................................ 25

5.4.1.3 IP Connectivity Release Indication ....................................................................................................... 25

5.5 Interfaces between NASS and the application plane and service control subsystems ...................................... 25

ETSI
---------------------- Page: 3 ----------------------
4 Final draft ETSI ES 282 004 V3.3.2 (2009-12)

5.5.1 Interface between CLF and Application Functions (e2) ............................................................................. 25

5.5.1.1 Information Query Request ................................................................................................................... 26

5.5.1.2 Information Query Response ................................................................................................................ 26

5.5.1.3 Event Registration Request ................................................................................................................... 27

5.5.1.4 Event Registration Response ................................................................................................................. 27

5.5.1.5 Notification Event Request ................................................................................................................... 27

5.5.1.6 Notification Event Response ................................................................................................................. 28

5.6 Reference points between NASS and User Equipment .................................................................................... 28

5.6.1 Authentication and IP address allocation (e1) ............................................................................................ 28

5.6.2 Interface between CNGCF and CNG (e3) .................................................................................................. 28

5.6.3 Reference points with the AMF .................................................................................................................. 29

6 Mapping onto network roles................................................................................................................... 29

7 Information flows ................................................................................................................................... 32

7.1 High level information flows............................................................................................................................ 32

7.2 PPP related procedures ..................................................................................................................................... 33

7.4 IEEE 802 Ethernet access ................................................................................................................................. 39

7.5 PANA-based related ......................................................................................................................................... 40

Annex A (informative): Physical Configurations ................................................................................ 43

A.1 PPP case ................................................................................................................................................. 43

A.2 PPP with DHCP configuration ............................................................................................................... 44

A.3 DHCP (option 1) .................................................................................................................................... 45

A.4 DHCP (option 2) .................................................................................................................................... 46

A.5 PANA-based configuration .................................................................................................................... 46

Annex B (informative): Recovery procedures for functional elements within NASS ...................... 48

B.1 Conceptual information exchange flow for CLF state recovery ............................................................ 48

Annex C (informative): Bibliography ................................................................................................... 49

Annex D (informative): Change history ............................................................................................... 50

History .............................................................................................................................................................. 51

ETSI
---------------------- Page: 4 ----------------------
5 Final draft ETSI ES 282 004 V3.3.2 (2009-12)
Intellectual Property Rights

IPRs essential or potentially essential to the present document may have been declared to ETSI. The information

pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found

in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in

respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web

server (http://webapp.etsi.org/IPR/home.asp).

Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee

can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web

server) which are, or may be, or may become, essential to the present document.
Foreword

This ETSI Standard (ES) has been produced by ETSI Technical Committee Telecommunications and Internet

converged Services and Protocols for Advanced Networking (TISPAN), and is now submitted for the ETSI standards

Membership Approval Procedure.

The present document describes the architecture of the Network Attachment Subsystem (NASS) identified in the overall

TISPAN NGN architecture.
ETSI
---------------------- Page: 5 ----------------------
6 Final draft ETSI ES 282 004 V3.3.2 (2009-12)
1 Scope

The present document describes the architecture of the Network Attachment Subsystem (NASS) and its role in the

TISPAN NGN architecture as defined in ES 282 001 [2].
2 References

References are either specific (identified by date of publication and/or edition number or version number) or

non-specific.
• For a specific reference, subsequent revisions do not apply.

• Non-specific reference may be made only to a complete document or a part thereof and only in the following

cases:

- if it is accepted that it will be possible to use all future changes of the referenced document for the

purposes of the referring document;
- for informative references.

Referenced documents which are not found to be publicly available in the expected location might be found at

http://docbox.etsi.org/Reference.

NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee

their long term validity.
2.1 Normative references

The following referenced documents are indispensable for the application of the present document. For dated

references, only the edition cited applies. For non-specific references, the latest edition of the referenced document

(including any amendments) applies.

[1] ETSI TS 133 203: "Digital cellular telecommunications system (Phase 2+); Universal Mobile

Telecommunications System (UMTS); 3G security; Access security for IP-based services

(3GPP TS 33.203)".

[2] ETSI ES 282 001: "Telecommunications and Internet converged Services and Protocols for

Advanced Networking (TISPAN); NGN Functional Architecture".
[3] IETF RFC 1661: "The Point-to-Point Protocol (PPP)".

[4] ISO/IEC 7498-2: "Information Processing Systems - Open Systems Interconnection - Basic

Reference Model - Part 2: Security Architecture".

[5] IEEE 802.1X: "IEEE Standard for Local and metropolitan area networks - Port Based Network

Access Control".

[6] ETSI TS 182 008: "Telecommunications and Internet converged Services and Protocols for

Advanced Networking (TISPAN); Presence Service; Architecture and functional description

[Endorsement of 3GPP TS 23.141 and OMA-AD-Presence-SIMPLE-V1-0]".
ETSI
---------------------- Page: 6 ----------------------
7 Final draft ETSI ES 282 004 V3.3.2 (2009-12)
2.2 Informative references

The following referenced documents are not essential to the use of the present document but they assist the user with

regard to a particular subject area. For non-specific references, the latest version of the referenced document (including

any amendments) applies.

[i.1] ETSI TR 121 905: "Digital cellular telecommunications system (Phase 2+); Universal Mobile

Telecommunications System (UMTS); Vocabulary for 3GPP Specifications (3GPP TR 21.905

Release 7)".

[i.2] ETSI ES 282 007: "Telecommunications and Internet converged Services and Protocols for

Advanced Networking (TISPAN); IP Multimedia Subsystem (IMS); Functional architecture".

3 Definitions and abbreviations
3.1 Definitions

For the purposes of the present document, the following terms and definitions apply:

authentication: property by which the correct identity of an entity or party is established with a required assurance

NOTE: The party being authenticated could be a user, subscriber, home environment or serving network

(see TR 121 905 [i.1]).

authorization: granting of permission based on authenticated identification (see ISO/IEC 7498-2 [4])

NOTE: In some contexts, authorization may be granted without requiring authentication or identification

e.g. emergency call services.

Customer Network Gateway (CNG): gateway between the Customer Premises Network (CPN) and the Access

Network

NOTE: A Customer Network Gateway may be in its simplest form a bridged or routed modem, and in a more

advanced form be an IAD.

explicit authentication: authentication that requires that the party to be authenticated performs an authentication

procedure (to verify the claimed identity of the party)

NOTE: For example, in IMS security (TS 133 203 [1]), explicit authentication is provided with full AKA directed

towards the IMS client entity (represented by IMPI/IMPU and USIM/ISIM) and also implicit

authentication is provided by means of the IPsec security associations.

implicit authentication: authentication based on a trusted relationship already established between two parties, or based

on one or more outputs of an authentication procedure already established between two parties

line identification: process that establishes the identity of the line based on the trusted configuration

NASS user: entity requesting authorization, authentication and allocation of the IP-Address from the NASS

User Equipment (UE): one or more devices allowing a user to access services delivered by TISPAN NGN networks

NOTE: This includes devices under user control commonly referred to as CPE, IAD, ATA, RGW, TE, etc., but

not network controlled entities such as access gateways.
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AAA Authentication Authorization and Accounting
AF Application Functions
AMF Access Management Function
ETSI
---------------------- Page: 7 ----------------------
8 Final draft ETSI ES 282 004 V3.3.2 (2009-12)
AN Access Network
API Application Programming Interface
A-RACF Access-Resource and Admission Control Function
ARF Access Relay Function
ASF Application Server Functions
ATM Asynchronous Transfer Mode
BGF Border Gateway Function
CLF Connectivity session Location and repository Function
CNG Customer Network Gateway
CNGCF CNG Configuration Function
CPE Customer Premises Equipment
CPN Customer Premises Network
DHCP Dynamic Host Configuration Protocol
DNS Domain Name Server
EAP Extensible Authentication Protocol
EP Enforcement Point
FQDN Fully Qualified Domain Name
IBCF Interconnection Border Control Function
IMS IP Multimedia SubSystem
IP Internet Protocol
LIF Location Information Forum
NACF Network Access Configuration Function
NASS Network Attachment SubSystem
PAA PANA Authentication Agent
PaC PANA Client
PANA Protocol for carrying Authentication for Network Access
P-CSCF Proxy-Call Session Control Function
PDBF Profile Data Base Function
PNA Presence Network Agent
PPP Point-to-Point Protocol
RACS Resource Admission Control Subsystem
RCEF Resource Control Emulation Function
TE Terminal Equipment
UAAF User Access Authorization Function
UE User Equipment
VC Virtual Circuit
VP Virtual Path
4 General Description of NASS
4.1 High level functional overview
The Network Attachment Subsystem provides the following functionalities:

• Dynamic provision of IP address and other user equipment configuration parameters (e.g. using DHCP).

• User authentication, prior or during the IP address allocation procedure.
• Authorization of network access, based on user profile.
• Access network configuration, based on user profile.
• Location management.
ETSI
---------------------- Page: 8 ----------------------
Other networks
User Equipment
9 Final draft ETSI ES 282 004 V3.3.2 (2009-12)

The location of this subsystem in the overall TISPAN architecture can be found in ES 282 001 [2] and is shown here for

information in figure 4.1.
Applications
Service Layer
Other
Subsyst ems
User
profiles
Core IMS
PSTN/ISDN
Emulat ion
Subsyst em
Transport Layer
Network
Attachment
Resource and
Subsyst em
Admission Control
Subsyst em
Transport processing functions
Figure 4.1: TISPAN NGN Architecture overview
4.2 High level concepts of NASS

The Network Attachment Subsystem (NASS) provides registration at access level and initialization of

User Equipment (UE) for accessing to the TISPAN NGN services. The NASS provides network level identification and

authentication, manages the IP address space of the Access Network and authenticates access sessions. The NASS also

announces the contact point of the TISPAN NGN Service/Applications Subsystems to the UE.

Network attachment through NASS is based on implicit or explicit user identity and authentication credentials stored in

the NASS.
4.3 Mobility, Nomadism

Mobility management functions provided by the NASS in the current TISPAN NGN release are limited to the ability of

a terminal to be moved to different access points and access networks (which may be owned by a different access

network provider) and a user to utilize different terminal, access points and access networks to retrieve their TISPAN

NGN services (even from another network operator). The current TISPAN NGN release does not require the support of

handover and session continuity between access networks without excluding autonomous mobility capabilities provided

within the access networks.
The impact of these nomadism requirements are defined in clause 6.
4.4 Access network level registration

NASS registration involves the identification, authentication, and authorization procedures between the UE and the

NASS to control the access to the NASS. Two authentication types are defined for NASS: Implicit authentication, for

example based on line identification, and explicit authentication, for example based on EAP. The relationship between

the identity and the credentials used for authentication must be known to the NASS for any authentication solution to be

possible.
ETSI
---------------------- Page: 9 ----------------------
10 Final draft ETSI ES 282 004 V3.3.2 (2009-12)

Explicit authentication is required between the UE and the NASS. It requires a signalling procedure to be performed

between the UE and the NASS. Implicit authentication may be performed by the NASS based on the line identification

of the connection to the UE. It is a matter of operator policy which form of authentication is applied.

Both implicit authentication and explicit authentication may be used independently as NASS authentication

mechanisms.
4.4.1 Implicit authentication

Depending on the access network configuration, especially for wired broadband access networks, the implicit access

authentication may rely only on an implicit authentication through physical or logic identity on the layer 2 (L2)

transport layer. A UE can directly gain access to access network without an explicit authentication procedure.

A CNG shall be able to directly access an access network without an explicit authentication procedure.

Which implicit authentication method applies depends on the operator policies.
4.4.1.1 Line authentication

Line authentication is a form of implicit authentication. Line authentication ensures that an access line is authenticated

and can be accessed from the CNG. Line authentication shall be based on the activation of the L2 connection between

the CNG and the access network.

Line authentication ensures that an access line is authenticated and can be accessed from the CNG. The line ID shall be

used for line authentication. The operator's policy shall decide whether line authentication applies.

4.4.2 Explicit authentication

In case the CNG is a routing modem and the Customer Premises Network (CPN) is a private IP realm, authentication

shall be initiated from the CNG. In case the CNG is a bridge, each UE shall authenticate with the NASS as the IP realm

in the CPN is known to the access network.

The relationship between the identity and the credentials used for authentication must be known to the NASS for any

explicit authentication solution to be possible. The identity used for explicit authentication may depend on the

authentication mechanism applied and on the access network which the UE is connected to. Two examples of these

identities are:
• User identity and credentials.
• UE identity.

The type of explicit authentication mechanisms used shall depend on the access network configuration and on the

operator policy.
4.4.3 CNG remote network configuration

This procedure is needed for the initialization of the CNGs accessing to the TISPAN NGN service subsystems.

4.4.4 TISPAN NGN Service/Applications Subsystems discovery

As part of the network registration process, the NASS shall have the possibility to announce the contact information of

the TISPAN NGN Service/Applications Subsystems to the UE. In case the TISPAN NGN Subsystem is the IMS, the

contact information provided by the NASS shall identify the P-CSCF.

The contact information provided by the NASS should either be in the form of the IP address of the contact point or in

the form of the FQDN of the contact point (in which case the NASS provides the IP address of the DNS server that is

able to resolve this FQDN into the IP address of the contact point).

Alternatively, the contact point to the TISPAN NGN Service/Applications Subsystems may be statically configured in

the UE e.g. using Fully Qualified Domain Names (FQDN) and DNS resolution to retrieve the contact points IP

addresses. This option applies in the non-roaming case.
ETSI
---------------------- Page: 10 ----------------------
11 Final draft ETSI ES 282 004 V3.3.2 (2009-12)
5 Functional Architecture
5.1 Overview

The Network Attachment Subsystem (NASS) comprises the following functional entities:

• Network Access Configuration Function (NACF).
• Connectivity session Location and repository Function (CLF).
• User Authentication and Authorization Function (UAAF).
• Profile Data Base Function (PDBF).
• CNG Configuration Function (CNGCF).
...

SLOVENSKI STANDARD
SIST ES 282 004 V3.4.1:2014
01-julij-2014

=OLWHWHOHNRPXQLNDFLMVNHLQLQWHUQHWQHVWRULWYHWHUSURWRNROL]DQDSUHGQRRPUHåHQMH

7,63$1 )XQNFLMVNDDUKLWHNWXUDRPUHåMD1*13RGVLVWHPRPUHåQHSULNOMXþLWYH
1$66
Telecommunications and Internet converged Services and Protocols for Advanced

Networking (TISPAN) - NGN Functional Architecture - Network Attachment Sub-System

(NASS)
Ta slovenski standard je istoveten z: ES 282 004 Version 3.4.1
ICS:
33.040.01 Telekomunikacijski sistemi Telecommunication systems
na splošno in general
33.080 Digitalno omrežje z Integrated Services Digital
integriranimi storitvami Network (ISDN)
(ISDN)
SIST ES 282 004 V3.4.1:2014 en

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST ES 282 004 V3.4.1:2014
---------------------- Page: 2 ----------------------
SIST ES 282 004 V3.4.1:2014
ETSI ES 282 004 V3.4.1 (2010-03)
ETSI Standard
Telecommunications and Internet converged Services and
Protocols for Advanced Networking (TISPAN);
NGN Functional Architecture;
Network Attachment Sub-System (NASS)
---------------------- Page: 3 ----------------------
SIST ES 282 004 V3.4.1:2014
2 ETSI ES 282 004 V3.4.1 (2010-03)
Reference
RES/TISPAN-02068-NGN-R3
Keywords
access, system
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE
Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16
Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88
Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org

The present document may be made available in more than one electronic version or in print. In any case of existing or

perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).

In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive

within ETSI Secretariat.

Users of the present document should be aware that the document may be subject to revision or change of status.

Information on the current status of this and other ETSI documents is available at

http://portal.etsi.org/tb/status/status.asp

If you find errors in the present document, please send your comment to one of the following services:

http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.
© European Telecommunications Standards Institute 2010.
All rights reserved.
TM TM TM TM

DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered

for the benefit of its Members.

3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.

LTE™ is a Trade Mark of ETSI currently being registered
for the benefit of its Members and of the 3GPP Organizational Partners.

GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.

ETSI
---------------------- Page: 4 ----------------------
SIST ES 282 004 V3.4.1:2014
3 ETSI ES 282 004 V3.4.1 (2010-03)
Contents

Intellectual Property Rights ................................................................................................................................ 5

Foreword ............................................................................................................................................................. 5

1 Scope ........................................................................................................................................................ 6

2 References ................................................................................................................................................ 6

2.1 Normative references ......................................................................................................................................... 6

2.2 Informative references ........................................................................................................................................ 7

3 Definitions and abbreviations ................................................................................................................... 7

3.1 Definitions .......................................................................................................................................................... 7

3.2 Abbreviations ..................................................................................................................................................... 7

4 General Description of NASS .................................................................................................................. 8

4.1 High level functional overview .......................................................................................................................... 8

4.2 High level concepts of NASS ............................................................................................................................. 9

4.3 Mobility, Nomadism .......................................................................................................................................... 9

4.4 Access network level registration ....................................................................................................................... 9

4.4.1 Implicit authentication ................................................................................................................................ 10

4.4.1.1 Line authentication ................................................................................................................................ 10

4.4.2 Explicit authentication ................................................................................................................................ 10

4.4.3 CNG remote network configuration ........................................................................................................... 10

4.4.4 TISPAN NGN Service/Applications Subsystems discovery ...................................................................... 10

5 Functional Architecture .......................................................................................................................... 11

5.1 Overview .......................................................................................................................................................... 11

5.2 Functional Entities ............................................................................................................................................ 12

5.2.1 Network Access Configuration Function (NACF) ..................................................................................... 12

5.2.2 Void ............................................................................................................................................................ 12

5.2.3 Connectivity session Location and repository Function (CLF) .................................................................. 12

5.2.3.1 Information Model ................................................................................................................................ 13

5.2.3.2 State Model ........................................................................................................................................... 14

5.2.4 User Authentication and Authorization Function (UAAF) ......................................................................... 16

5.2.5 Profile Data Base Function (PDBF) ........................................................................................................... 16

5.2.6 CNG Configuration Function (CNGCF) ..................................................................................................... 17

5.2.7 Void ............................................................................................................................................................ 17

5.3 Internal Reference points .................................................................................................................................. 17

5.3.1 Void ............................................................................................................................................................ 17

5.3.2 Reference Point NACF - CLF (a2) ............................................................................................................. 17

5.3.2.1 Bind Indication ...................................................................................................................................... 17

5.3.2.2 Bind Acknowledgement ........................................................................................................................ 18

5.3.2.3 Unbind Indication ................................................................................................................................. 18

5.3.2.4 Bind Information Query ........................................................................................................................ 18

5.3.2.5 Bind Information Query Acknowledgement ......................................................................................... 18

5.3.3 Void ............................................................................................................................................................ 19

5.3.4 Reference Point UAAF - CLF (a4) ............................................................................................................. 19

5.3.4.1 Access Profile Push ............................................................................................................................... 19

5.3.4.2 Access Profile Pull ................................................................................................................................ 21

5.3.4.3 Remove Access Profile ......................................................................................................................... 21

5.3.5 Reference Point NACF - UAAF ................................................................................................................. 21

5.3.6 Reference Point UAAF - UAAF (e5) ......................................................................................................... 21

5.3.6.1 Information exchanged on e5 ................................................................................................................ 22

5.4 Interface with the Resource and Admission Control Subsystem (RACS) ........................................................ 23

5.4.1 Interface between CLF and RACF (e4) ...................................................................................................... 23

5.4.1.1 Access Profile Push ............................................................................................................................... 23

5.4.1.2 Access Profile Pull ................................................................................................................................ 25

5.4.1.3 IP Connectivity Release Indication ....................................................................................................... 25

5.5 Interfaces between NASS and the application plane and service control subsystems ...................................... 25

ETSI
---------------------- Page: 5 ----------------------
SIST ES 282 004 V3.4.1:2014
4 ETSI ES 282 004 V3.4.1 (2010-03)

5.5.1 Interface between CLF and Application Functions (e2) ............................................................................. 25

5.5.1.1 Information Query Request ................................................................................................................... 26

5.5.1.2 Information Query Response ................................................................................................................ 26

5.5.1.3 Event Registration Request ................................................................................................................... 27

5.5.1.4 Event Registration Response ................................................................................................................. 27

5.5.1.5 Notification Event Request ................................................................................................................... 27

5.5.1.6 Notification Event Response ................................................................................................................. 28

5.6 Reference points between NASS and User Equipment .................................................................................... 28

5.6.1 Authentication and IP address allocation (e1) ............................................................................................ 28

5.6.2 Interface between CNGCF and CNG (e3) .................................................................................................. 28

5.6.3 Reference points with the AMF .................................................................................................................. 29

6 Mapping onto network roles................................................................................................................... 29

7 Information flows ................................................................................................................................... 32

7.1 High level information flows............................................................................................................................ 32

7.2 PPP related procedures ..................................................................................................................................... 33

7.4 IEEE 802 Ethernet access ................................................................................................................................. 39

7.5 PANA-based related ......................................................................................................................................... 40

Annex A (informative): Physical Configurations ................................................................................ 43

A.1 PPP case ................................................................................................................................................. 43

A.2 PPP with DHCP configuration ............................................................................................................... 44

A.3 DHCP (option 1) .................................................................................................................................... 45

A.4 DHCP (option 2) .................................................................................................................................... 46

A.5 PANA-based configuration .................................................................................................................... 46

Annex B (informative): Recovery procedures for functional elements within NASS ...................... 48

B.1 Conceptual information exchange flow for CLF state recovery ............................................................ 48

Annex C (informative): Bibliography ................................................................................................... 49

Annex D (informative): Change history ............................................................................................... 50

History .............................................................................................................................................................. 51

ETSI
---------------------- Page: 6 ----------------------
SIST ES 282 004 V3.4.1:2014
5 ETSI ES 282 004 V3.4.1 (2010-03)
Intellectual Property Rights

IPRs essential or potentially essential to the present document may have been declared to ETSI. The information

pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found

in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in

respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web

server (http://webapp.etsi.org/IPR/home.asp).

Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee

can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web

server) which are, or may be, or may become, essential to the present document.
Foreword

This ETSI Standard (ES) has been produced by ETSI Technical Committee Telecommunications and Internet

converged Services and Protocols for Advanced Networking (TISPAN).

The present document describes the architecture of the Network Attachment Subsystem (NASS) identified in the overall

TISPAN NGN architecture.
ETSI
---------------------- Page: 7 ----------------------
SIST ES 282 004 V3.4.1:2014
6 ETSI ES 282 004 V3.4.1 (2010-03)
1 Scope

The present document describes the architecture of the Network Attachment Subsystem (NASS) and its role in the

TISPAN NGN architecture as defined in ES 282 001 [2].
2 References

References are either specific (identified by date of publication and/or edition number or version number) or

non-specific.
• For a specific reference, subsequent revisions do not apply.

• Non-specific reference may be made only to a complete document or a part thereof and only in the following

cases:

- if it is accepted that it will be possible to use all future changes of the referenced document for the

purposes of the referring document;
- for informative references.

Referenced documents which are not found to be publicly available in the expected location might be found at

http://docbox.etsi.org/Reference.

NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee

their long term validity.
2.1 Normative references

The following referenced documents are indispensable for the application of the present document. For dated

references, only the edition cited applies. For non-specific references, the latest edition of the referenced document

(including any amendments) applies.

[1] ETSI TS 133 203: "Digital cellular telecommunications system (Phase 2+); Universal Mobile

Telecommunications System (UMTS); 3G security; Access security for IP-based services

(3GPP TS 33.203)".

[2] ETSI ES 282 001: "Telecommunications and Internet converged Services and Protocols for

Advanced Networking (TISPAN); NGN Functional Architecture".
[3] IETF RFC 1661: "The Point-to-Point Protocol (PPP)".

[4] ISO/IEC 7498-2: "Information Processing Systems - Open Systems Interconnection - Basic

Reference Model - Part 2: Security Architecture".

[5] IEEE 802.1X: "IEEE Standard for Local and metropolitan area networks - Port Based Network

Access Control".

[6] ETSI TS 182 008: "Telecommunications and Internet converged Services and Protocols for

Advanced Networking (TISPAN); Presence Service; Architecture and functional description

[Endorsement of 3GPP TS 23.141 and OMA-AD-Presence-SIMPLE-V1-0]".
ETSI
---------------------- Page: 8 ----------------------
SIST ES 282 004 V3.4.1:2014
7 ETSI ES 282 004 V3.4.1 (2010-03)
2.2 Informative references

The following referenced documents are not essential to the use of the present document but they assist the user with

regard to a particular subject area. For non-specific references, the latest version of the referenced document (including

any amendments) applies.

[i.1] ETSI TR 121 905: "Digital cellular telecommunications system (Phase 2+); Universal Mobile

Telecommunications System (UMTS); Vocabulary for 3GPP Specifications (3GPP TR 21.905

Release 7)".

[i.2] ETSI ES 282 007: "Telecommunications and Internet converged Services and Protocols for

Advanced Networking (TISPAN); IP Multimedia Subsystem (IMS); Functional architecture".

3 Definitions and abbreviations
3.1 Definitions

For the purposes of the present document, the following terms and definitions apply:

authentication: property by which the correct identity of an entity or party is established with a required assurance

NOTE: The party being authenticated could be a user, subscriber, home environment or serving network

(see TR 121 905 [i.1]).

authorization: granting of permission based on authenticated identification (see ISO/IEC 7498-2 [4])

NOTE: In some contexts, authorization may be granted without requiring authentication or identification

e.g. emergency call services.

Customer Network Gateway (CNG): gateway between the Customer Premises Network (CPN) and the Access

Network

NOTE: A Customer Network Gateway may be in its simplest form a bridged or routed modem, and in a more

advanced form be an IAD.

explicit authentication: authentication that requires that the party to be authenticated performs an authentication

procedure (to verify the claimed identity of the party)

NOTE: For example, in IMS security (TS 133 203 [1]), explicit authentication is provided with full AKA directed

towards the IMS client entity (represented by IMPI/IMPU and USIM/ISIM) and also implicit

authentication is provided by means of the IPsec security associations.

implicit authentication: authentication based on a trusted relationship already established between two parties, or based

on one or more outputs of an authentication procedure already established between two parties

line identification: process that establishes the identity of the line based on the trusted configuration

NASS user: entity requesting authorization, authentication and allocation of the IP-Address from the NASS

User Equipment (UE): one or more devices allowing a user to access services delivered by TISPAN NGN networks

NOTE: This includes devices under user control commonly referred to as CPE, IAD, ATA, RGW, TE, etc., but

not network controlled entities such as access gateways.
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AAA Authentication Authorization and Accounting
AF Application Functions
AMF Access Management Function
ETSI
---------------------- Page: 9 ----------------------
SIST ES 282 004 V3.4.1:2014
8 ETSI ES 282 004 V3.4.1 (2010-03)
AN Access Network
API Application Programming Interface
A-RACF Access-Resource and Admission Control Function
ARF Access Relay Function
ASF Application Server Functions
ATM Asynchronous Transfer Mode
BGF Border Gateway Function
CLF Connectivity session Location and repository Function
CNG Customer Network Gateway
CNGCF CNG Configuration Function
CPE Customer Premises Equipment
CPN Customer Premises Network
DHCP Dynamic Host Configuration Protocol
DNS Domain Name Server
EAP Extensible Authentication Protocol
EP Enforcement Point
FQDN Fully Qualified Domain Name
IBCF Interconnection Border Control Function
IMS IP Multimedia SubSystem
IP Internet Protocol
LIF Location Information Forum
NACF Network Access Configuration Function
NASS Network Attachment SubSystem
PAA PANA Authentication Agent
PaC PANA Client
PANA Protocol for carrying Authentication for Network Access
P-CSCF Proxy-Call Session Control Function
PDBF Profile Data Base Function
PNA Presence Network Agent
PPP Point-to-Point Protocol
RACS Resource Admission Control Subsystem
RCEF Resource Control Emulation Function
TE Terminal Equipment
UAAF User Access Authorization Function
UE User Equipment
VC Virtual Circuit
VP Virtual Path
4 General Description of NASS
4.1 High level functional overview
The Network Attachment Subsystem provides the following functionalities:

• Dynamic provision of IP address and other user equipment configuration parameters (e.g. using DHCP).

• User authentication, prior or during the IP address allocation procedure.
• Authorization of network access, based on user profile.
• Access network configuration, based on user profile.
• Location management.
ETSI
---------------------- Page: 10 ----------------------
Other networks
User Equipment
SIST ES 282 004 V3.4.1:2014
9 ETSI ES 282 004 V3.4.1 (2010-03)

The location of this subsystem in the overall TISPAN architecture can be found in ES 282 001 [2] and is shown here for

information in figure 4.1.
Applications
Service Layer
Other
Subsyst ems
User
profiles
Core IMS
PSTN/ISDN
Emulat ion
Subsyst em
Transport Layer
Network
Attachment
Resource and
Subsyst em
Admission Control
Subsyst em
Transport processing functions
Figure 4.1: TISPAN NGN Architecture overview
4.2 High level concepts of NASS

The Network Attachment Subsystem (NASS) provides registration at access level and initialization of

User Equipment (UE) for accessing to the TISPAN NGN services. The NASS provides network level identification and

authentication, manages the IP address space of the Access Network and authenticates access sessions. The NASS also

announces the contact point of the TISPAN NGN Service/Applications Subsystems to the UE.

Network attachment through NASS is based on implicit or explicit user identity and authentication credentials stored in

the NASS.
4.3 Mobility, Nomadism

Mobility management functions provided by the NASS in the current TISPAN NGN release are limited to the ability of

a terminal to be moved to different access points and access networks (which may be owned by a different access

network provider) and a user to utilize different terminal, access points and access networks to retrieve their TISPAN

NGN services (even from another network operator). The current TISPAN NGN release does not require the support of

handover and session continuity between access networks without excluding autonomous mobility capabilities provided

within the access networks.
The impact of these nomadism requirements are defined in clause 6.
4.4 Access network level registration

NASS registration involves the identification, authentication, and authorization procedures between the UE and the

NASS to control the access to the NASS. Two authentication types are defined for NASS: Implicit authentication, for

example based on line identification, and explicit authentication, for example based on EAP. The relationship between

the identity and the credentials used for authentication must be known to the NASS for any authentication solution to be

possible.
ETSI
---------------------- Page: 11 ----------------------
SIST ES 282 004 V3.4.1:2014
10 ETSI ES 282 004 V3.4.1 (2010-03)

Explicit authentication is required between the UE and the NASS. It requires a signalling procedure to be performed

between the UE and the NASS. Implicit authentication may be performed by the NASS based on the line identification

of the connection to the UE. It is a matter of operator policy which form of authentication is applied.

Both implicit authentication and explicit authentication may be used independently as NASS authentication

mechanisms.
4.4.1 Implicit authentication

Depending on the access network configuration, especially for wired broadband access networks, the implicit access

authentication may rely only on an implicit authentication through physical or logic identity on the layer 2 (L2)

transport layer. A UE can directly gain access to access network without an explicit authentication procedure.

A CNG shall be able to directly access an access network without an explicit authentication procedure.

Which implicit authentication method applies depends on the operator policies.
4.4.1.1 Line authentication

Line authentication is a form of implicit authentication. Line authentication ensures that an access line is authenticated

and can be accessed from the CNG. Line authentication shall be based on the activation of the L2 connection between

the CNG and the access network.

Line authentication ensures that an access line is authenticated and can be accessed from the CNG. The line ID shall be

used for line authentication. The operator's policy shall decide whether line authentication applies.

4.4.2 Explicit authentication

In case the CNG is a routing modem and the Customer Premises Network (CPN) is a private IP realm, authentication

shall be initiated from the CNG. In case the CNG is a bridge, each UE shall authenticate with the NASS as the IP realm

in the CPN is known to the access network.

The relationship between the identity and the credentials used for authentication must be known to the NASS for any

explicit authentication solution to be possible. The identity used for explicit authentication may depend on the

authentication mechanism applied and on the access network which the UE is connected to. Two examples of these

identities are:
• User identity and credentials.
• UE identity.

The type of explicit authentication mechanisms used shall depend on the access network configuration and on the

operator policy.
4.4.3 CNG remote network configuration

This procedure is needed for the initialization of the CNGs accessing to the TISPAN NGN service subsystems.

4.4.4 TISPAN NGN Service/Applications Subsystems discovery

As part of the network registration process, the NASS shall have the possibility to announce the contact information of

the TISPAN NGN Service/Applications Subsystems to the UE. In case the TISPAN NGN Subsystem is the IMS, the

contact information provided by the NASS shall identify the P-CSCF.
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.