1、 ETSI ES 282 004 V3.4.1 (2010-03)ETSI Standard Telecommunications and Internet converged Services andProtocols for Advanced Networking (TISPAN);NGN Functional Architecture;Network Attachment Sub-System (NASS)ETSI ETSI ES 282 004 V3.4.1 (2010-03) 2Reference RES/TISPAN-02068-NGN-R3 Keywords access, sy
2、stem ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of the present document
3、can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, t
4、he reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI do
5、cuments is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written p
6、ermission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2010. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Me
7、mbers. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. LTE is a Trade Mark of ETSI currently being registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and
8、owned by the GSM Association. ETSI ETSI ES 282 004 V3.4.1 (2010-03) 3Contents Intellectual Property Rights 5g3Foreword . 5g31 Scope 6g32 References 6g32.1 Normative references . 6g32.2 Informative references 7g33 Definitions and abbreviations . 7g33.1 Definitions 7g33.2 Abbreviations . 7g34 General
9、Description of NASS 8g34.1 High level functional overview 8g34.2 High level concepts of NASS . 9g34.3 Mobility, Nomadism 9g34.4 Access network level registration . 9g34.4.1 Implicit authentication 10g34.4.1.1 Line authentication 10g34.4.2 Explicit authentication 10g34.4.3 CNG remote network configur
10、ation . 10g34.4.4 TISPAN NGN Service/Applications Subsystems discovery 10g35 Functional Architecture 11g35.1 Overview 11g35.2 Functional Entities 12g35.2.1 Network Access Configuration Function (NACF) . 12g35.2.2 Void 12g35.2.3 Connectivity session Location and repository Function (CLF) 12g35.2.3.1
11、Information Model 13g35.2.3.2 State Model . 14g35.2.4 User Authentication and Authorization Function (UAAF) . 16g35.2.5 Profile Data Base Function (PDBF) . 16g35.2.6 CNG Configuration Function (CNGCF) . 17g35.2.7 Void 17g35.3 Internal Reference points 17g35.3.1 Void 17g35.3.2 Reference Point NACF -
12、CLF (a2) . 17g35.3.2.1 Bind Indication 17g35.3.2.2 Bind Acknowledgement 18g35.3.2.3 Unbind Indication . 18g35.3.2.4 Bind Information Query 18g35.3.2.5 Bind Information Query Acknowledgement . 18g35.3.3 Void 19g35.3.4 Reference Point UAAF - CLF (a4) . 19g35.3.4.1 Access Profile Push . 19g35.3.4.2 Acc
13、ess Profile Pull 21g35.3.4.3 Remove Access Profile . 21g35.3.5 Reference Point NACF - UAAF . 21g35.3.6 Reference Point UAAF - UAAF (e5) . 21g35.3.6.1 Information exchanged on e5 22g35.4 Interface with the Resource and Admission Control Subsystem (RACS) 23g35.4.1 Interface between CLF and RACF (e4) 2
14、3g35.4.1.1 Access Profile Push . 23g35.4.1.2 Access Profile Pull 25g35.4.1.3 IP Connectivity Release Indication . 25g35.5 Interfaces between NASS and the application plane and service control subsystems 25g3ETSI ETSI ES 282 004 V3.4.1 (2010-03) 45.5.1 Interface between CLF and Application Functions
15、(e2) . 25g35.5.1.1 Information Query Request . 26g35.5.1.2 Information Query Response 26g35.5.1.3 Event Registration Request . 27g35.5.1.4 Event Registration Response . 27g35.5.1.5 Notification Event Request . 27g35.5.1.6 Notification Event Response . 28g35.6 Reference points between NASS and User E
16、quipment 28g35.6.1 Authentication and IP address allocation (e1) 28g35.6.2 Interface between CNGCF and CNG (e3) 28g35.6.3 Reference points with the AMF 29g36 Mapping onto network roles. 29g37 Information flows . 32g37.1 High level information flows 32g37.2 PPP related procedures . 33g37.4 IEEE 802 E
17、thernet access . 39g37.5 PANA-based related . 40g3Annex A (informative): Physical Configurations 43g3A.1 PPP case . 43g3A.2 PPP with DHCP configuration . 44g3A.3 DHCP (option 1) 45g3A.4 DHCP (option 2) 46g3A.5 PANA-based configuration 46g3Annex B (informative): Recovery procedures for functional ele
18、ments within NASS 48g3B.1 Conceptual information exchange flow for CLF state recovery 48g3Annex C (informative): Bibliography . 49g3Annex D (informative): Change history . 50g3History 51g3ETSI ETSI ES 282 004 V3.4.1 (2010-03) 5Intellectual Property Rights IPRs essential or potentially essential to t
19、he present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETS
20、I in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given
21、as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This ETSI Standard (ES) has been produced by ETSI Technical Committee Telecommunications and Internet converged
22、 Services and Protocols for Advanced Networking (TISPAN). The present document describes the architecture of the Network Attachment Subsystem (NASS) identified in the overall TISPAN NGN architecture. ETSI ETSI ES 282 004 V3.4.1 (2010-03) 61 Scope The present document describes the architecture of th
23、e Network Attachment Subsystem (NASS) and its role in the TISPAN NGN architecture as defined in ES 282 001 2. 2 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For a specific reference, subsequent revisions do not
24、 apply. Non-specific reference may be made only to a complete document or a part thereof and only in the following cases: - if it is accepted that it will be possible to use all future changes of the referenced document for the purposes of the referring document; - for informative references. Refere
25、nced documents which are not found to be publicly available in the expected location might be found at http:/docbox.etsi.org/Reference. NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. 2.1 Normative references Th
26、e following referenced documents are indispensable for the application of the present document. For dated references, only the edition cited applies. For non-specific references, the latest edition of the referenced document (including any amendments) applies. 1 ETSI TS 133 203: “Digital cellular te
27、lecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); 3G security; Access security for IP-based services (3GPP TS 33.203)“. 2 ETSI ES 282 001: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); NGN Functional Architect
28、ure“. 3 IETF RFC 1661: “The Point-to-Point Protocol (PPP)“. 4 ISO/IEC 7498-2: “Information Processing Systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture“. 5 IEEE 802.1X: “IEEE Standard for Local and metropolitan area networks - Port Based Network Access Co
29、ntrol“. 6 ETSI TS 182 008: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); Presence Service; Architecture and functional description Endorsement of 3GPP TS 23.141 and OMA-AD-Presence-SIMPLE-V1-0“. ETSI ETSI ES 282 004 V3.4.1 (2010-03) 72.2 Informat
30、ive references The following referenced documents are not essential to the use of the present document but they assist the user with regard to a particular subject area. For non-specific references, the latest version of the referenced document (including any amendments) applies. i.1 ETSI TR 121 905
31、: “Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Vocabulary for 3GPP Specifications (3GPP TR 21.905 Release 7)“. i.2 ETSI ES 282 007: “Telecommunications and Internet converged Services and Protocols for Advanced Networking (TISPAN); IP Mul
32、timedia Subsystem (IMS); Functional architecture“. 3 Definitions and abbreviations 3.1 Definitions For the purposes of the present document, the following terms and definitions apply: authentication: property by which the correct identity of an entity or party is established with a required assuranc
33、e NOTE: The party being authenticated could be a user, subscriber, home environment or serving network (see TR 121 905 i.1). authorization: granting of permission based on authenticated identification (see ISO/IEC 7498-2 4) NOTE: In some contexts, authorization may be granted without requiring authe
34、ntication or identification e.g. emergency call services. Customer Network Gateway (CNG): gateway between the Customer Premises Network (CPN) and the Access Network NOTE: A Customer Network Gateway may be in its simplest form a bridged or routed modem, and in a more advanced form be an IAD. explicit
35、 authentication: authentication that requires that the party to be authenticated performs an authentication procedure (to verify the claimed identity of the party) NOTE: For example, in IMS security (TS 133 203 1), explicit authentication is provided with full AKA directed towards the IMS client ent
36、ity (represented by IMPI/IMPU and USIM/ISIM) and also implicit authentication is provided by means of the IPsec security associations. implicit authentication: authentication based on a trusted relationship already established between two parties, or based on one or more outputs of an authentication
37、 procedure already established between two parties line identification: process that establishes the identity of the line based on the trusted configuration NASS user: entity requesting authorization, authentication and allocation of the IP-Address from the NASS User Equipment (UE): one or more devi
38、ces allowing a user to access services delivered by TISPAN NGN networks NOTE: This includes devices under user control commonly referred to as CPE, IAD, ATA, RGW, TE, etc., but not network controlled entities such as access gateways. 3.2 Abbreviations For the purposes of the present document, the fo
39、llowing abbreviations apply: AAA Authentication Authorization and Accounting AF Application Functions AMF Access Management Function ETSI ETSI ES 282 004 V3.4.1 (2010-03) 8AN Access Network API Application Programming Interface A-RACF Access-Resource and Admission Control Function ARF Access Relay F
40、unction ASF Application Server Functions ATM Asynchronous Transfer Mode BGF Border Gateway Function CLF Connectivity session Location and repository Function CNG Customer Network Gateway CNGCF CNG Configuration FunctionCPE Customer Premises Equipment CPN Customer Premises Network DHCP Dynamic Host C
41、onfiguration Protocol DNS Domain Name Server EAP Extensible Authentication Protocol EP Enforcement Point FQDN Fully Qualified Domain Name IBCF Interconnection Border Control Function IMS IP Multimedia SubSystem IP Internet Protocol LIF Location Information Forum NACF Network Access Configuration Fun
42、ction NASS Network Attachment SubSystem PAA PANA Authentication Agent PaC PANA Client PANA Protocol for carrying Authentication for Network Access P-CSCF Proxy-Call Session Control Function PDBF Profile Data Base Function PNA Presence Network AgentPPP Point-to-Point Protocol RACS Resource Admission
43、Control Subsystem RCEF Resource Control Emulation Function TE Terminal Equipment UAAF User Access Authorization Function UE User Equipment VC Virtual CircuitVP Virtual Path 4 General Description of NASS 4.1 High level functional overview The Network Attachment Subsystem provides the following functi
44、onalities: Dynamic provision of IP address and other user equipment configuration parameters (e.g. using DHCP). User authentication, prior or during the IP address allocation procedure. Authorization of network access, based on user profile. Access network configuration, based on user profile. Locat
45、ion management. ETSI ETSI ES 282 004 V3.4.1 (2010-03) 9The location of this subsystem in the overall TISPAN architecture can be found in ES 282 001 2 and is shown here for information in figure 4.1. Other Su b sy st em sCor e I MSPSTN/ISDNEm u l at i onSu b sy st emUserEquipmentSer v i ce Lay erTran
46、sport processing functionsResource and Admission Control Su b sy st emApplicationsUserprofilesTransport LayerNetwork Attachment Su b sy st emOthernetworksFigure 4.1: TISPAN NGN Architecture overview 4.2 High level concepts of NASS The Network Attachment Subsystem (NASS) provides registration at acce
47、ss level and initialization of User Equipment (UE) for accessing to the TISPAN NGN services. The NASS provides network level identification and authentication, manages the IP address space of the Access Network and authenticates access sessions. The NASS also announces the contact point of the TISPA
48、N NGN Service/Applications Subsystems to the UE. Network attachment through NASS is based on implicit or explicit user identity and authentication credentials stored in the NASS. 4.3 Mobility, Nomadism Mobility management functions provided by the NASS in the current TISPAN NGN release are limited t
49、o the ability of a terminal to be moved to different access points and access networks (which may be owned by a different access network provider) and a user to utilize different terminal, access points and access networks to retrieve their TISPAN NGN services (even from another network operator). The current TISPAN NGN release does not require the support of handover and session continuity between access networks without excluding autonomous mobility capabilities provided within the access networks. The impact of these nomadism requi