1、 International Telecommunication Union ITU-T Y.2014TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (05/2008) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS Next Generation Networks Frameworks and functional architecture models Network attachment c
2、ontrol functions in next generation networks Recommendation ITU-T Y.2014 ITU-T Y-SERIES RECOMMENDATIONS GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS GLOBAL INFORMATION INFRASTRUCTURE General Y.100Y.199 Services, applications and middleware Y.200Y.299 Netw
3、ork aspects Y.300Y.399 Interfaces and protocols Y.400Y.499 Numbering, addressing and naming Y.500Y.599 Operation, administration and maintenance Y.600Y.699 Security Y.700Y.799 Performances Y.800Y.899 INTERNET PROTOCOL ASPECTS General Y.1000Y.1099 Services and applications Y.1100Y.1199 Architecture,
4、access, network capabilities and resource management Y.1200Y.1299 Transport Y.1300Y.1399 Interworking Y.1400Y.1499 Quality of service and network performance Y.1500Y.1599 Signalling Y.1600Y.1699 Operation, administration and maintenance Y.1700Y.1799 Charging Y.1800Y.1899 NEXT GENERATION NETWORKS Fra
5、meworks and functional architecture models Y.2000Y.2099 Quality of Service and performance Y.2100Y.2199 Service aspects: Service capabilities and service architecture Y.2200Y.2249 Service aspects: Interoperability of services and networks in NGN Y.2250Y.2299 Numbering, naming and addressing Y.2300Y.
6、2399 Network management Y.2400Y.2499 Network control architectures and protocols Y.2500Y.2599 Security Y.2700Y.2799 Generalized mobility Y.2800Y.2899 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T Y.2014 (05/2008) i Recommendation ITU-T Y.2014 Network attachment c
7、ontrol functions in next generation networks Summary Recommendation ITU-T Y.2014 describes the network attachment control functions (NACF) component of the NGN functional architecture. This Recommendation also identifies relevant access scenarios related to the NACF. Source Recommendation ITU-T Y.20
8、14 was approved on 7 May 2008 by ITU-T Study Group 13 (2005-2008) under Recommendation ITU-T A.8 procedure. Keywords Functional architecture, NGN, network attachment. ii Rec. ITU-T Y.2014 (05/2008) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in t
9、he field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to stan
10、dardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is c
11、overed by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to in
12、dicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g., interoperability or applicability) and compliance with the Recommendation is achie
13、ved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL
14、PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether as
15、serted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautione
16、d that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2009 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU.
17、 Rec. ITU-T Y.2014 (05/2008) iii CONTENTS Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation. 2 4 Abbreviations and acronyms 2 5 Conventions 3 6 General description. 4 6.1 High level functional overview 4 6.2 High level concepts of N
18、ACF 5 6.3 Mobility, nomadism . 5 6.4 Access network level registration. 5 7 Functional architecture . 6 7.1 Overview 6 7.2 Functional entities 8 8 Reference points . 16 8.1 Internal NACF reference points . 16 8.2 Reference point between NACF and the resource and admission control functions (RACF) .
19、27 8.3 Reference points between NACF and the service control functions 28 8.4 Reference points between NACF and CPE 31 9 Security considerations. 32 Appendix I Mapping to network roles 33 Appendix II Information flows . 36 II.1 High-level information flows . 36 II.2 PPP-based authentication . 37 II.
20、3 DHCP mode 38 Appendix III Physical configurations . 40 III.1 PPP case 40 III.2 PPP with DHCP configuration . 41 III.3 DHCP (option 1). 41 III.4 DHCP (option 2). 42 III.5 PANA-based configuration 42 Appendix IV Overall mapping between Recommendation ITU-T Y.2014 and ETSI ES 282 004 v2.0.0 44 Biblio
21、graphy. 45 Rec. ITU-T Y.2014 (05/2008) 1 Recommendation ITU-T Y.2014 Network attachment control functions in next generation networks 1 Scope This Recommendation describes the network attachment control functions (NACF) component of the NGN functional architecture as defined in ITU-T Y.2012. This Re
22、commendation also identifies relevant access scenarios related to the NACF. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated
23、 were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recomm
24、endations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T Y.2012 Recommendation ITU-T Y.2012 (2006), Functional requirements and architecture of the NGN release 1. ITU-T Y.2021 Recommend
25、ation ITU-T Y.2021 (2006), IMS for Next Generation Networks. ITU-T Y.2111 Recommendation ITU-T Y.2111 (2006), Resource and admission control functions in Next generation Networks. ITU-T Y.2701 Recommendation ITU-T Y.2701 (2007), Security requirements for NGN release 1. ITU-T Y.2702 Recommendation IT
26、U-T Y.2702 (2008), Authentication and authorization requirements for NGN release 1. ISO 7498-2 ISO 7498-2:1989, Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture. 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the foll
27、owing terms defined elsewhere: 3.1.1 authorization ISO 7498-2: The granting of permission based on authenticated identification. NOTE In some contexts, authorization may be granted without requiring authentication or identification, e.g., emergency call services. 3.1.2 nomadism b-ITU-T Q.1761: Abili
28、ty of the user to change his network access point on moving; when changing the network access point, the users service session is completely stopped and then started again, i.e., there is no session continuity or handover possible. It is assumed that normal usage pattern is that users shut down thei
29、r service session before moving to another access point. 2 Rec. ITU-T Y.2014 (05/2008) 3.2 Terms defined in this Recommendation This Recommendation defines the following terms: 3.2.1 authentication: A property by which the correct identifier of an entity or party is established with a required assur
30、ance. The party being authenticated could be a user, subscriber, home environment or serving network. 3.2.2 customer premises equipment (CPE): One or more devices allowing a user to access services delivered by NGN. NOTE This includes devices under user control commonly referred to as home gateway (
31、HGW) or terminals (TE), etc., but not network-controlled entities, such as access gateways. 3.2.3 explicit authentication: Authentication that requires that the party to be authenticated performs an authentication procedure (to verify the claimed identification of the party). 3.2.4 home gateway (HGW
32、): Gateway between the customer premises network (CPN) and the access network. NOTE A home gateway may be in its simplest form a bridged or routed modem, and in a more advanced form be an integrated access device. 3.2.5 implicit authentication: Authentication based on a trusted relationship already
33、established between two parties, or based on one or more outputs of an authentication procedure already established between two parties. 3.2.6 line identification: A process that establishes the identifier of the line based on the trusted configuration. 4 Abbreviations and acronyms This Recommendati
34、on uses the following abbreviations and acronyms: AAA Authentication, Authorization and Accounting AM-FE Access Management Functional Entity AN Access Network API Application Programming Interface AR-FE Access Relay Functional Entity ATM Asynchronous Transfer Mode CoS Class of Service CPE Customer P
35、remises Equipment CPN Customer Premises Network DHCP Dynamic Host Configuration Protocol DNS Domain Name System EAP Extensible Authentication Protocol FQDN Fully Qualified Domain Name FTP File Transfer Protocol GTP GPRS Tunnelling Protocol HGW Home Gateway HGWC-FE Home Gateway Configuration Function
36、al Entity Rec. ITU-T Y.2014 (05/2008) 3 HTTP HyperText Transfer Protocol ID Identifier IMS IP Multimedia Subsystem IP Internet Protocol MAC Media Access Control MPLS MultiProtocol Label Switching NACF Network Attachment Control Functions NAC-FE Network Access Configuration Functional Entity NGN Next
37、 Generation Network PAA PANA Authentication Agent PaC PANA Client PANA Protocol for Carrying Authentication for Network Access P-CSCF Proxy-Call Session Control Function PD-FE Policy Decision Functional Entity PE-FE Policy Enforcement Functional Entity PPP Point-to-Point Protocol QoS Quality of Serv
38、ice RACF Resource and Admission Control Functions SCF Service Control Functions SLA Service Level Agreement SUP-FE Service User Profile Functional Entity TAA-FE Transport Authentication and Authorization Functional Entity TE Terminal Equipment TFTP Trivial File Transfer Protocol TLM-FE Transport Loc
39、ation Management Functional Entity TUP-FE Transport User Profile Functional Entity VC Virtual Channel VCI Virtual Channel Identifier VPI Virtual Path Identifier VPN Virtual Private Network WLAN Wireless Local Area Network 5 Conventions This Recommendation does not make use of specific conventions. 4
40、 Rec. ITU-T Y.2014 (05/2008) 6 General description 6.1 High level functional overview The NACF provides the following functionalities: Dynamic provisioning of IP addresses and other CPE configuration parameters. By endorsement of user, auto-discovery of CPE capabilities and other parameters. Authent
41、ication of end user and network at the IP layer (and possibly other layers). Regarding the authentication, mutual authentication between end user and the network attachment is performed. Authorization of network access, based on user profiles. Access network configuration, based on user profiles. Lo
42、cation management at the IP layer. The user profiles mentioned above are related to the access transport network subscription only and are referred as “Transport subscription profiles“ in the remaining part of this Recommendation. The location of the NACF component in the overall NGN architecture ca
43、n be found in ITU-T Y.2012 and is placed here for information in Figure 1. Figure 1 NGN components including NACF Rec. ITU-T Y.2014 (05/2008) 5 6.2 High level concepts of NACF The NACF provides registration at access level and initialization of CPE for accessing to the NGN services. The NACF provide
44、s network level identification and authentication, manages the IP address space of the access network and authenticates access sessions. The NACF also announces the contact point(s) of the NGN Service stratum components to the CPE. Network attachment through NACF is based on implicit or explicit use
45、r identification and authentication credentials stored in the NACF. 6.3 Mobility, nomadism Mobility management functions provided by the NACF in this Recommendation are limited to the ability of a terminal to be moved to different access points and access networks (which may be owned by a different
46、access network provider) and a user to utilize different terminal equipments, access points and access networks to retrieve their NGN services (even from another network operator). This Recommendation does not require the support of handover and session continuity between access networks and does no
47、t preclude the use of mobility capabilities provided within the access networks. The NACF architecture does not assume any business roles. However, to cope with the requirements for nomadism and roaming, the NACF architecture can be mapped onto various functional network roles present in the fixed b
48、roadband access environment. The impact of nomadism and roaming requirements are described in Appendix I. 6.4 Access network level registration NACF registration involves the identification, authentication, and authorization procedures between the CPE and the NACF to control the access to the NACF.
49、Two authentication types are defined for NACF: implicit authentication, for example based on line identification, and explicit authentication, for example based on EAP b-IETF RFC 3748. The relationship between the identifiers and the credentials used for authentication must be known to the NACF for any authentication solution to be possible. Explicit authentication is operating between the CPE and the NACF. It requires a signalling procedure to be performed betwee
