5G heterogeneous handover process

5GC architecture access method

In 5G, the network slice is defined as a logical network, which is composed of control plane and user plane network functions (NFs) with different functions.

The 5G network also needs to implement some basic functions, including communicating with the UE, storing its subscriptions and credentials, allowing access to external networks, managing network access, and mobile network access.

This structure includes:

EXECAs a producer, it provides UE authentication services for AMF. In order to provide this service, the following service operations are defined:
this service allows the UE to be authenticated and provides one or more master keys, which are used by the AMF for subsequent keys derived. .

UDM, Unified Data Management, unified data management function, Supports the following functions:

-  3GPP AKA身份验证凭证的生成 
-  用户标识处理（例如5G系统中每个用户的SUPI的存储和管理） 
-  支持取消隐藏受隐私保护的用户标识符（SUCI） 
-  基于签约数据的接入认证（例如漫游限制） 
-  UE 服务的 NF 注册管理（例如，为 UE 存储服务 AMF，为  UE PDU 会话存储服务 SMF） 
-  支持服务/会话连续性（通过保持 SMF / DNN 进行中的会话分配） 
-  MT-SMS 交付支持 
-  合法拦截功能（特别是在出站漫游情况下，其中UDM是LI的唯一联系点） 
-  签约管理 
-  SMS 管理

AMF carries the following main functions:
Access and mobility management function (AMF) includes the following functions.
A single instance of AMF can support some or all of the AMF functions:

1. Terminate the RAN CP interface (N2).
2. This interface protocol is for F1AP to terminate NAS (N1), providing NAS encryption and integrity protection.
3. Registration management.
4. Connection management.
5. Reachability management.
6. Liquidity management.
7. Lawful interception (applicable to the interface between AMF events and LI system).
8. Provide transmission for SM messages between UE and SMF.
9. Transparent proxy for routing SM messages. Access authentication.
10. Access authorization.
11. Provide SMS message transmission between UE and SMSF.
12. Safety anchor function (SEAF).
13. Positioning service management of supervisory services.
14. Provides transmission of location service messages between UE and LMF and between RAN and LMF.
15. EPS bearer ID allocation for interworking with EPS.
16. UE mobile event notification.

Regardless of the number of network functions, each access network between the UE and the CN has only one NAS interface instance, which ends in at least one of the network functions that implement NAS security and mobility management.

In addition to the above-mentioned AMF functions, AMF can also include the following functionsTo support non-3GPP access networks：

1. Support N2 interface and N3IWF. On this interface, some information (for example, 3GPP cell identity) and procedures (for example, related to handover) defined by 3GPP access may not be applied, and non-3GPP access specific information not applicable to 3GPP access may be applied.
2. Support NAS signaling through UE on N3IWF. Some procedures supported by NAS signaling on 3GPP access may not be suitable for untrusted non-3GPP (e.g., paging) access.
3. Supports authentication of UEs connected through N3IWF.
4. Manage the mobility, authentication and individual security context status of UEs connected via non-3GPP access or simultaneously connected via 3GPP and non-3GPP.
5. Supports a coordinated RM management context, which is valid for 3GPP and non-3GPP access.
6. Supports dedicated CM management context for the UE for connection through non-3GPP access.
   note: Not all functions need to be supported in the instance of the web slice.

The session management function (SMF) includes the following functions：

7. Session management, such as session establishment, modification and release, including tunnel maintenance between UPF and AN nodes.
8. UE IP address allocation and management (including optional authorization).
9. DHCPv4 (server and client) and DHCPv6 (server and client) functions.
10. ARP proxy and/or IPv6 Neighbor Solicitation Proxying of Ethernet PDU. SMF responds to ARP and/or IPv6 neighbor solicitation agents by providing the MAC address corresponding to the IP address sent in the request.
11. Select and control UP functions, including controlling UPF proxy ARP or IPv6 neighbor discovery, or forwarding all ARP/IPv6 neighbor solicitation traffic to SMF for Ethernet PDU sessions.
12. Configure UPF flow control to route traffic to the correct destination.
13. Terminate the interface to the policy control function.
14. Lawful interception (used for the interface of SM events and LI system). Charging data collection and supporting charging interface.
15. Control and coordinate UPF's collection of charging data.
16. Terminate NAS-SM message.
17. Downlink data notification.
18. The initiator of AN-specific SM information is sent to AN through N2 through AMF.
19. Determine the SSC mode of the session.

Roaming function:

Process local implementation to apply QoS SLA (VPLMN).

Charging data collection and charging interface (VPLMN).

Lawful interception (interface between VPLMN and LI systems in SM events).

Support interaction with external DN to transmit PDU session authorization/authentication signaling through external DN.

PCF: Strategy control function

AF: Application Function, application function, Refers to various services at the application layer, which can be internal applications of the operator such as Volte AF (similar to 4G Volte As), or third-party AF (such as video server, game server), if it is the internal AF of the operator , In a trusted domain with other NFs, it can directly interact with other NFs such as PCF, while the third-party AF is not in the trusted domain and must access other NFs through NEF.

NEF: Network Exposure Function, Network Exposure Function, Located between the 5G core network and external third-party application functions (may also have some internal AF), responsible for managing open network data, all external applications, who want to access the internal data of the 5G core network, must pass NEF. NEF provides corresponding security guarantees to ensure the security of external applications to the 3gpp network, and provides external application Qos customization capabilities opening, mobility status event subscription, AF request distribution and other functions.

NRF: NF Repository Function, network storage functionIt is used to perform NF registration, management, and status detection, and realize the automatic management of all NFs. When each NF is started, it must be registered with the NRF to provide services. The registration information includes NF type, address, service list, etc.

NSSF，The Network Slice Selection Function, The network slice selection function supports the following functions:

 -  选择为UE服务的网络切片实例集 
 -  确定允许的 NSSAI，以及在需要时确定到签约阅的 S-NSSAI 的映射 
 -  确定已配置的 NSSAI，以及在需要时确定到签约的 S-NSSAI 的映射 
 -  确定可能用于查询 UE 的 AMF 集，或基于配置确定候选 AMF 的列表（可能通过查询NRF）
 - 

UPF: User plane Function, user plane function, Including routing and forwarding of user data packets, data interaction with external data network DN, user plane QoS processing, flow control rule implementation (such as gating, redirection, traffic diversion), etc.
Similar to the situation in EPC, in 5G The application function (AF) uses the services and information provided by other 3GPP network functions according to the configured strategy.

DN: Data Network (DN), Such as carrier business, Internet or third-party business, etc.

The Secure Edge Protection Agent (SEPP) is used for secure connections with other operators。
Please note that NEF, NRF, NSSF and SEEP do not exist in EPC.
In addition, the non-3gpp access network is connected to the 5GC through the non-3gpp interconnection function (N3IWF), and the non-3gpp interconnection function (N3IWF) is connected to the control plane function AMF and the user plane function UPF through the N2 interface and the N3 interface, respectively.

Using data flowing from the UE to the data plane of the 5G core (User Plane Function/UPF) via the source gNB, Radio Resource Control (RRC) signaling is used to continuously measure and report signal quality. When the source node detects that handover is needed, it connects with the target gNB to start the handover process. Once the tunnel has moved to the target gNB, the UE performs handover and connects to the same target node. A path switch request is made from the target gNB to the AMF, and once confirmed, data can flow from the UE through the target node and to the prescribed UPF.

EPC architecture access method

This access method is divided into: UE, 3GPP access network/non-3GPP access network, EPC; namely terminal, access network and core network.

The UE is our mobile phone or CPE, the access network is the base stations all over the city (it can be a large tower base station, or a small base station the size of a router suspended indoors), and the EPC is the operator (China Mobile/China Unicom/ China Telecom's core network server, the core network includes many servers, processing signaling, data, billing policies, etc.

The section from the UE to the access network is wireless. We call this section of the network called the air access network; the access network and the EPC are all internal networks, which are connected by optical fibers.

NAS, non-access stratum signaling, is the signaling used between the UE and the core network EPC. Although the access network eUTRAN is used, the base station does not analyze it;
AS, the access stratum signaling is used by the UE and the access network eUTRAN The signaling is processed by the base station and cannot be seen by the core network

Mobility Management Entity (MME), core network control plane network element, responsible for user and session management. The main functions of MME are:
access control; mobility management; session management; S-GW selection; security authentication.

Home Subscriber Server (HSS), home subscriber server, it is a database server in the core network, which stores the data information of all users belonging to the core network (that is, the card information for opening an account here). When the user connects to the MME, the information submitted by the user will be compared with the information in the HSS data server for authentication.
Functions: user registration; terminal location update; mobility management;

Generally, our sim card has an account opening location, and the registration authentication information of your sim card is stored in the HSS server of the account opening location. The difference between registering and doing business during roaming is mainly in accessing HSS。

Serving Gateway (S-GW), user plane access service gateway, equivalent to traditional SGSN user plane functions:
session management; routing and data forwarding; Qos control; billing;

So you can see whether the service can be done or not, and what the priority is, SGW has the final say

PDN Gateway (P-GW), packet data gateway. It is the gateway between the operator's network and the Internet, and its function is similar to the traditional GGSN.
The main functions include packet deep inspection, IP address allocation; session management; routing and data forwarding; PCRF selection; Qos control; non-3GPP access; service-based charging

The design of PGW has two main purposes: non-3GPP network (such as 1X, GSM, CDMA, VoWIFI) access to LTE core network; LTE core network data and Internet gateway.

Policy and Charging Rules Function (PCRF), policy and charging rules server, Provide data service resource management and control according to user packages and business needs.
Configure PCC charging rules; perform priority queuing conflict resolution processing for service data streams; support IP sec security protection for control signaling; provide initial default charging methods to PCEF; activate, deactivate, and modify PCC rules; policy control functions;

ePDG: The gateway that connects the non-3GPP untrusted network to the core network, supports seamless connection of LTE and Wifi services, and generally runs in the SSR hardware architecture that supports EPG or EWG.

Reference:
LTE network architecture

Robust and Universal Seamless Handover
Authentication in 5G HetNets