Authentication and Registration
Authentication and registration of a subscriber's fixed-network residential gateway (FN-RG differs from authentication and registration of FN-RG on a wireline core network. The authentication and registration process comprises these steps:
-
The FN-RG uses a unique global line identifier (GLI) to connect to the 5GC network. The GLI contains a circuit line ID and a remote line ID.
-
The Access Gateway Function (AGF) uses the circuit line ID and the remote line ID in the GLI to construct a unique Subscription Permanent Identifier (SUPI) for each FN-RG.
-
To preserve privacy, the AGF converts the SUPI to a Subscription Concealed Identifier (SUCI). The AGF then uses the SUCI to authenticate and to register a subscriber with the Access and Mobility Management Function (AMF) on the 5GC.
Upon successful authentication, the AMF allocates a Global Unique Temporary Identifier (GUTI) for the subscriber. The subscriber uses the GUTI during its registered session with the AMF. The GUTI contains information that identifies the user without revealing the user's permanent identity in the 5GC.
AGF supports the use of both Dynamic Host Configuration Protocol (DHCP) and Point-to-Point Protocol over Ethernet (PPPoE) in authenticating users, registering users, and in allocating an IP address to the FN-RG.
Figure 1 shows a high-level view of the interaction between the FN-RG, AGF (in adaptive mode), and 5GC when you use PPPoE for authentication and registration. You can find detailed information on the registration process in 3GPP TS 23.316.
Authentication and registration of an FN-RG using PPPoE comprises the following steps;
-
Point-to-Point Protocol over Ethernet (PPPoE) begins when the FN-RG sends a PPPoE Active Discovery Initiation (PADI) message to the AGF.
The PADI message contains PPPoE tags that include the PPPoE Circuit line ID and Remote line ID tags. .
-
The AGF uses the circuit line and remote line IDs to generate the subscriber's identity. The AGF then uses the subscriber's ID and the corresponding PPPoE tag to initiate a Point-to-Point (PPP) connection.
Upon establishment of a PPPoE session, the FN-RG initiates the PPP authentication request. The AGF generates the SUPI and the SUCI from the Line ID. The AGF then completes the registration and protocol data unit (PDU) session setup with the 5GC over the N1 and N2 interfaces.
-
After a successful registration in the 5GC, the AGF responds with an authentication success message to the FN-RG.
-
The FN-RG initiates the Network Control Protocol (NCP) to establish different Network Layer protocols that are required to set up the PPP connections. The FN-RG uses Internet Protocol Control Protocol (IPCP) to send either for an IPv4 or IPv6CP request to the AGF.
-
After the PPP connection is established, the AGF sends the IPv4 address that was received in the IPCP response during the protocol data unit (PDU) session setup with the FN-RG.
On an IPv6CP request, AGF sends the Network ID that was part of the IPv6CP response. The AGF forwards the router advertisement containing the prefix that came from the 5GC.
Authentication and registration of an FN-RG using DHCP comprises the following steps;
-
DHCP begins when the FN-RG sends a DHCPv4 discover message to the AGF.
The DHCPv4 discover message contains the circuit line ID and remote line ID information in DHCP option 82.
-
Upon receiving the DHCP discover message from the FN-RG, the AGF generates the SUPI and SUCI from the Line ID. The AGF then initiates the deferred IP address allocation. It starts the registration and the PDU session setup on the 5GC over the N1 and N2 interfaces.
-
AGF operates as the DHCP relay and forwards all the DHCP messages between the FN-RG and the DHCP server on the 5GC.
IP Address Allocation
The current Broadband Edge architecture uses RADIUS servers to deploy IP addresses. In the 5G architecture, the session management function (SMF) is responsible for providing IP addresses. The Access Gateway Function (AGF) supports the following IP address allocation methods:
-
NAS signaling mode—For Point-to-Point Protocol over Ethernet (PPPoE) users, the AGF sends an IP address request to the Access and Mobility Management Function (AMF) on the 5GC. The AMF forwards the request to the SMF. The SMF allocates IP address and sends the IP address back as part of the N1 NAS signaling.
-
Deferred mode—For the Dynamic Host Configuration Protocol (DHCP) users, the AGF acts as a relay agent for the client (FN-RG). The AGF forwards the DHCP Discover, Offer, Request, Acknowledgment (DORA) messages to the SMF by way of the user plane function (UPF) on the N3 interface. The AGF forwards the DHCP messages by appending the GPRS tunneling protocol (GTP) headers provided by the AMF in the N1 message. The UPF forwards these DHCP messages to the SMF. The SMF acts as a DHCP relay agent and forwards the DHCP messages to the DHCP server. The DHCP server allocates the IP address and sends the IP address by way of the UPF to AGF. AGF then forwards the IP addresses to the DHCP client running the FN-RG.
Note:The AGF supports the deferred IP address allocation when using IPv6.