Domain Specific Access Restriction

Description

Domain Specific Access Restriction (DSAC) is a core network functionality defined within the 3GPP architecture, primarily operating within the Mobility Management Entity (MME) in the Evolved Packet Core (EPC) and the Access and Mobility Management Function (AMF) in the 5G Core (5GC). Its fundamental role is to apply granular, domain-based access control policies to UEs. The network evaluates a UE's registration or service request against a set of operator-defined restrictions. These restrictions are not blanket denials of network access but are targeted at specific service domains, most notably the IP Multimedia Subsystem (IMS) for voice and multimedia services. When a restriction is active for a UE, the core network node (MME/AMF) will reject requests for establishment of bearers or Protocol Data Unit (PDU) sessions associated with the barred domain, often with a specific cause code informing the UE of the domain-specific restriction.

The mechanism works in conjunction with subscriber data and network policies. Restrictions can be dynamically applied based on factors like network load, subscriber tier, or regulatory requirements. For instance, during periods of extreme congestion, an operator might use DSAC to temporarily restrict access to IMS-based voice services for lower-priority subscribers to preserve resources for emergency services or higher-tier customers. The UE, upon receiving a rejection with a DSAC cause, is expected to implement a back-off timer, preventing it from immediately re-attempting access to the barred domain, thereby reducing signaling load.

A critical architectural aspect of DSAC is its domain-specific nature. It does not affect access to other domains, such as general internet access via a default bearer. This allows a UE to potentially retain data connectivity for essential applications while being barred from initiating a Voice over LTE (VoLTE) call. The policy enforcement is centralized in the core network, ensuring consistent application regardless of the radio access technology (E-UTRAN, NG-RAN). DSAC represents a more sophisticated tool than earlier, broader access class barring mechanisms, allowing for intelligent traffic management and service prioritization within modern packet-switched networks.

Purpose & Motivation

DSAC was introduced to address the need for fine-grained, service-aware traffic and congestion management in all-IP networks like LTE and 5G. Traditional circuit-switched networks had inherent isolation between voice and data, but in packet-switched architectures, all services compete for the same packet resources. Without mechanisms like DSAC, network congestion could degrade all services equally, including mission-critical ones like emergency voice calls (eVoLTE).

Its creation was motivated by the migration to IMS-based telephony (VoLTE). Operators required a tool to manage IMS signaling and media load independently from best-effort data traffic. Prior approaches, like Access Class Barring (ACB), were cell-based and applied broadly to all access attempts, lacking the specificity to protect a particular service domain. DSAC solves this by allowing the core network to instruct the UE to avoid a specific service domain (e.g., IMS) while potentially permitting other data sessions, enabling smarter resource utilization and enhanced service reliability for prioritized users and services.

Key Features

• Domain-specific restriction (e.g., IMS, emergency services)
• Core network (MME/AMF) based policy enforcement
• Dynamic application based on network conditions or subscriber profile
• Causes UE to implement a back-off timer for the barred domain
• Allows non-restricted domain access to continue (e.g., internet data)
• Provides specific cause codes for UE interpretation

Evolution Across Releases

Defining Specifications