N3AN

Non-3GPP Access Network

Interface
Introduced in Rel-15
A standardized reference point connecting a 5G Core Network to a non-3GPP access network, such as Wi-Fi or fixed broadband. It enables secure, seamless integration of alternative access technologies into the 5G system, supporting unified authentication, policy, and mobility.

Description

The N3AN is a critical reference point defined in the 5G System (5GS) architecture, specifically between the Non-3GPP Interworking Function (N3IWF) in the core network and the user plane function of a trusted non-3GPP access network. It is not a physical interface but a logical point that standardizes how external, non-cellular networks interconnect with the 5G Core (5GC). The primary protocol stack for N3AN involves IPsec tunnels established over the underlying IP transport. These tunnels carry both control plane signaling (e.g., for NAS messages between the UE and the AMF) and user plane data packets between the UE and the UPF. The N3IWF acts as the termination point in the core, de-encapsulating traffic from the IPsec tunnel and forwarding it to the appropriate 5GC network functions. This architecture allows the 5GC to treat a UE connected via a trusted non-3GPP access (like a carrier-managed Wi-Fi network) similarly to a UE connected via 3GPP Radio Access Network (RAN), enabling key 5GS features like network slicing and consistent QoS to be extended over these alternative accesses.

From a security perspective, the N3AN interface is protected by established IPsec Security Associations (SAs), which provide confidentiality, integrity, and replay protection for all traffic traversing the untrusted IP network between the UE/N3AN access point and the N3IWF. The establishment of these IPsec tunnels is tightly integrated with the 5G authentication and key agreement (5G-AKA or EAP-AKA') procedures. The N3AN's definition ensures that the core network does not need to be aware of the specific link-layer technologies used in the non-3GPP access, as the N3IWF provides a uniform, IP-based interface. This abstraction is key to the 5GS's access-agnostic design principle.

In terms of mobility, the N3AN supports handovers between 3GPP and non-3GPP accesses. When a UE moves, for instance, from a 5G NR cell to a trusted Wi-Fi network, the N3AN provides the continued connectivity path, and the core network can manage the session continuity (e.g., using ATSSS) without the application layer being aware of the underlying access change. The specifications governing N3AN, such as TS 24.502 and TS 29.525, detail the precise message flows, tunnel management procedures, and QoS mapping rules required for this interworking, making it a cornerstone for converged network offerings.

Purpose & Motivation

The N3AN was created to address the fundamental 5G requirement of converged access. Prior to 5G, non-3GPP access (primarily Wi-Fi) was often treated as a separate, second-class network with limited integration, using solutions like S2a-based Trusted WLAN Access to the EPC. This resulted in disjointed user experiences, separate authentication, and an inability to apply consistent cellular-grade policies and charging. The 5G System was designed from the ground up to be access-agnostic, and the N3AN is the realization of that principle for trusted non-3GPP accesses.

Its purpose is to solve the problem of seamless service continuity and unified policy enforcement across heterogeneous networks. By providing a standardized, secure interface, it allows mobile network operators to integrate their Wi-Fi, fixed wireless, or even satellite networks deeply into their 5G service fabric. This enables operators to leverage these alternative networks for traffic offload, coverage extension, and creating multi-access bundled services, all managed from a single 5G core with a unified subscriber identity and policy profile. The N3AN, therefore, is a key enabler for the vision of a truly converged 'one network' experience, breaking down the traditional silos between cellular and other access technologies.

Key Features

  • Standardized reference point for trusted non-3GPP access interconnection
  • Uses IPsec tunnels for secure transport over untrusted IP networks
  • Supports both control plane (NAS) and user plane traffic forwarding
  • Enables seamless mobility and handover between 3GPP and non-3GPP accesses
  • Allows extension of 5G Core features (QoS, network slicing) to non-3GPP accesses
  • Integrates with 5G authentication (5G-AKA/EAP-AKA') for secure access

Evolution Across Releases

Rel-15 Initial

Introduced as the foundational interface for connecting trusted non-3GPP access networks to the 5G Core via the Non-3GPP Interworking Function (N3IWF). Defined the basic architecture using IPsec tunnels for securing control and user plane traffic, enabling initial access and mobility between 3GPP and trusted non-3GPP systems.

TS 24.502TS 24.526TS 29.525

Defining Specifications

SpecificationTitle
TS 24.502 3GPP TS 24.502
TS 24.526 3GPP TS 24.526
TS 29.525 3GPP TS 29.525