TDF-U

Traffic Detection Function User plane function

Core Network →
Introduced in Rel-14

TDF-U is a user plane function in the 5G core network that inspects application traffic flows to enable policy enforcement, charging, and traffic steering based on deep packet inspection.

Category
Core Network
Introduced
Rel-14
Where
Core Network › Evolved Packet Core
Specifications
3 specs
TDF-U Description Purpose Related Classification Detected Changes Specifications

Description

The Traffic Detection Function User plane function (TDF-U) is a specialized network function within the 5G Core (5GC) Service-Based Architecture (SBA) that operates in the user plane path. Its primary role is to perform application detection and reporting (ADR) by inspecting the data packets of user sessions. Unlike control plane functions, the TDF-U is deployed in the data forwarding path, typically between the UPF (User Plane Function) and the external data network (DN). It examines packet headers and payloads using deep packet inspection (DPI) techniques to identify specific applications, services, or traffic types based on pre-configured detection rules. These rules can be based on signatures, behavioral analysis, or machine learning models.

Architecturally, the TDF-U is controlled by the Session Management Function (SMF) via the N40 reference point, using the Packet Flow Description (PFD) management service. The SMF provisions the TDF-U with application detection rules and policies. When user traffic passes through the TDF-U, it matches the packets against these rules. Upon detecting a matching traffic flow, the TDF-U can take several actions. It reports the detection event to the SMF or a Policy Control Function (PCF) via the N7/N15 interfaces, which can then trigger policy decisions. Alternatively, it can apply local actions such as traffic marking, redirection, or blocking, as per its configured policies.

The TDF-U plays a critical role in enabling service-aware networks. By identifying application traffic, it allows operators to implement differentiated charging (e.g., zero-rating for specific apps), enforce quality of service (QoS) policies tailored to the application's needs (like prioritizing video streaming), and perform traffic optimization (such as video transcoding). It is a key enabler for network slicing, as it can identify and route traffic belonging to a specific slice to the appropriate resources. Its integration within the 5GC SBA ensures it is a scalable, software-defined component that can be deployed flexibly in central or edge cloud locations.

Purpose & Motivation

The TDF-U was introduced to address the growing need for granular, application-aware traffic management and policy enforcement in mobile networks. Traditional policy and charging control (PCC) architectures relied heavily on control plane signaling and static rules, which were inefficient for dynamically identifying the vast array of over-the-top (OTT) applications and services. Operators required a method to inspect user plane traffic in real-time to apply accurate charging, ensure fair usage, and offer service-specific quality guarantees.

Its creation was motivated by the evolution towards 5G and network slicing, where different slices (e.g., for enhanced mobile broadband, IoT, or ultra-reliable low-latency communications) require distinct handling. A generic user plane could not efficiently differentiate traffic without deep inspection. The TDF-U provides a standardized, vendor-neutral function that separates the detection logic from the core UPF, allowing for specialized DPI capabilities and independent scaling. This solves the problem of monolithic UPFs that were difficult to upgrade with new detection capabilities and allowed for more flexible service chaining.

Historically, similar functions existed in 4G EPC as the Traffic Detection Function (TDF), but it was often a standalone node. In 5G, the TDF-U is integrated as a dedicated user plane function within the SBA, offering better orchestration, cloud-native deployment, and seamless interaction with the PCF and SMF. This addresses limitations of previous approaches by providing a more programmable, scalable, and service-oriented architecture for real-time traffic analysis.

Classification

Part ofUPF
Related approachesSMFPCFPFD

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (44 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-14, normative work from Rel-15.

Rel-15 12 changes

In Release 15, the newly introduced TDF-U function gained capabilities for user plane event reporting, including application detection reporting when PFDs are removed. The release also specified support for forwarding user plane data via a shared Sx-u tunnel and introduced user plane reporting mechanisms, such as reporting user plane inactivity on the N4 interface. Furthermore, enhancements were made to packet detection information by adding QFIs and to traffic handling through functions like duplicating user plane packets to multiple destinations.

  • Application detection report when the PFDs are removed TS 23.214CR0068
  • User plane reporting TS 29.244CR0041
  • Reporting User Plane Inactivity on N4 TS 29.244CR0060
  • Adding QFIs to the Packet Detection Information TS 29.244CR0079
  • Duplicating the user plane packets to multiple destinations TS 29.244CR0106
  • The Source Interface in the User Plane IP Resource Information TS 29.244CR0108

+ 6 more changes

Rel-16 9 changes

In Release 16, the TDF-U saw enhancements to support 5G Virtual Network group communication for both unicast and broadcast traffic, and gained the capability for user plane path recovery reporting. Furthermore, new procedures were introduced for handling GBR traffic in a Multi-Access PDU session and for using PFCP over the N16a interface to enable traffic offload by a UPF controlled by an I-SMF.

  • Clarification of TEID allocation by gateway user plane TS 23.214CR0074
  • User Plane Forwarding with Control Plane CIoT 5GS Optimisation TS 29.244CR0247
  • Support 5G VN Group Communication – unicast traffic TS 29.244CR0271
  • Support 5G VN Group Communication – broadcast traffic TS 29.244CR0272
  • PFCP usage over N16a for the support of traffic offload by UPF controlled by I-SMF TS 29.244CR0266
  • User Plane Path Recovery Report TS 29.244CR0340

+ 3 more changes

Rel-17 7 changes

In Release 17, the TDF-U (Traffic Detection Function User plane) was enhanced with new capabilities for user plane activity detection and reporting over the N4mb interface, and for traffic usage reporting on redundant transmission at the transport layer. Furthermore, updates were made for Bridge/User plane Node ID configuration, and support was added for CVLAN tag removal from downlink traffic received on the N6 interface. These additions expanded the TDF-U's monitoring, reporting, and traffic handling functionalities.

  • Enabling and disabling the adjustment of DL traffic steering rules TS 29.244CR0579
  • User Plane (In)Activity Detection and Reporting over N4mb TS 29.244CR0608
  • 5GS User Plane Node TS 29.244CR0558
  • Updates for Bridge/User plane Node ID configuration TS 29.244CR0585
  • Traffic usage reporting on Redundant Transmission at transport layer TS 29.244CR0591
  • CVLAN tag removal from DL traffic received on N6 TS 29.244CR0598

+ 1 more changes

Rel-18 10 changes

In Release 18, the TDF-U saw enhancements focused on user plane inactivity detection and traffic steering. Specifically, the release introduced updates to the User Plane Inactivity Timer procedure, including its handling after an inactivity report is sent. It also added support for steering traffic to an L4S-enabled QoS flow and for handling GBR traffic using the Redundant steering mode.

  • Remove the Editor's note on Redundant steering mode for GBR traffic TS 29.244CR0742
  • User plane inactivity detection update TS 29.244CR0731
  • Traffic steering to an L4S enabled QoS flow TS 29.244CR0753
  • Support of DNS traffic routing in multiple DNN networks with the same IP address range TS 29.244CR0825
  • Correction on User Plane Node ID TS 29.244CR0777
  • User plane inactivity timer update from SMF towards UPF TS 29.244CR0781

+ 4 more changes

Rel-19 6 changes

In Release 19, the TDF-U (Traffic Detection Function User plane) saw enhancements for handling encrypted traffic, including support for transferring media-related information over the N6 interface using connect-UDP and support for MoQ (Media over QUIC) on N4 for encrypted XRM traffic. Furthermore, updates were made to application detection reporting, covering both solicited and unsolicited application reporting, and corrections were introduced for traffic detection reporting procedures.

  • Transferring media related information over N6 using connect-UDP for e2e encrypted traffic TS 29.244CR0894
  • Support of MoQ on N4 for encrypted XRM traffic TS 29.244CR0898
  • RTP header extension for dynamically changing traffic characteristics TS 29.244CR0961
  • User Plane Inactivity Timer clarification TS 29.244CR0971
  • Correction of traffic detection reporting TS 29.244CR0978
  • (Un)Solicited Application Reporting and Application Detection Information TS 29.244CR0991

Explore further

Broader topics and technologies where TDF-U plays a role.

Topics
Service Based ArchitectureEPC (Evolved Packet Core)LTE / LTE-AdvancedPolicy & ChargingLawful InterceptNetwork Slicing
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference TDF-U, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.214 vj00 Control and User Plane Separation for EPC Rel-19
TS 29.244 vj40 PFCP Specification for Control/User Plane Separation Rel-19
TS 29.844 ve00 Control and User Plane Separation for EPC Nodes Rel-14