TDF

Traffic Detection Function

Core Network →
Introduced in Rel-11

TDF is a network function that performs application detection, gating, and redirection for traffic to enable policy and charging control.

Category
Core Network
Introduced
Rel-11
Where
Core Network › Evolved Packet Core
Specifications
18 specs
TDF Description Purpose Related Classification Detected Changes Specifications

Description

The Traffic Detection Function (TDF) is a specialized network element within the 3GPP Policy and Charging Control (PCC) architecture. Its primary role is to perform deep packet inspection (DPI) on user plane traffic to identify specific applications and services, such as streaming video, social media, or peer-to-peer applications. The TDF operates by analyzing packet headers and payloads against a set of pre-defined detection rules, which can be based on signatures, behavioral patterns, or other heuristics. Upon detecting a specific application, the TDF can report this information to the Policy and Charging Rules Function (PCRF) via the Sd reference point. The PCRF can then use this information to dynamically install or modify PCC rules in the Policy and Charging Enforcement Function (PCEF), enabling real-time policy enforcement like bandwidth throttling, blocking, or charging for the detected application flow.

Architecturally, the TDF can be deployed in two modes: as an Application Function (AF) within the PCC framework or as a standalone node. In the standalone deployment, it interacts directly with the PCRF. The TDF contains key functional components including the Traffic Detection Engine, which performs the actual DPI, and a reporting function that communicates with the PCRF. It also maintains a database of application detection rules, which can be updated by the operator. The TDF's operation is governed by ADC (Application Detection and Control) rules provisioned by the PCRF, which specify what applications to look for and what actions to take upon detection, such as reporting, gating (blocking), or redirecting the traffic.

In the network, the TDF is typically placed in the data path, often integrated with a Gateway GPRS Support Node (GGSN) or a Packet Data Network Gateway (PGW) in 4G, or the User Plane Function (UPF) in 5G. Its integration allows for granular, application-aware policy enforcement beyond simple bearer-level controls. For example, an operator can use the TDF to detect a video streaming service and apply a specific Quality of Service (QoS) policy to ensure a smooth user experience, or to identify and limit bandwidth for a file-sharing application during network congestion. The TDF's ability to provide application-level visibility is crucial for implementing service differentiation, zero-rating offers, and parental controls.

Purpose & Motivation

The TDF was created to address the growing need for operators to manage and monetize diverse internet application traffic beyond the capabilities of traditional bearer-level PCC. Prior to its introduction, policy control was primarily based on IP 5-tuple information (source/destination IP/port, protocol), which is insufficient for accurately identifying specific applications, especially those using dynamic ports, encryption, or sharing common servers. This limitation made it difficult for operators to implement fair usage policies, offer application-specific data plans, or ensure quality of experience for latency-sensitive services.

The motivation for standardizing the TDF in 3GPP Release 11 was to provide a unified, vendor-interoperable method for deep packet inspection and application-aware policy enforcement within the PCC framework. It solved the problem of application blindness in the core network, enabling new business models like sponsored data, where an application provider pays for the data usage, or tiered services where premium subscribers get better quality for specific apps. The TDF also provides the technical foundation for regulatory requirements, such as lawful interception of specific services or compliance with net neutrality rules through transparent traffic management.

Historically, operators relied on proprietary DPI solutions that were not integrated with the standardized PCC architecture, leading to operational complexity and limited scalability. The TDF standardizes the interfaces (e.g., Sd, Gx) and procedures for application detection and control, allowing operators to deploy multi-vendor solutions and ensuring that policy decisions based on application detection are consistent and enforceable across the network. It represents a key evolution from simple volume-based charging to intelligent, service-aware network management.

Classification

Specific typesARA
Related approachesPCRFPCEF

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (36 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-11, normative work from Rel-15.

Rel-15 8 changes

In Release 15, the TDF function was enhanced to support Non-Seamless WLAN Offload (NSWO) traffic in Fixed Broadband Access networks, including specific architectures for roaming scenarios. Enhancements included application detection reporting when Packet Flow Descriptions (PFDs) are removed or modified, and the addition of QoS Flow Identifiers (QFIs) to Packet Detection Information. Furthermore, policy interworking for user charging of NSWO traffic was introduced, though limited to scenarios without Network Address Translation (NAT) in the Fixed Broadband Access domain.

  • Charging enhancement on TDF for eFMSS TS 32.251CR0501
  • Application detection report when the PFDs are removed TS 23.214CR0068
  • TDF application report when the PFDs are removed or modified TS 29.212CR1679
  • Adding QFIs to the Packet Detection Information TS 29.244CR0079
  • Ethernet traffic TS 29.244CR0101
  • Application detection report when the PFDs are removed TS 29.244CR0154

+ 2 more changes

Rel-16 7 changes

In Release 16, the TDF function was enhanced to support traffic detection and policy enforcement for Non-Seamless WLAN Offload (NSWO) traffic in Fixed Broadband Access networks, including roaming scenarios. Specifically, the architecture now allows for a TDF in the VPLMN to handle offloaded traffic, coordinated via the S9a interface between the PCRF and the BPCF. Furthermore, support was added for handling Guaranteed Bit Rate (GBR) traffic within a Multi-Access PDU Session and for MPTCP-indicated traffic via uplink Packet Detection Rules.

  • Support 5G VN Group Communication – unicast traffic TS 29.244CR0271
  • Support 5G VN Group Communication – broadcast traffic TS 29.244CR0272
  • PFCP usage over N16a for the support of traffic offload by UPF controlled by I-SMF TS 29.244CR0266
  • Handling of GBR traffic of a MA PDU session TS 29.244CR0300
  • MPTCP Indication for a Uplink PDR for traffic applicable for MPTCP TS 29.244CR0393
  • Interface Type of Traffic Endpoint TS 29.244CR0479

+ 1 more changes

Rel-17 7 changes

In Release 17, enhancements for the Traffic Detection Function (TDF) included enabling PCRF control for MPS for DTS and introducing user plane inactivity detection and reporting over the N4mb interface. The release also added capabilities for failure handling for traffic steering and for traffic usage reporting on redundant transmission at the transport layer. Furthermore, it introduced support for removing CVLAN tags from downlink traffic received on the N6 interface and defined the handling of PDRs and Traffic Endpoints in PFCP Session Modification procedures.

  • PCRF control of MPS for DTS TS 29.213CR0743
  • Enabling and disabling the adjustment of DL traffic steering rules TS 29.244CR0579
  • User Plane (In)Activity Detection and Reporting over N4mb TS 29.244CR0608
  • Failure handling for traffic steering TS 29.212CR1703
  • Traffic usage reporting on Redundant Transmission at transport layer TS 29.244CR0591
  • CVLAN tag removal from DL traffic received on N6 TS 29.244CR0598

+ 1 more changes

Rel-18 5 changes

In Release 18, the TDF function was enhanced to support the steering of Guaranteed Bit Rate (GBR) traffic using a Redundant steering mode and to enable traffic steering to an L4S-enabled QoS flow. Furthermore, updates were made to user plane inactivity detection procedures, and support was added for DNS traffic routing in scenarios involving multiple DNN networks sharing the same IP address range.

  • Remove the Editor's note on Redundant steering mode for GBR traffic TS 29.244CR0742
  • User plane inactivity detection update TS 29.244CR0731
  • Traffic steering to an L4S enabled QoS flow TS 29.244CR0753
  • Support of DNS traffic routing in multiple DNN networks with the same IP address range TS 29.244CR0825
  • Handling of GBR traffic using the Redundant steering mode TS 29.244CR0799
Rel-19 9 changes

In Release 19, enhancements for the TDF include updated procedures for the PCRF to detect and react to PCEF failures, along with clarifications on PCRF behavior during PGW failures. Furthermore, specific support for IMS restoration procedures following a PCRF/PCF failure was introduced as a new condition. The release also provided corrections to traffic detection reporting and addressed (un)solicited application reporting modes.

  • Add a new condition for the PCRF detecting PCEF failure in time TS 29.213CR0751
  • Update the procedure of AF trigger the PCEF failure checking TS 29.213CR0753
  • Clarify the behavior of the PCRF in the case of PGW failure TS 29.214CR1704
  • Transferring media related information over N6 using connect-UDP for e2e encrypted traffic TS 29.244CR0894
  • Support of MoQ on N4 for encrypted XRM traffic TS 29.244CR0898
  • RTP header extension for dynamically changing traffic characteristics TS 29.244CR0961

+ 3 more changes

Explore further

Broader topics and technologies where TDF plays a role.

Topics
Encryption & IntegrityPolicy & ChargingLawful InterceptServices & ApplicationsManagement & OperationsRadio Access Network
Technologies
LTE5G

Defining Specifications

3GPP specifications that define or reference TDF, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.139 vj00 3GPP-Fixed Broadband Interworking Stage 2 Rel-19
TS 23.203 vj20 Policy and charging control architecture Rel-19
TS 23.214 vj00 Control and User Plane Separation for EPC Rel-19
TS 29.212 vj00 Gx/Gxx/Sd/St Diameter Protocol Rel-19
TS 29.213 vj20 PCC Signalling Flows and QoS Mapping Rel-19
TS 29.214 vj20 Policy and Charging Control over Rx Rel-19
TS 29.215 vj00 S9 Reference Point Stage 3 Specification Rel-19
TS 29.244 vj40 PFCP Specification for Control/User Plane Separation Rel-19
TS 29.250 vj00 Nu Reference Point Stage 3 Specification Rel-19
TS 29.251 vj00 Gw/Gwn Reference Points Stage 3 Specification Rel-19
TS 29.810 vd00 Diameter Load Control Study Rel-13
TS 32.240 vj40 Charging Management Architecture & Principles Rel-19
TS 32.251 vj00 PS Domain Charging Management Rel-19
TS 32.296 vj00 Online Charging System (OCS) Architecture Rel-19
TS 32.298 vj30 Charging Data Record (CDR) Parameter Specification Rel-19
TS 32.299 vj00 Diameter Charging Applications for 3GPP Rel-19
TS 32.843 vd00 PS Domain Online Charging in Roaming Rel-13
TS 32.869 vf00 Diameter Overload Control for Charging Interfaces Rel-15