TNAN

Trusted Non-3GPP Access Network

Core Network
Introduced in Rel-16
A non-3GPP access network (e.g., Wi-Fi, fixed broadband) that has a trusted, secure connection to the 5G Core network. The 5G Core treats it similarly to a 3GPP RAN, enabling seamless authentication and service continuity. This allows operators to integrate and manage heterogeneous access technologies under a unified core.

Description

A Trusted Non-3GPP Access Network (TNAN) is a critical component in 3GPP's 5G architecture for supporting access network convergence. It refers to a non-3GPP radio access network, most commonly a Wi-Fi network or a fixed broadband network, which connects to the 5G Core (5GC) via a standardized, secure interface. The key distinction from an untrusted non-3GPP access is that the TNAN has a pre-established trust relationship with the 5G operator. This trust is validated through network authentication, allowing the 5GC to extend its services directly over this access without requiring an additional IPsec tunnel for all user traffic, as is the case with untrusted access.

Architecturally, a TNAN connects to the 5GC via the TNGF (Trusted Non-3GPP Gateway Function) in the case of wireline access, or the W-AGF (Wireline Access Gateway Function) for certain fixed scenarios. The TNGF acts as a control plane proxy and user plane anchor, presenting the non-3GPP access to the 5GC's AMF and SMF as a logical N3 interface. The connection between the User Equipment (UE) and the TNAN uses native access-specific security (e.g., WPA3 for Wi-Fi). The trust is established between the TNAN/TNGF and the 5GC operator, often based on the TNAN's credentials validated by the 3GPP AAA server or the N3IWF for the control plane. User plane traffic can flow directly from the TNAN to the UPF, secured by the underlying transport network's security.

How it works involves several steps. First, the UE discovers and associates with the TNAN using standard Wi-Fi or Ethernet procedures. For network access, the UE initiates 5G authentication and registration procedures. The TNGF relays these signaling messages to the AMF over the N2 interface. The 5GC authenticates the UE using 5G-AKA or EAP-AKA', and simultaneously validates that the TNGF/TNAN is a trusted entity. Once authenticated, the SMF establishes a PDU Session, and user data flows between the UE and the UPF via the TNAN and TNGF. The TNAN's role is to provide a trusted IP connectivity path, enabling seamless mobility and session continuity between 3GPP and non-3GPP accesses, and allowing the operator to apply consistent policies and charging across all access types.

Purpose & Motivation

TNAN was introduced in 3GPP Release 16 as part of the broader 5G System architecture to fully realize the vision of converged access. Prior to this, non-3GPP access integration (e.g., via ePDG in 4G) often treated all such access as 'untrusted,' mandating resource-intensive IPsec tunnels for every UE connection, which added overhead and complexity. The purpose of TNAN is to recognize that many non-3GPP networks, especially operator-managed Wi-Fi or partner fixed networks, are inherently trustworthy from the operator's perspective.

This concept solves the problem of inefficient resource usage and latency for trusted access scenarios. By establishing a network-level trust anchor (the TNGF), it allows the 5GC to bypass per-UE tunneling for the user plane, leading to more efficient data forwarding. It was motivated by the increasing importance of Wi-Fi 6 and fixed access in 5G deployment strategies, enabling true wireline-wireless convergence. TNAN allows operators to offer a unified 5G service experience regardless of the underlying access technology, simplifying network management and enabling new service models like 5G Fixed Wireless Access (FWA) with native 5G core integration.

Key Features

  • Enables integration of trusted Wi-Fi and fixed networks into the 5G Core without mandatory per-UE IPsec tunnels
  • Uses the Trusted Non-3GPP Gateway Function (TNGF) as the network trust anchor and control plane proxy
  • Supports seamless mobility and session continuity between 3GPP and trusted non-3GPP access
  • Allows the 5GC to apply consistent authentication, policy control, and charging across heterogeneous accesses
  • Leverages native access link security (e.g., WPA3) between UE and TNAN
  • Provides a standardized N2 (control plane) and N3 (user plane) interface towards the 5GC

Evolution Across Releases

Rel-16 Initial

Introduced the TNAN concept and the supporting Trusted Non-3GPP Gateway Function (TNGF) architecture for 5G. Defined the procedures for UE registration and PDU session establishment over a trusted non-3GPP access. Specified the N2 and N3 interfaces between the TNGF and the 5GC, and the authentication framework for the TNAN itself.

TS 23.273TS 23.501TS 23.700TS 24.501TS 24.502TS 24.526TS 29.512TS 32.255TS 33.501TS 33.807

Defining Specifications

SpecificationTitle
TS 23.273 3GPP TS 23.273
TS 23.501 3GPP TS 23.501
TS 23.700 3GPP TS 23.700
TS 24.501 3GPP TS 24.501
TS 24.502 3GPP TS 24.502
TS 24.526 3GPP TS 24.526
TS 29.512 3GPP TS 29.512
TS 32.255 3GPP TR 32.255
TS 33.501 3GPP TR 33.501
TS 33.807 3GPP TR 33.807