Trusted non-3GPP Access Peers

Description

Trusted non-3GPP Access Peers (TNAPs) are the logical collective term for the network functions in a trusted non-3GPP access network that serve as the direct connection points to the 5G Core Network. In practical deployment, the primary TNAP is the Trusted Non-3GPP Gateway Function (TNGF) for general trusted access, or the Wireline Access Gateway Function (W-AGF) for specific wireline scenarios. These functions terminate the 3GPP-defined interfaces from the 5GC, effectively translating between 3GPP signaling and the native protocols of the non-3GPP access (e.g., IEEE 802.11 for Wi-Fi, or PPP/802.1X for fixed).

Architecturally, a TNAP sits at the boundary between the trusted non-3GPP access domain and the 5GC. On its northbound side, it implements the N2 interface (to the AMF) for control plane signaling and the N3 interface (to the UPF) for user plane data. On its southbound side, it connects to the non-3GPP access points (e.g., Wi-Fi APs) or aggregation networks. The TNAP's key role is to act as a proxy and adapter. It relays NGAP messages between the UE/access network and the AMF, and forwards user plane packets between the access network and the UPF. It also participates in the authentication process, helping to establish the trust relationship between the access network and the 5GC operator.

The operation involves several key procedures. During initial attachment, the TNAP facilitates the UE's authentication with the 5GC, often by relaying EAP messages. It obtains UE context from the AMF and manages resource setup for the PDU session. For mobility, the TNAP supports handover procedures between 3GPP and non-3GPP access. Crucially, because the access is trusted, the TNAP does not need to establish an IPSec tunnel with the UE for the user plane; security is provided by the underlying link-layer (e.g., Wi-Fi security) and the secured N3 transport. The TNAP ensures that policy and QoS rules from the SMF are enforced within the non-3GPP access network, providing a consistent service experience.

Purpose & Motivation

The concept of TNAP was formalized to provide a clear architectural definition for the endpoints that integrate trusted non-3GPP accesses into the 5G System. It addresses the ambiguity that could arise from having multiple gateway functions (TNGF, W-AGF) serving similar roles for different types of trusted access. The purpose is to create a unified logical reference point for the 5GC, simplifying system design and specification. It solves the problem of how a monolithic 5GC can interface with a diverse ecosystem of non-3GPP technologies in a standardized, yet flexible manner.

Its creation was motivated by the 5G design principle of access-agnostic core network services. Prior approaches, like the ePDG in 4G, were designed specifically for untrusted Wi-Fi and created a siloed integration. TNAP, as part of the Release 12 onwards evolution for S2a-based trusted access and fully realized in Release 16 for 5G, enables a more efficient and native integration. It allows operators to leverage their existing or partner Wi-Fi and fixed broadband infrastructure as a seamless extension of their 5G network, supporting use cases like carrier Wi-Fi offload, fixed wireless access, and converged offerings without redundant security encapsulation for trusted paths.

Key Features

• Serves as the logical 5GC interconnection point for trusted non-3GPP accesses like Wi-Fi and fixed broadband
• Implements the standardized N2 (control plane) and N3 (user plane) interfaces towards the 5GC
• Acts as a protocol interworking function between 3GPP NGAP and non-3GPP access-specific protocols
• Facilitates UE authentication and registration procedures without requiring a UE-terminated IPSec tunnel
• Enables enforcement of 5G QoS and policy rules within the trusted non-3GPP access domain
• Supports mobility events and session continuity for UEs moving between 3GPP and non-3GPP access

Evolution Across Releases

Defining Specifications