Trusted Non-3GPP Gateway Function

In Release 15, the TNGF (Trusted Non-3GPP Gateway Function) was introduced as a new network function to connect trusted non-3GPP access networks to the 5G Core Network via the N2 and N3 interfaces, paralleling the N3IWF for untrusted access. This release defined procedures for a UE to establish an IPsec tunnel with the TNGF for registration and specified support for user plane QoS differentiation between the UE and the TNGF. The architecture distinguished trusted non-3GPP access, requiring the UE to select a supporting TNAN after PLMN selection.

• Interworking between E-UTRAN/EPC and N3IWF/5GCN TS 24.501CR0176
• User plane IPsec SA establishment not accepted TS 24.502CR0023
• Corrections to Combined N3IWF/ePDG Selection TS 23.501CR0057
• IPsec SAs in tunnel mode TS 23.501CR0344
• UE unable to use N3IWF identifier configuration in stand-alone N3IWF selection TS 23.501CR0630
• Using TCP for reliable NAS transport between UE and N3IWF TS 23.501CR0692

+ 8 more changes

In Release 16, the TNGF was formally introduced as the gateway function for connecting trusted non-3GPP access networks (TNANs) to the 5G Core, defining its N2 and N3 interfaces analogous to the N3IWF. The release specified new procedures, including trusted non-3GPP access network selection which is dependent on the PLMN/SNPN selection, and UE registration for trusted non-3GPP access. It also defined support for specific capabilities like AMF overload control and user-plane QoS differentiation for this trusted access type.

• Support of Trusted non-3GPP access TS 23.501CR0781
• Trusted non-3GPP Access Network Selection TS 23.501CR0783
• FQDN format of N3IWF in a standalone non-public network TS 23.501CR0841
• AMF overload control for trusted non-3GPP access TS 23.501CR1374
• Location information for trusted N3GPP TS 23.501CR1420
• Packet filters based on N3IWF IP address and SPI for IPsec SA TS 24.501CR1231

+ 25 more changes

In Release 17, key enhancements for the TNGF included updates to the selection procedures for emergency services and for access to SNPN services via a PLMN. It also introduced clarifications and corrections for trusted connectivity and QoS differentiation for the user plane IPsec tunnel. Furthermore, support was added for providing different UE identifiers for trusted versus untrusted non-3GPP access.

• Informative guideline on supporting session/service continuity between SNPN and PLMN when using N3IWF TS 23.501CR2563
• Update to N3IWF selection for N3SLICE TS 23.501CR2662
• Derived QoS for UDP encapsulated IPsec packets TS 24.501CR3795
• Trusted AF registration and discovery TS 29.510CR0593
• N3IWF selection for emergency services TS 24.502CR0194
• FQDNs for N3IWF selection for emergency services TS 23.501CR2848

+ 16 more changes

In Release 18, the TNGF function was enhanced to support slice-based selection, allowing the network to select a TNGF based on the S-NSSAI required by the UE. The release also introduced procedures for a UE to indicate its support for this slice-based TNGF selection and for the network to abort registration if the selected TNGF is not compatible with the allowed NSSAI. Furthermore, support for Standalone Non-Public Networks (SNPN) over trusted non-3GPP access was specified.

• N3IWF selection enhancement for support of S-NSSAI needed by UE TS 23.501CR3707
• TNGF selection enhancement for support of S-NSSAI needed by UE TS 23.501CR3953
• N3IWF with slice capability TS 24.501CR4877
• UE to indicate its support for Slice-based N3IWF selection to the network TS 24.501CR4961
• Rejecting the UE Registration due to the selected N3IWF by the UE is not compatible with the used slices TS 24.501CR4963
• Aborting registration procedure when the selected N3IWF is not compatible with the allowed NSSAI TS 24.501CR5119

+ 58 more changes

In Release 19, the TNGF function was enhanced to support the mobility of a UE connected to one Trusted Non-3GPP Access Point (TNAP) to another TNAP connected to the same TNGF, including a subsequent correction to this mobility procedure. Additionally, Release 19 introduced support for the NR Femto architecture with an NR Femto Gateway and addressed the handling of specific unprotected REGISTRATION REJECT messages for improved interoperability.

• Support of Feature ID and VFL interoperability indicator for NWDAF, untrusted AF, and trusted Afs TS 29.510CR1145
• Support of NR Femto architecture with NR Femto Gateway TS 38.413CR1232
• Mobility of the UE connected to a TNAP to another TNAP connected to the same TNGF TS 24.502CR0313
• Handling of unprotected REGISTRATION REJECT message with causes #81 and #82 (Selected N3IWF/TNGF is not compatible with the allowed NSSAI) TS 24.501CR6795
• Correction to Mobility of the UE connected to a TNAP to another TNAP connected to the same TNGF TS 24.502CR0316
• Reauthentication aspect for IPSec in non 3GPP access TS 33.501CR2055

+ 1 more changes

In Release 20, the TNGF was enhanced to support reselection procedures that consider energy-related information, as introduced by the corresponding Change Request. This allows the selection between an N3IWF and a TNGF to be influenced by energy efficiency metrics, adding a new optimization criterion for gateway selection in non-3GPP access networks.

• N3IWF/TNGF reselection considering energy related information. TS 23.501CR6493