Access and Mobility Management Function¶
Overview¶
AMF(Access and Mobility Management Function) is a Control Plane(CU) function in the 5G Core Network(CN). gNodeB first needs to connect with AMF to access any 5G services. AMF is the only Network Function(NF) through which gNB communicates with the 5G Core(excluding interaction with the UPF(User Plane Function) during the PDU Session Establishment).
AMF Vs MME¶
AMF performs most of the functions that the MME(Mobility Management Entity) performs in the 4G Network except for some of them. The establishment of PDU sessions is carried out by a separate network function, SMF(Session Management Function) whereas functions related to authentication and security are carried out by AUSF(Authentication Server Function), an another network function in 5G. This shows that 5G architecture is more distributed than MME in 4G which makes it more effective. Basically, the main principle in the 5G architecture is the separation of the control and user plane.
Functions¶
The main functions of AMF are:
NR Interface¶
N1/N2¶
AMF retrieves all the connection and session related information from the UE over the N1 and N2 interface.
N8¶
Policy rules both for all users and for particular UEs, session related subscription data, subscriber data, and any other information(e.g. data exposed to the third party application) is stored in UDM which is retrieved by AMF over the N8 interface.
N11¶
N11 interface represents a trigger to add, modify or delete a PDU session by AMF across the User Plane.
N12¶
N12 emulates AUSF within the 5G Core offering services to the AMF via the ausf service-based N12 interfaces. The 5G network represents the service-based interface, with focus on the AUSF and AMF.
N14¶
The N14 Reference point is between two AMFs (Access and Mobility Management Functions) and the UE context is transmitted over this interface during handovers, etc.
N15¶
Transmission and removal of Access and Mobility policies are carried out over the N15 interface between AMF and PCF.
N17¶
N17 emulates Equipment Identity Register(EIR) within the 5G Core offering services to the AMF via the N5g-eir service based interface. This interface supports Equipment Identity Check Service.
N22¶
AMF selects the best Network Functions (NF) across the network with the help of NSSF. NSSF provides the network functions location to the AMF over the N22 interface.
N26¶
This interface is used to transfer UE’s authentication and session management context as the UE moves between the 5GS and 4G-EPS systems.
NR Call Flow¶
RRC Connection¶
When the UE powers ON, it undergoes an RRC connection setup with gNB. After that, gNB sends an initial NAS message to the AMF over the N2 interface which contains RAN UE NGAP ID, registration request context, User location information, 5G S-TMSI, and RRC establishment Cause.
Initial NAS message + Obtain UE context from old AMF¶
These parameters provide an identity to the UE which helps AMF to retrieve UE context either from the old serving AMF or by going through the whole procedure(only when the serving AMF is not able to find the traces of the old AMF). This has taken place through the N14 interface.
[8] Release previous registration request context
[3] gNB sends Initial NAS message via new RRC connection
[23] Decode security protected NAS message
[4] Handle initial UE message from NGAP
[9] Mobility management messages
[16] Store the registration type in parameters
[1] Create registration request procedure
[9] Encoded the initial NAS information message
[7] Handles NAS encoded message and sends it to NGAP task
[23] Decode plain NAS message
[8] Check if UE context exists for old parameters like GUTI, IMSI, gNB id, etc or not
[3] Update AMF UE context with new gNB UE NGAP id
Let’s assume, the new AMF does not find any old AMF clues in the network, for closure exposure of NR call flow. Then AMF starts the identity, authentication, and security procedures with the UE to add a more defined identity to the UE.
NAS Identification¶
During NAS identity procedures, identity parameters(e.g. SUCI) are derived from the registration context, and security headers are added to the NAS messages to securely transport them over the air interface through UL and DL DCCH(Dedicated Control Channel) from the N1 interface. There is a possibility of identification rejection due to many problems like TAC setup failure, forbidden PLMN(Public Land Mobile Network), and so on.
[24] AMF sends identity request message
[9] Build DL NAS transport message
[9] DL messages to NGAP on identity/authentication request
[3] Handle Uplink NAS message
[15] Generate GUTI based on SUPI/IMSI
[16] AMF handles identity response message
[15] Identification procedure completion
[23] Encode header of a security protected NAS message
NAS Authentication¶
On getting the identity of the UE, AMF selects the AUSF, configured by the NRF(Network Repository Function) for the UE authentication and security, based on derived SUCI(Subscription Concealed Identifier). This takes place the same as through UL and DL DCCH over the N1 interface. This procedure is carried out by the MME itself(in addition with AAA) in the 4G Network.
AUSF then requests the authentication vectors from the UDM over the N13 interface and sends a response message to the AMF with all the required NAS security keys(AUTN, RAND, ABBA) and some other security keys over another interface named N12.
[10] AMF send authentication request
[10] Initialisation of authentication procedure to establish partial native 5G CN security context in the UE and the AMF
[10] Procedure to start authentication procedure
[11] Received security vector from HSS
[10] Abort the Authentication procedure
[9] Send authentication reject to UE
[16] Processes authentication failure message
[10] Authentication response message
[23] Encode the message authentication code
NAS Security¶
AMF authenticates UE and starts NAS SMC(Security Mode Command) procedures and requests for IMEISV(International Mobile Equipment Identity Software Version) which maintains the user device and assists upgrades and notifications.
To confirm that UE is not blacklisted, AMF sends an equipment identity check request to the 5G-EIR(Equipment Identity Register) using PEI(Permanent Equipment Identifier) to identify the UE in the network.
[18] Sends security mode command message
[10] Handle security request
[1] [18] Create new security context and initiate SMC procedures
[18] Request for IMEISV from UE
[18] Security keys exchange, setup encryption and integrity algorithms
[17] AMF send the security mode command message integrity protected
[13] Sets security context type
[16] AMF security mode command reject
[18] Notify AMF that security mode procedure failed
[2] AMF handle security complete response
[9] Setup/encode the NAS security message
Retrieving Subscription data¶
AMF looks for the NSSF(Network Slicing Selection Function) to select the best network slice available for the service requested by the user and connect it over the N22 interface. Then it searches for the UDM to retrieve all the subscription data related to the Access Management(AM), Session Management(SM), and subscriber data. AMF is connected to the UDM through the N10 interface.
[21] To fill the slice information in PDU session establishment accept message
[8] Get the AMF context based on UE identity
[8] Get the SMF context from the map
[20] Set the SMF context in AMF context
[8] AMF create new UE context
AMF also configures PCF(Policy Control Function) to retrieve AM policies over the N15 interface, to which UE has access and SMF allocates services accordingly.
AMF has collected all the UE context, now it creates another identifier AMF UE NGAP ID for the UE to the network.
Deregistration¶
At the same time, the old AMF releases the Session Management context and AM policies with which UE is registered earlier. And also deletes the UE context from itself to make it more reliable.
[22] Processes deregistration request
[9] Build De-registration accept message
[20] Sending PDU session resource release request
[20] Execute PDU session release and notify SMF
[19] clear SMF protocol configuration options
[20] Clean up the mobility IP address
[22] Delete PDU session id
[24] Delete the NAS common procedures
[1] Delete the NAS registration specific procedure
[13] Clear AMF security context
[3] NGAP UE context Release request
[4] Handle UE context release requests
[22] Start releasing UE related context
[4] Handle UE context release complete
[8] Delete the UE context
[8] Cleans up the AMF context
Setup User Plane¶
AMF selects the SMF which performs all the session management operations that are managed by the MME(in addition with SGW-C and PGW-C) itself in the 4G System. The exchange of messages between AMF and SMF takes place over the N11 interface. Then SMF looks for the best UPF(User Plane Function) for the UE and creates sessions during UL and DL data flow. The interaction between SMF and UPF is carried out by PFCP(Packet Forwarding Control Protocol) over the N4 interface.
[3] Check for the existing PDU session for session id
[3] PDU session Establishment accepts message to UE and gNB
[3] PDU session resource setup request message to gNB
[4] Handle PDU session resource setup response
[4] Handle PDU session resource release response
[20] AMF handle PDU session establish reject
[20] Send PDU session reject to UE
[3] Set Session AMBR
[20] Update IP address information in SMF context Send the Downlink Transport with 5GMM Cause to gnb
[3] [5] Retrieve subscriber QoS profile, UPF GTP TEID IP address from SMF context
[1] Send Activate PDU session Context Request message
[5] Adding security header to AMF PDU session transfer request
[8] Notify NGAP about new AMF NGAP ID
AS Security and RRC Reconfiguration¶
Now, the AMF sends an initial context setup request along with a registration acceptance message to the gNB to update the UE context present in the gNB. gNB again undergoes RRC reconfiguration and SMC procedures to let the UE access the encrypted channels by using the derived keys(e.g. k-gNB, k-RRC, k-UP-int).
[17] AMF sends SAP
[1] Updated GUTI assigned to AMF SAP
[9] Processes the AMF AS SAP connection establish request
[9] [16] Processes the AMF AS SAP connection establish reject
[9] Processes the AMF AS SAP connection establish confirm
[18] Notify AMF AS SAP that security mode command message has to be sent to the UE
[9] Processes the AMF AS SAP security request primitive
[17] Setup security request when data transfer to lower layers
[1] Notify AS SAP about registration reject
[10] Fetch new security context to upper layer
[23] Encrypt/Decrypt/Decode layer 3 NAS message
[8] Register the UE context
[1] Performs the registration signaling procedure
[1] Processes registration complete message
[1] AMF sends an registration accept message
UL and DL data transfer¶
When the user plane is setup for UL or DL purposes, PDU sessions update messages are transferred by the AMF to the SMF.
