AccessD Service [1]¶
Accessd is one of the main magma service that plays the role of the MME and AMF of the 4G and 5G System respectively. It supports registration, mobility, access authentication and authorization, lawful inspect and transporting session management messages between the UE(CPE) and Sessiond.
Protocols¶
Call Flow¶
Registration with SUCI as Mobile Identity¶
When UE is powered on, it first undergoes the registration process. UE sends the registration request to the gNB. gNB then sends the initial UE message carrying the registration request to Accessd. Since the UE identity(SUCI/IMSI) was included in the registration request, Accessd initiates the authentication procedure. It retrieves the authentication vectors and algorithm information from the SUBSDB. Accessd then sends the authentication parameters to the UE to setup a mutual authentication between the user and the network. On successful validation by the network, the UE is considered authenticated and secure communication is set up between the UE and the network.
After authentication, the SMC procedure is initiated, and after that Accessd creates a new UE Context and allocates an AMF NGAP UE ID to the UE. Accessd then initiates an Initial UE context setup procedure with the gNB. After this, the registration procedure is completed.
[14] Handle Registration Type Request
[1] Handle Initial UE message
[23] Decode plain NAS message
[55] Decode Registration Request
[92] Decode Registration Type Message
[54] Encode Registration Reject
[25] Handler to trigger registration reject
[7] Send Registration Reject
[25] Abort Registration procedure for timer failure
[25] Notify AS-SAP about the Registration Reject message
[90] Decode SUCI Mobile Identity Message
[90] Decode TMSI Mobile Identity Message
[90] Decode Mobile Identity Message
[11] Set IMSI as valid
[6] Upsert IMSI in AMF Context
[1] Insert IMSI into the IMSI UE table
[6] Checks if UE context exists for IMSI or not
[6] Get AMF UE ID from IMSI
[6] Register the UE Context
[13] Generate GUTI based on SUPI/IMSI received
[25] Create Registration Request Procedure
[25] Allocate and initialize AMF procedures
[8] [25] Validate AMF Context and invokes authentication procedure
[26] Create Subscriber Authentication Request(SNN)
[8] Abort Authentication Procedure
[25] Callback for Authentication Failure
[22] Authentication Response received from SUBSDB
[9] Get Subscriber Authentication Information
[10] Receive Security Vector from SUBSDB
[70] Decode EAP Message
[76] Decode NAS Key Set identifier
[36] Encode DL NAS Transport Message
[71] Encode Extended Protocol Discriminator
[33] Encode Authentication Request Message
[64] Encode ABBA Message
[66] Encode Authentication Parameter AUTN
[67] Encode Authentication Parameter RAND
[68] Encode Authentication Response Parameter
[8] Handle NAS Authentication Procedure
[7] Builds DL NAS Transport message
[8] Send Authentication Request
[11] Set Security ngKSI
[14] Handle Authentication Response
[62] Decode UL NAS Transport Message
[34] Decode Authentication Response Message
[32] Encode Authentication Reject Message
[7] Send authentication Reject
[35] Encode Authentication Result Message
[8] Authentication Completion Response
[25] Callback for successful Authentication
[6] Create new UE Context
[7] Send Initial Context Setup Request
[6] Send AMF NGAP UE ID
[52] Encode Registration Accept
[7] [25] Builds Registration Accept message and sent it to UE
[1] Handle Initial Context Setup Response
[25] Handle Registration Complete Response
[91] Decode Registration Result
[25] Store Registration information is received and processed once old UE gets deregistered
Registration with GUTI as Mobile Identity¶
When the registration request contains GUTI as a mobile identity, then Accessd initiates an identification procedure with the UE to get a permanent UE ID(SUCI). After the identity process, Accessd setup a mutual authentication with the UE and initiates the SMC procedure.
NAS SMC procedure is designed to protect the registration process from alteration by a middleman. It also set up AS security, and selects the integrity and ciphering algorithm for the NAS protection. After the SMC procedure, the initial UE context is setup in gNB and registration completes.
[22] Invoke Identification Procedure
[7] Builds DL NAS Transport message
[39] Encode Identity Request
[88] Encode Identity Type Message
[1] Handle UL NAS message
[14] Handle Identity Response
[40] Decode Identity Response
[25] Callback for Identification Failure
[13] Identification Completion
[25] Callback for successful Identification
[90] Decode GUTI Mobile Identity Message
[6] Checks if UE context exists for GUTI or not
[6] Fetch the GUTI based on UE Id
[6] Get the AMF Context based on UE Identity
[1] Insert GUTI into UE Context Table
[56] Encode Security Mode Command
[16] Send SMC(Security Mode Command) Message
[23] Encode plain NAS message
[7] Setup the security header of the given NAS message
[93] Encode Security Header Type Message
[74] Encode NAS Security Algorithm
[90] Encode IMEI Mobile Identity Message
[72] Encode IMEISV Request
[96] Encode UE Security Capability
[11] Set Security ngKSI
[11] Set Security Type
[16] Set Security algorithms(Integrity and Security Algorithm based on Security Capabilities)
[7] Send AS Security Request
[15] Set AS Security Data
[58] Encode Security Mode Reject
[25] Callback for Security Mode Command Failure
[7] AS Security Reject
[17] Handle Security Mode Complete
[25] Callback for successful Security Mode Complete
[57] Decode Security Mode Complete
[23] Decode header of a Security protected NAS message
[8] Fetch New Security Context
[5] Handle NAS Encoded message
PDU Session Establishment¶
UE sends a PDU Session Establishment request to Accessd for the first time to establish a user plane. Accessd sends the IP address of the UE to the mobilityd to keep track of the location of the UE and update the location in the SUBSDB. It then sets SM context with the sessiond and setup PDU Session Resource at the UE and gNB.
[18] Handle PDU Session Establishment Request from UE
[43] Decode PDU Session Establishment Request Message
[81] Decode PDU Session Type
[42] Encode PDU Session Establishment Reject Message
[18] Send PDU Session Establishment Reject
[27] Handle allocate IPv4/IPv6/IPv4v6 Address Status
[20] Get QoS Rules and Default QoS Info from SMF Context
[63] Decode SMF Message
[4] Calculate PDU Session AMBR
[1] Convert AMBR format one defined in create PDU Session Response to one defined in PDU Session Establishment Accept message
[6] Insert SM Context in the map
[95] Encode Session AMBR
[69] Encode DNN
[78] Encode PDU Session Identity Message
[77] Encode PDU Session Address Message
[84] Encode QoS Rules
[85] Encode QoS Flow Descriptor
[86] Encode QoS Flow Parameter
[4] Send PDU Session Resource Setup Request to RAN
[41] Encode PDU Session Establishment Accept Message
[83] Encode Protocol Configuration Options
[1] Send the PDU Establishment Accept
[19] Send Slice Information in PDU Session Establishment Accept Message
[1] [24] Handle PDU Resource Setup Response containing gNB IP and TEID
PDU Session Modification¶
Accessd sends the session modification request inside the session context update message. After getting the response from the sessiond, it initiates the session resource modification request with the RAN and UE.
[24] Handle PDU Session Modification Command Reject Message
[1] Update SMF Session PTI Procedure
[18] Update IP Address information in SMF Context
[80] Decode PDU Session Status
[82] Decode PTI Message
[73] Decode Maximum Number of Supported Packet Filters
[18] Check if maximum PDU Sessions are not reached
[1] Send PDU Session Modification Request
[4] Send PDU Session Resource Modify Request
[18] Handle PDU Session Resource Modify Completion
[24] Handle PDU Session Modification Complete Message
[46] Decode PDU Session Modification Complete
Service Request¶
The service request message is sent by the UE to the network to request the establishment of a NAS signaling connection and of the radio and signaling bearers. The UE sends the service request message when it is in IDLE mode and has pending user data to be sent. Accessd updates this information in the SM Context and sends it to the sessiond to modify the session. After the successful service procedure, accessd initiates the initial UE context setup message with the gNB.
[14] Handle Service Request
[61] Decode Service Request
[94] Decode Service Type Message
[60] Encode Service Reject
[7] Builds Service reject message
[7] Send Initial Context Setup Request
[59] Encode Service Accept
[7] Service Request Accept to UE
[1] Handle Initial Context Setup Response from gNB
UE-Initiated Session Release¶
UE initiates the release of PDU Session by sending a release request to the accessd. Accessd sends release requests to the sessiond. On receiving the release response from sessiond, it forwards the PDU session release command to the RAN and UE. Accessd then sends the release of the IPv4/IPv6/IPv4v6 address of the UE from the mobilityd service.
UE-Initiated Deregistration¶
When UE does not want to access the 5GS any longer, it sends a deregistration request to the network. Accessd requests for the release of SM context along with resource release messages to the sessiond. After the successful deregistration procedure, it sends the UE context release command to the RAN to delete the UE-related information at gNB.
[21] Handle Deregistration Request
[38] Decode De-registration Request Message
[87] Decode Deregistration Type Message
[37] Encode De-registration Accept Message
[7] Builds De-Registration Accept message by Network
[1] Handle UE Context Release Complete
[1] Handle gNB deregister Indication
[11] Clear AMF Security Context
[22] Clear AMF Context
