Configuring UP Integrity Protection
SMF applies UP Integrity Protection at gNB based on UP integrity protection parameters.
To configure the UP integrity protection parameters, use the following sample configuration:
config
profile dnn dnn_profile_name
upip status { required | preferred | not-needed }
upip data-rate dl { 64kbps | max-ue-rate | null } ul { 64kbps | max-ue-rate | null } restrict-action { continue | terminate } }
end
NOTES:
-
upip status { required | preferred | not-needed } —Specify local configuration for UPIP if not received in subscription from UDM.
-
upip data-rate dl { 64kbps | max-ue-rate | null } ul { 64kbps | max-ue-rate | null } restrict-action { continue | terminate } } —Configure the UPIP data rate for downlink and uplink traffic.
Specify one of the following actions to be taken based on the configured data rate and UE capable data rate.
-
continue
-
terminate
Default action is terminate for UPIP status=required and continue for other UPIP status.
If continue is configured, then call will be continued without enabling UPIP. Please note that retrict-action configuration is applicable only for UPIP status “REQUIRED”.
-
The following is an example of the UP integrity protection configuration.
profile dnn intershat
network-element-profiles chf chf1
network-element-profiles amf amf1
network-element-profiles pcf pcf1
network-element-profiles udm udm1
charging-profile chgprf1
virtual-mac b6:6d:47:47:47:47
ssc-mode 2 allowed [ 3 ]
session type IPV4 allowed [ IPV6 IPV4V6 ]
upf apn intershat
dcnr true
upip status required
upip data-rate dl max-ue-rate ul max-ue-rate restrict-action terminate
exit
Verifying UP Integrity Protection Configuration
To display the UPIP enforcement status and the UPIP enforcement data rates, use the show subscriber command at the global configuration level.
The following is an output of the show subscriber command.
Upip-enforcement-status: [required|preferred]: [performed|not-perfomed]
Upip-enforcement-datarate-dl: 64kbps/max-ue-rate
Upip-enforcement-datarate-ul: 64kbps/max-ue-rate
Note | The performed/not-performed details are applicable only to “preferred” UPIP status which is updated based on the gNB response. The data rates are visible only in UPIP enabled cases (required/preferred:performed). |
To display the number of subscribers with UPIP enforcements active, use the show subscriber count command. This output is updated on receiving N2 Modification indication with fulfil or not-fulfil.
To display the number of sessions activated with UPIP, use the subscriber namespace smf count upip true command.