The REST endpoint performs the slice validation based on the requests from the client using HTTP2. The REST endpoint interacts with the Policy Engine to retrieve the policy status and the slice information over gRPC.

Slice information associated with the PDU session can be bound to CRD to generate the slice-specific policies.

This section describes the key call flows for this feature.

This section describes how to enable the capability to reject requests from a slice that PCF does not support.

To enable PCF to reject requests, use the following configuration:

config 
   advance-tuning slicing access-control [ enabled | disabled ]  
   end 

NOTES:

• slicing access-control [ enabled | disabled ] —Enable or disable PCF to reject the requests from the unsupported slices with the HTTP error code.

This section describes how to configure the error codes for the requests that PCF rejects.

To configure the custom error codes, use the following configuration:

config 
   advance-tuning slice-access-control rejection-status-code error_code 
   end 

NOTES:

• advance-tuning slice-access-control rejection-status-code error_code —Specify the error code that must be displayed when PCF rejects a request. It must be an integer in the range of 100-599.

• If the error code is not configured, the default error code is 403.

This section describes how to configure the allowed NSSAIs in the PCF Registration Profile.

To configure allowed-NSSAIs, use the following configuration:

config 
  service-registration 
    profile 
      allowed-nssais snssai_name sst sst_value [ sd sd_value ] 
    services 
      afService 
        allowed-nssais snssai_name sst sst_value [ sd sd_value ] 
      smfService 
        allowed-nssais snssai_name sst sst_value [ sd sd_value ] 
        end 

NOTES:

• allowed-nssais snssai_name sst sst_value [ sd sd_value ] —Configures the SNSSAI. The snssai_name name is a logical identifier that is local to PCF. This name is not used in the PCF NFProfile when registering with NRF.

  To configure multiple slices per service, configure SNSSAI with same SST and different SD values.

  The allowed-nssais configured for smfService takes precedence over the allowed-nssais value configured at the profile-level.

  Note	Ensure to configure the allowed-nssais at the profile-level.

  Configuration changes to the allowed-nssai of services do not affect the PDU sessions that are created before the configuration is modified.

Configuration Example

The following is an example configuration.

service-registration profile snssais embb-1 
   sst 1
exit
service-registration profile snssais embb-2 sst 1
   sd 0000a1
exit
service-registration profile allowed-nssais name embb-1
   sst 1
exit
service-registration profile allowed-nssais name embb-2 
   sst 1
   sd 0000a1
exit
service-registration services smfService
  allowed-nssais name embb-2 sst 1
     sd 0000a1
    exit
exit

This section provides the counter that gets generated for the network slicing scenarios.

• inbound_request_slice_rejected: Captures the requests initiated for specific slices and the requests rejected for the slices that PCF does not support. The inbound_request_slice_rejected counter monitors requests that contain the slice information (Npcf_SMPolicyControl_Create).

  Note	The inbound_request_slice_rejected does not determine the traffic on the slice.

  The inbound_request_slice_rejected counter supports the following labels:

  • interface_name—Indicates the name of the Service Based Interface (SBI) such as N7.

  • service_name—Indicates the name of the service such as npcf-smpolicycontrol.

  • operation_name—Indicates the name of the service operation such as Npcf_SMPolicyControl_Create.

  • command—Indicates the command type such as Create.

  • slice—Indicates the S-NSSAI that corresponds to the slice such as 1:0000ab.