Abstract: A technique for dynamically classifying and re-classifying a data packet flow on a user plane of a core network domain is described. According to an apparatus aspect, a device is provided for dynamically classifying and re-classifying a data packet flow, wherein the device is configured to classify and re-classify the data packet flow using packet detection rules (PDRs) and wherein each PDR is associated with at least one action to be applied to data packets matching the PDR. The device is configured to receive one or more first data packets of a data packet flow, to determine that the received one or more first data packets match a first PDR to classify the data packet flow according to the first PDR, and to trigger application of at least one first action associated with the first PDR to the one or more first packets.

Abstract: There is provided mechanisms for enabling discovery of a collaborative proxy node in a 3GPP communication network. A method is performed by a network exposure function. The method comprises obtaining, from a content providing application function, a request for a cooperative performance enhancement service to be performed for application traffic between the application function and a user equipment, the cooperative performance enhancement service being performed by the cooperative performance enhancement node. The method comprises providing, upon having authorized the request, parameters as obtained in the request to a policy control function, thereby enabling discovery of the cooperative performance enhancement node.

Abstract: A Policy Control Function, PCF, for use in a 5G core network, is configured to allow a consumer to retrieve from the PCF subscriber session information and Application Detection and Control rules relating to a subscriber session. Specifically, the PCF is configured to: receive (303) a request from a Session Management Function, SMF, for session management policies applying to the subscriber session; retrieve (305) policy data from a Unified Data Repository, UDR; and, based on the retrieved policy data, generate said Application Detection and Control rules relating to the subscriber session, and send (307) said Application Detection and Control rules to the TDF, thereby allowing the TDF to act as the consumer.

Abstract: A method, an operator network (101) and nodes (120, 140, 160) for managing trafficare disclosed. The network exposure node (160) receives (A010) a Packet Flow Description (PFD) rule for a server application (190). The PFD rule comprises one or more protocol parameters for classification of traffic using a protocol related to said one or more protocol parameters. The one or more protocol parameters comprise for example an indication relating to common names (CNS), an indication relating to a domain name system (DNS) domain name, a server name indication (SNI), an indication relating to fraud prevention, an indication relating to a server IP address. The network exposure node (160)transmits (A020) the PFD rule to the session node (140), which transmits (A040), towards the user data node (120), a management request comprising the PFD rule. The user data node (120) receives (A080), from the client application (115), traffic destined to the server application (190).

Abstract: An aspect provides a method by user plane function (UPF) in a core network (CN) of a communication network for registering the UPF at a network repository function (NRF) of the CN. The UPF is to selectively route uplink data traffic in one or more data sessions from a user equipment (UE) to one of a plurality of session anchor network functions (NFs). The method by the UPF comprises sending (1701) a registration request to the NRF. The registration request comprises registration information comprising an indication of a type of filter supported by the UPF to selectively route uplink data traffic from a UE to a particular session anchor NF. The type of filter relates to an application identity; and an indication of a value for the indicated type of filter.

Abstract: Systems and methods for providing Network Address Translation (NAT) are provided. In some embodiments, a method of operating a function entity configured to support NAT includes enabling a Control Plane (CP) function to instruct a User Plane (UP) function to apply a NAT function for at least one specific service data flow. In this way, one or more benefits result such as: introducing a mechanism allowing CP function to instruct UP function to perform NAT function for one or more service data flow(s); when CP and UP function are separated, using NAT function can protect a private network from potential unlawful incursion, and delaying NAT IP address and port allocation and withdrawal at the service initiation and termination can save the public IP address space. Also, one or more improvements such as allowing the network operator to support NAT policies in the context of 4G/5G networks supporting CUPS are disclosed.

Abstract: There is provided mechanisms for discovering, for data collection, which NEF or AF is serving a UE. A method is performed by an NWDAF entity. The method comprises providing, to a 5GC network function entity, a query of which NEF or AF is serving the UE. The method comprises receiving, from the 5GC network function entity, a response comprising an ID of the NEF or the AF when there is a NEF or AF instance stored in the 5GC network function entity for the UE.

Abstract: The embodiments herein relate to a method performed by a UPF (303) for handling pre-configured profiles for sets of detection and enforcement rules. The UPF (303) comprises one or more pre-configured profiles applicable to any user session. Each pre-configured profile comprises a set of detection and enforcement rules. Each pre-configured profile comprises a profile ID and the set of detection or enforcement rules. The UPF (303) receives, from a CPF (301) a first request for session establishment comprising at least one indication for profile activation. The at least one indication profile activation comprises the profile ID of the pre-configured profile to be activated. The UPF (303) establishes the session indicated in the first request. For the established session, the UPF (303) activates the at least one pre-configured profile identified by the profile ID by instantiating the set of detection and enforcement rules for the pre-configured profile.

Abstract: Embodiments include a method, in an application function, AF, for exchanging UE communication pattern information with a core network, CN. The method comprises provisioning, to a network exposure function, NEF, in the CN, communication information related to one or more user equipment, UEs, the communication information including an identifier of an application associated with the AF and an indication of one or more first parameters describing a first UE communication pattern associated with the application. The method further comprises sending, to the NEF, a subscription request, wherein the subscription request includes the identifier of the application. Further still, the method comprises receiving, from the NEF, a report indicative of an analysis of traffic of the application based at least on the one or more first parameters.

Abstract: Methods, a policy node, an application node, a storage node and an operator network for enabling filtering of traffic from an application hosted by the application node are disclosed. The policy node receives, from the application node, application content information relating to the filtering of the traffic and an identifier of the application to which the application content information applies, wherein the application content information comprises an indication relating to application content category of the traffic, and wherein the application content information comprises one or more of an adaptability indicator specifying whether the application is able to adapt the traffic to a given user content category, and a notification indicator specifying whether the application is able to notify, to the policy node, an application content category before providing requested traffic. The policy node further transmits, by the policy node to the storage node, the application content information.

Abstract: Methods and apparatus are provided for traffic monitoring in a network. In an example aspect, a method of traffic monitoring in a first network node comprises receiving a packet, determining that the packet matches a plurality of packet detection rules, and sending an indication to a second network node that the packet matches a plurality of packet detection rules.

Abstract: A method of enabling the core network to determine the RAT type in a dual connection non-standalone configuration. The RAT type is either embedded in the GTP-U header by the RAN which is then extracted by the PGW-U or it is derived by the PGW-U by using a Reinforcement Language Agent activated by the SPR, through the PCRF and the PGW-C.

Abstract: A technique for handling data traffic in a core network domain of a communication network is described. An apparatus comprised by the technique is configured to be located in the core network domain and to receive data traffic sent under control of a transport layer protocol that is configured to apply a congestion control algorithm, CCA. The apparatus is further configured to analyze the data traffic to obtain a data traffic analyzation result, to obtain, based on the analyzation result, CCA information about the CCA that can be or is applied by the transport layer protocol, and to perform a traffic handling action for the data traffic taking into account the obtained CCA information.

Abstract: A method of reporting traffic metrics by a User Plane Function, UPF, to a Session Management Function, SMF, in a telecommunication network, wherein said method comprises the steps of receiving, by said UPF, a session creation/modification message for creating/modifying a session between said UPF and said SMF, wherein said message comprises a Reporting Rule thereby defining which traffic metric is to be reported by said UPF to said SMF, measuring, by said UPF, said traffic metric based on said received Reporting Rule, transmitting, by said UPF, to said SMF, a reporting message, wherein said reporting message comprises said measured traffic metric.

Abstract: A method and apparatus for device authentication and authorisation, wherein the method comprises: receiving, at an authentication and authorisation node, a device authorisation request comprising identity information for an application executed by a device and a first application specific container containing application specific information; identifying, using the device authorisation request, the application to which the request relates, and checking the authorisation status of the application; if the application is for use, transmitting an authorisation approval, the authorisation approval comprising the first application specific container containing application specific information.

Abstract: A method performed by a user plane, UP. The method includes determining whether a redirect message should be sent to a user equipment, UE, that has transmitted a first message intended for a first server, wherein the determining comprises: i) receiving a message transmitted by the first server and determining, based on the message, whether a redirect message should be sent to the UE or ii) detecting a timeout with respect to the first server; and, as a result of determining that redirect message should be sent to the UE, sending to the UE the redirect message, wherein the redirect message is configured to cause the UE to send a second message to a second server.

Abstract: Various embodiments of the present disclosure provide a method for traffic detection. The method which may be performed by a first network node includes receiving a message from a second network node. The method further includes determining packet flow description information for traffic detection according to the message. The packet flow description information may indicate a combination criterion for two or more packet flow descriptions, and/or a protocol matching criterion for a domain name in a packet flow description. According to the embodiments of the present disclosure, the packet flow description definition can be extended to support more accurate traffic detection.

Abstract: A method is disclosed for providing a Packet Flow Descriptor, PFD, to a session management function, SMF, in a telecommunication network that supports network slicing and that includes a Packet Flow Description Function, PFDF, for hiding a topology of the telecommunication network from Application Service Providers, ASP, where the PFDF is shared among slices of the telecommunication network. The method includes receiving a PFD from an ASP, and storing the PFD in a Unified Data Repository, UDR. The method further includes receiving, from the SMF, a request for PFDs that apply to a particular slice, retrieving, from the UDR, the PFD that applies to the particular slice, and providing the retrieved PFD to the SMF.

Abstract: The invention relates to a method for operating a gateway wherein the method comprises to detect a downlink data packet session transmitted to the first user entity, and to amend the lifetime indicator in at least some of the data packets of the detected downlink data packet session such that the data packets for which the lifetime indicator has been amended, have reached the end of the lifetime and cannot be transmitted further when arriving at the first user entity.

Abstract: A method for over-the-top (OTT) management in a communication network is presented. The method is performed in an application client. The method comprises sending a request for activation of a policy for an application network interaction protocol (ANIP) service to a packet data network gateway (PGW) wherein the request indicates an address to a local ANIP server; receiving a set of rules related to the requested activation of the policy from the PGW, wherein the set of rules are defined for a packet data network (PDN) session applicable for the ANIP service; and communicating over the communication network based on the received set of rules. Methods, application clients, PGWs, ANIP servers, computer programs, and a computer program for OTT management in a communication network are also presented.