SWx AVPs
SWx (application id: 16777265)
The SWx interface is a critical component in the Diameter protocol, defined between the 3GPP AAA Server and the Home Subscriber Server (HSS). It is primarily used for transporting authentication, subscription, and PDN (Packet Data Network) connection-related data, playing a vital role in scenarios where users access the network through non-3GPP IP-based networks, such as Wi-Fi or other trusted and untrusted IP access networks.
Functionality
- User Authentication and Authorization: The SWx interface is utilized by the 3GPP AAA Server to authenticate and authorize User Equipment (UE) when accessing the network via non-3GPP IP access points. The interface ensures that the UE is properly authenticated, and its access to network resources is authorized based on the user’s subscription profile stored in the HSS.
- Mobility Management: The SWx interface supports the transfer of mobility-related parameters, particularly when Network-Based Mobility (NBM) is employed. It updates the HSS with the PDN Gateway (PDN-GW) address information, which is necessary for establishing and maintaining connectivity to the Evolved Packet Core (EPC).
- Location Management: The SWx interface is responsible for updating the HSS with the current AAA Server address each time a UE connects to a non-3GPP access network. This ensures that the HSS has the most recent information, enabling accurate routing of user sessions and services.
- Additionally, it handles the retrieval of charging-related information and subscriber profiles from the HSS, which is essential for service provisioning and billing.
- De-registration and Session Management: When a UE disconnects from the network or moves between different access points, the SWx interface manages the de-registration process. It ensures that any session-related data is purged from the HSS, preventing stale or outdated information from affecting future network operations.
SWx interface workflow:
- Initial Authentication and Authorization: When a UE connects to the network via a non-3GPP access point, the 3GPP AAA Server sends an authentication request to the HSS over the SWx interface. The HSS responds with the necessary authentication vectors and subscription data. The 3GPP AAA Server uses this information to authenticate and authorize the UE’s access to the network.
- Mobility Management: As the UE moves between different access points, the SWx interface is used to update the HSS with the new AAA Server address and PDN-GW information. This ensures that ongoing sessions are maintained seamlessly, and the UE remains connected to the correct network resources.
- Location Management: The SWx interface registers the current AAA Server address with the HSS whenever the UE connects to a new access point. This registration process ensures that the HSS can accurately route user data and manage services effectively.
- The SWx interface also facilitates the retrieval of the UE’s profile and charging information from the HSS, enabling precise billing and service management.
- Session Termination and De-registration: Upon session termination or when the UE disconnects, the SWx interface is used to de-register the UE from the HSS, ensuring that all session data is cleared. This step is crucial for maintaining network efficiency and preventing resource conflicts.
For complete technical specification of SWx interface in Diameter protocol please refer to: [3GPP TS 29.273], [3GPP TS 23.402]
package com.mobius.software.telco.protocols.diameter.primitives.swx;
|
Name |
AVP Code |
Data Type |
Vendor |
|
AAA-Failure-Indication |
1671 |
Unsigned32 (Bitmask) |
3GPP |
|
Contains a bitmask indicating the failure status of a 3GPP AAA Server. This AVP is used in the SWx interface to notify network entities that a previously assigned AAA Server is unavailable, allowing the network to take appropriate recovery actions. Bitmask Values: 0: AAA Failure: If this bit is set, it indicates that the previously assigned 3GPP AAA Server is unavailable. NOTE: Bits not defined in this table shall be cleared by the sender and discarded by the receiver. |
|||
|
Access-Authorization-Flags |
1670 |
Unsigned32 (Bitmask) |
3GPP |
|
Contains a bitmask indicating whether a User Equipment (UE) is authorized to access certain network services when connected via Trusted WLAN access. It is used in the SWx interface to communicate access permissions between the Home Subscriber Server (HSS) and the 3GPP AAA Server. Bitmask Values: 0: EPC-Access-Authorization: If this bit is set, it indicates that the UE is allowed to access the Evolved Packet Core (EPC) when connected via Trusted WLAN access. If this bit is not set, the UE is not allowed to access the EPC when using Trusted WLAN. 1: NSWO-Access-Authorization: If this bit is set, it indicates that the UE is allowed to use Non-Seamless WLAN Offload (NSWO) via Trusted WLAN access. If this bit is not set, the UE is not allowed to use NSWO via Trusted WLAN. NOTE: Bits not defined in this table shall be cleared by the sending HSS and discarded by the receiving 3GPP AAA Server. NOTE: UE is allowed to access the EPC when connected via Trusted WLAN access only if the Non-3GPP-IP-Access-APN AVP does not disable all APNs and the EPC-Access-Authorization bit is set. |
|||
|
ERP-Authorization |
1681 |
Enumerated |
3GPP |
|
Indicates whether a subscriber is authorized to use the EAP Re-authentication Protocol (ERP). ERP is a mechanism that enables efficient re-authentication without requiring a full Extensible Authentication Protocol (EAP) exchange, reducing signaling overhead and improving authentication performance for WLAN and non-3GPP access networks. Enumerated Values: 0: ERP_NOT_AUTHORIZED: The subscriber is not authorized to use the EAP Re-authentication Protocol (ERP). The network will require a full EAP authentication for every session instead of allowing ERP-based re-authentication. 1: ERP_AUTHORIZED: The subscriber is authorized to use EAP Re-authentication Protocol (ERP). This allows the subscriber to perform fast re-authentication, reducing authentication latency when switching access points or re-entering the network. |
|||
|
Non-3GPP-IP-Access |
1501 |
Enumerated |
3GPP |
|
Determines whether a subscriber is allowed or barred from accessing the Evolved Packet Core (EPC) network using non-3GPP IP access technologies such as Wi-Fi or fixed broadband. Enumerated Values: 0: NON_3GPP_SUBSCRIPTION_ALLOWED: The subscriber is allowed to access the EPC network using non-3GPP IP access (e.g., Wi-Fi offloading, trusted/untrusted WLAN). 1: NON_3GPP_SUBSCRIPTION_BARRED: The subscriber is not allowed to access the EPC network using non-3GPP IP access. |
|||
|
Non-3GPP-IP-Access-APN |
1502 |
Enumerated |
3GPP |
|
Allows operators to enable or disable all APNs for a subscriber at once. This AVP is used in Evolved Packet Core (EPC) access control to determine whether a subscriber can establish Packet Data Network (PDN) connections over non-3GPP access technologies such as Wi-Fi and fixed broadband. Enumerated Values: 0: Non_3GPP_APNS_ENABLE: The subscriber is allowed to use all configured APNs for non-3GPP EPC access. 1: Non_3GPP_APNS_DISABLE: The subscriber is barred from using any APN for non-3GPP EPC access. |
|||
|
Non-3GPP-User-Data |
1500 |
Grouped |
3GPP |
|
Contains user profile information relevant for Evolved Packet System (EPS) access over non-3GPP networks. It includes key subscriber parameters such as subscription identity, allowed access types, QoS settings, APN configurations, and emergency service information. The AVP structure is defined as follows: Subscription-ID (Optional): Contains the subscriber's identity, which may be either:
Non-3GPP-IP-Access (Mandatory, if AVP is not empty): Indicates whether the subscriber is allowed or barred from using non-3GPP access to EPC. Non-3GPP-IP-Access-APN (Mandatory, if AVP is not empty): Controls whether all APNs are enabled or disabled for the subscriber’s non-3GPP access. RAT-Type (Optional, Multiple): Specifies the access technologies not allowed for the user (e.g., WLAN, WiMAX, LTE, etc.). Session-Timeout (Optional): Defines the maximum allowed session duration for non-3GPP access. MIP6-Feature-Vector (Optional): Provides Handover Support Mobility (HSM) and Network-Based Mobility (NBM) authorization information. AMBR (Optional): Contains the Aggregated Maximum Bit Rate (UE-AMBR) assigned to the user’s subscription. Defines the maximum data rate a user can consume across all APNs. 3GPP-Charging-Characteristics (Optional): Indicates the charging characteristics applicable to the subscriber’s session. Context-Identifier (Mandatory, if AVP is not empty): Identifies the default APN configuration for the user. APN-OI-Replacement (Optional): Contains the UE-level APN-OI-Replacement, which has lower priority than the one included in the APN-Configuration AVP. APN-Configuration (Mandatory, at least one item, if AVP is not empty): Contains APN-specific settings that define access rules for non-3GPP PDN connections. Trace-Info (Optional): Used for trace activation and deactivation for the subscriber. TWAN-Default-APN-Context-Id (Optional): Identifies the default APN for Trusted WLAN EPC access. Required if the default APN for TWAN differs from the default APN for other access types. TWAN-Access-Info (Optional, Multiple): Provides information about the Trusted WLAN access network. UE-Usage-Type (Optional): Defines the user equipment’s usage category for policy enforcement. Emergency-Info (Optional): Identifies the PDN-GW used for emergency PDN connections. ERP-Authorization (Optional): Indicates whether the subscriber is authorized to use EAP Re-authentication Protocol (ERP). Core-Network-Restrictions (Optional): Defines network-imposed restrictions on the subscriber’s access and mobility. |
|||
|
PPR-Flags |
1669 |
Unsigned32 (Bitmask) |
3GPP |
|
Containing a bitmask that specifies requests or conditions related to Profile-Update-Request (PUR) processing in the SWx interface. This AVP is used between the Home Subscriber Server (HSS) and the 3GPP AAA Server to facilitate profile updates, network recovery, and UE location tracking. Bitmask Values: 0: Reset-Indication: If this bit is set, it indicates that the HSS has undergone a restart event. The 3GPP AAA Server should attempt to restore registration and dynamic data for the affected UE, if available. 1: Access-Network-Info-Request: If this bit is set, the HSS requests the 3GPP AAA Server to provide the identity and location information of the access network where the UE is currently attached. 2: UE-Local-Time-Zone-Request: If this bit is set, the HSS requests the 3GPP AAA Server to provide the time zone information of the location in the access network where the UE is attached. 3: P-CSCF Restoration Request: If this bit is set, the HSS requests the 3GPP AAA Server to execute the HSS-based Proxy Call Session Control Function (P-CSCF) restoration procedures for WLAN. This procedure is described in 3GPP [TS 23.380], Clause 5.6. NOTE: Bits not defined in this table shall be cleared by the sending HSS and discarded by the receiving 3GPP AAA Server. |
|||
|
SIP-Auth-Data-Item |
612 |
Grouped |
3GPP |
|
Used in the SWx interface to provide authentication-related data for IMS (IP Multimedia Subsystem) authentication based on the SIP Digest or AKA (Authentication and Key Agreement) mechanism. This AVP is defined in 3GPP [TS 29.229] and is primarily exchanged between the 3GPP AAA Server and the Home Subscriber Server (HSS) to authenticate SIP-based IMS sessions. The AVP structure is defined as follows: SIP-Item-Number (Optional): A unique identifier that indicates which authentication item is being referenced. SIP-Authentication-Scheme (Optional): Specifies the authentication scheme used for IMS authentication. SIP-Authenticate (Optional): Contains the authentication challenge to be presented to the UE (User Equipment). SIP-Authorization (Optional): Contains the authorization credentials that the UE must return after processing the authentication challenge. Confidentiality-Key (Optional): Provides a Confidentiality Key (CK) for encryption purposes in IMS security mechanisms. Integrity-Key (Optional): Provides an Integrity Key (IK) for message integrity protection in IMS authentication. |
|||
|
3GPP-AAA-Server-Name |
318 |
DiameterIdentity |
3GPP |
|
Defines the Diameter address of the 3GPP AAA Server node. |
|||
|
Trace-Info |
1505 |
Grouped |
3GPP |
|
Contains subscriber and equipment trace information along with the required trace activation or deactivation actions. It is used in the SWx interface to facilitate network-based tracing of subscriber activity, equipment behavior, or mobility patterns. The AVP structure is defined as follows: Trace-Data (Optional): Contains detailed trace configuration settings when trace activation is requested. Trace-Reference (Optional): Contains a unique identifier that references an existing trace session when trace deactivation is requested. Either the Trace-Data or the Trace-Reference AVP shall be included. When trace activation is needed, Trace-Data AVP shall be included, while the trace deactivation request shall be signalled by including the Trace-Reference directly under the Trace-Info. The Trace-Reference AVP is of type OctetString Diameter AVP and is defined in 3GPP [TS 29.272]. |
|||
|
TWAN-Access-Info |
1510 |
Grouped |
3GPP |
|
Provides access authorization information for a Trusted WLAN Access Network (TWAN). It defines whether the User Equipment (UE) is allowed to access Evolved Packet Core (EPC) services and Non-Seamless WLAN Offload (NSWO) when connected to a Trusted WLAN (TWAN). The AVP structure is defined as follows: Access-Authorization-Flags (Optional): Indicates whether the UE is allowed to access EPC or use Non-Seamless WLAN Offload (NSWO) via TWAN. WLAN-Identifier (Optional): Identifies the specific Trusted WLAN to which the TWAN-Access-Info AVP applies. If no WLAN-Identifier is included, the allowed access methods apply to any arbitrary Trusted WLAN. Only one TWAN-Access-Info AVP may exist per specific Trusted WLAN, ensuring a unique mapping of access permissions. If the Access-Authorization-Flags AVP is not present in the TWAN-Access-Info AVP, EPC access and Non-Seamless WLAN Offload shall be considered to be not allowed. A specific Trusted-WLAN shall appear in at most one TWAN-Access-Info AVP. There shall be at most one TWAN-Access-Info AVP not including any WLAN-Identifier. |
|||
|
TWAN-Default-APN-Context-Id |
1512 |
Unsigned32 |
3GPP |
|
Identifies the context identifier of the subscriber's default APN to be used for Trusted WLAN access to EPC over S2a. Note: The default APN for Trusted WLAN access to EPC over S2a can differ from the default APN for 3GPP and other non-3GPP accesses. |
|||
Start innovating with Mobius
What's next? Let's talk!