Configuring NF Screening

This section provides information for configuring NF Screening.

RESTful Service Architecture to Configure Rules for NF Screening

Table 5-6 Resources and Methods Overview

Resource Name Resource URI HTTP Method or Custom Operation Description

screening-rules (Store)

{apiRoot}/nrf-configuration/v1/screening-rules GET Returns all the screening rules

screening-rules (Document)

{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType} GET Returns screening rules corresponding to the specified NF Screening Rule List Type.

screening-rules (Document)

{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType} PUT Replace the complete specified NF Screening Rule List Type

screening-rules (Document)

{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType} PATCH Partially updates the specified NF Screening Rule List Type.
Resource Standard Methods
PUT - Updates a particular screening rule (except read only attributes)

Table 5-7 Data structures supported by the PUT Request Body

Data Type P Cardinality Description
NfScreening Rules M 1 NF Screening Rules which need to be updated.

Table 5-8 Data structures supported by the PUT Response Body

Data Type P Cardinality Response Codes Description
NA M 1 204 No content Successful response
ProblemDetails C 1

404 NOT FOUND

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.
PATCH - Updates partially a particular screening rule (except read only attributes)

Table 5-9 Data structures supported by the PATCH Request Body

Data Type P Cardinality Description
PatchDocument M 1 It contains the list of changes to be made to the NF Screening Rule, according to the JSON PATCH format specified in IETF RFC 6902 [13].

Table 5-10 Data structures supported by the PATCH Response Body

Data Type P Cardinality Response Codes Description
NA M 1 204 No content Successful response
ProblemDetails C 1

404 NOT FOUND

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

GET - Collection of screening rules

Table 5-11 URI query parameters supported by the GET method

Name Data Type P Cardinality Description
nfScreeningRulesListType NfScreeningRulesListType O 0.1 The type of NF screening rules on this basis of rules list type.
nfScreeningRulesListStatus NfScreeningRulesListStatus O 0.1 Screening Rules List on the basis of status (Enabled or Disabled)

Table 5-12 Data structures supported by the GET Request Body

Data Type P Cardinality Description
n/a

Table 5-13 Data structures supported by the GET Response Body

Data Type P Cardinality Response Codes Description
ScreeningRulesResult M 1 200 OK The response body contains a list of screening lists, or an empty object if there are no screening rules to return in the query result.
ProblemDetails C 1

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

Table 5-14 ScreeningRulesResult - Parameters

Attribute Name Data type P Cardinality Description
nfScreeningRulesList array (NfScreeningRules) M 0.N It shall contain an array of NF Screening List. An empty array means there is no NF Screening list configured.

GET - Particular screening list rule

Table 5-15 Data structures supported by the GET Request Body

Data Type P Cardinality Description
n/a

Table 5-16 Data structures supported by the GET Response Body

Data Type P Cardinality Response Codes Description
NfScreeningRules M 1 200 OK The response body contains requested screening list.
ProblemDetails C 1

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

Table 5-17 NfScreeningRules - Parameters

Attribute Name Data type P Description
nfScreeningRulesListType Table 5-19 C ReadOnly. It will be returned while retrieving the rule.
nfScreeningType Table 5-20 M Screening type of complete screening list. Blacklist or whitelist. All the rules can be either blacklist or whitelist.
nfScreeningRulesListStatus Table 5-21 M This attribute will enable or disable complete screening list.
globalScreeningRulesData Table 5-18 O This attribute will be present if global screening rules need to be configured.
customNfScreeningRulesData Table 5-18 O This attribute will be present if screening rules for custom NF need to be configured.
nrfScreeningRulesData Table 5-18 O This attribute will be present if screening rules for NRF need to be configured.
udmScreeningRulesData Table 5-18 O This attribute will be present if screening rules for UDM need to be configured.
amfScreeningRulesData Table 5-18 O This attribute will be present if screening rules for AMF need to be configured.
smfScreeningRulesData Table 5-18 O This attribute will be present if screening rules for custom SMF need to be configured.
ausfScreeningRulesData Table 5-18 O This attribute will be present if screening rules for AUSF need to be configured.
nefScreeningRulesData Table 5-18 O This attribute will be present if screening rules for NEF need to be configured.
pcfScreeningRulesData Table 5-18 O This attribute will be present if screening rules for PCF need to be configured.
nssfScreeningRulesData Table 5-18 O This attribute will be present if screening rules for NSSF need to be configured.
udrScreeningRulesData Table 5-18 O This attribute will be present if screening rules for UDR need to be configured.
lmfScreeningRulesData Table 5-18 O This attribute will be present if screening rules for IMF need to be configured.
gmlcScreeningRulesData Table 5-18 O This attribute will be present if screening rules for GMLC need to be configured.
fiveG_EirScreeningRules Table 5-18 O
seppScreeningRulesData Table 5-18 O This attribute will be present if screening rules for SEPP need to be configured.
upfScreeningRulesData Table 5-18 O
n3iwfScreeningRulesData Table 5-18 O
afScreeningRulesData Table 5-18 O
udsfScreeningRulesData Table 5-18 O
bsfScreeningRulesData Table 5-18 O This attribute will be present if screening rules for BSF need to be configured.
chfScreeningRulesData Table 5-18 O This attribute will be present if screening rules for CHF need to be configured.
nwdafScreeningRulesData Table 5-18 O This attribute will be present if screening rules forNWDAF need to be configured.

Table 5-18 NfScreeningRulesData - Parameters

Attribute Name Data type P Description
failureAction Table 5-22 M
nfFqdn Table 5-23 C If this attribute is present in message it shouldn't be null. This attribute will be present if screeningListType is NF_FQDN.
nfCallBackUriList array(Table 5-25) C If this attribute is present in message it shouldn't be null. This attribute will be present if screeningListType is CALLBACK_URI.
nfIpEndPointList array(Table 5-24) C If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is NF_IP_ENDPOINT.
plmnList array(PlmnId) C If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is PLMN_ID.
nfTypeList array(NfTypeList) C If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is NF_TYPE_REGISTER.

Table 5-19 NfScreeningRulesListType - Parameters

Enumeration Value Description
"NF_FQDN" Screening List type for NF FQDN
"NF_IP_ENDPOINT" Screening list type for IP Endpoint
"CALLBACK_URI" Screening list type for callback URIs in NF Service and nfStatusNotificationUri in SubscriptionData
"PLMN_ID" Screening list type for PLMN ID
"NF_TYPE_REGISTER" Screening list type for allowed NF Types to register

Table 5-20 NfScreeningType - Parameters

Enumeration Value Description
"BLACKLIST" When a screening list is configured to operate as a blacklist, the request is allowed to access the service only if the corresponding attribute value is not present in the blacklist.
"WHITELIST" When a screening list is configured to operate as a whitelist, the request is allowed to access the service only if the corresponding attribute value is present in the whitelist.

Table 5-21 NfScreeningRulesListStatus - Parameters

Enumeration Value Description
"ENABLED" Screening List enabled to get apply
"DISABLED" Screening List disabled to get apply

Table 5-22 FailureAction - Parameters

Enumeration Value Description
"CONTINUE" Continue Processing
"SEND_ERROR" Send response with configured HTTP status code

Table 5-23 NfFqdn - Parameters

Attribute Name Data type P Description
fqdn array(FQDN) C Exact Fqdn to be matched. This is conditional, at least one attribute shall be present.
pattern array(string) C Regular Expression for FQDN. This is conditional, at least one attribute shall be present.

Table 5-24 NfIpEndPoint - Parameters

Attribute Name Data type P Description
ipv4Address Ipv4Addr C IPv4 address to be matched.
ipv4AddressRange Ipv4AddressRange C Range of IPv4 addresses.
ipv6Address Ipv6Addr C IPv6 address to be matched.
ipv6AddressRange Table 5-27 C Range of IPv6 addresses.
port array(integer) O If this attribute is not configured then it will not be considered for validation.
portRange array(PortRange) O If this attribute is not configured then it will not be considered for validation.

Note:

Depending on the conditions, only one of the ipv4Address, ipv4AddressRange, ipv6Address, and ipv6AddressRange attributes can be present.

Table 5-25 NfCallBackUri - Parameters

Attribute Name Data type P Description
fqdn FQDN C Exact Fqdn to be matched.
pattern string C Regular Expression for FQDN, Ipv4Address, Ipv6Address.
ipv4Address Ipv4Addr C IPv4 address to be matched.
ipv4AddressRange Ipv4AddressRange C Range of IPv4 addresses.
ipv6Address Ipv6Addr C IPv6 address to be matched.
ipv6AddressRange Table 5-27 C Range of IPv6 addresses.
port array(integer) O If this attribute is not configured then it will not be considered for validation.
portRange array(PortRange) O If this attribute is not configured then it will not be considered for validation.

Note:

Depending on the conditions, only one of the fqdn, pattern, ipv4Address, ipv4AddressRange, ipv6Address, and ipv6AddressRange attributes can be present.

Table 5-26 PortRange - Parameters

Attribute Name Data type P Description
start integer M First value identifying the start of port range.
end integer M Last value identifying the end of port range.

Table 5-27 Ipv6AddressRange - Parameters

Attribute Name Data type P Description
start Ipv6Addr M First value identifying the start of an IPv6 Address range.
end Ipv6Addr M Last value identifying the end of an IPv6 Address range.

Table 5-28 Common data types

Data Type Reference
Ipv6Addr 3GPP TS 29.571
Ipv4Addr 3GPP TS 29.571
Ipv4AddressRange 3GPP TS 29.510
PlmnId 3GPP TS 29.571
Uri 3GPP TS 29.571
IpEndPoint 3GPP TS 29.510
NFType 3GPP TS 29.510
ProblemDetails 3GPP TS 29.571

REST message samples

Screening List Update

NF screening rules to update particular rule configuration (except read only attributes)

URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI

Request_Type: PUT

Content-Type: application/json

Request Body

NF screening rules to get all of the configured rules

{

    "nfScreeningType": "BLACKLIST",

    "nfScreeningRulesListStatus": "ENABLED",

    "globalScreeningRulesData": {

        "failureAction": "SEND_ERROR",

        "nfCallBackUriList": [

            {

                "ipv4AddressRange":{

                    "start": "155.90.171.123",

                    "end": "233.123.19.165"

                },

                "ports":[10,20]

            },

            {

                "ipv6AddressRange":{

                    "start": "1001:cdba:0000:0000:0000:0000:3257:9652",

                    "end": "3001:cdba:0000:0000:0000:0000:3257:9652"

                }

            }

        ]

    },

    "amfScreeningRulesData": {

        "failureAction": "CONTINUE",

        "nfCallBackUriList": [

            {

                "fqdn": "ocnrf-d5g.oracle.com"

            },

            {

                "ipv4AddressRange":{

                    "start": "155.90.171.123",

                    "end": "233.123.19.165"

                },

                "ports":[10,20]

            }

        ]

    }

}
URL: http://host:port/nrf-configuration/v1/ screening-rules /

Request_Type: GET

Response Body

{

    "nfScreeningRulesList": [

        {

            "nfScreeningRulesListType": "NF_FQDN",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "DISABLED"

        },

        {

            "nfScreeningRulesListType": "NF_IP_ENDPOINT",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "ENABLED",

            "amfScreeningRulesData": {

                "failureAction": "SEND_ERROR",

                "nfIpEndPointList": [

                    {

                        "ipv4Address": "198.21.87.192",

                        "ports": [

                            10,

                            20

                        ]

                    }

                ]

            }

        },

        {

            "nfScreeningRulesListType": "CALLBACK_URI",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "ENABLED",

            "globalScreeningRulesData": {

                "failureAction": "SEND_ERROR",

                "nfCallBackUriList": [

                    {

                        "fqdn": "ocnrf-d5g.oracle.com",

                        "ports": [

                            10,

                            20

                        ]

                    }

                ]

            }

        },

        {

            "nfScreeningRulesListType": "PLMN_ID",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "DISABLED"

        },

        {

            "nfScreeningRulesListType": "NF_TYPE_REGISTER",

            "nfScreeningType": "WHITELIST",

            "nfScreeningRulesListStatus": "ENABLED",

            "globalScreeningRulesData": {

                "failureAction": "SEND_ERROR",

                "nfTypeList": [

                    "AMF",

                    "SMF",

                    "PCF"

                ]

            }

        }

    ]

}

NF screening rules to get a particular configured rule

URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI

Request_Type: GET

Response Body

{

    "nfScreeningRulesListType": "CALLBACK_URI",

    "nfScreeningType": "BLACKLIST",

    "nfScreeningRulesListStatus": "ENABLED",

    "globalScreeningRulesData": {

        "failureAction": "SEND_ERROR",

        "nfCallBackUriList": [

            {

                "ipv4AddressRange": {

                    "start": "155.90.171.123",

                    "end": "233.123.19.165"

                },

                "ports": [

                    10,

                    20

                ]

            },

            {

                "ipv6AddressRange": {

                    "start": "1001:cdba:0000:0000:0000:0000:3257:9652",

                    "end": "3001:cdba:0000:0000:0000:0000:3257:9652"

                }

            }

        ]

    },

    "amfScreeningRulesData": {

        "failureAction": "SEND_ERROR",

        "nfCallBackUriList": [

            {

                "fqdn": "ocnrf-d5g.oracle.com"

            },

            {

                "ipv4AddressRange": {

                    "start": "155.90.171.123",

                    "end": "233.123.19.165"

                },

                "ports": [

                    10,

                    20

                ]

            }

        ]

    }

}

NF screening rules for partial rule update

URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI

Request_Type: PUT

Content-Type: application/json-patch+json

Request Body

[

    {"op":"remove","path":"/globalScreeningRulesData/nfCallBackUriList/2/ports/0"},

    {"op":"replace","path":"/globalScreeningRulesData/failureAction","value": "CONTINUE"}

]
URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI

Request_Type: PUT

Content-Type: application/json-patch+json

Response Body

[{"op":"add","path":"/nrfScreeningRulesData","value": {"failureAction": "SEND_ERROR","nfCallBackUriList": [{"ipv4AddressRange":{"start