Configuring NF Screening
This section provides information for configuring NF Screening.
RESTful Service Architecture to Configure Rules for NF Screening
Table 5-6 Resources and Methods Overview
Resource Name | Resource URI | HTTP Method or Custom Operation | Description |
---|---|---|---|
screening-rules (Store) |
{apiRoot}/nrf-configuration/v1/screening-rules | GET | Returns all the screening rules |
screening-rules (Document) |
{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType} | GET | Returns screening rules corresponding to the specified NF Screening Rule List Type. |
screening-rules (Document) |
{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType} | PUT | Replace the complete specified NF Screening Rule List Type |
screening-rules (Document) |
{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType} | PATCH | Partially updates the specified NF Screening Rule List Type. |
Table 5-7 Data structures supported by the PUT Request Body
Data Type | P | Cardinality | Description |
---|---|---|---|
NfScreening Rules | M | 1 | NF Screening Rules which need to be updated. |
Table 5-8 Data structures supported by the PUT Response Body
Data Type | P | Cardinality | Response Codes | Description |
---|---|---|---|---|
NA | M | 1 | 204 No content | Successful response |
ProblemDetails | C | 1 |
404 NOT FOUND 500 INTERNAL ERROR 400 BAD REQUEST |
The response body contains the error reason of the request message. |
Table 5-9 Data structures supported by the PATCH Request Body
Data Type | P | Cardinality | Description |
---|---|---|---|
PatchDocument | M | 1 | It contains the list of changes to be made to the NF Screening Rule, according to the JSON PATCH format specified in IETF RFC 6902 [13]. |
Table 5-10 Data structures supported by the PATCH Response Body
Data Type | P | Cardinality | Response Codes | Description |
---|---|---|---|---|
NA | M | 1 | 204 No content | Successful response |
ProblemDetails | C | 1 |
404 NOT FOUND 500 INTERNAL ERROR 400 BAD REQUEST |
The response body contains the error reason of the request message. |
GET - Collection of screening rules
Table 5-11 URI query parameters supported by the GET method
Name | Data Type | P | Cardinality | Description |
---|---|---|---|---|
nfScreeningRulesListType | NfScreeningRulesListType | O | 0.1 | The type of NF screening rules on this basis of rules list type. |
nfScreeningRulesListStatus | NfScreeningRulesListStatus | O | 0.1 | Screening Rules List on the basis of status (Enabled or Disabled) |
Table 5-12 Data structures supported by the GET Request Body
Data Type | P | Cardinality | Description |
---|---|---|---|
n/a |
Table 5-13 Data structures supported by the GET Response Body
Data Type | P | Cardinality | Response Codes | Description |
---|---|---|---|---|
ScreeningRulesResult | M | 1 | 200 OK | The response body contains a list of screening lists, or an empty object if there are no screening rules to return in the query result. |
ProblemDetails | C | 1 |
500 INTERNAL ERROR 400 BAD REQUEST |
The response body contains the error reason of the request message. |
Table 5-14 ScreeningRulesResult - Parameters
Attribute Name | Data type | P | Cardinality | Description |
---|---|---|---|---|
nfScreeningRulesList | array (NfScreeningRules) | M | 0.N | It shall contain an array of NF Screening List. An empty array means there is no NF Screening list configured. |
GET - Particular screening list rule
Table 5-15 Data structures supported by the GET Request Body
Data Type | P | Cardinality | Description |
---|---|---|---|
n/a |
Table 5-16 Data structures supported by the GET Response Body
Data Type | P | Cardinality | Response Codes | Description |
---|---|---|---|---|
NfScreeningRules | M | 1 | 200 OK | The response body contains requested screening list. |
ProblemDetails | C | 1 |
500 INTERNAL ERROR 400 BAD REQUEST |
The response body contains the error reason of the request message. |
Table 5-17 NfScreeningRules - Parameters
Attribute Name | Data type | P | Description |
---|---|---|---|
nfScreeningRulesListType | Table 5-19 | C | ReadOnly. It will be returned while retrieving the rule. |
nfScreeningType | Table 5-20 | M | Screening type of complete screening list. Blacklist or whitelist. All the rules can be either blacklist or whitelist. |
nfScreeningRulesListStatus | Table 5-21 | M | This attribute will enable or disable complete screening list. |
globalScreeningRulesData | Table 5-18 | O | This attribute will be present if global screening rules need to be configured. |
customNfScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for custom NF need to be configured. |
nrfScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for NRF need to be configured. |
udmScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for UDM need to be configured. |
amfScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for AMF need to be configured. |
smfScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for custom SMF need to be configured. |
ausfScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for AUSF need to be configured. |
nefScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for NEF need to be configured. |
pcfScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for PCF need to be configured. |
nssfScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for NSSF need to be configured. |
udrScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for UDR need to be configured. |
lmfScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for IMF need to be configured. |
gmlcScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for GMLC need to be configured. |
fiveG_EirScreeningRules | Table 5-18 | O | |
seppScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for SEPP need to be configured. |
upfScreeningRulesData | Table 5-18 | O | |
n3iwfScreeningRulesData | Table 5-18 | O | |
afScreeningRulesData | Table 5-18 | O | |
udsfScreeningRulesData | Table 5-18 | O | |
bsfScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for BSF need to be configured. |
chfScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules for CHF need to be configured. |
nwdafScreeningRulesData | Table 5-18 | O | This attribute will be present if screening rules forNWDAF need to be configured. |
Table 5-18 NfScreeningRulesData - Parameters
Attribute Name | Data type | P | Description |
---|---|---|---|
failureAction | Table 5-22 | M | |
nfFqdn | Table 5-23 | C | If this attribute is present in message it shouldn't be null. This attribute will be present if screeningListType is NF_FQDN. |
nfCallBackUriList | array(Table 5-25) | C | If this attribute is present in message it shouldn't be null. This attribute will be present if screeningListType is CALLBACK_URI. |
nfIpEndPointList | array(Table 5-24) | C | If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is NF_IP_ENDPOINT. |
plmnList | array(PlmnId) | C | If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is PLMN_ID. |
nfTypeList | array(NfTypeList) | C | If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is NF_TYPE_REGISTER. |
Table 5-19 NfScreeningRulesListType - Parameters
Enumeration Value | Description |
---|---|
"NF_FQDN" | Screening List type for NF FQDN |
"NF_IP_ENDPOINT" | Screening list type for IP Endpoint |
"CALLBACK_URI" | Screening list type for callback URIs in NF Service and nfStatusNotificationUri in SubscriptionData |
"PLMN_ID" | Screening list type for PLMN ID |
"NF_TYPE_REGISTER" | Screening list type for allowed NF Types to register |
Table 5-20 NfScreeningType - Parameters
Enumeration Value | Description |
---|---|
"BLACKLIST" | When a screening list is configured to operate as a blacklist, the request is allowed to access the service only if the corresponding attribute value is not present in the blacklist. |
"WHITELIST" | When a screening list is configured to operate as a whitelist, the request is allowed to access the service only if the corresponding attribute value is present in the whitelist. |
Table 5-21 NfScreeningRulesListStatus - Parameters
Enumeration Value | Description |
---|---|
"ENABLED" | Screening List enabled to get apply |
"DISABLED" | Screening List disabled to get apply |
Table 5-22 FailureAction - Parameters
Enumeration Value | Description |
---|---|
"CONTINUE" | Continue Processing |
"SEND_ERROR" | Send response with configured HTTP status code |
Table 5-23 NfFqdn - Parameters
Attribute Name | Data type | P | Description |
---|---|---|---|
fqdn | array(FQDN) | C | Exact Fqdn to be matched. This is conditional, at least one attribute shall be present. |
pattern | array(string) | C | Regular Expression for FQDN. This is conditional, at least one attribute shall be present. |
Table 5-24 NfIpEndPoint - Parameters
Attribute Name | Data type | P | Description |
---|---|---|---|
ipv4Address | Ipv4Addr | C | IPv4 address to be matched. |
ipv4AddressRange | Ipv4AddressRange | C | Range of IPv4 addresses. |
ipv6Address | Ipv6Addr | C | IPv6 address to be matched. |
ipv6AddressRange | Table 5-27 | C | Range of IPv6 addresses. |
port | array(integer) | O | If this attribute is not configured then it will not be considered for validation. |
portRange | array(PortRange) | O | If this attribute is not configured then it will not be considered for validation. |
Note:
Depending on the conditions, only one of the ipv4Address, ipv4AddressRange, ipv6Address, and ipv6AddressRange attributes can be present.Table 5-25 NfCallBackUri - Parameters
Attribute Name | Data type | P | Description |
---|---|---|---|
fqdn | FQDN | C | Exact Fqdn to be matched. |
pattern | string | C | Regular Expression for FQDN, Ipv4Address, Ipv6Address. |
ipv4Address | Ipv4Addr | C | IPv4 address to be matched. |
ipv4AddressRange | Ipv4AddressRange | C | Range of IPv4 addresses. |
ipv6Address | Ipv6Addr | C | IPv6 address to be matched. |
ipv6AddressRange | Table 5-27 | C | Range of IPv6 addresses. |
port | array(integer) | O | If this attribute is not configured then it will not be considered for validation. |
portRange | array(PortRange) | O | If this attribute is not configured then it will not be considered for validation. |
Note:
Depending on the conditions, only one of the fqdn, pattern, ipv4Address, ipv4AddressRange, ipv6Address, and ipv6AddressRange attributes can be present.Table 5-26 PortRange - Parameters
Attribute Name | Data type | P | Description |
---|---|---|---|
start | integer | M | First value identifying the start of port range. |
end | integer | M | Last value identifying the end of port range. |
Table 5-27 Ipv6AddressRange - Parameters
Attribute Name | Data type | P | Description |
---|---|---|---|
start | Ipv6Addr | M | First value identifying the start of an IPv6 Address range. |
end | Ipv6Addr | M | Last value identifying the end of an IPv6 Address range. |
Table 5-28 Common data types
Data Type | Reference |
---|---|
Ipv6Addr | 3GPP TS 29.571 |
Ipv4Addr | 3GPP TS 29.571 |
Ipv4AddressRange | 3GPP TS 29.510 |
PlmnId | 3GPP TS 29.571 |
Uri | 3GPP TS 29.571 |
IpEndPoint | 3GPP TS 29.510 |
NFType | 3GPP TS 29.510 |
ProblemDetails | 3GPP TS 29.571 |
REST message samples
Screening List Update
NF screening rules to update particular rule configuration (except read only attributes)
URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URIRequest_Type: PUT
Content-Type: application/jsonRequest Body
NF screening rules to get all of the configured rules
{ "nfScreeningType": "BLACKLIST", "nfScreeningRulesListStatus": "ENABLED", "globalScreeningRulesData": { "failureAction": "SEND_ERROR", "nfCallBackUriList": [ { "ipv4AddressRange":{ "start": "155.90.171.123", "end": "233.123.19.165" }, "ports":[10,20] }, { "ipv6AddressRange":{ "start": "1001:cdba:0000:0000:0000:0000:3257:9652", "end": "3001:cdba:0000:0000:0000:0000:3257:9652" } } ] }, "amfScreeningRulesData": { "failureAction": "CONTINUE", "nfCallBackUriList": [ { "fqdn": "ocnrf-d5g.oracle.com" }, { "ipv4AddressRange":{ "start": "155.90.171.123", "end": "233.123.19.165" }, "ports":[10,20] } ] } }URL: http://host:port/nrf-configuration/v1/ screening-rules /
Request_Type: GET
Response Body
{ "nfScreeningRulesList": [ { "nfScreeningRulesListType": "NF_FQDN", "nfScreeningType": "BLACKLIST", "nfScreeningRulesListStatus": "DISABLED" }, { "nfScreeningRulesListType": "NF_IP_ENDPOINT", "nfScreeningType": "BLACKLIST", "nfScreeningRulesListStatus": "ENABLED", "amfScreeningRulesData": { "failureAction": "SEND_ERROR", "nfIpEndPointList": [ { "ipv4Address": "198.21.87.192", "ports": [ 10, 20 ] } ] } }, { "nfScreeningRulesListType": "CALLBACK_URI", "nfScreeningType": "BLACKLIST", "nfScreeningRulesListStatus": "ENABLED", "globalScreeningRulesData": { "failureAction": "SEND_ERROR", "nfCallBackUriList": [ { "fqdn": "ocnrf-d5g.oracle.com", "ports": [ 10, 20 ] } ] } }, { "nfScreeningRulesListType": "PLMN_ID", "nfScreeningType": "BLACKLIST", "nfScreeningRulesListStatus": "DISABLED" }, { "nfScreeningRulesListType": "NF_TYPE_REGISTER", "nfScreeningType": "WHITELIST", "nfScreeningRulesListStatus": "ENABLED", "globalScreeningRulesData": { "failureAction": "SEND_ERROR", "nfTypeList": [ "AMF", "SMF", "PCF" ] } } ] }
NF screening rules to get a particular configured rule
URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URIRequest_Type: GET
Response Body
{ "nfScreeningRulesListType": "CALLBACK_URI", "nfScreeningType": "BLACKLIST", "nfScreeningRulesListStatus": "ENABLED", "globalScreeningRulesData": { "failureAction": "SEND_ERROR", "nfCallBackUriList": [ { "ipv4AddressRange": { "start": "155.90.171.123", "end": "233.123.19.165" }, "ports": [ 10, 20 ] }, { "ipv6AddressRange": { "start": "1001:cdba:0000:0000:0000:0000:3257:9652", "end": "3001:cdba:0000:0000:0000:0000:3257:9652" } } ] }, "amfScreeningRulesData": { "failureAction": "SEND_ERROR", "nfCallBackUriList": [ { "fqdn": "ocnrf-d5g.oracle.com" }, { "ipv4AddressRange": { "start": "155.90.171.123", "end": "233.123.19.165" }, "ports": [ 10, 20 ] } ] } }
NF screening rules for partial rule update
URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URIRequest_Type: PUT
Content-Type: application/json-patch+jsonRequest Body
[ {"op":"remove","path":"/globalScreeningRulesData/nfCallBackUriList/2/ports/0"}, {"op":"replace","path":"/globalScreeningRulesData/failureAction","value": "CONTINUE"} ]URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI
Request_Type: PUT
Content-Type: application/json-patch+jsonResponse Body
[{"op":"add","path":"/nrfScreeningRulesData","value": {"failureAction": "SEND_ERROR","nfCallBackUriList": [{"ipv4AddressRange":{"start