Configuring NF Screening

This section provides information for configuring NF Screening.

RESTful Service Architecture to Configure Rules for NF Screening

Table 5-6 Resources and Methods Overview

Resource Name	Resource URI	HTTP Method or Custom Operation	Description
screening-rules (Store)	{apiRoot}/nrf-configuration/v1/screening-rules	GET	Returns all the screening rules
screening-rules (Document)	{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType}	GET	Returns screening rules corresponding to the specified NF Screening Rule List Type.
screening-rules (Document)	{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType}	PUT	Replace the complete specified NF Screening Rule List Type
screening-rules (Document)	{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType}	PATCH	Partially updates the specified NF Screening Rule List Type.

Resource Standard Methods

PUT - Updates a particular screening rule (except read only attributes)

Table 5-7 Data structures supported by the PUT Request Body

Data Type	P	Cardinality	Description
NfScreening Rules	M	1	NF Screening Rules which need to be updated.

Table 5-8 Data structures supported by the PUT Response Body

Data Type	P	Cardinality	Response Codes	Description
NA	M	1	204 No content	Successful response
ProblemDetails	C	1	404 NOT FOUND 500 INTERNAL ERROR 400 BAD REQUEST	The response body contains the error reason of the request message.

Data Type

Cardinality

Response Codes

Description

204 No content

Successful response

ProblemDetails

404 NOT FOUND

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

PATCH - Updates partially a particular screening rule (except read only attributes)

Table 5-9 Data structures supported by the PATCH Request Body

Data Type	P	Cardinality	Description
PatchDocument	M	1	It contains the list of changes to be made to the NF Screening Rule, according to the JSON PATCH format specified in IETF RFC 6902 [13].

Table 5-10 Data structures supported by the PATCH Response Body

Data Type	P	Cardinality	Response Codes	Description
NA	M	1	204 No content	Successful response
ProblemDetails	C	1	404 NOT FOUND 500 INTERNAL ERROR 400 BAD REQUEST	The response body contains the error reason of the request message.

Data Type

Cardinality

Response Codes

Description

204 No content

Successful response

ProblemDetails

404 NOT FOUND

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

GET - Collection of screening rules

Table 5-11 URI query parameters supported by the GET method

Name	Data Type	P	Cardinality	Description
nfScreeningRulesListType	NfScreeningRulesListType	O	0.1	The type of NF screening rules on this basis of rules list type.
nfScreeningRulesListStatus	NfScreeningRulesListStatus	O	0.1	Screening Rules List on the basis of status (Enabled or Disabled)

Table 5-12 Data structures supported by the GET Request Body

Data Type	P	Cardinality	Description
n/a

Table 5-13 Data structures supported by the GET Response Body

Data Type	P	Cardinality	Response Codes	Description
ScreeningRulesResult	M	1	200 OK	The response body contains a list of screening lists, or an empty object if there are no screening rules to return in the query result.
ProblemDetails	C	1	500 INTERNAL ERROR 400 BAD REQUEST	The response body contains the error reason of the request message.

Data Type

Cardinality

Response Codes

Description

ScreeningRulesResult

200 OK

The response body contains a list of screening lists, or an empty object if there are no screening rules to return in the query result.

ProblemDetails

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

Table 5-14 ScreeningRulesResult - Parameters

Attribute Name	Data type	P	Cardinality	Description
nfScreeningRulesList	array (NfScreeningRules)	M	0.N	It shall contain an array of NF Screening List. An empty array means there is no NF Screening list configured.

GET - Particular screening list rule

Table 5-15 Data structures supported by the GET Request Body

Data Type	P	Cardinality	Description
n/a

Table 5-16 Data structures supported by the GET Response Body

Data Type	P	Cardinality	Response Codes	Description
NfScreeningRules	M	1	200 OK	The response body contains requested screening list.
ProblemDetails	C	1	500 INTERNAL ERROR 400 BAD REQUEST	The response body contains the error reason of the request message.

Data Type

Cardinality

Response Codes

Description

NfScreeningRules

200 OK

The response body contains requested screening list.

ProblemDetails

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

Table 5-17 NfScreeningRules - Parameters

Attribute Name	Data type	P	Description
nfScreeningRulesListType	Table 5-19	C	ReadOnly. It will be returned while retrieving the rule.
nfScreeningType	Table 5-20	M	Screening type of complete screening list. Blacklist or whitelist. All the rules can be either blacklist or whitelist.
nfScreeningRulesListStatus	Table 5-21	M	This attribute will enable or disable complete screening list.
globalScreeningRulesData	Table 5-18	O	This attribute will be present if global screening rules need to be configured.
customNfScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for custom NF need to be configured.
nrfScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for NRF need to be configured.
udmScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for UDM need to be configured.
amfScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for AMF need to be configured.
smfScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for custom SMF need to be configured.
ausfScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for AUSF need to be configured.
nefScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for NEF need to be configured.
pcfScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for PCF need to be configured.
nssfScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for NSSF need to be configured.
udrScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for UDR need to be configured.
lmfScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for IMF need to be configured.
gmlcScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for GMLC need to be configured.
fiveG_EirScreeningRules	Table 5-18	O
seppScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for SEPP need to be configured.
upfScreeningRulesData	Table 5-18	O
n3iwfScreeningRulesData	Table 5-18	O
afScreeningRulesData	Table 5-18	O
udsfScreeningRulesData	Table 5-18	O
bsfScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for BSF need to be configured.
chfScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules for CHF need to be configured.
nwdafScreeningRulesData	Table 5-18	O	This attribute will be present if screening rules forNWDAF need to be configured.

Table 5-18 NfScreeningRulesData - Parameters

Attribute Name	Data type	P	Description
failureAction	Table 5-22	M
nfFqdn	Table 5-23	C	If this attribute is present in message it shouldn't be null. This attribute will be present if screeningListType is NF_FQDN.
nfCallBackUriList	array(Table 5-25)	C	If this attribute is present in message it shouldn't be null. This attribute will be present if screeningListType is CALLBACK_URI.
nfIpEndPointList	array(Table 5-24)	C	If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is NF_IP_ENDPOINT.
plmnList	array(PlmnId)	C	If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is PLMN_ID.
nfTypeList	array(NfTypeList)	C	If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is NF_TYPE_REGISTER.

Table 5-19 NfScreeningRulesListType - Parameters

Enumeration Value	Description
"NF_FQDN"	Screening List type for NF FQDN
"NF_IP_ENDPOINT"	Screening list type for IP Endpoint
"CALLBACK_URI"	Screening list type for callback URIs in NF Service and nfStatusNotificationUri in SubscriptionData
"PLMN_ID"	Screening list type for PLMN ID
"NF_TYPE_REGISTER"	Screening list type for allowed NF Types to register

Table 5-20 NfScreeningType - Parameters

Enumeration Value	Description
"BLACKLIST"	When a screening list is configured to operate as a blacklist, the request is allowed to access the service only if the corresponding attribute value is not present in the blacklist.
"WHITELIST"	When a screening list is configured to operate as a whitelist, the request is allowed to access the service only if the corresponding attribute value is present in the whitelist.

Table 5-21 NfScreeningRulesListStatus - Parameters

Enumeration Value	Description
"ENABLED"	Screening List enabled to get apply
"DISABLED"	Screening List disabled to get apply

Table 5-22 FailureAction - Parameters

Enumeration Value	Description
"CONTINUE"	Continue Processing
"SEND_ERROR"	Send response with configured HTTP status code

Table 5-23 NfFqdn - Parameters

Attribute Name	Data type	P	Description
fqdn	array(FQDN)	C	Exact Fqdn to be matched. This is conditional, at least one attribute shall be present.
pattern	array(string)	C	Regular Expression for FQDN. This is conditional, at least one attribute shall be present.

Table 5-24 NfIpEndPoint - Parameters

Attribute Name	Data type	P	Description
ipv4Address	Ipv4Addr	C	IPv4 address to be matched.
ipv4AddressRange	Ipv4AddressRange	C	Range of IPv4 addresses.
ipv6Address	Ipv6Addr	C	IPv6 address to be matched.
ipv6AddressRange	Table 5-27	C	Range of IPv6 addresses.
port	array(integer)	O	If this attribute is not configured then it will not be considered for validation.
portRange	array(PortRange)	O	If this attribute is not configured then it will not be considered for validation.

Note:

Depending on the conditions, only one of the ipv4Address, ipv4AddressRange, ipv6Address, and ipv6AddressRange attributes can be present.

Table 5-25 NfCallBackUri - Parameters

Attribute Name	Data type	P	Description
fqdn	FQDN	C	Exact Fqdn to be matched.
pattern	string	C	Regular Expression for FQDN, Ipv4Address, Ipv6Address.
ipv4Address	Ipv4Addr	C	IPv4 address to be matched.
ipv4AddressRange	Ipv4AddressRange	C	Range of IPv4 addresses.
ipv6Address	Ipv6Addr	C	IPv6 address to be matched.
ipv6AddressRange	Table 5-27	C	Range of IPv6 addresses.
port	array(integer)	O	If this attribute is not configured then it will not be considered for validation.
portRange	array(PortRange)	O	If this attribute is not configured then it will not be considered for validation.

Note:

Depending on the conditions, only one of the fqdn, pattern, ipv4Address, ipv4AddressRange, ipv6Address, and ipv6AddressRange attributes can be present.

Table 5-26 PortRange - Parameters

Attribute Name	Data type	P	Description
start	integer	M	First value identifying the start of port range.
end	integer	M	Last value identifying the end of port range.

Table 5-27 Ipv6AddressRange - Parameters

Attribute Name	Data type	P	Description
start	Ipv6Addr	M	First value identifying the start of an IPv6 Address range.
end	Ipv6Addr	M	Last value identifying the end of an IPv6 Address range.

Table 5-28 Common data types

Data Type	Reference
Ipv6Addr	3GPP TS 29.571
Ipv4Addr	3GPP TS 29.571
Ipv4AddressRange	3GPP TS 29.510
PlmnId	3GPP TS 29.571
Uri	3GPP TS 29.571
IpEndPoint	3GPP TS 29.510
NFType	3GPP TS 29.510
ProblemDetails	3GPP TS 29.571

REST message samples

Screening List Update

NF screening rules to update particular rule configuration (except read only attributes)

URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI

Request_Type: PUT

Content-Type: application/json

Request Body

NF screening rules to get all of the configured rules

{

    "nfScreeningType": "BLACKLIST",

    "nfScreeningRulesListStatus": "ENABLED",

    "globalScreeningRulesData": {

        "failureAction": "SEND_ERROR",

        "nfCallBackUriList": [

            {

                "ipv4AddressRange":{

                    "start": "155.90.171.123",

                    "end": "233.123.19.165"

                },

                "ports":[10,20]

            },

            {

                "ipv6AddressRange":{

                    "start": "1001:cdba:0000:0000:0000:0000:3257:9652",

                    "end": "3001:cdba:0000:0000:0000:0000:3257:9652"

                }

            }

        ]

    },

    "amfScreeningRulesData": {

        "failureAction": "CONTINUE",

        "nfCallBackUriList": [

            {

                "fqdn": "ocnrf-d5g.oracle.com"

            },

            {

                "ipv4AddressRange":{

                    "start": "155.90.171.123",

                    "end": "233.123.19.165"

                },

                "ports":[10,20]

            }

        ]

    }

}

URL: http://host:port/nrf-configuration/v1/ screening-rules /

Request_Type: GET

Response Body

{

    "nfScreeningRulesList": [

        {

            "nfScreeningRulesListType": "NF_FQDN",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "DISABLED"

        },

        {

            "nfScreeningRulesListType": "NF_IP_ENDPOINT",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "ENABLED",

            "amfScreeningRulesData": {

                "failureAction": "SEND_ERROR",

                "nfIpEndPointList": [

                    {

                        "ipv4Address": "198.21.87.192",

                        "ports": [

                            10,

                            20

                        ]

                    }

                ]

            }

        },

        {

            "nfScreeningRulesListType": "CALLBACK_URI",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "ENABLED",

            "globalScreeningRulesData": {

                "failureAction": "SEND_ERROR",

                "nfCallBackUriList": [

                    {

                        "fqdn": "ocnrf-d5g.oracle.com",

                        "ports": [

                            10,

                            20

                        ]

                    }

                ]

            }

        },

        {

            "nfScreeningRulesListType": "PLMN_ID",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "DISABLED"

        },

        {

            "nfScreeningRulesListType": "NF_TYPE_REGISTER",

            "nfScreeningType": "WHITELIST",

            "nfScreeningRulesListStatus": "ENABLED",

            "globalScreeningRulesData": {

                "failureAction": "SEND_ERROR",

                "nfTypeList": [

                    "AMF",

                    "SMF",

                    "PCF"

                ]

            }

        }

    ]

}

NF screening rules to get a particular configured rule

URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI

Request_Type: GET

Response Body

{

    "nfScreeningRulesListType": "CALLBACK_URI",

    "nfScreeningType": "BLACKLIST",

    "nfScreeningRulesListStatus": "ENABLED",

    "globalScreeningRulesData": {

        "failureAction": "SEND_ERROR",

        "nfCallBackUriList": [

            {

                "ipv4AddressRange": {

                    "start": "155.90.171.123",

                    "end": "233.123.19.165"

                },

                "ports": [

                    10,

                    20

                ]

            },

            {

                "ipv6AddressRange": {

                    "start": "1001:cdba:0000:0000:0000:0000:3257:9652",

                    "end": "3001:cdba:0000:0000:0000:0000:3257:9652"

                }

            }

        ]

    },

    "amfScreeningRulesData": {

        "failureAction": "SEND_ERROR",

        "nfCallBackUriList": [

            {

                "fqdn": "ocnrf-d5g.oracle.com"

            },

            {

                "ipv4AddressRange": {

                    "start": "155.90.171.123",

                    "end": "233.123.19.165"

                },

                "ports": [

                    10,

                    20

                ]

            }

        ]

    }

}

NF screening rules for partial rule update

URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI

Request_Type: PUT

Content-Type: application/json-patch+json

Request Body

[

    {"op":"remove","path":"/globalScreeningRulesData/nfCallBackUriList/2/ports/0"},

    {"op":"replace","path":"/globalScreeningRulesData/failureAction","value": "CONTINUE"}

]

URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI

Request_Type: PUT

Content-Type: application/json-patch+json

Response Body

[{"op":"add","path":"/nrfScreeningRulesData","value": {"failureAction": "SEND_ERROR","nfCallBackUriList": [{"ipv4AddressRange":{"start