Configuring OCNRF

5 Configuring OCNRF

Mandatory Configurations

Following is the mandatory parameter, which must be configured before using OCNRF:

nrfPlmnList: PLMN(s) served by OCNRF. This must be configured before using any OCNRF Services.

OCNRF Configuration

OCNRF can be configured using HELM and REST configuration. Some configuration are performed during installation using HELM and few are modified using REST. For HELM configuration refer to OCNRF Cloud Native Installation and Upgrade Guide. The REST configurations can also be performed using Cloud Native Core (CNC) Console. Refer to Configuring OCNRF using CNC Console for more details.

General Configurations

Below table provides information for configuring general configurations in OCNRF.

General configuration - OCNRF system options

Table 5-1 Service API Interface

Resource Name	Resource URI	HTTP Method or Custom Operation	Description
nrf-configuration (Store)	{apiRoot}/nrf-configuration/v1/system-options	GET	Retrieves NRF system options configuration
nrf-configuration (Store)	{apiRoot}/nrf-configuration/v1/system-options	PUT	Updates NRF system options configuration

Resource Standard Methods

GET - Retrieve NRF System options configuration

Table 5-2 Data structures supported by the GET Response Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Response Codes	Description
ProblemDetails	M	1	500 Internal Server Error	The response body contains the error reason of the request message.
NrfSystemOptions	M	1	200 OK	Response body contains the NRF current system options

PUT - Update NRF System options configuration

Table 5-3 Data structures supported by the PUT Request Body

Data Type	P	Cardinality	Description
NrfSystemOptions	M	1	NrfSystemOptions details

Table 5-4 Data structures supported by the PUT Response Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Response Codes	Description
ProblemDetails	M	1	500 Internal Server Error	The response body contains the error reason of the request message.
ProblemDetails	M	1	400 Bad request	The response body contains the error reason of the request message.
NA			204 No content	Specifies that the update of NrfSystemOptions is successful.

Example 5-1 REST Message Sample

Request_Type: GET and PUT

URL: http://<k8s host>:<port>/nrf-configuration/v1/system-options

{
	 		"generalSystemOptions": {
	 		"enableF3": true,
	 		"enableF5": true,
	 		"maximumHopCount": 3,
	 		"defaultLoad": 5,
	 		"defaultPriority": 100,
	 		"addPriorityInNFProfile": false,
	 		"addLoadInNFProfile": false
	 		},
	 		"nfScreeningSystemOptions": {
	 		"nfScreeningFeatureStatus": "DISABLED",
	 		"nfScreeningFailureHttpCode": 403
	 		},
	 		"nfAccessTokenSystemOptions": {
	 		"oauthTokenAlgorithm": "ES256",
	 		"oauthTokenExpiryTime": 3600,
	 		"authorizeRequesterNf": "ENABLED",
	 		"logicalOperatorForScope": "AND",
	 		"audienceType": "NF_INSTANCE_ID"
	 		},
	 		"nfManagementSystemOptions": {
	 		"nfHeartBeatTimer": 90,
	 		"nfHeartBeatMissAllowed": 3,
	 		"nfNotifyLoadThreshold": 5,
	 		"nrfSupportForProfileChangesInResponse": true,
	 		"subscriptionValidityDuration": 2160,
	 		"nrfSupportForProfileChangesInNotification": false,
	 		"nfProfileSuspendDuration": 168,
	 		"acceptAdditionalAttributes": false
	 		},
	 		"nfDiscoverSystemOptions": {
	 		"discoveryValidityPeriod": 3600,
	 		"profilesCountInDiscoveryResponse": 3,
	 		"discoveryResultLoadThreshold": null
	 		},
	 		"slfSystemOptions": {
	 		"preferredSubscriberIdType": "SUPI",
	 		"rerouteOnResponseHttpStatusCodes": {
	 		"pattern": "^[3,5][0-9]{2}$"
	 		}
	 		
	 		},
	 		"errorResponses": {
	 		"slfErrorResponses": [
	 		{
	 		"errorCondition": "SLF_Missing_Mandatory_Parameters",
	 		"errorCode": 400,
	 		"errorResponse": "Mandatory parameter missing for SLF Lookup"
	 		},
	 		{
	 		"errorCondition": "SLF_Configuration_Missing",
	 		"errorCode": 404,
	 		"errorResponse": "SLF configuration missing at NRF"
	 		},
	 		{
	 		"errorCondition": "SLF_GroupId_NotFound",
	 		"errorCode": 404,
	 		"errorResponse": "Group Id Not found from SLF"
	 		},
	 		{
	 		"errorCondition": "SLF_Not_Reachable",
	 		"errorCode": 504,
	 		"errorResponse": "SLF not reachable"
	 		}
	 		],
	 		"nrfForwardingErrorResponses": [
	 		{
	 		"errorCondition": "NRF_Not_Reachable",
	 		"errorCode": 504,
	 		"errorResponse": "NRF not reachable"
	 		},
	 		{
	 		"errorCondition": "NRF_Forwarding_Configuration_Missing",
	 		"errorCode": 500,
	 		"errorResponse": "Configuration missing for NRF forwarding"
	 		},
	 		{
	 		"errorCondition": "NRF_Forwarding_Loop_Detection",
	 		"errorCode": 508,
	 		"errorResponse": "NRF forwarding loop detected"
	 		}
	 		]
	 		},
	 		"forwardingSystemOptions": {
	 		"profileRetreivalForwardingEnabled": false,
	 		"subscriptionForwardingEnabled": false,
	 		"discoveryForwardingEnabled": true,
	 		"accessTokenForwardingEnabled": false,
	 		"nrfHostConfig": [{
	 		"apiVersions": [{
	 		"apiVersionInUri": "v1",
	 		"apiFullVersion": "15.5.0"
	 		}],
	 		"scheme": "http",
	 		"fqdn": "ocnrf-1-ingressgateway.ocnrf.svc.cluster.local",
	 		"priority": 100,
	 		"nfInstanceId": "c56a4180-65aa-42ec-a945-5fd21dec0538",
	 		"port": 80
	 		}],
	 		"nrfRerouteOnResponseHttpStatusCodes":{
	 		"codeList" : [404]
	 		}  
	 		}
	 		}

Data Model

Note:

If the attributes other than profilesCountInDiscoveryResponse and discoveryResultLoadThreshold are not present, use existing value in the database. It can be the default value or the last updated value. At least one attribute must be present to ensure that the PUT request is not empty. nrfPlmnList is a mandatory parameter that needs to be configured before using OCNRF.

Table 5-5 NrfSystemOptions - Parameters

Parent Attribute Name	Attribute Name	Data Type	Constraints	Mandatory(M)/Optional(O)/Conditional(C)	Default Values	Description
generalSystemOptions	nrfPlmnList	array		O		This value shall have at least one PLMN supported by OCNRF and this value shall be set before using OCNRF. See the footnote.
generalSystemOptions	enableF3	ENUM	TRUE or FALSE	O	TRUE	OCNRF will function as per 29510 v15.3 specification
generalSystemOptions	enableF5	ENUM	TRUE or FALSE	O	TRUE	OCNRF will function as per 15.5 specification
generalSystemOptions	defaultLoad	INTEGER	0 - 100	O	5	This attribute is default value of NF Load and will be used if NFProfile does not have Load attribute set by NF.
generalSystemOptions	defaultPriority	INTEGER	0 - 65535	O	100	This attribute is default value of NF Priority and will be used if NFProfile does not have priority attribute set by NF.
generalSystemOptions	addLoadInNFProfile	ENUM (TRUE, FALSE)	TRUE, FALSE	O	FALSE	Value of default NF load will be set in NF Load attribute of NFProfile while sending in NFDiscover response and NFProfile sent in NFNotify operation, in case NFProfile does not have Load attribute.
generalSystemOptions	addPriorityInNFProfile	ENUM (TRUE, FALSE)	TRUE, FALSE	O	FALSE	Value of default NF Priority will be set in NF Priority attribute of NFProfile while sending in NFDiscover response and NFProfile sent in NFNotify operation, in case NFProfile does not have Priority attribute.
generalSystemOptions	maximumHopCount	INTEGER	>0	O	3	Maximum number of Nodes (SLF/NRF's) that OCNRF can communicate, to service a request.
forwardingSystemOptions	nrfHostConfig	array		O		NRF Host Configuration is used to build the Target NRF's APIRoot for forwarding various service operation messages to another NRF. There is possibility to configure multiple NRFs, however only two NRF details are considered. The NRF with highest priority is considered as Primary NRF and the NRF with second highest priority is considered as Secondary NRF. Note: Only supported apiVersion is v1. Lower value indicates higher priority. See the footnote.
forwardingSystemOptions	nrfRerouteOnResponseHttpStatusCodes	ResponseHttpStatusCodes	pattern or specific code list	O	"pattern": "^[3,5][0-9]{2}$"	This configuration is used to determine if the service operation message needs to forwarded to Secondary NRF. After getting response from primary NRF, if response status code from primary NRF is present/matches with this configured response status code, then NRF reroutes the request to the secondary NRF. Refer nfHostConfig for details for Primary and Secondary NRF details. See the footnote.
forwardingSystemOptions	profileRetreivalForwardingEnabled	ENUM (TRUE, FALSE)	TRUE, FALSE	O	FALSE	This attribute controls the forwarding of NFProfileRetrieval service operation messages. If the flag is set to true and NRF is not able to complete the request due to unavailability of any matching profile, then NRF forwards the NfProfileRetrival request to the configured NRF host(s) and relays the response received from forwarding NRF to the Consumer NF. If flag is false, NRF will not forward the NfProfileRetrival request in any case. It will return a response to consumer NF without forwarding it. See the footnote.
forwardingSystemOptions	subscriptionForwardingEnabled	ENUM (TRUE, FALSE)	TRUE, FALSE	O	FALSE	This attribute controls the forwarding of NFStatusSubscribe, NFStatusUnsubscribe service operation messages. If the flag is set to true and NRF is not able to complete the request due to unavailability of any matching profile, then NRF forwards the NfStatusSubscribe/NfStatusUnSubscribe request to the configured NRF host(s) and relays the response received from forwarding NRF to the Consumer NF. If flag is false, NRF will not forward the NfStatusSubscribe/NfStatusUnSubscribe request in any case. It will return a response to consumer NF without forwarding it. Note: NfStatusSubscribe forwarding is supported only if the NfInstanceIdCond condition is requested in the Subscription Request. See the footnote.
forwardingSystemOptions	discoveryForwardingEnabled	ENUM (TRUE, FALSE)	TRUE, FALSE	O	FALSE	This attribute controls the forwarding of NFDiscover service operation messages. If the flag is set to true and NRF is not able to complete the request due to unavailability of any matching profile, then NRF forwards the NfDiscover request to the configured NRF host(s) and relays the response received from forwarding NRF to the Consumer NF. If flag is false, NRF will not forward the NfDiscover request in any case. It will return a response to consumer NF without forwarding it. See the footnote.
forwardingSystemOptions	accessTokenForwardingEnabled	ENUM (TRUE, FALSE)	TRUE, FALSE	O	FALSE	This attribute controls the forwarding of AccessToken service operation messages. If the flag is set to true and NRF is not able to complete the request due to unavailability of any matching Producer NF, then NRF forwards the AccessToken request to the configured NRF host(s) and relays the response received from forwarding NRF to the Consumer NF. If flag is false, NRF will not forward the AccessToken request in any case. It will return a response to consumer NF without forwarding it. See the footnote.
nfScreeningSystemOptions	nfScreeningFeatureStatus	Table 5-6		O	DISABLED	This attribute will inform if NF Screening Feature need to be enabled or not. See the footnote.
nfScreeningSystemOptions	nfScreeningFailureHttpCode	INTEGER		O	403	This attribute will inform what HTTP status code will be returned if incoming request doesn't pass NF Screening rules barrier. See the footnote.
nfManagementSystemOptions	nfHeartBeatTimer	INTEGER	Min: 30 seconds Max: 300 seconds	O	90	Value entered for this attribute will be treated as seconds. If Heartbeat timer value is not received in NFProfile during NFRegister, this default value will be used by OCNRF. If Heartbeat timer value is received in NFProfile during NFRegister, minimum value will be used for validation and limit purpose. It means if value provided less than minimum value, then minimum value will be taken as heartbeat timer value. If Heartbeat timer value is received in NFProfile during NFRegister, maximum value of range will be used for validation and limit purpose. It means if value provided more than maximum value, then maximum value will be taken as heartbeat timer value. See the footnote.
nfManagementSystemOptions	nfHeartBeatMissAllowed	INTEGER		O	3	NF HeartBeat miss allowed after which NFProfile will be marked as suspended. See the footnote.
nfManagementSystemOptions	nfNotifyLoadThreshold	INTEGER	0 - 99	O	5	Notification trigger will be generated only when difference between the 'load' value reported by NF in most recent heartbeat and the 'load' reported in the last generated notification more than configured value of loadThreshold parameter. See the footnote.
nfManagementSystemOptions	nrfSupportForProfileChangesInResponse	ENUM (TRUE, FALSE)	TRUE or FALSE	O	TRUE	Flag to enable and disable the feature which will tell OCNRF instead of complete profile, send mandatory attributes and attributes modified by NRF in the response of NFRegister and NFUpdate (full profile replacement) service operations. See the footnote.
nfManagementSystemOptions	subscriptionValidityDuration	INTEGER	1 hour - 180 days (4320 hours)	O	2160	Value entered for this attribute will be treated as hours. If Validity time attribute is not received in SubscriptionData during NFSubscribe, this default value will be used for calculation of validity time (current time + default duration). If Validity time attribute is received in SubscriptionData during NFSubscribe, this is minimum value will be used for validation and limit purpose. It means if value provided is less than ( current time + minimum value), then calculated value with minimum duration value will be considered as validity time of subscription and similarly in case validity time is more than (current time + maximum duration), then calculated value with maximum duration will be considered as validity time of subscription. See the footnote.
nfManagementSystemOptions	nrfSupportForProfileChangesInNotification	ENUM	TRUE or FALSE	O	FALSE	Flag to enable/disable to send profileChanges attribute instead of NFProfile in Notification. See the footnote.
nfManagementSystemOptions	nfProfileSuspendDuration	INTEGER		O	168	An NF is allowed to be in SUSPENDED state for this duration before it is deleted from OCNRF database. Value entered for this attribute will be treated as hours. See the footnote.
nfManagementSystemOptions	acceptAdditionalAttributes	ENUM	TRUE or FALSE	O	FALSE	This attribute will tell whether NRF need to preserve additional attributes not defined in NFProfile/NFService in NRF database. See the footnote.
nfDiscoverSystemOptions	discoveryValidityPeriod	INTEGER		O	3600	Discovery request will be valid till this value. Requester NF shall do discovery again to get latest values. Value entered for this attribute will be treated as seconds. See the footnote.
nfDiscoverSystemOptions	profilesCountInDiscoveryResponse	INTEGER	1 - 10	C	3	This value will restrict NF profile count in NFDiscover response. If this attribute is not present in configuration request then this functionality will get disabled, in that case all the profiles will be returned. If GET option returns this attribute value as null, then it means this feature is disabled. Note:- If Limit attribute is present in SearchData URI, then this attribute will not be used.
nfDiscoverSystemOptions	discoveryResultLoadThreshold	INTEGER	1 - 100	C		NFDiscover response will contain NF profiles with load attribute value less than this configured value. If this attribute is not present in configuration request then this functionality will get disabled. While doing GET on NrfSystemOptions resource if this value is null, then it means this feature is disabled.
nfAccessTokenSystemOptions	oauthTokenAlgorithm	Table 5-7		O	ES256	Access token key algorithm which will be used to sign the oauth token.
nfAccessTokenSystemOptions	oauthTokenExpiryTime	INTEGER	1 - 604800	O	3600	Oauth token expiry time. This value is in seconds.
nfAccessTokenSystemOptions	authorizeRequesterNf	Table 5-6		O	ENABLED	This is validation done by OCNRF. NRF will issue the access token only if the requester NF is registered with NRF.
nfAccessTokenSystemOptions	audienceType	Table 5-8		O	NF_INSTANCE_ID	This value will decide the AudienceType in AccessTokenClaim. This value will be used only if targetnfInstanceId is not set in AccessTokenRequest.
nfAccessTokenSystemOptions	logicalOperatorForScope	Table 5-9		O	AND	This value will decide whether values in scope will have relationship AND or OR. If value is AND, while looking for producer network function profiles, token will be issued for profiles matching all the services-names present in scope. If value is OR, token will be issued for profiles matching any of the services-names present in scope.
slfSystemOptions	slfHostConfig	array (Table 5-10)		C		SLF Host Configuration. It may contain multiple SLF hosts. But SLF with highest priority will be selected. This configuration may contain multiple SLF hosts. But SLF with highest priority will be selected. Lower values indicate a higher priority. If supportedNfTypeList is set, then operator must set this attribute. If this attribute is already set then there is no need to provide the value again. If this attribute is already set then there is no need to provide the value again.
slfSystemOptions	supportedNfTypeList	array		C		NF Type list for which SLF need to be supported. This is key configuration for enabling SLF feature on OCNRF. SLF look up will happen only for NF Types mentioned in this configuration. If this value is set, then slfHostConfig shall also be set.
slfSystemOptions	preferredSubscriberIdType	Table 5-11		O		This attribute will only be used, in case different type of subscriber identifiers (SUPI, GPSI) are present in NFDiscover service operation message, which subscriber identifier shall be used for the query to SLF.
slfSystemOptions	rerouteOnResponseHttpStatusCodes	ResponseHttpStatusCodes		O		This attribute will be used after getting response from primary SLF (SLF Config with highest priority), if response code is present in this list, then NRF will reroute the SLF query to secondary SLF (SLF Config with second highest priority).
errorResponses	slfErrorResponses	array (Table 5-12)		O		This attribute defines the error responses which may be sent during SLF processing. This attribute will allow to update the error response status code and error response description for preloaded error conditions.
errorResponses	nrfForwardingErrorResponses	array (Table 5-12)		O		This attribute defines the error responses which may be sent during NRF Forwarding scenarios. This attribute will allow to update the error response status code and error response description for preloaded error conditions.

Note:

If the attribute is not present, existing value in database is used. It can be the default value or the last updated value. But at least one attribute must be present so that the PUT request is not empty.

Table 5-6 Feature Status

Enumeration value	Description
ENABLED	Enables the feature.
DISABLED	Disables the feature.

Table 5-7 OauthTokenAlgorithm

Enumeration value	Description
ES256	ES256 algorithm key will be used to sign the oauth token
RS256	RS256 algorithm key will be used to sign the oauth token

Table 5-8 AudienceType

Enumeration value	Description
NF_INSTANCE_ID	NF Instance Id(s) in audience IE of AccessTokenClaim.
NF_TYPE	NF Type in audience IE of AccessTokenClaim.

Table 5-9 LogicalOperatorForScope

Enumeration value	Description
AND	If value is AND, while looking for producer network function profiles, token will be issued for profiles matching all the services-names present in scope.
OR	If value is OR, token will be issued for profiles matching any of the services-names present in scope.

Table 5-10 NFConfig

Attribute	DataType	Presence	Description
apiVersions	NFServiceVersion	M	API Version of NF
scheme	UriScheme	M	URI schema supported by NF
fqdn	Fqdn	M	FQDN of NF
port	integer	O	default value:80, Port of NF
apiPrefix	string	O	ApiPrefix
priority	integer	M	Priority of NF
nfInstanceId	string	O	nfInstanceId of NF

Table 5-11 SubscriberIdType

Enumeration Value	Description
SUPI	Subscriber Id is SUPI
GPSI	Subscriber Id is GPSI

Table 5-12 ErrorInfo

Attribute	DataType	Presence	Description
error_condition	ErrorCondition	ReadOnly	Error Conditions
error_response_code	Integer	M	This response code will be used when corresponding error condition will occur.
error_response_description	String	M	This response description will be used when corresponding error condition will occur.

Table 5-13 ErrorCondition

Error Condition	Error Response Code	Description
SLF_Missing_Mandatory_Parameters	400	SLF mandatory parameters are missing
SLF_Configuration_Missing	404	SLF Configuration is missing at NRF
SLF_Not_Reachable	504	SLF is not reachable from NRF
SLF_GroupId_NotFound	404	Group Id Not found from SLF
NRF_Not_Reachable	504	Primary/Secondary NRF is not reachable from NRF
NRF_Forwarding_Configuration_Missing	404	NRF forwarding configuration missing at NRF
NRF_Forwarding_Loop_Detection	508	Loop detected while processing NRF Service Operation Message

Table 5-14 ResponseHttpStatusCodes

Attribute	DataType	Presence	Description
pattern	String	C	Either pattern or codeList is present.
codeList	array (integer)	C	Either pattern or codeList is present.

Configuring NF Screening

This section provides information for configuring NF Screening.

Table 5-15 Resources and Methods Overview

Resource Name	Resource URI	HTTP Method or Custom Operation	Description
screening-rules (Store)	{apiRoot}/nrf-configuration/v1/screening-rules	GET	Returns all the screening rules
screening-rules (Document)	{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType}	GET	Returns screening rules corresponding to the specified NF Screening Rule List Type.
screening-rules (Document)	{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType}	PUT	Replace the complete specified NF Screening Rule List Type
screening-rules (Document)	{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType}	PATCH	Partially updates the specified NF Screening Rule List Type.

Resource Standard Methods

PUT - Updates a particular screening rule (except read only attributes)

Table 5-16 Data structures supported by the PUT Request Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Description
NfScreening Rules	M	1	NF Screening Rules which need to be updated.

Table 5-17 Data structures supported by the PUT Response Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Response Codes	Description
NA	M	1	204 No content	Successful response
ProblemDetails	C	1	404 NOT FOUND 500 INTERNAL ERROR 400 BAD REQUEST	The response body contains the error reason of the request message.

Data Type

Mandatory(M)/Optional(O)/Conditional(C)

Cardinality

Response Codes

Description

204 No content

Successful response

ProblemDetails

404 NOT FOUND

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

PATCH - Updates partially a particular screening rule (except read only attributes)

Table 5-18 Data structures supported by the PATCH Request Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Description
PatchDocument	M	1	It contains the list of changes to be made to the NF Screening Rule, according to the JSON PATCH format specified in IETF RFC 6902 [13].

Table 5-19 Data structures supported by the PATCH Response Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Response Codes	Description
NA	M	1	204 No content	Successful response
ProblemDetails	C	1	404 NOT FOUND 500 INTERNAL ERROR 400 BAD REQUEST	The response body contains the error reason of the request message.

Data Type

Mandatory(M)/Optional(O)/Conditional(C)

Cardinality

Response Codes

Description

204 No content

Successful response

ProblemDetails

404 NOT FOUND

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

GET - Collection of screening rules

Table 5-20 URI query parameters supported by the GET method

Name	Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Description
nfScreeningRulesListType	NfScreeningRulesListType	O	0.1	The type of NF screening rules on this basis of rules list type.
nfScreeningRulesListStatus	NfScreeningRulesListStatus	O	0.1	Screening Rules List on the basis of status (Enabled or Disabled)

Table 5-21 Data structures supported by the GET Response Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Response Codes	Description
ScreeningRulesResult	M	1	200 OK	The response body contains a list of screening lists, or an empty object if there are no screening rules to return in the query result.
ProblemDetails	C	1	500 INTERNAL ERROR 400 BAD REQUEST	The response body contains the error reason of the request message.

Data Type

Mandatory(M)/Optional(O)/Conditional(C)

Cardinality

Response Codes

Description

ScreeningRulesResult

200 OK

The response body contains a list of screening lists, or an empty object if there are no screening rules to return in the query result.

ProblemDetails

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

Table 5-22 ScreeningRulesResult - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Description
nfScreeningRulesList	array (NfScreeningRules)	M	0.N	It shall contain an array of NF Screening List. An empty array means there is no NF Screening list configured.

GET - Particular screening list rule

Table 5-23 Data structures supported by the GET Response Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Response Codes	Description
NfScreeningRules	M	1	200 OK	The response body contains requested screening list.
ProblemDetails	C	1	500 INTERNAL ERROR 400 BAD REQUEST	The response body contains the error reason of the request message.

Data Type

Mandatory(M)/Optional(O)/Conditional(C)

Cardinality

Response Codes

Description

NfScreeningRules

200 OK

The response body contains requested screening list.

ProblemDetails

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

Table 5-24 NfScreeningRules - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Description
nfScreeningRulesListType	Table 5-26	C	ReadOnly. It will be returned while retrieving the rule.
nfScreeningType	Table 5-27	M	Screening type of complete screening list. Blacklist or whitelist. All the rules can be either blacklist or whitelist.
nfScreeningRulesListStatus	Table 5-28	M	This attribute will enable or disable complete screening list.
globalScreeningRulesData	Table 5-25	O	This attribute will be present if global screening rules need to be configured.
customNfScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for custom NF need to be configured.
nrfScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for NRF need to be configured.
udmScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for UDM need to be configured.
amfScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for AMF need to be configured.
smfScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for custom SMF need to be configured.
ausfScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for AUSF need to be configured.
nefScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for NEF need to be configured.
pcfScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for PCF need to be configured.
nssfScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for NSSF need to be configured.
udrScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for UDR need to be configured.
lmfScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for IMF need to be configured.
gmlcScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for GMLC need to be configured.
fiveG_EirScreeningRules	Table 5-25	O	This attribute will be present if screening rules for EIR need to be configured.
seppScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for SEPP need to be configured.
upfScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for UPF need to be configured.
n3iwfScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for IWF need to be configured.
afScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for AF need to be configured.
udsfScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for UDSF need to be configured.
bsfScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for BSF need to be configured.
chfScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules for CHF need to be configured.
nwdafScreeningRulesData	Table 5-25	O	This attribute will be present if screening rules forNWDAF need to be configured.

Table 5-25 NfScreeningRulesData - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Description
failureAction	Table 5-29	M
nfFqdn	Table 5-30	C	If this attribute is present in message it shouldn't be null. This attribute will be present if screeningListType is NF_FQDN.
nfCallBackUriList	array(Table 5-32)	C	If this attribute is present in message it shouldn't be null. This attribute will be present if screeningListType is CALLBACK_URI.
nfIpEndPointList	array(Table 5-31)	C	If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is NF_IP_ENDPOINT.
plmnList	array(PlmnId)	C	If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is PLMN_ID.
nfTypeList	array(NfTypeList)	C	If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is NF_TYPE_REGISTER.

Table 5-26 NfScreeningRulesListType - Parameters

Enumeration Value	Description
"NF_FQDN"	Screening List type for NF FQDN
"NF_IP_ENDPOINT"	Screening list type for IP Endpoint
"CALLBACK_URI"	Screening list type for callback URIs in NF Service and nfStatusNotificationUri in SubscriptionData
"PLMN_ID"	Screening list type for PLMN ID
"NF_TYPE_REGISTER"	Screening list type for allowed NF Types to register

Table 5-27 NfScreeningType - Parameters

Enumeration Value	Description
"BLACKLIST"	When a screening list is configured to operate as a blacklist, the request is allowed to access the service only if the corresponding attribute value is not present in the blacklist.
"WHITELIST"	When a screening list is configured to operate as a whitelist, the request is allowed to access the service only if the corresponding attribute value is present in the whitelist.

Table 5-28 NfScreeningRulesListStatus - Parameters

Enumeration Value	Description
"ENABLED"	Screening List feature is enabled to apply the rules.
"DISABLED"	Screening List feature is disabled.

Table 5-29 FailureAction - Parameters

Enumeration Value	Description
"CONTINUE"	Continue Processing
"SEND_ERROR"	Send response with configured HTTP status code

Table 5-30 NfFqdn - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Description
fqdn	array(FQDN)	C	Exact FQDN to be matched. This is conditional, at least one attribute shall be present.
pattern	array(string)	C	Regular Expression for FQDN. This is conditional, at least one attribute shall be present.

Table 5-31 NfIpEndPoint - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Description
ipv4Address	Ipv4Addr	C	IPv4 address to be matched.
ipv4AddressRange	Ipv4AddressRange	C	Range of IPv4 addresses.
ipv6Address	Ipv6Addr	C	IPv6 address to be matched.
ipv6AddressRange	Table 5-34	C	Range of IPv6 addresses.
port	array(integer)	O	If this attribute is not configured then it will not be considered for validation.
portRange	array(PortRange)	O	If this attribute is not configured then it will not be considered for validation.

Note:

Depending on the conditions, only one of the ipv4Address, ipv4AddressRange, ipv6Address, and ipv6AddressRange attributes can be present.

Table 5-32 NfCallBackUri - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Description
fqdn	FQDN	C	Exact Fqdn to be matched.
pattern	string	C	Regular Expression for FQDN, Ipv4Address or Ipv6Address.
ipv4Address	Ipv4Addr	C	IPv4 address to be matched.
ipv4AddressRange	Ipv4AddressRange	C	Range of IPv4 addresses.
ipv6Address	Ipv6Addr	C	IPv6 address to be matched.
ipv6AddressRange	Table 5-34	C	Range of IPv6 addresses.
port	array(integer)	O	If this attribute is not configured then it will not be considered for validation.
portRange	array(PortRange)	O	If this attribute is not configured then it will not be considered for validation.

Note:

Depending on the conditions, only one of the fqdn, pattern, ipv4Address, ipv4AddressRange, ipv6Address, and ipv6AddressRange attributes can be present.

Table 5-33 PortRange - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Description
start	integer	M	First value identifying the start of port range.
end	integer	M	Last value identifying the end of port range.

Table 5-34 Ipv6AddressRange - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Description
start	Ipv6Addr	M	First value identifying the start of an IPv6 Address range.
end	Ipv6Addr	M	Last value identifying the end of an IPv6 Address range.

Table 5-35 Common data types

Data Type	Reference
Ipv6Addr	3GPP TS 29.571
Ipv4Addr	3GPP TS 29.571
Ipv4AddressRange	3GPP TS 29.510
PlmnId	3GPP TS 29.571
Uri	3GPP TS 29.571
IpEndPoint	3GPP TS 29.510
NFType	3GPP TS 29.510
ProblemDetails	3GPP TS 29.571

REST message samples

Screening List Update

NF screening rules to update particular rule configuration (except read only attributes)

URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI

Request_Type: PUT

Content-Type: application/json

Request Body

NF screening rules to get all of the configured rules

{
    "nfScreeningType": "BLACKLIST",
    "nfScreeningRulesListStatus": "ENABLED",
    "globalScreeningRulesData": {
        "failureAction": "SEND_ERROR",
        "nfCallBackUriList": [
            {
                "ipv4AddressRange":{
                    "start": "155.90.171.123",
                    "end": "233.123.19.165"
                },
                "ports":[10,20]
            },
            {
                "ipv6AddressRange":{
                    "start": "1001:cdba:0000:0000:0000:0000:3257:9652",
                    "end": "3001:cdba:0000:0000:0000:0000:3257:9652"
                }
            }
        ]
    },
    "amfScreeningRulesData": {
        "failureAction": "CONTINUE",
        "nfCallBackUriList": [
            {
                "fqdn": "ocnrf-d5g.oracle.com"
            },
            {
                "ipv4AddressRange":{
                    "start": "155.90.171.123",
                    "end": "233.123.19.165"
                },
                "ports":[10,20]
            }
        ]
    }
}

URL: http://host:port/nrf-configuration/v1/ screening-rules /

Request_Type: GET

Response Body

{

    "nfScreeningRulesList": [

        {

            "nfScreeningRulesListType": "NF_FQDN",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "DISABLED"

        },

        {

            "nfScreeningRulesListType": "NF_IP_ENDPOINT",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "ENABLED",

            "amfScreeningRulesData": {

                "failureAction": "SEND_ERROR",

                "nfIpEndPointList": [

                    {

                        "ipv4Address": "198.21.87.192",

                        "ports": [

                            10,

                            20

                        ]

                    }

                ]

            }

        },

        {

            "nfScreeningRulesListType": "CALLBACK_URI",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "ENABLED",

            "globalScreeningRulesData": {

                "failureAction": "SEND_ERROR",

                "nfCallBackUriList": [

                    {

                        "fqdn": "ocnrf-d5g.oracle.com",

                        "ports": [

                            10,

                            20

                        ]

                    }

                ]

            }

        },

        {

            "nfScreeningRulesListType": "PLMN_ID",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "DISABLED"

        },

        {

            "nfScreeningRulesListType": "NF_TYPE_REGISTER",

            "nfScreeningType": "WHITELIST",

            "nfScreeningRulesListStatus": "ENABLED",

            "globalScreeningRulesData": {

                "failureAction": "SEND_ERROR",

                "nfTypeList": [

                    "AMF",

                    "SMF",

                    "PCF"

                ]

            }

        }

    ]

}

NF screening rules to get a particular configured rule

URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI

Request_Type: GET

Response Body

{

    "nfScreeningRulesListType": "CALLBACK_URI",

    "nfScreeningType": "BLACKLIST",

    "nfScreeningRulesListStatus": "ENABLED",

    "globalScreeningRulesData": {

        "failureAction": "SEND_ERROR",

        "nfCallBackUriList": [

            {

                "ipv4AddressRange": {

                    "start": "155.90.171.123",

                    "end": "233.123.19.165"

                },

                "ports": [

                    10,

                    20

                ]

            },

            {

                "ipv6AddressRange": {

                    "start": "1001:cdba:0000:0000:0000:0000:3257:9652",

                    "end": "3001:cdba:0000:0000:0000:0000:3257:9652"

                }

            }

        ]

    },

    "amfScreeningRulesData": {

        "failureAction": "SEND_ERROR",

        "nfCallBackUriList": [

            {

                "fqdn": "ocnrf-d5g.oracle.com"

            },

            {

                "ipv4AddressRange": {

                    "start": "155.90.171.123",

                    "end": "233.123.19.165"

                },

                "ports": [

                    10,

                    20

                ]

            }

        ]

    }

}

NF screening rules for partial rule update

http://host:port/nrf-configuration/v1/screening-rules/CALLBACK_URI

Request_Type: PATCH

Content-Type: application/json-patch+json

Request Body

[
    {"op":"remove","path":"/globalScreeningRulesData/nfCallBackUriList/2/ports/0"},
    {"op":"replace","path":"/globalScreeningRulesData/failureAction","value": "CONTINUE"}
]

URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI

Request_Type: PATCH

Content-Type: application/json-patch+json

Response Body

[{"op":"add","path":"/nrfScreeningRulesData","value": {"failureAction": "SEND_ERROR","nfCallBackUriList": [{"ipv4AddressRange":{"start" : "189.163.192.10","end": "190.178.127.10"}}]}}]