Equipment Identity Register

EIR Feature Description

Table 1. Feature History
Feature Name

Release Information

Description

Equipment Identity Register (EIR)

2024.03.0

This feature allows the AMF to interact with EIR to validate the UE identity during the UE registration procedure. EIR check enhances the network management by tracking and managing the status of the devices.

Command introduced: eir-check { enabled | emergency-registration | deny-greylisted | initial-registration }

Default Setting: Disabled – Configuration Required

The EIR check feature ensures the legitimacy of devices accessing your network. This system categorizes devices into three distinct lists:

  • Whitelisted Devices: AMF allows the UE registration.

  • Greylisted Devices: AMF allows or denies the UE registration on the basis of CLI configuration.

  • Blacklisted Devices: AMF denies the UE for registration.

AMF supports the EIR check using:

  • NRF Discovery

  • Local configuration without NRF discovery

How EIR Works

AMF uses the N17 interface to retrieve equipment status for registration requests when the registration type is set to one of the following:

  • Initial Registration

  • Mobility Updating with AMF Change

  • Emergency Registration

EIR Check Call Flow During Registration Procedure

Following call flow describes the various message exchanges that happens between the UE and AMF during the EIR check.

Table 2. EIR Check Call Flow Description

Steps

Description

1

The UE sends a registration request to AMF.

2

For mobility registration with AMF change request type, AMF identifies an MME/Old AMF and sends a context requests.

3

The old AMF/MME responds with a ContextResponse.

4, 5

The AMF authenticates the UE as presented in the authentication procedure.

6

If Permanent Equipment Identifier (PEI) is not available from peer AMF/MME in ContextResponse, AMF fetches the PEI using either security mode command (with International Mobile Equipment Identity Software Version - IMEISV request) or using IdentityRequest.

Note

 

PEI sent to EIR is either IMEI or IMEISV (whichever is already available in the AMF).

7

UE responds with security mode complete/identity response with IMEISV value.

8

AMF initiates EIR check using IMEISV.

9

On successful verification, EIR responds with 200 OK. AMF takes one of the following actions on the basis of EIR response:

  • If the EIR status is whitelisted: AMF allows the UE registration.

  • If the EIR status is greylisted: AMF allows or denies the UE registration on the basis of CLI configuration.

  • If the EIR status is blacklisted: AMF denies the UE for registration.

On Failures responses (4xx,5xx), AMF either continues with registration or sends a Registration Reject based on FHT configuration (i.e. continue if retry-and-ignore).

Enabling EIR Check for the UE

To enable EIR check for the UE, use the following configuration.

config 
    amf-global 
       call-control-policy 
          eir-check {enabled | emergency-registration | deny-greylisted | initial-registration} 
          end 

NOTES:

  • call-control-policy —Specify the policies related to call control within the AMF. It encompasses various rules and behaviors that the AMF must follow when handling calls and registrations.

  • eir check —Specifies the conditions under which the AMF performs an EIR check. The EIR check is used to verify the status of a mobile device by querying the EIR, which contains information about whether devices are blacklisted, greylisted, or whitelisted.

    • enabled —Enables the EIR check for initial and mobility registration.

    • emergency-registration —Enables the EIR check specifically for emergency registration scenarios. By default, EIR check is not done for emergency registration.

    • deny-greylisted —This option configures the AMF to deny registration requests from devices that are greylisted.

    • initial-registration —This option selects only initial registrations for EIR checks. Without this configuration, the system selects both initial registrations and mobility registrations involving an MME/AMF change for EIR checks.

Configuring EIR Network Element Profile List

To configure a new EIR element within an operator's policy, use the following configuration.

config 
    operator-policy local 
       ccp-name local 
          network-element-profile-list eir eir_profile_list_name 
          end 

NOTES:

  • operator-policy local —Specifies the settings that applies to a local operator policy. It sets the context for defining policies specific to the operator's network.

  • ccp-name local —Specifies the name of the call control policy (CCP) being configured. Here, "local" is the name of the policy, indicating that it applies locally within the operator's domain.

  • network-element-profile-list eir eir_profile_list_name —Specifies the new EIR element to be added in the network element profile list.

Configuring EIR Profile Network Element

To configure the EIR profile network element, use the following configuration:

config 
    profile network-element eir eir_name 
       nf-client-profilenf_client_profile_name 
       failure-handling-profile failure_handling_profile_name 
       query-params [ target-plmn ]  
       end 

NOTES:

  • profile network-element eir eir_name —Specify the profile name for the network element.

  • nf-client-profilenf_client_profile_name —Specify the network function client profile name.

  • failure-handling-profile failure_handling_profile_name —Specify the failure handling profile name.

  • query-params [ target-plmn ] —Specifies the target Public Land Mobile Network (PLMN). This defines the particular mobile network to which the EIR queries are directed, allowing the EIR to check equipment statuses relevant to that specific network.

Configuring NF Pair Profile for EIR

To configure a network function (NF) pair profile for an EIR, use the following configuration. This setup includes NRF discovery, locality preferences, and caching behavior.

config 
    profile nf-pair nf-type nf_type_name 
       nrf-discovery-group nrf_discovery_group_name 
       locality client client_locality_name 
       locality preferred-server preferred_server_name 
       locality geo-server geographic_server_location 
       cache invalidation true  
       end 

NOTES:

  • profile nf-pair nf-type nf_type_name —Specifies the type and identifier of the network function.

  • nrf-discovery-group nrf_discovery_group_name —Assigns the NF pair to a Network Resource Function (NRF) discovery group.

  • locality client client_locality_name —Specify the locality for the client-side of the NF pair.

  • locality preferred-server preferred_server_name —Specifies the preferred server locality for the NF pair.

  • locality geo-server geographic_server_location —Specifies a geographic server locality for the NF pair.

  • cache invalidation true —Specifies that cache invalidation is enabled. This ensures that outdated or stale data in the cache is invalidated, maintaining the accuracy of information.

Configuring NF Client Profile for EIR

To configure a NF client profile for an EIR, use the following configuration. This setup specifies the EIR profile, its locality, service parameters, and endpoint configurations.

config 
    profile nf-client nf-type profile_nf-client_nf_type_name 
       eir-profile eir_profile_name 
          locality locality_name 
          priority priority_value 
          service name type service_name_type 
             endpoint-profile endpoint_profile_name 
                capacity capacity_value 
                uri-scheme uri_scheme_name 
                endpoint-name endpoint_name 
                   priority priority_value 
                   capacity capacity_value 
                   primary ip-address ipv4_address 
                   primary ip-address port port_ip_address 
                   end 

NOTES:

  • profile nf-client nf-type profile_nf-client_nf_type_name —Specifies the type and identifier of the network function.

  • eir-profile eir_profile_name —Associates the EIR profile with the NF client.

  • locality locality_name —Specify the locality for the EIR profile.

  • priority priority_value —Specifies the priority for the locality.

  • service name type service_name_type —Specifies the service name and type associated with the EIR profile.

  • endpoint-profile endpoint_profile_name —Specifies the endpoint profile name.

  • capacity capacity_value —Specify the capacity for the endpoint profile.

  • uri-scheme uri_scheme_name —Specify the URI scheme for the endpoint profile.

  • endpoint-name endpoint_name —Specify the specific endpoint within the endpoint profile.

  • priority priority_value —Specify the priority for the endpoint.

  • capacity capacity_value —Specify the capacity for the endpoint.

  • primary ip-address ipv4_address —Specify the primary IP address for the endpoint.

  • primary ip-address port port_ip_address —Specify the port number for the primary IP address of the endpoint.

Configuring Failure Handling Template for EIR

To configure a failure handling template for EIR, use the following configuration. This configuration includes specific actions and retry mechanisms for different failure scenarios.

config 
    profile nf-client-failure nf-type nf_type_name 
       profile failure-handling failure_handling_profile_name 
          service name type service_name_type 
             responsetimeout responsetimeout_value 
             message type message_type 
                status-code httpv2 httpv2_status_code 
                   retry retry_count 
                   action retry-and-terminate  
                   end 

NOTES:

  • profile nf-client-failure nf-type nf_type_name —Specify the failure handling profile for an EIR NF client.

  • profile failure-handling failure_handling_profile_name —Associates a failure handling profile with the NF client.

  • service name type service_name_type —Specify the service name and type associated with the failure handling profile.

  • responsetimeout responsetimeout_value —Specifies response timeout value for the service.

  • message type message_type —Specify the type of message for which the failure handling actions are being configured.

  • status-code httpv2 httpv2_status_code —Specify the HTTP status codes that triggers the failure handling actions.

  • retry retry_count —Specify the number of retry attempts for the specific status codes.

  • action retry-and-terminate —Specify the action to take after the retry attempts are exhausted.

OAM Support for EIR

This section describes operations, administration, and maintenance support for this feature.

Bulk Statistics Support for EIR

The following statistics are supported for the EIR feature.

n17_service_stats

Following are the stats records under nl1_service_stats.

Messages

Metrics Message Type

CheckEquipmentIdentity Req & Rsp

N17EquipmentStatusCheckReq

N17EquipmentStatusCheckRsp

Following are the examples of stats output:

  • N17_service_stats{app_name="AMF", cluster="clu1", 
    data_center="dc1", instance_id="0", message_type=" 
    N17EquipmentStatusCheckReq", reason="", roaming_status="HOMER", 
    service_name="amf-service", slice_data="_2-333333", status="success"}
     1
  • N17_service_stats{app_name="AMF", cluster="clu1", 
    data_center="dc1", instance_id="0", message_type=" 
    N17EquipmentStatusCheckRsp", reason="BLACKLISTED", 
    roaming_status="HOMER", service_name="amf-service", 
    slice_data="_2-333333", status="success"} 1