SCP Model-D

SCP Model-D - Feature Description

Table 1. Feature History

Feature Name

Release Information

Description

NF Discovery based on Preferred Locality

2025.03.0

AMF includes the "3gpp-Sbi-Discovery-preferred-locality" HTTP header when communicating with the SCP. By populating this header, AMF enables more efficient NF selection based on locality during peer NF discovery, resulting in optimized network function interactions and improved service delivery.

Note

 

This feature is not fully qualified in this release. For more information, contact your Cisco Account representative.

Service Communication Proxy (SCP) Model-D for Peer Node Communication

2025.01.0

SCP is the routing control point that mediates all signaling and control plane messages in the network core. SCP is responsible for optimizing routing of NF discovery requests to the Network Repository Function (NRF), load balancing, traffic prioritization, and message management.

Command introduced:

nf-selection-model nf_model_priority [ local | nrf-query | scp ] — Used for selection of NF model and its priority for NF peer communication.

Default Setting: Disabled – Configuration Required

SCP Model-D

Service Communication Proxy (SCP) Model-D is a communication model where the SCP handles discovery and selection of suitable NF instances on behalf of the consumer NF. This model simplifies the configuration for the consumer and enhances routing efficiency. SCP Model-D support enables the AMF to use an SCP for discovering and routing requests to the appropriate NF instances. The SCP performs discovery with an NRF and routes the request based on the discovery result.


Note


AMF supports indirect communication using SCP with AUSF, UDM, PCF, SMF, LMF, GMLC, SMSF, EIR, CBCF peers, and another AMF.


SCP Model D - Key Parameters

Following are the key parameters for SCP model-D:

Authority Header

AMF includes the authority HTTP header in the messages to SCP. This header is populated:

  • If the scheme is "http," the authority carries either the FQDN or the IP address, with priority given to the IP address configuration.

3GPP-SBI-Discovery Header

AMF includes 3gpp-Sbi-Discovery for each of the query parameters configured under the network element profile in the following format:

3gpp-Sbi-Discovery-<query-param>

3gpp-Sbi-Discovery-notification-type is used for notifications corresponding to default notification subscriptions.

Example: N1_MESSAGES used for N1MessageNotify.

3GPP-SBI-target-apiroot

While sending notification to peer NF, AMF replaces the "api root" of the "target api" with the "scp api root" and includes the "target api root" in the "3gpp-sbi-target-apiRoot" header.

3GPP-SBI-Callback Header

AMF populates the "3gpp-Sbi-Callback" header in callback requests with the callback service name to allow the SCP to provide differentiated services.

Following is the format for "3gpp-Sbi-Callback" header:

"N<NF>_<service name>_<name of the callback service operation in the corresponding OpenAPI specification file>"

Server Header

AMF includes a Server header in all error responses to peer NFs to indicate the source of the error.

Server header format: AMF-”nf-instance-id”

Example: AMF-”54804518-4191-46b3-955c-ac631f953ed8”

When AMF acts as a client and receives an error response, it extracts the NFType from the server header and triggers SCP failure handling. See Configure SCP Model-D Failure Handling for configuration details.

3GPP-SBI-Producer-Id and 3GPP-SBI-Discovery-target-nf-instance-id

The 3gpp-producer-id received from the NF peer is included by the AMF in subsequent messages to the peer NF for the same service and session.

Deployment Specific API Prefix

AMF supports deployment-specific API Prefixes for SCP model-D.

FQDN

AMF supports SCP model D for peer NF communication using IP address or FQDN address. This section describes about the FQDN support in AMF.

FQDN support simplifies network management and enhances security by using domain names instead of IP addresses for communication between NFs.

Following are the key consideration for FQDN interaction with SCP Model-D.

  • NRF registration with FQDN: Register AMF with the Network Repository Function (NRF) using FQDN.

  • FQDN support for default notification subscription: Ensure FQDN is used during NRF registration for notification subscriptions.

  • Callback URI: Include both FQDN and the deployment-specific API prefix in the callback URI.

  • Port Inclusion with FQDN: AMF appends the port to the FQDN in all callback URIs. This is relevant for the default subscription and the path specified in the HTTP location header, configured under vip-port or vip-ipv6-port within endpoint-sbi.

  • AMF stores the FQDN address received in the location header. When sending messages to a peer NF via SCP, AMF includes the FQDN in the 3gpp-sbi-target-apiRoot for subsequent messages.

A configuration update in SCP introduces the option to set up the SCP peer FQDN within the endpoint configuration.


Note


AMF provides the capability to configure a port alongside the FQDN. If a port is not specified, the system uses the standard port by default.


  • If the SCP peer URI scheme is configured as HTTP, AMF prioritizes the IP address. AMF uses FQDN only if the IP address is not configured.

  • AMF performs DNS resolution to obtain the SCP peer IP address. Core DNS must be configured with the DNS server address to facilitate this resolution. AMF randomly selects the servers returned by core DNS. For more information, see UCC SMI Operations Guide > clusters configuration command reference for configuration details.

  • AMF prioritizes an endpoint-profile with a resolved FQDN over one with an unresolved FQDN. See Configure SCP for Peer NF Communication for configuration details.

  • If the selected endpoint profile is not able to resolve IP for the FQDN, then Failure handling configuration is applied while sending the message to the peer NF.

Dead SCP detection

The existing dead peer detection framework in AMF is extended to detect a dead SCP. Following is the sample configuration for dead SCP detection:

client outbound host ping timeout 3000
       client outbound host ping interval 5000
       client outbound interface scp
 	 host ping timeout 3000
 	 host ping interval 5000
         exit

SCP Model-D Limitations

Following are the limitations of this feature:

  • AMF does not support discovery of the SCP peer. SCP peer must be configured statically.

  • AMF does not support roaming functionality for SCP Model D deployment.

  • AMF failure handling does not support fallback to Model B from Model D.

  • AMF does not support TLS, MTLS, and OAuth for SCP Model D deployment.

  • To enable or disable SCP Model-D functionality, system shutdown and restart is required.

  • AMF supports FQDN deployment with SCP Model-D only and not with Model-A and Model-B.

  • AMF failure handling does not support fallback to Model A from Model D for FQDN deployment.

  • DNS cache is not preserved in case of pod restart. Hence, subequent message require DNS resoltuion.

SCP Model-D Configuration

By default, AMF does NRF discovery to select the NF Peer like UDM, AUSF, PCF, SMF, and so on. If NRF discovery fails and if local configuration is available for the peer, AMF selects the local configured peer.

For Model D implementation, configuration is provided where operator can configure to invoke Model-D based communication with peer.

Configure SCP Profile and Associate Profile with Operator Policy

The operator policy includes a configuration to associate an SCP profile. If the network-element profile has the nf-selection-model priority set to <scp>, it uses the SCP profile associated with the operator policy for that session. If no SCP profile is associated, it falls back to model-A.

Procedure


Step 1

Enter the operator-policy configuration mode.

operator-policy policy_name

Step 2

Configure the network-element-profile-list for SCP under operator-policy.

network-element-profile-list scp profile_name

Step 3

Save and commit the configuration.


Configure SCP Network Element Profile

To configure a "network-element" profile for SCP and associate the scp "nf-client-profile" and "failure-handling-profile", Use the following configuration:

Procedure


Step 1

Enter the profile network-element configuration mode.

profile network-element scp scp_profile_name

Specify the SCP as the network element profile. scp_profile_name must an alphanumeric string representing the corresponding network element profile name.

Step 2

Configure the nf-client-profile for SCP under profile network-element.

nf-client-profile scp_client_profile_name

Specify the SCP client profile. scp_client_profile_name must an alphanumeric string representing the corresponding NF client profile name.

Step 3

Configure the failure-handling-profile for SCP under profile network-element.

failure-handling-profile failure_handling_scp_profile_name

Specify the SCP failure handling network profile for the configured SCP. failure_handling_scp_profile_name must an alphanumeric string representing the corresponding SCP failure handling network profile name.

Step 4

Configure the discovery-params option under profile network-element scp.

discovery-params [ service-names ]

The "3gpp-Sbi-Discovery-service-names" HTTP header is sent as a plain string to the SCP, but only when you configure the discovery-params [ service-names ] within the SCP network element profile.

Example:

3gpp-sbi-discovery-service-names : nsmf-pdusession

Step 5

Save and commit the configuration.


Configure SCP for Peer NF Communication

To configure SCP for NF communication, use the following configuration:

Procedure


Step 1

Enter the configuration mode and define the nf-client nf-type profile.

profile nf-client nf-type scp

Step 2

Configure the scp-profile under nf-client nf-type profile.

scp-profile scp_profile_name

Example:

scp-profile scp-profile1

Step 3

Configure the locality details for SCP profile.

locality locality_name

Example:

locality LOC1

Step 4

Configure the priority value of the locality.

priority priority_value

Example:

priority 30

Step 5

Configure the service name type.

service name type service_name_type_value

Example:

service name type nudm-sdm

Step 6

Configure the responsetimeout value for the service.

responsetimeout responsetimeout_value

Example:

responsetimeout 4000

Step 7

Configure the endpoint-profile for the service.

endpoint-profile endpoint-profile_name

Example:

endpoint-profile EP1

Step 8

Configure the capacity value for the endpoint profile.

capacity capacity_value

Example:

capacity 30

Step 9

Configure the priority value for the endpoint profile.

priority priority_value

Example:

priority 10

Step 10

Configure the api-root to specify the deployment-specific API prefix for SCP peer under the endpoint configuration.

api-root prefix

Step 11

Configure the uri-scheme for the endpoint profile.

uri-scheme uri_scheme_value

Example:

uri-scheme http

Step 12

Configure the endpoint-name for the endpoint profile.

endpoint-name endpoint_name

Example:

endpoint-name EP1

Step 13

Configure the priority value for the endpoint name.

priority priority_value

Example:

priority 10

Step 14

Configure the capacity value for the endpoint name.

capacity capacity_value

Example:

capacity 30

Step 15

Configure the capacity value for the endpoint name.

capacity capacity_value

Example:

capacity 30

Step 16

Configure the ipv4 address for the endpoint name.

primary ip-address ipv4 ipv4_address

Example:

primary ip-address ipv4 209.165.202.133

Step 17

Configure the ipv4 port for the endpoint name.

primary ip-address port port _number

Example:

primary ip-address port 8080

Note

 

If SCP peer FQDN is known, you can configure FQDN instead of primary/secondary IP address.

Step 18

Configure the fqdn for the endpoint name.

fqdn fqdn _address | port fqdn_port

Port is an optional configuration.

Step 19

Save and commit the configuration.

This command lets you to either commit or ignore the configurations. Entering yes allows you to save or modify the configurations.

Configure SCP Model-D Failure Handling


Note


SCP Model-D failure handling is applicable for both IP and FQDN deployemnts.


Under nf-client-failure, a new nf-type called SCP is added. In this context, you can configure AMF actions for each message type (like UdmRegistrationReq) under each service type (like nudm-uecm) when you receive an HTTP error status code. You can also specify the action for the behavior when the server header indicates SCP, and you can define the nf-action for the behavior when the server header indicates NF peers such as UDM or AUSF.

AMF identifies the source of an error by examining the server header field in the error response.

  • In case of HTTP timeout or the HTTP server header is missing or includes SCP:

    • The AMF selects a different SCP endpoint and retries if the retry count is at least 1 and the action is set to either retry-and-continue, retry-and-ignore, retry-and-terminate, or retry-and-fallback.

    • If all retry attempts fail, the AMF falls back from model-D to model-A, provided the action in SCP failure handling is retry-and-fallback and the nf-client configuration for the peer exists. Once it falls back, any failure is managed according to the NF failure handling configuration.

  • If the HTTP server header includes target NF:

    • AMF handles the failure based on nf-action configured. If retry-and-* is configured and retry count value is at least one, then AMF executes the retry action.

  • In case of NF discovery errors between the SCP and NRF, the SCP may set the cause as NRF_NOT_REACHABLE or NF_DISCOVERY_ERROR. In such cases, AMF falls back to Model-A, if configured.

To configure SCP Model-D failure handling, use the following configuration:

Procedure


Step 1

Enter the configuration mode to configure the NF type required after the NF client failure.

profile nf-client-failure nf-type scp

Step 2

Configure the failure handling profile for the NF client.

profile failure-handling failure_handling_profile_name

Example:

profile failure-handling FH1

Step 3

Configure the service name type for the NF client.

service name type service_name_type_value

Example:

service name type nausf-auth

Step 4

Configure the responsetimeout value for the service.

responsetimeout responsetimeout_value

Example:

responsetimeout 1500

Step 5

Configure the message type for the service.

message type message_type

Example:

message type AusfAuthenticationReq

Step 6

Configure the httpv2 status-code for the service.

status-code httpv2 status_code

Example:

status-code httpv2 504

Status code can have the following variations:

  • Single value, example: 504

  • Range, example: 500-509

  • Multiple, example: 404,500,504

Step 7

Configure the retry value for the service.

retry retry_value

Example:

retry 1

Step 8

Configure the various action if the source of error is SCP.

action {continue | retry-and-continue | retry-and-fallback | retry-and-ignore | retry-and-terminate | terminate}

Step 9

Configure the NF failure action if server header indicates that the source of error is from target NF peer.

nf-action [ continue | retry-and-fallback | retry-and-ignore | terminate ]

Step 10

Save and commit the configuration.

This command lets you to either commit or ignore the configurations. Entering yes allows you to save or modify the configurations.

Configure DNS Failure Handling

AMF applies the failure handling procedures to determine further actions in the event of a DNS resolution failure.

  • Failure handling applies when sending a message to the peer NF if the selected endpoint profile cannot resolve an IP address for the FQDN.

  • The retry action applies from starting while resolving the next FQDN.

  • Retrying to the next unresolved FQDN is considered if the configured action includes any retry actions.

  • If DNS query returns multiple IP address, then retransmission is attempted to other IPs in the list in random order without any specific priority.

  • If multiple endpoints are configured, then AMF resolves the FQDN configured under other endpoints if the retry attempt configuration permits it.

  • If failure handling is configured with retry and DNS resolution does not return an alternate address, the AMF takes the post-retry action.

To configre the DNS failure handling, use the following configuration.

Procedure

Step 1

Enter the configuration mode to configure the NF type required after the NF client failure.

profile nf-client-failure nf-type scp

Step 2

Configure the failure handling profile for the NF client.

profile failure-handling failure_handling_profile_name

Example:
profile failure-handling FH1

Step 3

Configure the service name type under the failure-handling profile.

service name type service_name_type

Step 4

Configure the message type under the service name type.

message type message_type

Step 5

Set the status code under the message type.

status-code dns any

Step 6

Set the retry count for failure handling.

retry number_of_retries

Step 7

Configure the actions for the failure handling.

action [ terminate | retry-and-continue | retry-and-ignore ]

Step 8

Save and commit the configuration.

This command lets you to either commit or ignore the configurations. Entering yes allows you to save or modify the configurations.

Configure AMF FQDN

AMF supports FQDN configuration under the endpoint SBI, as shown in the following sample configuration.

Procedure


Step 1

Enter the instance configuration mode.

instance instance-id instance_id

Step 2

Configure the endpoint for the instance.

endpoint endpoint_name

Specify sbi as the endpoint type for the instance.

Step 3

Set the URI scheme for the instance.

uri-scheme uri_scheme_name

Choose either http or https as the URI protocol for the instance.

Step 4

Configure the VIP IP and port for the instance.

vip-ip vip_ip_address | vip-port port_number

Example:

vip-ip 1.1.1.1 | vip-port 8091

Default value for port is 8090 if no port is configured.

Step 5

Configure the VIP IPV6 and port for the instance.

vip-ipv6 vip_ipv6_address | vip-ipv6-port port_number

Example:

vip-ipv6 1::1 | vip-port 8090

Default value for port is 8090 if no port is configured.

Step 6

Set the FQDN for AMF instance.

fqdn fqdn_address

Step 7

Save and commit the configuration.

This command lets you to either commit or ignore the configurations. Entering yes allows you to save or modify the configurations.

Enable SCP Model-D

Use this procedure to enable the SCP model-D for peer communication at the network-element profile level.

Procedure


Step 1

Enter the network-element profile configuration mode.

profile network-element network_element_name

Example:

[amf] amf# config 
[amf] amf(config)# profile network-element smf SMF1 

Step 2

Configure the NF client profile under network-element profile.

nf-client-profile client_profile_name

Note

 

nf-client-profile is applicable for Model A.

Example:

nf-client-profile SMF1

Step 3

Configure the failure handling profile under network-element profile.

failure-handling-profile failure_handling_profile_name

Note

 

failure-handling-profile is applicable for Model A and Model B.

Example:

failure-handling-profile FH1

Step 4

Specify the NF selection model and its priority under network-element profile.

nf-selection-model nf_model_priority [ local | nrf-query | scp ]

Following are the details of commands that are listed in the preceding CLI:

  • local : Refers to Model-A.

  • nrf-query : Refers to Model-B.

  • scp : Refers to Model-D.

Example:

nf-selection-model 1 scp

Step 5

Specify the additional query parameters for the network element configuration.

query-params [ queryparam1 queryparam2 ]

Example:

query-params [ dnn target-plmn snssais pgwfqdn requester-plmn ]

Step 6

Save and commit the configuration.

This command lets you to either commit or ignore the configurations. Entering yes allows you to save or modify the configurations.

Configure AMF Deployment Prefix API

To configure AMF's deployment prefix API, use the following steps:

Procedure


Step 1

Enter the service configuration mode.

amf-service service_name

Step 2

Configure the API root for the deployment.

api-root deployment_prefix

Step 3

Save and commit the configuration.

This command lets you to either commit or ignore the configurations. Entering yes allows you to save or modify the configurations.

Enable Preferred Locality

To enable the "3gpp-Sbi-Discovery-preferred-locality" header for SCP, ensure that the "locality client" configuration parameter in the "profile nf-pair" for the target NF, such as AUSF or UDM, matches the "locality client" configuration parameter in "amf-services".

To configure the preferred locality under the profile nf-pair , use the following configuration:

Procedure


Step 1

Enter the configuration mode to configure the NF pair with the specified NF type.

profile nf-pair nf-type nf_type_name

Step 2

Configure the locality for the client-side of the NF pair.

locality client client_locality_name

Step 3

Configure the preferred server locality for the NF pair.

locality preferred-server preferred_server_name

Step 4

Configure the geographic server locality for the NF pair.

locality geo-server geographic_server_location

Step 5

Save and commit the configuration.

Note

 

To disable the header to SCP for the designated target NF, simply remove the locality preferred-server configuration from the profile nf-pair settings for that target NF.


OAM Support

This section describes operations, administration, and maintenance information regarding the SCP mdel-D and FQDN feature in AMF.

Bulk Statistics Support

  • SCP Model-D Stats:

    Support is added for NfType=SCP in existing stats for number of message sent through SCP to target NF.

    Example:

    nf_endpoint_selections_total{message_type="SmfSmContextCreate", 
    nf_type="scp”,svc_name="nsmf-pdusession",host="172.16.186.10:8030", 
    result="result_201"}
    nf_resp_sent_messages_total{nf_type="SCP",svc_name="nsmf-pdusession",
    message_type="SmfSmContextCreate",result="SendSuccess",status_code="201"}

    Note


    For DNS failure in "nf_resp_sent_messages_total" stats, status_code is dns_failure.


  • FQDN Stats

    If you configure the following CLI then FQDN label in stats is populated, if not configured then FQDN label is not populated and is empty in the stats.
    infra metrics verbose application
    metrics fqdn_dns_msg_total
    granular-labels [ fqdn ]
    exit
    
    • Metrics for Request Sent to CoreDNS for DNS Resolution:

      • dns_request_total: Monitors the number of requests sent to CoreDNS.

      • dns_response_total: Monitors the number of successful and failed responses received from CoreDNS.

        Example: Following are the exmples of "dns_request_total" and "dns_responseq_total" stats.

        dns_request_total{app_name="AMF", attempt="first", 
        cluster="clul", data_center="dc1", fqdn="cisco.udm.scp.org", 
        instance_id="1", method_name="get", service_name="amf-rest-ep", type="ipv6"}
        dns_request_total {app_name="AMF", attempt="retry",
        cluster="clu1", data_center="dc1",fqdn="cisco.udm.scp.org",
        instance_id="1", method_name="unresolved-get", 
        service_name="amf-rest-ep",type="ipv4"}
        dns_request_total{app_name="AMF",attempt="second", 
        cluster="clu1",data_center="dc1", fqdn="cisco.udm.scp.org",
        instance_id="1", method_name="get", service_name="amf-rest-ep", type="ipv4"}
        dns_request_total{app_name="AMF" ,attempt="third", 
        cluster="clu1" ,data_center="dc1", fqdn="cisco.udm.scp.org", instance_id="1",
        method_name="get", service_name="amf-rest-ep", type="ipv4"}
        dns_response_total{app_name="AMF",attempt="first",
        cluster="clu1",data_center="dc1",fadn="cisco.udm.scp.org",
        instance_id="0",method_name="get",service_name="amf-rest-ep" , 
        status="success" , status_code="",type="ipv4"}
        dns_response_total {app_name="AMF",attempt="retry",
        cluster="clu1", data_center="dc1",fadn="cisco.udm.scp.org",
        instance_id="0",method_name="unresolved-get" , 
        service_name="amf-rest-ep" ,status="error",
        status_code="Ipv6NotFound",type="ipv6"}
        dns_response_total {app_name="AMF", attempt="retry",
        Cluster="clul",data_center="dc1",fadn="cisco.udm.scp.org",
        instance_id="0", method_name="unresolved-get" , service_name="amf-rest-ep" ,
        status="error", status_code="read udp 192.168.12.42:55049->10.96.0.10:53: 
        i/o timeout",type="ipv4"}
        dns_response_total{app_name="AMF",attempt="third",
        cluster="clu1",data_center="dc1",fadn="cisco.udm.scp.org",
        instance_id="0", method_name="get",service_name="amf-rest-ep" , 
        status="success" , status_code="",type="ipv4"}
    • DNS Resolution Stats at Service Level:

      • fqdn_dns_msg_total: Tracks the Attempted/Success/Failure status of FQDNs by the application.

        When the status is "attempted" or "success", the error stat field is empty. It contains a code only when the status is "failure".

        When the value for label "req" is "resolution" in the stats, it indicates that the AMF performed a DNS query to resolve the FQDN. On the other hand, if the value for label "req" is "cache" means that the IP address for the FQDN is already present in the internal cache.

        Following is an example of the sample metrics:

        fqdn_dns_msg_total{app_name="AMF",cluster="AMF",data_center="DC",
        error="",fqdn="host1.satya-test.com",instance_id="1",nf_type="SCP",req="resolution",
        service_name="rest-ep",status="attempted",svc_name="nudm-sdm"}
        
        fqdn_dns_msg_total{app_name="AMF",cluster="AMF",data_center="DC",
        error="",fqdn="host1.satya-test.com",instance_id="1",nf_type="SCP",
        req="resolution",service_name="rest-ep",status="success",svc_name="nudm-sdm"}
        
        fqdn_dns_msg_total{app_name="AMF",cluster="AMF",data_center="DC",
        error="8312",fqdn="seth.com",instance_id="1",nf_type="SCP",req="resolution",
        service_name="rest-ep",status="failure",svc_name="nudm-uecm"}