Overview
This feature introduces enhanced handling for HTTP status code 429 (Too Many Requests) within the Session Management Function
(SMF), specifically by implementing a peer blocklisting mechanism during network congestion.
In releases before 2025.03.0, the SMF treated HTTP 429 errors like any other HTTP error, using a standard failure handling
template. This feature provides a dedicated and intelligent way to respond to 429 errors when received from the Service Communication
Proxy (SCP), especially when accompanied by a retry-after
timer. It allows the SMF to temporarily block (blocklist) congested peer Network Functions (NFs) to prevent further requests
from being sent to them
How it works
When the SMF receives an HTTP 429 error from the SCP, particularly with the NF_CONGESTION_RISK cause and a retry-after timer, it can now blocklist the congested peer. The failure handling configuration is extended to include an action-list
with an action-type
of blocklist-peer
. The retry-after
duration, if provided in the HTTP header, takes precedence for how long the peer remains blocklisted. A new internal cache
is used to store the status and timestamp of blocklisted peers. The SMF consults this cache before sending new requests or
handling active calls, avoiding blocklisted NFs.
Information About HTTP 429 Congestion Handling with Peer Blocklisting
The SMF now supports HTTP status code 429 within its NF failure handling configuration and SCP failure handling. For 429 errors,
the configured action can be continue
, retry
, or terminate
.
A new action-list
is supported specifically for status code 429. Within this action-list
, the action-type
blocklist-peer
is supported, which can optionally include a retry-after
attribute. The retry-after
HTTP header received in the error response is given priority over any locally configured retry-after
duration.
A peer is blocklisted for the duration specified by the retry-after
value received in the response or configured locally. This blocklisting applies specifically when the 429 error response
is received from the SCP (indicating the SCP itself is congested). If a 429 error is received from a target peer, the existing
failure handling configuration for that peer will be applied instead.
A new cache is implemented to store NF-specific information, including the peer's status (for example, blocklisted) and the
timestamp of when it was blocklisted. This cache stores information for both discovered and locally configured peers. Blocklisting
is applied at the NfInstance
level, meaning if an IP address supports multiple services, the entire instance is blocklisted.
While a peer is blocklisted, Diameter Peer Discovery (DPD) is not activated, and no pings are initiated to that peer. The
blocklisted status for a discovered peer is removed if the Network Repository Function (NRF) sends a Deregister Notification
or ProfileChanged Notification that changes the NF's status to suspended, or if a DPD failure is detected.

Note
|
Since DPD is disabled for the blocklisted peers, such peers are not displayed in the output of the show peers all command. Once DPD is resumed, it is displayed.
|
The SMF checks for the blocklisted status and its expiry timestamp before selecting an NF for both new and active calls. The
SMF will still handle incoming requests from a blocklisted peer and respond to them; however, receiving an incoming message
from a blocklisted peer will not result in it being whitelisted. If an incoming message from a blocklisted peer triggers an
outbound request to that same peer, the SMF will refrain from sending the outbound request.
For scenarios where an application has only one endpoint (discovered or static) and it's blocklisted, or when all available
endpoints are blocklisted, a status-code internal
configuration can be used. If the action for status-code internal
is retry
, the system will look for available profiles in the local cache that are not blocklisted.
The blocklist cache is synchronized periodically within the same cluster but is not replicated to other clusters (no geo-replication).
Benefits of HTTP 429 Congestion Handling with Peer Blocklisting
-
Improved Network Stability: Prevents the SMF from continuously sending requests to already congested Network Functions (NFs), reducing the load on overloaded
peers.
-
Efficient Resource Utilization: By temporarily avoiding congested peers, the SMF can direct traffic to available and healthy NFs, optimizing overall network
resource usage.
-
Automated Congestion Response: Provides an automated mechanism to react to HTTP 429 errors and retry-after
headers, minimizing manual intervention during congestion events.
-
Enhanced Reliability: Contributes to a more robust and reliable network by intelligently managing traffic flow during overload situations.
Supported Scenarios
-
Network Overload Situations: Specifically designed for scenarios where the SCP (Service Communication Proxy) sends an HTTP 429 error code along with
a NF_CONGESTION_RISK
cause and a retry-after
timer, indicating congestion.
-
SCP-Initiated Congestion: The blocklisting mechanism applies when the 429 error response is received directly from the SCP, implying the SCP itself
is experiencing congestion
.
-
Single or All Endpoints Blocklisted: The status-code internal
configuration supports use cases where an application has only one endpoint (either discovered or static) that becomes blocklisted,
or when all available endpoints for an application are blocklisted.
Restrictions for HTTP 429 Congestion Handling with Peer Blocklisting
-
Retransmit Configuration Conflict: Users cannot configure retransmit along with an action-list
that includes a blocklist for a certain duration, as retransmit might attempt to re-select the same blocklisted peer.
-
retry-after
Requirement: The blocklist configuration will not be applied if the retry-after
duration is not available from either the configuration or the HTTP error response.
-
SCP Origin Limitation: Blocklisting only applies when the 429 error response is received from the SCP (that is, SCP itself is in congestion). If
the 429 is received from a target peer, the existing failure handling configured for that peer will be applied.
-
Parallel Processing: Due to parallel processing, it is possible that additional requests might briefly go to a blocklisted peer for a short duration
after blocklisting.
-
Ignoring Subsequent 429s: If a peer is already blocklisted, the SMF will ignore any new 429 responses received for that peer.
-
NRF Peer Congestion Handling: Congestion handling for NRF peers is not supported in the July release and is planned for an upcoming release.
-
Cache Replication: The blocklist cache is synchronized only within the same cluster and is not geo-replicated to other clusters.
-
Metric Type Limitation: A gauge metric is not supported for the nf_failure_handling_stats_total
statistic when labeled with status=blocklisted
.
Configuration Overview
The configuration for HTTP 429 Congestion Handling with Peer Blocklisting involves extending the existing NF failure handling
profiles. You will define a failure handling profile for a specific NF type, such as UDM, and within that profile, specify
actions for HTTP status code 429. This includes associating an action-list-profile
that defines the blocklist-peer
action type and its retry-after
duration.
This section shows how to configure the SMF to handle HTTP 429 status codes by blocklisting peers.
-
Define a Failure Handling Profile for an NF Client:
profile nf-client-failure nf-type udm
-
Create a Specific Failure Handling Profile:
profile failure-handling FHUDM
-
Specify Service Name and Type (for example, nudm-sdm):
service name type nudm-sdm
-
Configure Response Timeout (Optional):
responsetimeout 2300
-
Configure Message Type (for example, UdmSdmGetUESMSubscriptionData):
message type UdmSdmGetUESMSubscriptionData
-
Configure Action for HTTP Status Code 429:
status-code httpv2 429
action retry-and-continue
action-list-profile PA1
-
Configure Action for Internal Status Code (for example, blocklisted
):
status-code internal [blocklisted]
action { continue | terminate | retry }

Note
|
Replace { continue | terminate | retry } with the desired action.
|
-
Define the Action List Profile (for example, PA1):
profile action-list PA1
action-type blocklist-peer
retry-after <time in seconds>

Note
|
Replace <time in seconds> with the desired duration for blocklisting.
|
Verify HTTP 429 Congestion Handling with Peer Blocklisting
You can verify the blocklisted status of peers using the show peers application-data
command. Here is a sample output for the command.
The command output displays the blocklisted peers and theirs expiration-time in human readable format (e.g. Thu, 03 Jul 2025
05:15:06 UTC). The NFType and GrInstanceID is also displayed.
smf# show peers application-data
GR NF
INSTANCE PEER ADDRESS TYPE ADDITIONAL DETAILS
---------------------------------------------------------------------------------------------------
1 10.1.34.5:8010 SCP Blocklisted: Thu, 03 Jul 2025 05:48:31 UTC
0 1.1.1.1:8000 UDM Blocklisted: Thu, 03 Jul 2025 05:50:31 UTC
1 1.1.1.1:8001 UDM Blocklisted: Thu, 03 Jul 2025 05:45:31 UTC
0 1.1.1.2:8000 PCF Blocklisted: Thu, 03 Jul 2025 05:40:31 UTC
0 1.1.1.2:8001 PCF Blocklisted: Thu, 03 Jul 2025 05:38:31 UTC

Note
|
A blocklisted peer whose `retry-after` duration has expired is removed from the blocklist cache when it is next selected for
a transaction. Therefore, you might observe an expired blocklisted peer in the display until it is involved in a transaction.
|
Monitor RIB Metric Metric Translation
After configuring HTTP 429 Congestion Handling with Peer Blocklisting, you can monitor its activity through existing statistical
metrics. The existing stat metric `nf_failure_handling_stats_total` has been enhanced. You can use the label `status` with
the value `blocklisted` to monitor statistics related to blocklisted peers. This allows you to track the total count of instances
where peers have been blocklisted due to congestion handling.