The first thing to observe is that this architecture is radio network (RAN) agnostic since both the Cellular and Wi-Fi access use the same interfaces (N1, N2, and N3).

Furthermore, 5G has adopted an EAP-based authentication framework (EAP-AKA’ or 5G-AKA), similar to Wi-Fi, for user equipment (UE) authentication with the 5G core.

The 5G signaling and user traffic are transported over IPsec tunnels established between the device, aka user equipment (UE), and the gateway functions (N3IWF, TWIF, and TNGF).

The GPRS Tunneling Protocol (GTP) encapsulation creates tunnels for traffic between the gateway functions and the user plane function (UPF), aka packet gateway.

Network Functions for Wi-Fi Access

Let’s now examine the new functions for Wi-Fi access (non-3GPP access). Please note that these functions are not the same as physical gateways. In practice, these functions could all reside in the same gateway.

Non-3GPP Interworking Function (N3IWF)

The Non-3GPP Interworking Function (N3IWF) is a crucial component in the 5G architecture that enables seamless connectivity between 5G networks and untrusted non-3GPP networks, such as a Wi-Fi network not trusted by the mobile operator.

The N3IWF is the IPsec tunnel terminating node for 5G, similar to the ePDG in 4G. It is located in the Mobile Core and communicates with the Access and Mobility Management Function (AMF) control plane over the N2 interface. For the data plane, it communicates with the User Plane Function (UPF) over the N3 interface.

Because it works transparently with any Wi-Fi network, it is the gateway of choice for Wi-Fi Calling but can also be used for all types of data traffic.

Key functions include:

• Provides a secure gateway to the operator’s 5G
  network for non-3GPP access.
• Establishes IPsec tunnels between the UE and
  N3IWF for secure communication.
• Handles user equipment registration (UE) with the
  5G Core.
• Manages the establishment of Protocol Data Unit
  (PDU) sessions.
• Facilitates data transfer between the UE and the
  data network.

Trusted Non-3GPP Gateway Function (TNGF)

The trusted non-3GPP Gateway Function (TNGF) plays a crucial role in integrating trusted non-3GPP networks, such as a Wi-Fi network trusted by the mobile operator, with the 5G Core Network, providing a secure and standardized way to extend 5G services beyond the traditional cellular network.

The TNGF is, for 5G, the equivalent to the Wireless Access Gateway (WAG) used for trusted access to the 4G Core. The TNGF is located in a trusted environment, often the Wi-Fi network, and communicates with the AMF control plane over the N2 interface. For the data plane, it communicates with the User Plane Function (UPF) over the N3 interface.

The device and the TNGF are connected using an IPsec tunnel with null encryption, more about this later. After successful authentication, a TNGF key is established between TNGF and the device, aka user equipment (UE). Another key is derived from the TNGF key and sent to the Wi-Fi Access Point (AP) for Wi-Fi layer-2 security (WPA2/WPA3).

Trusted WLAN Interworking Function (TWIF)

The trusted WLAN Interworking Function (TWIF) is a 5G function for interoperability with legacy devices. This resolves the contingency that some devices may support 5G SIM authentication but do not support 5G NAS signaling over trusted Wi-Fi access. These devices lack the support for the EAP-5G and IKEv2 protocols, meaning they cannot directly communicate with the 5G core network using the N1 interface over Wi-Fi. 3GPP refers to such devices as non-5G-Capable over WLAN (N5CW). The TWIF contains the NAS protocol stack and exchanges NAS messages with the AMF on behalf of these types of devices.

The TWIF is located in a trusted environment, often the Wi-Fi Network, and communicates with the Access and Mobility Management Function (AMF) control plane over the N1 and N2 interface. For the data plane, it communicates with the User Plane Function (UPF) over the N3 interface. Just as in the case of TNGF, the device connects with the TWIF using an IPsec tunnel with NULL encryption.

Other 5G Network Functions

There are also other 5G network functions in play for Wi-Fi integration, we will mention them briefly here:

• Access and Mobility Management Function (AMF): A control plane function acting as a central hub of the 5G core network. It primarily manages user access and mobility.
• Session Management Function (SMF): A control plane function responsible for session
  management in the 5G core network.
• Authentication Server Function (AUSF): Is responsible for authentication and security-related functions in the 5G core network.
• Unified Data Management (UDM): A centralizedway to manage network user data in 5G. Policy Control Function (PCF): The PCF evolved from the Policy and Charging Rules Function (PCRF) in 4G networks. It is responsible for policy control and management in 5G networks.
• Charging Function (CHF): This function generates charging data and billing information for 5G network usage.

Control- and User Plane Interfaces – How It is All Connected

For Cellular networks, the N2 and N3 interfaces connect the base station (gNB) with the AMF and UPF. For Wi-Fi, they use the non-3GPP interworking and gateway functions (N3IWF, TNGF, TWIF) to connect with the AMF and UPF.

5G introduces a new principle for non-3GPP access. Multiple non-access stratum (NAS) connections over the N1 interface make simultaneous connections via cellular and Wi-Fi possible. This is a prerequisite for the new ATSSS (Access Traffic Steering, Switching, and Splitting) specification. The same authentication procedures, EAP-AKA′ and 5G-AKA are used for both Cellular and Wi-Fi.

New EAP Protocol and Unusual Use of IPsec

A new protocol, EAP-5G, has been introduced to support NAS messages over Wi-Fi networks through the N1 interface. The IKEv2 protocol is utilized to establish an IPsec SA tunnel between the device and the gateway functions (N3IWF, TNGF, and TWIF). The EAP-5G protocol then encapsulates NAS messages over the IKEv2 protocol.

Another interesting new principle is the use of IPsec SA also for trusted Wi-Fi networks. Why would you want to use an IPsec connection in a secure Wi-Fi network? The IPsec tunnel, with NULL encryption to avoid duplicated encryption, primarily serves for integrity protection and as a consistent framework for both untrusted and trusted Wi-Fi access. Implementations in devices and gateways with dual support for both trusted and untrusted access will be easier to implement.

N1 Control Plane Interface

The N1 is a control plane interface between the device (User Equipment – UE) and the Access and Mobility Management Function (AMF). It handles Non-Access Stratum (NAS) signaling between the UE and the AMF in the 5G Core Network. The AMF is primarily used for authentication and mobility management.

The N1 interface is used both for Cellular and Wi-Fi for 5G-capable devices. Although the N1 signaling passes through the Radio Access Network (RAN), it is transparent to the RAN and is not processed by the intermediate network elements such as the N3IWF and the TNGF.
The N1 interface plays a crucial role in enabling UEs to communicate with the 5G Core Network for various control plane functions, ensuring proper connectivity, mobility, and service access.

These are the main functions N1 enables:

• Registration management: The N1 interface is used for managing the process of registering and de-registering a UE with the 5G network.
• Connection management: It manages the connection between the UE and the network, handling procedures for establishing and maintaining connectivity.
• Session management: It handles messages and procedures related to session management, such as establishing and terminating PDU sessions.
• Mobility management: The N1 interface supports mobility-related signaling to maintain knowledge of a UE’s location within the network.
• Security procedures: It is used for securityrelated signaling, including authentication and key agreement procedures.

N2 Control Plane Interface

The N2 is the control plane interface between the cellular or Wi-Fi access networks and the 5G Core Network. It carries Next Generation Application Protocol (NGAP) messages between the RAN (cellular and Wi-Fi) and the AMF. NGAP handles the exchange of control information related to the establishment, modification, and release of connections between gNBs and the AMF for cellular and between the gateway functions (N3IWF, TWIF, and TNGF) and the AMF for Wi-Fi.

The N2 interface is crucial for enabling communication and coordination between the radio access network and the 5G core network. It supports a wide range of control plane functions necessary for network operation and management:

• PDU session/resource management: The N2 interface handles procedures for managing PDU sessions and network resources.
• UE context management: It supports procedures related to managing UE contexts in the network.
• Mobility management: It facilitates mobilityrelated signaling, including handovers between base stations (gNB) in the 5G network.

N3 Data Plane Interface

The N3 is the data plane interface between the access network and the User Plane Function (UPF) in the 5G Core. The UPF is the packet gateway that transports data to the internet.

As discussed, traffic is delivered to the UPF through tunnels created by GTP encapsulation. Each subscriber will have one or more GTP tunnels, one for each active PDU session. The GTP tunnels are identified by a TEID (Tunnel Endpoint Identifier) in the GTP messages. The GTP tunnel is updated when a user moves between Wi-Fi and cellular networks to maintain session continuity.

Will 5G Operators Embrace Wi-Fi Offloading?

The answer is “yes likely,” and there are a few reasons why:

1. Increased Need for Indoor Coverage: As highlighted in our white paper, Wi-Fi in the 5G Era, the demand for reliable indoor coverage is
   driving operators to lean more heavily on Wi-Fi as a complementary solution to 5G, particularly in challenging indoor environments.
2. Emergence of Carrier-Grade Wi-Fi: A new generation of carrier-grade Wi-Fi (Wi-Fi 6, 6E, and 7) brings advanced features like OFDMA scheduling. With Wi-Fi 6E and Wi-Fi 7 operating in the 6 GHz band, the available spectrum for Wi-Fi has tripled. As a result, Wi-Fi is evolving from a “best-effort” solution to a more reliable, carrier-class option.

Will 5G Operators Backhaul the Wi-Fi Offloading Traffic to the Mobile Core?

The answer is “maybe,” largely depending on the adoption of the Access Traffic Steering, Switching & Splitting (ATSSS) standard by device manufacturers. Without ATSSS, there is limited incentive to backhaul Wi-Fi offloading traffic to the mobile core. Instead, the industry is expected to continue with local traffic breakout for Wi-Fi offloading and reserve backhauling primarily for Wi-Fi Calling.

However, if widely adopted, ATSSS could provide a compelling reason for operators to backhaul all traffic. Most web applications do not currently support multipath streaming (using both Wi-Fi and cellular connections simultaneously), requiring an aggregation point to merge these streams. The Packet Gateway in the Mobile Core (UPF) is well-positioned to serve this function. Nonetheless, history suggests that many promising 3GPP standards do not achieve widespread deployment. For a deeper dive, see our upcoming post on Will ATSSS Be the Future of Wi-Fi and Cellular Convergence?