5G Network Slicing

For devices running Android 12 or higher, Android provides support for 5G network slicing, the use of network virtualization to divide single network connections into multiple distinct virtual connections that provide different amounts of resources to different types of traffic. 5G network slicing allows network operators to dedicate a portion of the network to providing specific features for a particular segment of customers. Android 12 introduces the following 5G enterprise network slicing capabilities, which network operators can provide to their enterprise clients:

Enterprise device slicing for fully-managed devices

For enterprises who provide fully managed company devices to their employees, network providers can provide them with one active enterprise network slice where all traffic on the company devices are routed to. In Android 12, Android allows carriers to provide enterprise slices through URSP rules, instead of setting up slices through APNs.

Enterprise business app slicing for devices with work profiles

For enterprises using the work profile solution, Android 12 allows devices to route the traffic from all apps in the work profile to an enterprise network slice. Enterprises can enable this capability through a Device Policy Controller (DPC).

The work profile solution provides an automatic level of authentication and access control that enterprises require to ensure that only traffic from enterprise apps in the work profile are routed to the enterprise network slice. Apps in the work profile don't need to be modified to explicitly request the enterprise network slice.

How 5G network slicing works in AOSP

Android 12 introduces support for 5G network slicing through additions to the telephony codebase in AOSP and the Tethering module to incorporate existing connectivity APIs that are required for network slicing.

The Android telephony platform provides HAL and telephony APIs to support slicing based on network requests filed by the core networking code and 5G slicing capabilities in the modem. Figure 1 describes the components of the 5G network slicing feature.

5G network slicing components

Figure 1. 5G network slicing architecture in AOSP.

The telephony and connectivity platform supports:

  • Converting network requests for slice categories into traffic descriptors which are then passed to the modem for URSP traffic matching and route selection
  • Falling back to the default network if the requested slice isn't available
  • Routing traffic from all apps under the work profile to the corresponding connection
  • Supporting enterprise slicing

    • Detecting the presence of a work profile on the device
    • Checking for permissions or routing directions provided from the DPC used by the enterprise's IT admin

The core networking service includes the following changes to the Tethering module in Android 12:

  • Adds most of android.net.* public or system API classes to the Tethering module
  • Expands the Tethering module boundaries to include:

    • f/b/core/java/android/net/…
    • f/b/services/net/…
    • f/b/services/core/java/com/android/server/connectivity/…
    • f/b/services/core/java/com/android/server/ConnectivityService.java
    • f/b/services/core/java/com/android/server/TestNetworkService.java
  • Moves VPN code out of the Tethering module

Android 12 moves code with the following capabilities to the Tethering module:

  • Receiving requests from apps for network connections
  • Receiving requests from the system (for example, "place these apps on an enterprise slice"; introduced in Android 12)
  • Sending requests from the system to the telephony code which attempts to set up networks or slices by going through the HAL API and the modem
  • Informing netd how to route traffic on a per-app basis (introduced in Android 12)
  • Informing apps what is happening to their network traffic through ConnectivityManager APIs such as NetworkCallback, getActiveNetwork, getNetworkCapabilities.

Implementation

To support 5G slicing on a device, the device must have a modem that supports the IRadio 1.6 HAL which has the setupDataCall_1_6 API. This API sets up a data connection and includes the following parameters for supporting 5G slicing:

  • trafficDescriptor: Specifies traffic descriptor sent to the modem
  • sliceInfo: Specifies information for the network slice to be used in case of EPDG to 5G handover
  • matchAllRuleAllowed: Specifies whether using a default match-all URSP rule is allowed

Modems must also implement the getSlicingConfig API unless it's reported as unsupported by the getHalDeviceCapabilities API.

Enterprise requirements

The following describes requirements for enterprises to use 5G network slicing on devices in an Android enterprise deployment.

  • Ensure that fully managed or employee devices set up with a work profile are 5G SA-capable with modems that support the setupDataCall_1_6 API.
  • Work with carrier partner on slice setup and performance or SLA characteristics.

Enabling 5G slicing on devices set up with a work profile

For devices that are set up with work profiles, 5G network slicing is off by default in AOSP. To enable network slicing, enterprise IT admins can turn on or off work profile app traffic routing to the enterprise network slice on a per-employee basis through the EMM DPC, which uses the setPreferentialNetworkServiceEnabled method in the DevicePolicyManager (DPM) API (introduced in Android 12).

EMM vendors with custom DPCs must integrate the DevicePolicyManager API to support enterprise clients.

URSP rule for enterprise traffic

This section includes information for carriers on configuring the URSP rules that include a rule for enterprise traffic. When configuring URSP rules for enterprise traffic, carriers must use the following Android-specific values.

ID Value Description
OSId 97a498e3-fc92-5c94-8986-0333d06e4e47 The OSId for Android is a version 5 UUID generated with the namespace ISO OID and the name "Android".
OSAppId 0x454E5445525052495345 The OSAppId is a byte array representation of the string "ENTERPRISE"

Carriers must configure the URSP rule for enterprise traffic with the traffic descriptor component as "OS Id + OS App Id type", which has a value of 0x97A498E3FC925C9489860333D06E4E470A454E5445525052495345. This value is a concatenation of the OSId, the length of the OSAppId (0x0A), and the OSAppId. For more information about the traffic descriptor component type, see 3GPP TS 24.526 Table 5.2.1.

The following is an example URSP rule for enterprise traffic:

URSP rule #1 (enterprise)
Precedence 1 (0x01)
Traffic descriptor #1
OS Id + OS App Id type 0x97A498E3FC925C9489860333D06E4E470A454E5445525052495345
Route selection descriptor #1
Precedence 1 (0x01)
Component #1: S-NSSAI SST:1 SD:2 (0x01000002)
Component #2: DNN enterprise

The following is an example URSP rule for default traffic:

URSP rule #2 (default)
Precedence 2 (0x02)
Traffic descriptor #1
match-all match-all
Route selection descriptor #1
Precedence 1 (0x01)
Component #1: S-NSSAI SST:1 SD:1 (0x01000001)
Component #2: DNN internet

Testing

To test 5G network slicing, use the following manual test.

To setup a device for testing, do the following:

  1. Ensure that the URSP policy is configured with a non-default rule that matches the enterprise category and that the corresponding route-selection descriptor maps the enterprise category to the enterprise slice; and a default rule directing traffic to the default internet slice.

  2. Ensure that a work profile is configured on the device.

  3. Opt in to using network slicing through the DPC

To test 5G network slicing behavior, do the following:

  1. Verify that a PDU session is established with the enterprise slice (for example, by using a specific IP address) and that apps in work profile use that PDU session.
  2. Verify that a separate PDU session is established with the default internet slice and that apps in the personal profile use the PDU session.