WO2023130359A1

WO2023130359A1 - Apparatus, methods, and computer programs

Info

Publication number: WO2023130359A1
Application number: PCT/CN2022/070759
Authority: WO
Inventors: Iris ADAM; Konstantinos Samdanis; Jing PING; Anatoly ANDRIANOV
Original assignee: Nokia Shanghai Bell Co., Ltd.; Nokia Solutions And Networks Oy; Nokia Technologies Oy
Priority date: 2022-01-07
Filing date: 2022-01-07
Publication date: 2023-07-13

Abstract

There is provided an apparatus, method and computer program product that, when run on an apparatus for a client, causes the apparatus to perform: signalling, to a mediation function, a first request for analytics to be performed in respect of a network slice comprising at least one network function; and negotiating with the mediation function to obtain data from the client for fulfilling the data requirement regarding the at least one network function by: receiving, from the mediation function, an indication of at least one capability and/or constraint of a selected management data analytics service instance for performing the requested analytics in respect of the network slice; and negotiating the obtained data using said indication as an initial offer, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance.

Description

APPARATUS, METHODS, AND COMPUTER PROGRAMS

Field

The present disclosure relates to apparatus, methods, and computer programs, and in particular but not exclusively to apparatus, methods and computer programs for network apparatuses.

Background

A communication system can be seen as a facility that enables communication sessions between two or more entities such as user terminals, access nodes and/or other nodes by providing carriers between the various entities involved in the communications path. A communication system can be provided for example by means of a communication network and one or more compatible communication devices. The communication sessions may comprise, for example, communication of data for carrying communications such as voice, electronic mail (email) , text message, multimedia and/or content data and so on. Content may be multicast or uni-cast to communication devices.

A user can access the communication system by means of an appropriate communication device or terminal. A communication device of a user is often referred to as user equipment (UE) or user device. The communication device may access a carrier provided by an access node and transmit and/or receive communications on the carrier.

The communication system and associated devices typically operate in accordance with a required standard or specification which sets out what the various entities associated with the system are permitted to do and how that should be achieved. Communication protocols and/or parameters which shall be used for the connection are also typically defined. One example of a communications system is UTRAN (3G radio) . Another example of an architecture that is known is the long-term evolution (LTE) or the Universal Mobile Telecommunications System (UMTS) radio-access technology. Another example communication system is so called 5G system that allows user equipment (UE) or user device to contact a 5G core via e.g. new radio (NR) access technology or via other access technology such as Untrusted access to 5GC or wireline access technology.

There is a need to provide control systems which enable a communications service provider (CSP) to control and optimise a complex network of communications system elements.

One of current approaches being employed is closed-loop automation and machine learning which can be built into self-organizing networks (SON) enabling an operator to automatically optimize every cell in the radio access network.

Summary

According to a first aspect, there is provided an apparatus for a mediation function, the apparatus comprising means for: receiving, from a client, a first request for analytics to be performed in respect of a network slice comprising at least one network function; determining a management data analytics service instance associated with the network slice for providing at least part of said analytics; determining at least one data requirement of the selected management data analytics service instance for performing the analytics, wherein the at least one data requirement comprises a data requirement regarding the at least one network function; negotiating with the client to obtain data from the client for fulfilling the data requirement regarding the at least one network function by: signalling, to the client, an indication of at least one capability and/or constraint of the selected management data analytics service instance for performing the requested analytics in respect of the network slice; and receiving the obtained data from the client, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance; signalling, to the selected management data analytics service instance, a second request for analytics to be performed in respect of the network slice, the second request comprising an indication of at the at least part of said analytics to be performed by the selected management data analytics service instance; providing said obtained data to the selected management data analytics service instance; and receiving, from the selected management data analytics service instance, an analytics report and/or analytics notification comprising at least one indication of a root cause of an error associated with the network slice.

The apparatus may comprise means for coordinating with the client to determine actions for mitigating against the effects of said error using the received at least one indication of the root cause.

The apparatus may comprise means for: determining a trust level associated with a management domain of the client, wherein said means for selecting the management data analytics service instance comprises means for selecting the management data analytics service instance using the determined trust level.

The means for providing said obtained data to the selected management data analytics service instance may comprise means for: determining at least part of said obtained data relates to data of a first type; determining that the trust level specifies at least one privacy technique is to be applied to said data of a first type; performing said at least one privacy technique on said data of a first type to form privatised obtained data; and providing the privatised obtained data to the selected management data analytics service instance.

Said data of a first type may comprise data associated with a first level of confidentiality, and wherein said means for performing said at least one privacy technique may comprise means for: selecting said at least one privacy technique in dependence on said first level of confidentiality; and applying said selected at least one privacy technique to the data of a first type.

The means for determining the trust level may comprise means for: receiving information usable for identifying the trust level of management domain of the client from at least one of: the client; the selected management data analytics service instance; and/or a trust function configured to maintain information related to trust levels between different apparatuses and/or functions; and determining the trust level from the received information.

The apparatus may comprise means for forming the second request by: selecting the indication of the at least part of said analytics to be performed by the selected management data analytics service instance in dependence on the first analytics request and at least one capability and/or constraint of the selected management data analytics service instance.

The apparatus may comprise means for: determining at least one intent associated with the first analytics request; and determining the at least one capability and/or constraint using the determined at least one intent.

The first request for analytics may relate to a request for determining a root cause analysis for a failure event detected by the client.

According to a second aspect, there is provided an apparatus for a client, the apparatus comprising means for: signalling, to a mediation function, a first request for analytics to be performed in respect of a network slice comprising at least one network function; and negotiating with the mediation function to obtain data from the client for fulfilling the data requirement regarding the at least one network function by: receiving, from the mediation function, an indication of at least one capability and/or constraint of a selected management data analytics service instance for performing the requested analytics in respect of the network slice; and negotiating the obtained data using said indication as an initial offer, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance.

The apparatus may comprise means for: coordinating with the mediation function to determine actions for mitigating against the effects of a root cause of an error associated with the network slice, wherein the root cause is identified in response to said signalling of the first analytics request; and implementing at least one of the determined actions.

The apparatus may comprise means for providing the mediation function with a trust level associated with a management domain of the client.

The apparatus may comprise means for detecting a failure event associated with said network slice, wherein said signalling the first request is performed in response to the failure event being detected.

The apparatus may comprise means for comprising at least one intent in the first request for analytics.

According to a third aspect, there is provided an apparatus for a mediation function, the apparatus comprising: at least one processor; and at least one memory comprising code that, when executed by the at least one processor, causes the apparatus to: receive, from a client, a first request for analytics to be performed in respect of a network slice comprising at least one network function; determine a management data analytics service instance associated with the network slice for providing at least part of said analytics; determine at least one data requirement of the selected management data analytics service instance for performing the analytics, wherein the at least one data requirement comprises a data requirement regarding the at least one network function; negotiate with the client to obtain data from the client for fulfilling the data requirement regarding the at least one network function by: signalling, to the client, an indication of at least one capability and/or constraint of the selected management data analytics service instance for performing the requested analytics in respect of the network slice; and receiving the obtained data from the client, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance; signal, to the selected management data analytics service instance, a second request for analytics to be performed in respect of the network slice, the second request comprising an indication of at the at least part of said analytics to be performed by the selected management data analytics service instance; provide said obtained data to the selected management data analytics service instance; and receive, from the selected management data analytics service instance, an analytics report and/or analytics notification comprising at least one indication of a root cause of an error associated with the network slice.

The apparatus may be caused to coordinate with the client to determine actions for mitigating against the effects of said error using the received at least one indication of the root cause.

The apparatus may be caused to: determine a trust level associated with a management domain of the client, wherein said selecting the management data analytics service instance may comprise selecting the management data analytics service instance using the determined trust level.

The providing said obtained data to the selected management data analytics service instance may comprise: determining at least part of said obtained data relates to data of a first type; determining that the trust level specifies at least one privacy technique is to be applied to said data of a first type; performing said at least one privacy technique on said data of a first type to form privatised obtained data; and providing the privatised obtained data to the selected management data analytics service instance.

Said data of a first type may comprise data associated with a first level of confidentiality, and wherein said performing said at least one privacy technique may comprise: selecting said at least one privacy technique in dependence on said first level of confidentiality; and applying said selected at least one privacy technique to the data of a first type.

The determining the trust level may comprise: receiving information usable for identifying the trust level of management domain of the client from at least one of: the client; the selected management data analytics service instance; and/or a trust function configured to maintain information related to trust levels between different apparatuses and/or functions; and determining the trust level from the received information.

The apparatus may be caused to form the second request by: selecting the indication of the at least part of said analytics to be performed by the selected management data analytics service instance in dependence on the first analytics request and at least one capability and/or constraint of the selected management data analytics service instance.

The apparatus may be caused to: determine at least one intent associated with the first analytics request; and determining the at least one capability and/or constraint using the determined at least one intent.

According to a fourth aspect, there is provided an apparatus for a client, the apparatus comprising: at least one processor, and at least one memory comprising code that, when executed by the at least one processor, causes the apparatus to: signal, to a mediation function, a first request for analytics to be performed in respect of a network slice comprising at least one network function; and negotiate with the mediation function to obtain data from the client for fulfilling the data requirement regarding the at least one network function by: receiving, from the mediation function, an indication of at least one capability and/or constraint of a selected management data analytics service instance for performing the requested analytics in respect of the network slice; and negotiating the obtained data using said indication as an initial offer, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance.

The apparatus may be caused to: coordinate with the mediation function to determine actions for mitigating against the effects of a root cause of an error associated with the network slice, wherein the root cause is identified in response to said signalling of the first analytics request; and implementing at least one of the determined actions.

The apparatus may be caused to provide the mediation function with a trust level associated with a management domain of the client.

The apparatus may be caused to detect a failure event associated with said network slice, wherein said signalling the first request is performed in response to the failure event being detected.

T The apparatus may be caused to comprise at least one intent in the first request for analytics.

According to a fifth aspect, there is provided a method for an apparatus for a mediation function, the method comprising: receiving, from a client, a first request for analytics to be performed in respect of a network slice comprising at least one network function; determining a management data analytics service instance associated with the network slice for providing at least part of said analytics; determining at least one data requirement of the selected management data analytics service instance for performing the analytics, wherein the at least one data requirement comprises a data requirement regarding the at least one network function; negotiating with the client to obtain data from the client for fulfilling the data requirement regarding the at least one network function by: signalling, to the client, an indication of at least one capability and/or constraint of the selected management data analytics service instance for performing the requested analytics in respect of the network slice; and receiving the obtained data from the client, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance; signalling, to the selected management data analytics service instance, a second request for analytics to be performed in respect of the network slice, the second request comprising an indication of at the at least part of said analytics to be performed by the selected management data analytics service instance; providing said obtained data to the selected management data analytics service instance; and receiving, from the selected management data analytics service instance, an analytics report and/or analytics notification comprising at least one indication of a root cause of an error associated with the network slice.

The method may comprise coordinating with the client to determine actions for mitigating against the effects of said error using the received at least one indication of the root cause.

The method may comprise: determining a trust level associated with a management domain of the client, wherein said selecting the management data analytics service instance comprises selecting the management data analytics service instance using the determined trust level.

The method may comprise forming the second request by: selecting the indication of the at least part of said analytics to be performed by the selected management data analytics service instance in dependence on the first analytics request and at least one capability and/or constraint of the selected management data analytics service instance.

The method may comprise: determining at least one intent associated with the first analytics request; and determining the at least one capability and/or constraint using the determined at least one intent.

According to a sixth aspect, there is provided a method for an apparatus for a client, the method comprising: signalling, to a mediation function, a first request for analytics to be performed in respect of a network slice comprising at least one network function; and negotiating with the mediation function to obtain data from the client for fulfilling the data requirement regarding the at least one network function by: receiving, from the mediation function, an indication of at least one capability and/or constraint of a selected management data analytics service instance for performing the requested analytics in respect of the network slice; and negotiating the obtained data using said indication as an initial offer, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance.

The method may comprise: coordinating with the mediation function to determine actions for mitigating against the effects of a root cause of an error associated with the network slice, wherein the root cause is identified in response to said signalling of the first analytics request; and implementing at least one of the determined actions.

The method may comprise providing the mediation function with a trust level associated with a management domain of the client.

The method may comprise detecting a failure event associated with said network slice, wherein said signalling the first request is performed in response to the failure event being detected.

The method may comprise comprising at least one intent in the first request for analytics.

According to a seventh aspect, there is provided an apparatus for a mediation function, the apparatus comprising: receiving circuitry for receiving, from a client, a first request for analytics to be performed in respect of a network slice comprising at least one network function; determining circuitry for determining a management data analytics service instance associated with the network slice for providing at least part of said analytics; determining circuitry for determining at least one data requirement of the selected management data analytics service instance for performing the analytics, wherein the at least one data requirement comprises a data requirement regarding the at least one network function; negotiating circuitry for negotiating with the client to obtain data from the client for fulfilling the data requirement regarding the at least one network function by: signalling, to the client, an indication of at least one capability and/or constraint of the selected management data analytics service instance for performing the requested analytics in respect of the network slice; and receiving the obtained data from the client, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance; signalling circuitry for signalling, to the selected management data analytics service instance, a second request for analytics to be performed in respect of the network slice, the second request comprising an indication of at the at least part of said analytics to be performed by the selected management data analytics service instance; providing circuitry for providing said obtained data to the selected management data analytics service instance; and receiving circuitry for receiving, from the selected management data analytics service instance, an analytics report and/or analytics notification comprising at least one indication of a root cause of an error associated with the network slice.

The apparatus may comprise coordinating circuitry for coordinating with the client to determine actions for mitigating against the effects of said error using the received at least one indication of the root cause.

The apparatus may comprise determining circuitry for determining a trust level associated with a management domain of the client, wherein said selecting circuitry for selecting the management data analytics service instance comprises selecting circuitry for selecting the management data analytics service instance using the determined trust level.

The providing circuitry for providing said obtained data to the selected management data analytics service instance may comprise: determining circuitry for determining at least part of said obtained data relates to data of a first type; determining that the trust level specifies at least one privacy technique is to be applied to said data of a first type; performing said at least one privacy technique on said data of a first type to form privatised obtained data; and providing circuitry for providing the privatised obtained data to the selected management data analytics service instance.

Said data of a first type may comprise data associated with a first level of confidentiality, and wherein said performing circuitry for performing said at least one privacy technique may comprise: selecting circuitry for selecting said at least one privacy technique in dependence on said first level of confidentiality; and applying circuitry for applying said selected at least one privacy technique to the data of a first type.

The determining circuitry for determining the trust level may comprise: receiving circuitry for receiving information usable for identifying the trust level of management domain of the client from at least one of: the client; the selected management data analytics service instance; and/or a trust function configured to maintain information related to trust levels between different apparatuses and/or functions; and determining circuitry for determining the trust level from the received information.

The apparatus may comprise forming circuitry for forming the second request by: selecting the indication of the at least part of said analytics to be performed by the selected management data analytics service instance in dependence on the first analytics request and at least one capability and/or constraint of the selected management data analytics service instance.

The apparatus may comprise: determining circuitry for determining at least one intent associated with the first analytics request; and determining circuitry for determining the at least one capability and/or constraint using the determined at least one intent.

According to an eighth aspect, there is provided an apparatus for a client, the apparatus comprising: signalling circuitry for signalling, to a mediation function, a first request for analytics to be performed in respect of a network slice comprising at least one network function; and negotiating circuitry for negotiating with the mediation function to obtain data from the client for fulfilling the data requirement regarding the at least one network function by: receiving, from the mediation function, an indication of at least one capability and/or constraint of a selected management data analytics service instance for performing the requested analytics in respect of the network slice; and negotiating the obtained data using said indication as an initial offer, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance.

The apparatus may comprise: coordinating circuitry for coordinating with the mediation function to determine actions for mitigating against the effects of a root cause of an error associated with the network slice, wherein the root cause is identified in response to said signalling of the first analytics request; and implementing circuitry for implementing at least one of the determined actions.

The apparatus may comprise providing circuitry for providing the mediation function with a trust level associated with a management domain of the client.

The apparatus may comprise detecting circuitry for detecting a failure event associated with said network slice, wherein said signalling the first request is performed in response to the failure event being detected.

The apparatus may comprise comprising circuitry for comprising at least one intent in the first request for analytics.

According to a ninth aspect, there is provided non-transitory computer readable medium comprising program instructions for causing an apparatus for a mediation function to perform at least the following: receive, from a client, a first request for analytics to be performed in respect of a network slice comprising at least one network function; determine a management data analytics service instance associated with the network slice for providing at least part of said analytics; determine at least one data requirement of the selected management data analytics service instance for performing the analytics, wherein the at least one data requirement comprises a data requirement regarding the at least one network function; negotiate with the client to obtain data from the client for fulfilling the data requirement regarding the at least one network function by: signalling, to the client, an indication of at least one capability and/or constraint of the selected management data analytics service instance for performing the requested analytics in respect of the network slice; and receiving the obtained data from the client, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance; signal, to the selected management data analytics service instance, a second request for analytics to be performed in respect of the network slice, the second request comprising an indication of at the at least part of said analytics to be performed by the selected management data analytics service instance; provide said obtained data to the selected management data analytics service instance; and receive, from the selected management data analytics service instance, an analytics report and/or analytics notification comprising at least one indication of a root cause of an error associated with the network slice.

According to a tenth aspect, there is provided non-transitory computer readable medium comprising program instructions for causing an apparatus for a client to perform at least the following: signal, to a mediation function, a first request for analytics to be performed in respect of a network slice comprising at least one network function; and negotiate with the mediation function to obtain data from the client for fulfilling the data requirement regarding the at least one network function by: receiving, from the mediation function, an indication of at least one capability and/or constraint of a selected management data analytics service instance for performing the requested analytics in respect of the network slice; and negotiating the obtained data using said indication as an initial offer, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance.

According to an eleventh aspect, there is provided a computer program product stored on a medium that may cause an apparatus to perform any method as described herein.

According to a twelfth aspect, there is provided an electronic device that may comprise apparatus as described herein.

According to a thirteenth aspect, there is provided a chipset that may comprise an apparatus as described herein.

Brief description of Figures

Examples will now be described, by way of example only, with reference to the accompanying Figures in which:

Figures 1A and 1B show a schematic representation of a 5G system;

Figure 2 shows a schematic representation of a network apparatus;

Figure 3 shows a schematic representation of a user equipment;

Figure 4 shows a schematic representation of a non-volatile memory medium storing instructions which when executed by a processor allow a processor to perform one or more of the steps of the methods of some examples;

Figure 5 shows a schematic representation of a network;

Figures 6 and 7 show schematic representations of parts of network architecture;

Figure 8 shows a schematic representation of how roles may express intents;

Figure 9 shows a schematic representation of a network architecture comprising a mediation function;

Figure 10 illustrates example signalling that may be performed between apparatus described herein; and

Figures 11 and 12 are flow charts illustrating example operations that may be performed by apparatus described herein.

Detailed description

In the following, certain aspects are explained with reference to mobile communication devices capable of communication via a wireless cellular system and mobile communication systems serving such mobile communication devices. For brevity and clarity, the following describes such aspects with reference to a 5G wireless communication system. However, it is understood that such aspects are not limited to 5G wireless communication systems, and may, for example, be applied to other wireless communication systems with analogous components (for example, current 6G proposals) .

Before explaining in detail the exemplifying embodiments, certain general principles of a 5G wireless communication system are briefly explained with reference to Figures 1A and 1 B.

Figure 1A shows a schematic representation of a 5G system (5GS) 100. The 5GS may comprise a user equipment (UE) 102 (which may also be referred to as a communication device or a terminal) , a 5G access network (AN) (which may be a 5G Radio Access Network (RAN) or any other type of 5G AN such as a Non-3GPP Interworking Function (N3IWF) /aTrusted Non3GPP Gateway Function (TNGF) for Untrusted /Trusted Non-3GPP access or Wireline Access Gateway Function (W-AGF) for Wireline access) 104, a 5G core (5GC) 106, one or more application functions (AF) 108 and one or more data networks (DN) 110.

The 5G RAN may comprise one or more gNodeB (gNB) distributed unit functions connected to one or more gNodeB (gNB) unit functions. The RAN may comprise one or more access nodes.

The 5GC 106 may comprise one or more Access and Mobility Management Functions (AMF) 112, one or more Session Management Functions (SMF) 114, one or more authentication server functions (AUSF) 116, one or more unified data management (UDM) functions 118, one or more user plane functions (UPF) 120, one or more unified data repository (UDR) functions 122, one or more network repository functions (NRF) 128, and/or one or more network exposure functions (NEF) 124. The role of an NEF is to provide secure exposure of network services (e.g. voice, data connectivity, charging, subscriber data, etc. ) towards a 3rd party. Although NRF 128 is not depicted with its interfaces, it is understood that this is for clarity reasons and that NRF 128 may have a plurality of interfaces with other network functions.

The 5GC 106 also comprises a network data analytics function (NWDAF) 126. The NWDAF is responsible for providing network analytics information upon request from one or more network functions or apparatus within the network. Network functions can also subscribe to the NWDAF 126 to receive information therefrom. Accordingly, the NWDAF 126 is also configured to receive and store network information from one or more network functions or apparatus within the network. The data collection by the NWDAF 126 may be performed based on at least one subscription to the events provided by the at least one network function.

The network may further comprise a management data analytics service (MDAS) producer or MDAS Management Service (MnS) producer. The MDAS MnS producer may provide data analytics in the management plane considering parameters including, for example, load level and/or resource utilization. For example, the MDAS MnS producer for a network function (NF) may collect the NF’s load-related performance data, e.g., resource usage status of the NF. The analysis of the collected data may provide forecast of resource usage information in a predefined future time window. This analysis may also recommend appropriate actions e.g., scaling of resources, admission control, load balancing of traffic, etc.

Figure 1B shows a schematic representation of a 5GC 106’ represented in current 3GPP specifications.

Figure 1B shows a UPF 120’ connected to an SMF 114’ over an N4 interface. The SMF 114’ is connected to each of a UDR 122’, an NEF 124’, an NWDAF 126’, an AF 108’, a Policy Control Function (PCF) 130’, an AMF 112’, and a Charging function 132’ over an interconnect medium that also connects these network functions to each other.

3GPP refers to a group of organizations that develop and release different standardized communication protocols. 3GPP is currently developing and publishing documents related to Releases 15 and beyond.

5G utilizes the concept of network slicing. To perform network slicing, various functions are virtually associated together with the aim of those various functions interacting with each other to provide a particular service to a service consumer, with the virtual association being labelled as a network slice. A network slice comprises dedicated and/or shared resources, e.g., in terms of storage, processing power and bandwidth, and may be independent of other network slices in the system. Thus, from a mobile operator point of view, a network slice may be considered as being an independent end-to-end logical network that runs on shared physical infrastructure and which provides a negotiated service quality and/or a Service Level Agreement (SLA) . A 5G network slice may span across multiple parts of the 5G network, comprising elements of at least one of a 5G terminal, a 5G RAN (radio access network) , and/or a 5GC (core network) . The 5G network slicing mechanisms can also be deployed across multiple operators so that a single network slice comprise functions owned by (or otherwise associated with) different network operators.

Network slicing may be performed in a plurality of different ways. For example, the network slicing may be:

· Vertical: This type of slicing is often industry focused as it is designed to serve verticals. These applications may cover public safety, Internet of Things (IoT) , etc.

· Horizontal: This type of slicing often serves user, device and application use cases. The applications cover downloads, uploads as well as best effort, delay sensitive, capacity sensitive, symmetric traffic types etc.

· Static: This type of slicing relates to the provision of fixed slices for perpetual use, e.g., machine-to-machine (M2M) and IoT use cases.

· Dynamic: This type of slicing relates to delivering slices in real time.

Figure 6 illustrates an example network structure for vertical use cases, with the consumer of the network slice (i.e., the entity that is receiving at least one service provided by the slice) being labelled as a “vertical client” .

Figure 6 illustrates entities comprised in a public land mobile network (PLMN) 601 and a network of the vertical client’s premises 602.

The PLMN comprises a network slice 603 comprising an access network node 604 connected to a first network function 605, which is in turn connected to a second network function 606, which is in turn connected to a third network function 607. The first to third network functions are comprised within a core network. The third network function 607 is connected to a data network 608. The access network node 604, first to third network functions, and data network 608 represent how the network views the network slice of the PLMN 601.

From a management point of view, this slice may be considered with reference to a first management domain 609, a second management domain 610, cross domain integration fabric 611, a Zero touch network &Service Management (ZSM) end-to-end service management domain 612, and a Network Slice As A Service (NSaaS) function 613.

A brief overview of ZSM and NSaaS will be given to provide context for their functional operations.

ZSM is a network framework defined by ETSI that specifies the architectural, functional and operational requirements for end-to-end network and service automation. The ZSM architectural framework specified in GS ZSM 002 was designed to provide an architecture that is modular, flexible, scalable, extensible and service-based. The specified architecture supports open interfaces as well as model-driven service and resource abstraction. According to current specifications, ZSM management functions, with their respective management service capabilities support data-driven automation based on closed-loop and integration of Artificial Intelligence/Machine Learning techniques.

Network as a Service (NaaS) is a model that takes the idea of networking, and delivers it “as a service” using cloud-based functions, meaning easy access to networking tools and processes from one centralized location in the cloud. NaaS allows users to run a client on their local apparatus for connection to a network. A controller evaluates each user based on which parts of the network the user has access to. At least one gateway then acts as entryway to these parts of the network, with traffic being encrypted between user apparatus and the gateways or resources these apparatuses are trying to access. NSaaS uses these concepts and applies them at a slice level.

The first management domain 609 interfaces between the core network part of the slice (i.e., the first to third network functions) and the cross-domain integration fabric 611, and the second management domain 610 interfaces between the access network and the cross-domain integration fabric 611. The first management domain 609 and the second management domain may therefore be considered as providing, respectively, a core network slice subnet Operations and Management (O&M) and an access network slice subnet O&M,

The cross-domain integration fabric 611 also interfaces with the ZSM end-to-end service management domain 612. The ZSM end-to-end service management domain 612 provides O&M for the network slice. The ZSM end-to-end service management domain 612 also interfaces with the NSaaS function 613. The NSaaS function 613 helps to ensure that management and data services is made available to the ZSM framework consumer (618) , according to the agreed management exposure level allowed by the consumer.

The vertical’s premises 602 comprises, from a network point-of-view, a fourth network function 614, a fifth network function 615, a sixth network function 616, and a seventh network function 617, which together form a subnetwork slice.

From a management point of view, the O&M for this subnetwork slice is provided by a ZSM framework consumer 618, which interfaces with the NSaaS 613.

A network slice for vertical use cases (such as illustrated in Figure 6) may be customized according to the needs of vertical industries and services that are to be supported by that network slice. In addition, 5G slicing may be enabled and maintained by a management and orchestration (M&O) layer in order to assure the specified service-level agreements (SLAs) and/or service-level specifications (SLS) of each different service.

The network slice may further be associated with a management data analytics service (MDAS) function, such as, for example, an MDAS Management service (MnS) producer. The MDA MnS producer may provide data analytics of different network slice-related parameters. These parameters may comprise, for example, at least one of: a slice load level, and/or resource utilization, and/or network slice throughput analysis, and/or uplink/downlink throughput analysis per UE in a network slice, and/or an end-to-end latency analysis, and/or radio parameters, coverage, mobility success/failures, virtual resource utilization, etc. Suitable parameters may be as described in TS 28.809. For example, the MDA MnS producer for a network function (NF) may collect data relating to an NF’s load related performance data such as, for example, resource usage status of the NF. A subsequent analysis of the collected data may provide forecast of resource usage information in a predefined future time. This analysis may also recommend appropriate actions in response to this analysis to mitigate against potential adverse conditions. For example, the analysis may recommend at least one of: scaling of resources, admission control, load balancing of traffic, etc.

According to 3GPP TS 28.530, Mobile Network Operators (MNOs) may provide limited management capabilities of allocated network slices to customers like tenants from vertical industries, where a tenant is a business customer of an operator. This means that such customers may monitor and control specified management functions related to controlling the allocated network slices. The control may be effected via, for example, at least one service level agreement between the tenant and the operator.

Furthermore, Global System for Mobile Communications Association (GSMA) Generic Slice Template (GST) NG 116 v5.0 provides a standardized list of attributes that can characterize a type of network slice. This GST introduced an attribute labelled as “Root Cause Investigation” .

Root cause investigation is the capability provided to a network slice customer (NSC) to understand and/or investigate the root cause of network service performance degradation or failure. This attribute could be implemented via passive investigation or active investigation. It should be clear that this attribute is only about the investigation of a problem. This attribute does not provide any means to solve the problem.

During passive investigation, the network slice customer is informed by the management system and/or by an operator of the slice (e.g., by a mobile network operator) about the root cause of the network service performance degradation or failure when there is a problem with the network slice.

During active investigation, when something is wrong in the network, a network slice customer may perform an investigation itself. For example, the network slice customer may call for log files of different technical domain to understand where the problem is so that the investigation is not just an application programming interface (API) telling the network slice customer if there is a problem or not.

The combination of new network and management architectures in 5G/6G like Service-Based Architecture and SBMA, in combination with new business models like NSaaS, exceeds the level of complexity for managing networks and slices according to different customers’ requirements. Thus, new management capabilities and simpler ways of managing for customers like tenants would be useful.

Management Data Analytics (MDA) procedures were preliminary defined in 3GPP TS 28.533, with further study being provided in 3GPP TR 28.809, which analyses various use cases and requirements. Currently, MDA is standardized in 3GPP TS 28.104 with focusing on enablers for allowing MDA to be performed, such as analytics request and reporting, as well as on machine learning model management.

MDA provides a capability of processing and analyzing raw data related to network and service events and status. For example, data relating to at least one of the following parameters may be processed and analyzed: Management Service (MnS) performance measurements, Key Performance Indicators (KPIs) , Trace reports, Minimization of Drive Test (MDT) reports, Radio link failure reports, Radio Resource Control Connection Establishment Failure (RCEF) reports, Quality of Experience (QoE) reports, alarms, configuration data, network analytical data, and service experience data from a network data analytics function (NWDAF) , etc.

Subsequent to performing the relevant processing and analytics, the apparatus performing the MDA may provide an analytics output and/or report comprising its conclusions towards an MDA MnS consumer. This output and/or report may help facilitate the MDA MnS consumer in its understanding of the origin of the network failure, which may be useful for determining actions for network and service operations to mitigate against the failure. An overview of the 5G slicing architecture including the scope of MDA is illustrated in Figure 7.

Figure 7 illustrates a first domain automation 701 and second domain automation 702. The first domain automation 701 comprises a first network entity 703, a second network entity 704, and a first domain controller 705. The second domain automation 702 comprises a third network entity 706, a fourth network entity 707, and a second domain controller 708. The first and second domain controllers may be considered as representing, or otherwise providing, network slice subnet management functions (NSSMFs) for their respective domain automations. The first and second domain controllers may each exchange signalling with the network elements in their respective domain automations.

The first and second domain controllers may each exchange signalling with a cross-domain controller 709. This cross-domain controller may be considered as representing, or otherwise providing, a network slice management function. Together, the cross-domain controller 709 and the first and second domain automations may be considered as providing network automation.

The cross-domain controller 709 may exchange signalling with a service-domain controller 710. The service-domain controller 710 may be considered as representing, or otherwise providing, a communication service management function (CSMF) . The service-domain controller 710 may also be considered as performing business automation. The service-domain controller 710 may interface with a customer portal for tenants for receiving service requests and/or requirements from a service customer.

Each of the entities labelled 703 to 710 in Figure 7 may perform analytics-based functions. This may feed into a control loop, where the analytics results are used to make a at least one decision on a parameter to change in a network, which is subsequently implemented/executed. The effect of this execution is subsequent observed, with the observations/measurements associated therewith being used for further analytics. This cycle may repeat, so that the network may continue to mitigate against adverse effects in the network.

In such a system, a customer (such as a tenant in a vertical industry) may request analytics capabilities provided by the mobile network operator for a certain geographical area and/or a time window related to its application requirements. The requested analytics capabilities may relate to, for example, at least one allocated network slice and/or related to a network function comprised in the at least one allocated network slices. For example, a tenant, such as, for example as another communication service provider, detects a performance downgrade for communication service (CS) provided to its own customer, and suspects the issue could be introduced by a fault in the deployment of the allocated network slice used to build the communication service. The tenant consequently requests specific analytics to be performed by the mobile network operator regarding the allocated slice and may share any of its own preliminary analytics results and other information to assist the mobile network operator’s MDAs.

For an incident response (e.g., to security event) , the tenant needs to go through all related resources of the allocated network slice to explore and identify the impact and root cause of the problem. In this case, the tenant may demand analytics in respect of and originating a mobile network operator’s slice and share incident information and other related data with an analytics function/service of the mobile network operator in the network for better analytics.

A tenant may use a network slice that is comprised of a combination of resources from a mobile network operator and its own tenant resources. When that tenant receives an error report/alert from an NF, which was provided by that particular tenant to the network slice, the tenant investigates the potential root cause of that error report/alert. The problem associated with this error report/alert may arise due to the NF alone. However, this problem may also be due to another problem in the slice resources of the mobile network operator or due to a combined issue across the slice resources of the mobile network operator and tenant. Τo investigate this issue efficiently and quickly, the tenant may demand analytics from mobile network operator’s slice and share information related to the impacted NF and the error with the corresponding mobile network operator’s analytics function/service in the network for facilitating an insight of the root cause.

However, as data security and privacy is a big concern of a tenant and for the mobile operator sharing data with the tenant, the tenant shares a minimal amount of information to the mobile network operator as part of its demands for analytics. This may be too little information, leading to the MDA MnS producer requesting additional data from the tenant to satisfy the accurate level of analytics result. Currently, there are no means to enable communication and negotiation between the tenant domain and mobile network operator for the purpose of analytics on demand-related to network slices deployed within the mobile network operator or with combined mobile network operator and tenant resources.

To provide further context for some of the later discussion, the following discusses intents and intent-driven management services.

According to 3GPP TS 28.312 V 0.5.0, intent driven management services (MnS) for mobile networks allows service consumers such as a tenant to specify the expectations including requirements, goals and constraints for a specific service or network management workflow. The intent may provide information on at least particular objective and possibly some related details for the specific service or network management workflow.

Several intents are defined in this specification.

As a first intent, there is provided an intent for network and service maintenance: This intent enables a consumer to express the network and service status (e.g. performance, alarm, issue) to be monitored or the network and service issues to be addressed.

As a second intent, there is provided an intent for network and service optimization/assurance: This intent enables a consumer to express the performance objectives of network and service to be improved.

Figure 8 illustrates a high-level model of different kinds of intents as they are expressed in different roles and/or by different entities.

Figure 8 illustrates a communication service consumer (CSC) 801. The communication service customer 801 may be, for example, an end user, a small and/or medium enterprise, a large enterprise, a vertical, and/or a communication service producer (CSP) .

The communication service consumer 801 may be a client of a communication service provider 802. The communication service consumer 801 may express a consumer intent (intent-CSC) to the communication service provider 802 as part of a client request.

The communication service provider 802 may, in turn be a client of a network operator (NO) 803, which in turn functions as a provider to the communication service provider 802. The communication service producer 802 may express a consumer intent (intent-CSP) to the network operator 803 as part of a client request.

The network operator 803 may function as a client to a virtualisation infrastructure service provider 804 as well as functioning as a client to a network equipment provider 806, which may include a virtualised network function supplier. The network operator 803 may express respective consumer intents (intent-NO) to each of these entities are part of respective client requests. The virtualisation infrastructure service provider 804 and the network equipment provider 806 may each act as producers to the network operator 803.

The virtualisation infrastructure service provider 804 may function as a client to a data centre service provider 805 as well as functioning as a client to a network function virtualisation supplier 807. The data centre service provider 805 and the network function virtualisation supplier 807 may each act as producers to the virtualisation infrastructure service provider 804.

The data centre service provider 805 may function as a client to a hardware supplier 808. The hardware supplier 808 may act as a producer to the data centre service provider 805.

According to a current version of 3GPP TS 28.312, an intent driven management service (MnS) comprises the following management capabilities to support intent lifecycle management:

· Create an intent: an MnS consumer’s request to create a new intent on the MnS producer.

· Activate an intent: an MnS consumer’s request to activate an intent on the MnS producer when the intent is suspended.

· De-activate an intent: an MnS consumer’s request to de-activate an intent on the MnS producer for a temporary suspension.

· Delete an intent: an MnS consumer’s request to remove an intent on the MnS producer.

· Modify an intent: an MnS consumer’s request to modify the content of the intent (e.g. an optimization goal) on the MnS producer.

· Query an intent, MnS Consumer request to return the content and state (e.g. active, inactive) of the intent on the MnS producer.

These specified intents are closely related to artificial intelligence/machine learning and closed-loop operations for administrative tasks across a network. The intents may be fulfilled by utilizing multiple mechanisms including, among others: Rule-based mechanisms, closed loop mechanisms and artificial intelligence/machine learning-based mechanisms. These mechanisms can be combined in solutions of various complexity, ranging from a simple approach rule-based mechanisms, to more elaborate solutions combining AI/ML, closed loop automation to ensure the fulfilment of intents.

According to 3GPP specifications, an intent needs to be quantifiable from network data so that the fulfilment result (i.e. the response provided to the intent) can be measured and evaluated. 3GPP specifications have not yet considered any privacy/security aspects of intent driven MnS services.

The following introduces a new logical function/management service. This management service/logical function may be used to enable interactive analytics on demand (IAD) regarding an allocated 5G slice for a customer-like tenant from vertical industry. In particular, there is provided management capabilities for enabling high-level requests for analytics on demand while considering feedback loops for refining the analytics request in dependence on gradually increased trust relationships between an MDA MnS producer and an MDA MnS consumer.

To allow a fully customized network slice service, a tenant may be enabled to manage and control slice resources allocated to it. To assist this process the MDA MnS producer may allow its authorized consumers (e.g., in the present case tenants) , to request and control MDA for at least one network slice allocated to that authorised consumer. In addition, the tenant may provide certain input data related to NFs and to other network resources that are within the tenant premises, as well as additional information collected in the tenant domain that relates to an error, and/or failure, and/or adverse network condition being identified. For example, this additional information may comprise a location and time of an incident that happened in the tenant domain. The incident may be a pre-defined event, and be identified when the value of at least one parameter being monitored exceeds a threshold of a respective range of values that are determined to be optimal for that at least one parameter.

Customers such as tenants may not be capable of dealing with all the data required by an MDA MnS function for performing root cause analytics (e.g., data related to network configuration and network topology) . Such customers may also rely on ‘fuzzy’ request for analytics on demand, which provide a general description of a problem, e.g., “Investigate slice congestion load/NF load” or “Investigate root cause for NF alarm” or “Coverage issue analysis in a specific area” .

The proposed logical function/management service for interactive analytics on demand (IAD) leverages MDAS capabilities in different management domains of a network architecture. In particular, an MDA MnS producer may use analytics results from NWDAF (Network Data Analytics Function) in core domain as an input, and/or the NWDAF may consume outputs of the MDA for specific scenarios and provide analytics service for the 5GC. IAD supports direct communication between entities (e.g., tenant and MDA MnS function) or indirect communication between entities (e.g., tenant –CSMF –MDA MnS function, and/or tenant –MDA MnS function –NWDAF) .

The presently described logical function/management service for interactive analytics on demand (IAD) can be integrated in at least one of several different layers of an end-to-end service management architecture. This is illustrated in Figure 9, which illustrates the MDA service being provided as part of a CSMF, an Network Slice Subnet Management Function (NSMF) and a network function management function (NFMF) .

Figure 9 shows a network function 901. It is understood that, although only a single network function is shown, multiple network functions may be configured to operate in a similar manner. The network function 901 is configured to interface with a first network function management function (NFMF) 902. The network function 901 is configured to interface with a second NFMF 903. The network function 901 is configured to interface with a transport controller 904. The transport controller 904 may comprise a first transmission slice profile 905. The first transmission slice profile 905 may comprise information on those parts of a network slice that relate to a transport layer associated with said network slice.

The first NFMF 902 may be configured to interface with a Radio Access Network (RAN) network slice subnet management function 906. The RAN network slice subnet management function may comprise a first RAN slice profile 907 and a first IAD 908. The first RAN slice profile 907 may comprise information on those parts of said network slice that are comprised within a RAN associated with said network slice.

The second NFMF 903 may be configured to interface with a core network slice subnet management function 909. The core network slice subnet management function 909 may comprise a first core slice profile 910 and a second IAD 911. The first core slice profile 909 may comprise information on those parts of said network slice that are comprised within a core network associated with said network slice.

The RAN network slice subnet management function 906, transport controller 904, and the core network slice subnet management function 909 may all be configured to interface with an NSMF 912. The NSMF 912 may comprise a second RAN slice profile 913, a second transmission slice profile 914, a second core slice profile 915, an end-to-end service management function 916, and a third IAD 917.

The NSMF 912 may be considered to interface with a CSMF 918. The CSMF 918 may comprise a definition of the communication service. The CSMF 918 may comprise a fourth IAD 919.

The trust relationship between these different management domains (e.g., between the network slice subnet management functions, NSMF, NFMF and CSMF management domains) may differ from each other. For example, the trust relationship between an end-to end service Management Domain and a core network Management Domain can be different than the trust relationship between the end-to-end Service Management Domain and a RAN Management Domain. This is because the security capabilities and assurances of the core network and RAN Management Domains may be different to each other, and/or because the RAN and core management domains may belong to different operators.

In addition, the trust relationship between a tenant and an end-to-end management domain, or between different management domains may change over time. This may be, for example, due to changes of management service producers and/or to changes in management service consumers. These entities may change (or a property/parameter associated therewith may change) in relation to a change in security status and/or in response to a scale to another region.

Traditionally, there are several trust models defined to establish trust relationship between different entities and to allow one entity to obtain the levels of trust needed for forming partnerships, for collaborating with other organizations, share information, and/or for receiving information/services. For example, there may be a mutual trusted entity, such as a certification entity, that provides a trust certificate or token to one of the entities on behalf of another entity in order to establish a trust between those entities. As another example, signalling may be conducted through a third party.

However, dependent on the trust relationship, any sensitive data (such as in relation to, business sensitive data like management data, customer data, and configuration data. For example, data relating to the location of base stations, resource allocation towards particular customers, protocol data unit (PDU) sessions, NF resource usage) may require privacy protection. A way of guaranteeing the privacy of sensitive data is to apply privacy techniques. One example privacy technique is anonymization, which may provide the strongest known form of privacy protection. Other examples of privacy protection mechanisms comprise data masking, pseudonymization, and encryption. Different privacy protection mechanisms may provide different protection levels. An IAD as presently disclosed may select a privacy protection mechanism to be used in any particular situation in dependence on the sensitivity level of data needed for providing requested analytics and/or in dependence on signalling with the MDA MnS consumer.

To better describe such a system, the following description introduces a new model for enabling an abstract request for analytics on demand to be more easily fulfilled.

In particular, there is provided a new logical function/management service for interactive analytics on demand (IAD) that verifies the capabilities of at least one MDA MnS function providing (or to provide) analytics to a consumer for providing said analytics in order to provide data for the analytics in an appropriate form. This IAD may further check the constraints of the at least one MDA MnS function instance for providing said analytics in order to provide data for the analytics in an appropriate form. The IAD may further provide dialogue to consumers in order to refine the high-level/abstract analytics request received from those consumers. This refinement may be performed using additional information based on the trust level. Throughout the present application, the term “dialogue” is used to indicate a negotiation between two communication entities. For example, a dialogue may relate to negotiations performed in relation to determining what data for analytics is used and/or needed for that purpose.

The IAD may determine what data is allowed for analytics of the MDA MnS consumer according to trust relationship between MDA MnS producer and the MDA MnS consumer (acting on behalf of tenant) . In order to protect sensitive data, the IAD may apply privacy techniques on data exchanged during the negotiation/dialogue.

The IAD may ultimately form an analytics request with data determined to be required by the MDA MnS producer for fulfilling a consumer’s analytics request with minimal further dialogue, using information received from at least one of the mobile network operator and the tenant.

Figure 10 illustrates example signalling that may be performed between a consumer 1001 (e.g. a tenant) , an IAD 1002, an MDA MnS function 1003, and an NWDAF 1004.

During 10001, the consumer 1001 signals a high-level analytics request to the IAD 1002. This high-level analytics request may be considered as an abstract request, or “fuzzy” request. In other words, a high-level analytics request indicates a simplified request that does not comprise detailed knowledge on what data is needed for the analytics to be performed. This means that the request may provide a general indication of the analytics to be provided. The request may be provided in the form of at least one intent.

During 10002, the IAD validates the received abstract request. For example, the IAD may validate at least trust relationship between the consumer 1001 and the MDA MnS function 1003 and/or the NWDAF 1004.

This validation may comprise several different actions. The following describes potential actions that may be performed.

First, the IAD 1002 may determine whether or not the requested data for analytics of 10001 is available, and/or in the process of being collected. When the requested data for analytics is already being collected, the status of data collection for the analytics may be determined (i.e. how far along in the analytics the process already is) . When the requested analytics is not already available, the second to fourth actions mentioned below may be performed.

Second, the IAD 1002 selects an MDA MnS producer instance from a plurality of MDA MnS function instances for providing the requested analytics of 10001. In the present example, MDA MnS function 1003 is selected. The selection may be performed, for example, in dependence on capabilities and constraints associated with MDA MnS function instances of the allocated network slice and in dependence on the trust relationship between the tenant and MDA MnS producer management domains. The selection may be performed, for example, in dependence on (i) the result of a domain name service request to ask for an Internet Protocol (IP) address for an MDA MnS producer, with a direct request to the MDA MnS producer to obtain the corresponding capabilities, and/or (ii) the result of asking a repository/itinerary at which MDA MnS functions are registered.

Third, the IAD 1002 may translate the received abstract request into a more defined form that is compliant with the MDA MnS function’s 1003 request requirements. The request requirements may comprise, for example, performance measurements of at least one a RAN and a core network comprised in the slice, configuration data for at least one of a RAN and a core network comprised in the slice, and/or topology data for at least one of a RAN and a core network comprised in the slice. To do this, the IAD 1002 may obtain the MDA MnS consumer’s request requirements, and use these obtained request requirements for determining how to format the abstract request and for determining whether more information is to be requested from the consumer for populating an analytics request to be sent to the MDA MnS function 1003 on behalf of the consumer. The MDA MnS function’s request requirements may be obtained by the IAD 1002 from an entity maintaining such information. For example, the IAD 1002 may obtain this information from integration fabric in ZSM.

Fourth, the IAD 1002 may verify how much data is to be collected from the mobile network operator premises for the purpose of analytics. For example, the data to be collected may relate to performance metrics and/or key performance indicators.

During 10003, the IAD 1002 and the consumer 1001 exchange data for making an analytics request, where the data exchanged is associated with the trust relationship (s) validated during 10002. This data exchange may be performed as part of a negotiation between the IAD 1002 and the consumer 1001. The negotiation may be implemented as synchronized or unsynchronized communication.

As part of this negotiation, the IAD may provide the capabilities and/or constraints of the selected MDA MnS producer instance to the consumer. The consumer may use this information to determine whether or not to proceed with the selected MDA MnS producer instance in dependence on the amount of data to be provided that the consumer 1001 will need to provide to the selected MDA MnS producer instance for the analytics to be performed and the level of privacy control to be applied to that provided data.

The IAD 1002 may further clarify what data is used and/or needed for those analytics to be performed so that the consumer may determine whether or not the consumer will provide any further data to fill any current gaps in information held by the IAD 1002.

The IAD 1002 may further provide assistance to the consumer by receiving potential missing input data from the consumer (such as, for example, data related to the consumers’ network functions and/or allocated resources) .

During 10004, the IAD applies privacy techniques on the consumer data received during 10003. The IAD may apply this only on data indicated as being sensitive data and/or on data that is commonly agreed as being sensitive data. The privacy techniques may be applied in dependence on the trust relationship’s requirement for confidentiality (e.g., low, medium, high, etc. ) .

During 10005, the IAD 1002 and the consumer 1001 exchange data to negotiate regarding what data is available for analytics and when.

During 10006, the IAD applies privacy techniques on the consumer data received during 10005. This may be as described above in relation to 10004. It is understood that steps 10005 and/or 10006 may be repeated as negotiations are performed.

At 10007, the IAD 1002 signals the MDA MnS producer/function 1003. This signalling of 10007 may be an instruction to compose an MDA request to signal the NWDAF 1004 for collecting analytics data. The signalling of 10007 may comprise an indication of executable actions for MDA MnS function 1003 that reflects an overall intent of the abstract request of 10001. In other words, the signalling of 10007 may comprise tactics and/or strategies for executing at least one objective of the abstract request of 10001.

During 10008, the NWDAF 1004 and the MDA MnS function 1003 exchange signalling. This signalling of 10008 may be result in the NWDAF 1004 providing the MDA MnS function 1003 with analytics data that was collected/collated in response to a request formed by the MDA MnS function 1003 in response to the signalling of 10007. The exchanged signalling may be a dialogue. The negotiation may be implemented as synchronized or unsynchronized communication.

During 10009, the MDA MnS function 1003 signals a report or notification to the IAD 1002. This report may comprise an analytics result. The analytics result may comprise at least one insight regarding the root cause of a problem in a network with which the consumer 1001 is associated.

During 10010, the IAD 1002 and the consumer 1001 exchange signalling. The exchanged signalling of 10010 may relate to a negotiation of recommended actions that may be effected in the network with which the consumer 1001 is associated. The recommended actions may be based on the analytics result received in the report of 10009. The consumer 1001 may subsequently implement at least one action for mitigating against an adverse network condition in dependence on the negotiated recommended actions that are adopted. The exchanged signalling may be a negotiation. The negotiation may be implemented as synchronized or unsynchronized communication.

The following provides an example of how the presently described techniques may be implemented in a specific scenario. However, it is understood that this is merely one example, and that the presently described principles may be applied to other scenarios.

In this example, it is assumed that an NSaaS has allowed a network slice exposure capability to an individual tenant (i.e., a consumer) . The tenant may own at least one network function in a network slice, such as, for example, an application function in the core network domain. This may be as enabled by GSMA NG 116, although it is understood that the presently described techniques are not limited to this type of network function. The network slice exposed to the tenant may share core network resources with other network slices, and the tenant may require high confidentiality for sensitive data. Whether or not data is considered to be sensitive data may be determined by at least one of a policy of the tenant and/or a policy of the core network in which the at least one network function owned by the tenant is located.

Initially, the tenant detects an unexpected resource usage in the network slice. This may be, for example, a sudden increase in computing and storage resources in a virtualization environment.

The tenant may detect this unexpected resource usage in response to an alert condition being raised. In other words, the tenant may detect this unexpected resource usage in response to receipt of an explicit indication that there is, or has been, an unexpected resource usage in the network slice. The tenant may detect this unexpected resource usage in response to comparing current performance metrics for the network slice to previous performance metrics for the network slice, and determining whether any deviation in those performance metrics exceeds a threshold amount. If there is a deviation that exceeds those threshold amounts, the tenant may determine that it has detected an unexpected resource usage.

As a result of this detection, the tenant suspects malicious behaviour and determines to investigate the root cause of the unexpected resource usage. To effect this, the tenant issues an analytics request to an IAD. This analytics request may indicate the desired service (e.g. ‘Analysis of increased resource usage in slice’ in the present case) . This analytics request may comprise an identifier for the slice in which the unexpected resource usage has been detected. This slice identifier may be, for example, a single-network slice selection assistance information (S-NSSAI) . The S-NSSAI is currently defined in TS 23.501.

Following receipt of the analytics request, the IAD checks a trust level/profile of the tenant management domain. The IAD may further check the MDAS MnS producer capabilities and/or constraints of the MDAS instances in the allocated network slice to process the issued analytics request while considering the topology information of the network slice from a management database e.g., inventory data. At least some of these checks may be performed, for example, by sending a request for this information directly to an MDA MnS producer, to a domain name system and/or to some other entity that stores such information relating to MDA MnS producers.

As an MDA MnS producer to be selected for the consumer/tenant needs to correlate and analyse the potential resource utilization issue based on current and historical performance data related to resource usage and network traffic from the core network domain, the IAD can discover at least one appropriate MDA MnS producer in the core network management domain by enquiring for capability information for potential MDA MnS producers from a management repository entity (which may be a proprietary mobile network operator entity) . As an alternative, the IAD may obtain an address (e.g. an Internet Protocol address) of at least one potential MDA MnS producer from a domain name server (DNS) , and explicitly enquire at least one potential MDA MnS producer to provide an indication of its capabilities in relation to such network slice analytics. This may be as described in TS 28.533.

The IAD may, having selected an MDA MnS producer for performing the requested analytics, determine that the tenant needs to provide additional data on the tenant’s NF in order for the selected MDA MnS producer to perform the requested analytics. The additional data may be, for example, data in relation to performance metrics and/or key performance indicators. As one possible example, performance measurements of the tenant’s at least one NF may be requests, as described in 3GPP TS 28.552.

When the IAD makes such a determination (i.e., that additional information is to be provided) , the IAD informs the tenant that additional data of at least one of the tenant’s NFs is required by the selected MDA MnS producer, and further identifies the additional data to be provided. In response to this signalling, the tenant may determine to transfer the data directly to the IAD, and/or to provide the IAD with an address of where the additional data may be obtained or otherwise collected. The address may be, for example, an Internet Protocol address.

As the MDA MnS function’s resources in the core network management domain are shared with other network slices that may belong to the same or different tenant, the IAD applies at least one privacy technique to the data being provided to the MDA MnS producer in order to meet a predetermined level of confidentiality of the performance data related to tenant’s network function. The predetermined level of confidentiality may be determined following negotiations with the consumer and/or following receipt of an indication from the consumer regarding the level of confidentiality to be applied. The predetermined level of confidentiality may be set in dependence on the type of data being provided and/or in dependence on the trust level the MDA MnS consumer has established with the MDA MnS producer. Where the predetermined level of confidentiality is a highest level of confidentially, the IAD anonymizes the address of the tenants’ network function.

The IAD may further check the needed data for the required analytics to be performed by the selected MDA MnS producer.

Subsequent to this, the IAD may negotiate with the tenant to determine a trade-off between a desired upper-bound latency for receiving the analytics report and the report quality, where the report quality may be increased by the MDA MnS function processing more input data. In this step the tenant and the IAD may negotiate between themselves regarding how much processing of tenant’s input data is needed by the MDA MnS producer (e.g., input data in relation to virtualized resource behaviour of tenant’s network function, such as described in 3GPP TS 28.552) and how much data is to be collected from the mobile network operator premises, such as, for example, performance measurements for an AMF, and/or an SMF, and/or a UPF, and/or throughput at an N3 interface. An N3 interface is an interface that connects an access point in the Radio Access Network (e.g. a gNB) to the UPF.

The IAD may further negotiate with the tenant in order to guarantee privacy protection for additional data provided by tenant e.g., through anonymization.

The IAD may further estimate when the analytics report can be ready according to the availability of resources and the availability of performance metrics and/or key performance indicators in the mobile network operator’s premises in order to perform this negotiation.

The IAD may further form and compose the analytics request following this negotiation. The IAD may signal the composed analytics request to the selected MDA MnS producer. The selected MDA MnS producer may be triggered to commission analytics in response to receipt of this composed analytics request. The IAD may assist the selected MDA MnS producer in the core network management domain to receive the input data from the tenant.

The MDA MnS producer may analyse the resource usage of the core network domain using the data agreed by the tenant during the tenant’s negotiation with the IAD. The selected MDA MnS producer may provide the results of its analysis to the IAD in the form of at least one analytics report. The analytics report may comprise an indication of the network entities identified by the MDA MnS producer as being involved in the resource utilization issue, an indication as to whether or not the resource utilisation issue is an ongoing issue that needs to be resolved and, when the indication indicates that the resource utilisation issue is an ongoing issue, the report or notification may further comprise at least one recommendations for resolving the issue. The indication may be explicit (i.e. via a separate field in the report) . The indication may be implicit (i.e. the provision of the at least one recommendation may indicate that it is an ongoing issue while the lack of provision of the at least one recommendation may indicate that it is not an ongoing issue) .

The recommended actions may be, for example, to schedule a "scale-in" and/or “scale-out” of virtualised network functions to dynamically reallocate the virtualized resources to where they are needed, and/or to create the resource allocation policy and/or to update the resource allocation policy. A “scale-in” may be considered to be an action of reducing equivalently used functional components in parallel i.e. to reduce to number of parallel resources to account for an anticipated or actual reduction in load. A “scale-out” may be considered to be an action of increasing equivalently used functional components in parallel i.e. to increase the number of parallel resources to account for an anticipated or actual increase in load.

The IAD may take actions in response to at least one of the at least one recommendation comprised in the report. For example, the IAD may take actions that are based on the at least one recommendation comprised in the report. As another example, the IAD may analyse a result of the root cause investigation provided via the report and the proposed at least one recommendation, and propose alternative recommendations to be performed to address the root cause. These alternative recommendations may be selected in dependence on the current context. For example, the IAD may propose alternative recommendations to be performed to address the identified root cause in dependence on whether an increased resource usage of NF is determined to indicate the presence of malicious behaviour in the network due to a security attack.

The IAD may take these actions following further dialogue and/or negotiation with the tenant. This further dialogue and/or negotiation may be, for example, to investigate the root cause for potential security issue of network function which causes exhaustive resource usage.

As indicated above, the IAD may be implanted in at least one of the CNS and/or MDA-related functions for 5G network and network slice management and automation (including security management and orchestration) .

Figures 11 and 12 are flow charts illustrating potential operations that may be performed by apparatus described above. They may therefore be considered as illustrating specific aspects of the above examples.

Figure 11 illustrates operations that may be performed by an apparatus for a mediation function. The mediation function may be an IAD.

At 1101, the apparatus receives, from a client, a first request for analytics to be performed in respect of a network slice comprising at least one network function. The client may be the client described below in relation to Figure 12. The client may be a communication service consumer. The client may be an MDA MnS consumer. The first request for analytics may relate to a request for determining a root cause analysis for a failure event detected by the client.

At 1102, the apparatus determines a management data analytics service instance associated with the network slice for providing at least part of said analytics.

At 1103, the apparatus determines at least one data requirement of the selected management data analytics service instance for performing the analytics, wherein the at least one data requirement comprises a data requirement regarding the at least one network function. The data requirement may relate to a type and/or amount of data required by the selected management data analytics service instance for performing the analytics.

At 1104, the apparatus negotiates with the client to obtain data from the client for fulfilling the data requirement regarding the at least one network function. This negotiating may comprise a signalling and a receiving step. For example, this negotiating may comprise: signalling, to the client, an indication of at least one capability and/or constraint of the selected management data analytics service instance for performing the requested analytics in respect of the network slice; and receiving the obtained data from the client, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance.

At 1105, the apparatus may signal, to the selected management data analytics service instance, a second request for analytics to be performed in respect of the network slice, the second request comprising an indication of the at least part of said analytics to be performed by the selected management data analytics service instance. This second request may comprise a more specific and/or defined form of the first request. For example, the first request may be made in the form of an intent, and the second request may be in the form of more definite instructions for fulfilling the intent, and/or comprise a less abstract intent than that comprised in the first intent.

The apparatus may form the second request by selecting the indication of the at least part of said analytics to be performed by the selected management data analytics service instance in dependence on the first analytics request and at least one capability and/or constraint of the selected management data analytics service instance.

To this effect, the apparatus may determine at least one intent associated with the first analytics request and determine the at least one capability and/or constraint using the determined at least one intent.

At 1106, the apparatus provides said obtained data to the selected management data analytics service instance.

At 1107, the apparatus receives, from the selected management data analytics service instance, an analytics report and/or analytics notification comprising at least one indication of a root cause of an error associated with the network slice. The at least one indication of the root cause may identify a specific root cause when IAD functionality is comprised in the selected management data analytics service instance. The at least one indication of the root cause may be information that is usable by the mediation function for identifying a root cause of the error regardless of whether or not the selected management data analytics service instance comprises IAD functionality.

The apparatus may coordinate with the client to determine actions for mitigating against the effects of said error using the received at least one indication of the root cause. The determined actions may subsequently be implemented and/or be caused to be implemented by the client. When the at least one indication of the root cause comprises a proposed action, the client may be caused to implement the proposed action as part of the determined actions. When the at least one indication of the root cause comprises a proposed action, the client may be caused to not implement the proposed action as part of the determined actions (i.e. the client may be caused to implement other actions) . The determined actions may be determined following a dialogue/negotiation between the client and the mediation function.

The apparatus may determine a trust level associated with a management domain of the client, wherein said selecting the management data analytics service instance comprises selecting the management data analytics service instance using the determined trust level.

When said data of a first type comprises data associated with a first level of confidentiality, and said performing said at least one privacy technique may comprise: selecting said at least one privacy technique in dependence on said first level of confidentiality; and applying said selected at least one privacy technique to the data of a first type.

Figure 12 illustrates potential operations that may be performed for a client. The client may be configured to interact with the apparatus of Figure 11, and be the “client” referred to in relation to that Figure.

At 1201, the apparatus signals, to a mediation function (e.g. the mediation function of Figure 11) , a first request for analytics to be performed in respect of a network slice comprising at least one network function.

At 1202, the apparatus negotiates with the mediation function to obtain data from the client for fulfilling the data requirement regarding the at least one network function. This may be performed by: receiving, from the mediation function, an indication of at least one capability and/or constraint of a selected management data analytics service instance for performing the requested analytics in respect of the network slice; and negotiating the obtained data using said indication as an initial offer, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance. The obtained data is provided to the mediation function.

The apparatus may coordinate with the mediation function to determine actions for mitigating against the effects of a root cause of an error associated with the network slice, wherein the root cause is identified in response to said signalling of the first analytics request. The apparatus may implement at least one of the determined actions. This may be as described above in relation to Figure 11.

The apparatus may provide the mediation function with a trust level associated with a management domain of the client.

The apparatus may detect a failure event associated with said network slice, wherein said signalling the first request is performed in response to the failure event being detected.

The apparatus may comprise at least one intent in the first request for analytics. This may be as described above in relation to Figure 11.

It is understood that references throughout the present application to entities that “interface” with other entities may also be read as those entities allowing direct signalling to be performed in at least one direction between the interfacing entities. In other words, if entity A and entity B each interface with entity C while entity A and B do not interface with each other, then direct signalling in at least one direction may be performed between entity A and entity C and between entity B and entity C, and direct signalling may not be performed between entity A and entity B.

Figure 2 shows an example of a control apparatus for a communication system, for example to be coupled to and/or for controlling a station of an access system, such as a RAN node, e.g. a base station, gNB, a central unit of a cloud architecture or a node of a core network such as an MME or S-GW, a scheduling entity such as a spectrum management entity, or a server or host, for example an apparatus hosting an NRF, NWDAF, AMF, SMF, UDM/UDR etc. The control apparatus may be integrated with or external to a node or module of a core network or RAN. In some embodiments, base stations comprise a separate control apparatus unit or module. In other embodiments, the control apparatus can be another network element such as a radio network controller or a spectrum controller. The control apparatus 200 can be arranged to provide control on communications in the service area of the system. The apparatus 200 comprises at least one memory 201, at least one

data processing unit

202, 203 and an input/output interface 204. Via the interface the control apparatus can be coupled to a receiver and a transmitter of the apparatus. The receiver and/or the transmitter may be implemented as a radio front end or a remote radio head. For example, the control apparatus 200 or processor 201 can be configured to execute an appropriate software code to provide the control functions.

A possible wireless communication device will now be described in more detail with reference to Figure 3 showing a schematic, partially sectioned view of a communication device 300. Such a communication device is often referred to as user equipment (UE) or terminal. An appropriate mobile communication device may be provided by any device capable of sending and receiving radio signals. Non-limiting examples comprise a mobile station (MS) or mobile device such as a mobile phone or what is known as a ’s mart phone’, a computer provided with a wireless interface card or other wireless interface facility (e.g., USB dongle) , personal data assistant (PDA) or a tablet provided with wireless communication capabilities, or any combinations of these or the like. A mobile communication device may provide, for example, communication of data for carrying communications such as voice, electronic mail (email) , text message, multimedia and so on. Users may thus be offered and provided numerous services via their communication devices. Non-limiting examples of these services comprise two-way or multi-way calls, data communication or multimedia services or simply an access to a data communications network system, such as the Internet. Users may also be provided broadcast or multicast data. Non-limiting examples of the content comprise downloads, television and radio programs, videos, advertisements, various alerts and other information.

A wireless communication device may be for example a mobile device, that is, a device not fixed to a particular location, or it may be a stationary device. The wireless device may need human interaction for communication, or may not need human interaction for communication. In the present teachings the terms UE or “user” are used to refer to any type of wireless communication device.

The wireless device 300 may receive signals over an air or radio interface 307 via appropriate apparatus for receiving and may transmit signals via appropriate apparatus for transmitting radio signals. In Figure 3 transceiver apparatus is designated schematically by block 306. The transceiver apparatus 306 may be provided for example by means of a radio part and associated antenna arrangement. The antenna arrangement may be arranged internally or externally to the wireless device.

A wireless device is typically provided with at least one data processing entity 301, at least one memory 302 and other possible components 303 for use in software and hardware aided execution of tasks it is designed to perform, including control of access to and communications with access systems and other communication devices. The data processing, storage and other relevant control apparatus can be provided on an appropriate circuit board and/or in chipsets. This feature is denoted by reference 304. The user may control the operation of the wireless device by means of a suitable user interface such as keypad 305, voice commands, touch sensitive screen or pad, combinations thereof or the like. A display 308, a speaker and a microphone can be also provided. Furthermore, a wireless communication device may comprise appropriate connectors (either wired or`wireless) to other devices and/or for connecting external accessories, for example hands-free equipment, thereto.

Figure 4 shows a schematic representation of non-volatile memory media 400a (e.g. computer disc (CD) or digital versatile disc (DVD) ) and 400b (e.g. universal serial bus (USB) memory stick) storing instructions and/or parameters 402 which when executed by a processor allow the processor to perform one or more of the steps of the methods of Figure 11 and/or Figure 12.

The embodiments may thus vary within the scope of the attached claims. In general, some embodiments may be implemented in hardware or special purpose circuits, software, logic or any combination thereof. For example, some aspects may be implemented in hardware, while other aspects may be implemented in firmware or software which may be executed by a controller, microprocessor or other computing device, although embodiments are not limited thereto. While various embodiments may be illustrated and described as block diagrams, flow charts, or using some other pictorial representation, it is well understood that these blocks, apparatus, systems, techniques or methods described herein may be implemented in, as non-limiting examples, hardware, software, firmware, special purpose circuits or logic, general purpose hardware or controller or other computing devices, or some combination thereof.

The embodiments may be implemented by computer software stored in a memory and executable by at least one data processor of the involved entities or by hardware, or by a combination of software and hardware. Further in this regard it should be noted that any procedures, e.g., as in Figure 11 and/or Figure 12, may represent program steps, or interconnected logic circuits, blocks and functions, or a combination of program steps and logic circuits, blocks and functions. The software may be stored on such physical media as memory chips, or memory blocks implemented within the processor, magnetic media such as hard disk or floppy disks, and optical media such as for example DVD and the data variants thereof, CD.

The memory may be of any type suitable to the local technical environment and may be implemented using any suitable data storage technology, such as semiconductor-based memory devices, magnetic memory devices and systems, optical memory devices and systems, fixed memory and removable memory. The data processors may be of any type suitable to the local technical environment, and may include one or more of general purpose computers, special purpose computers, microprocessors, digital signal processors (DSPs) , application specific integrated circuits (AStudy ItemC) , gate level circuits and processors based on multi-core processor architecture, as non-limiting examples.

Alternatively or additionally, some embodiments may be implemented using circuitry. The circuitry may be configured to perform one or more of the functions and/or method steps previously described. That circuitry may be provided in the base station and/or in the communications device.

As used in this application, the term “circuitry” may refer to one or more or all of the following:

(a) hardware-only circuit implementations (such as implementations in only analogue and/or digital circuitry) ;

(b) combinations of hardware circuits and software, such as:

(i) a combination of analogue and/or digital hardware circuit (s) with software/firmware and

(ii) any portions of hardware processor (s) with software (including digital signal processor (s) ) , software, and memory (ies) that work together to cause an apparatus, such as the communications device or base station to perform the various functions previously described; and

(c) hardware circuit (s) and or processor (s) , such as a microprocessor (s) or a portion of a microprocessor (s) , that requires software (e.g., firmware) for operation, but the software may not be present when it is not needed for operation.

This definition of circuitry applies to all uses of this term in this application, including in any claims. As a further example, as used in this application, the term circuitry also covers an implementation of merely a hardware circuit or processor (or multiple processors) or portion of a hardware circuit or processor and its (or their) accompanying software and/or firmware. The term circuitry also covers, for example integrated device.

The foregoing description has provided by way of exemplary and non-limiting examples a full and informative description of some embodiments. However, various modifications and adaptations may become apparent to those skilled in the relevant arts in view of the foregoing description, when read in conjunction with the accompanying drawings and the appended claims. However, all such and similar modifications of the teachings will still fall within the scope as defined in the appended claims.

In the above, different examples are described using, as an example of an access architecture to which the presently described techniques may be applied, a radio access architecture based on long term evolution advanced (LTE Advanced, LTE-A) or new radio (NR, 5G) , without restricting the examples to such an architecture, however. The examples may also be applied to other kinds of communications networks having suitable means by adjusting parameters and procedures appropriately. Some examples of other options for suitable systems are the universal mobile telecommunications system (UMTS) radio access network (UTRAN) , wireless local area network (WLAN or WiFi) , worldwide interoperability for microwave access (WiMAX) ,

personal communications services (PCS) ,

wideband code division multiple access (WCDMA) , systems using ultra-wideband (UWB) technology, sensor networks, mobile ad-hoc networks (MANETs) and Internet Protocol multimedia subsystems (IMS) or any combination thereof.

Figure 5 depicts examples of simplified system architectures only showing some elements and functional entities, all being logical units, whose implementation may differ from what is shown. The connections shown in Figure 5 are logical connections; the actual physical connections may be different. It is apparent to a person skilled in the art that the system typically comprises also other functions and structures than those shown in Figure 5.

The examples are not, however, restricted to the system given as an example but a person skilled in the art may apply the solution to other communication systems provided with necessary properties.

The example of Figure 5 shows a part of an exemplifying radio access network. For example, the radio access network may support sidelink communications described below in more detail.

Figure 5 shows

devices

500 and 502. The

devices

500 and 502 are configured to be in a wireless connection on one or more communication channels with a node 504, with the device 502 being shown as being able to be configured to communicate with node 504 at least one of directly and/or indirectly (e.g. via a relay satellite 516) . The node 504 is further connected to a core network 506. In one example, the node 504 may be an access node such as (e/g) NodeB serving devices in a cell. In one example, the node 504 may be a non-3GPP access node. The physical link from a device to a (e/g) NodeB is called uplink or reverse link and the physical link from the (e/g) NodeB to the device is called downlink or forward link. It should be appreciated that (e/g) NodeBs or their functionalities may be implemented by using any node, host, server or access point etc. entity suitable for such a usage.

A communications system typically comprises more than one (e/g) NodeB in which case the (e/g) NodeBs may also be configured to communicate with one another over links, wired or wireless, designed for the purpose. These links may be used for signalling purposes. The (e/g) NodeB is a computing device configured to control the radio resources of communication system it is coupled to. The NodeB may also be referred to as a base station, an access point or any other type of interfacing device including a relay station capable of operating in a wireless environment. The (e/g) NodeB includes or is coupled to transceivers. From the transceivers of the (e/g) NodeB, a connection is provided to an antenna unit that establishes bi-directional radio links to devices. The antenna unit may comprise a plurality of antennas or antenna elements. The (e/g) NodeB is further connected to the core network 506 (CN or next generation core NGC) . Depending on the deployed technology, the (e/g) NodeB is connected to a serving and packet data network gateway (S-GW +P-GW) or user plane function (UPF) , for routing and forwarding user data packets and for providing connectivity of devices to one or more external packet data networks, and to a mobile management entity (MME) or access mobility management function (AMF) , for controlling access and mobility of the devices.

Examples of a device are a subscriber unit, a user device, a user equipment (UE) , a user terminal, a terminal device, a mobile station, a mobile device, etc

The device typically refers to a mobile or static device (e.g. a portable or non-portable computing device) that includes wireless mobile communication devices operating with or without an universal subscriber identification module (USIM) , including, but not limited to, the following types of devices: mobile phone, smartphone, personal digital assistant (PDA) , handset, device using a wireless modem (alarm or measurement device, etc. ) , laptop and/or touch screen computer, tablet, game console, notebook, and multimedia device. It should be appreciated that a device may also be a nearly exclusive uplink only device, of which an example is a camera or video camera loading images or video clips to a network. A device may also be a device having capability to operate in Internet of Things (IoT) network which is a scenario in which objects are provided with the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction, e.g. to be used in smart power grids and connected vehicles. The device may also utilise cloud. In some applications, a device may comprise a user portable device with radio parts (such as a watch, earphones or eyeglasses) and the computation is carried out in the cloud.

The device illustrates one type of an apparatus to which resources on the air interface are allocated and assigned, and thus any feature described herein with a device may be implemented with a corresponding apparatus, such as a relay node. An example of such a relay node is a layer 3 relay (self-backhauling relay) towards the base station. The device (or, in some examples, a layer 3 relay node) is configured to perform one or more of user equipment functionalities.

Various techniques described herein may also be applied to a cyber-physical system (CPS) (asystem of collaborating computational elements controlling physical entities) . CPS may enable the implementation and exploitation of massive amounts of interconnected information and communications technology, ICT, devices (sensors, actuators, processors microcontrollers, etc. ) embedded in physical objects at different locations. Mobile cyber physical systems, in which the physical system in question has inherent mobility, are a subcategory of cyber-physical systems. Examples of mobile physical systems include mobile robotics and electronics transported by humans or animals.

Additionally, although the apparatuses have been depicted as single entities, different units, processors and/or memory units (not all shown in Figure 5) may be implemented.

5G enables using multiple input –multiple output (MIMO) antennas, many more base stations or nodes than the LTE (aso-called small cell concept) , including macro sites operating in co-operation with smaller stations and employing a variety of radio technologies depending on service needs, use cases and/or spectrum available. 5G mobile communications supports a wide range of use cases and related applications including video streaming, augmented reality, different ways of data sharing and various forms of machine type applications (such as (massive) machine-type communications (mMTC) , including vehicular safety, different sensors and real-time control) . 5G is expected to have multiple radio interfaces, e.g. below 6GHz or above 24 GHz, cmWave and mmWave, and also being integrable with existing legacy radio access technologies, such as the LTE. Integration with the LTE may be implemented, at least in the early phase, as a system, where macro coverage is provided by the LTE and 5G radio interface access comes from small cells by aggregation to the LTE. In other words, 5G is planned to support both inter-RAT operability (such as LTE-5G) and inter-RI operability (inter-radio interface operability, such as below 6GHz –cmWave, 6 or above 24 GHz –cmWave and mmWave) . One of the concepts considered to be used in 5G networks is network slicing in which multiple independent and dedicated virtual sub-networks (network instances) may be created within the same infrastructure to run services that have different requirements on latency, reliability, throughput and mobility.

The current architecture in LTE networks is fully distributed in the radio and fully centralized in the core network. The low latency applications and services in 5G require to bring the content close to the radio which leads to local break out and multi-access edge computing (MEC) . 5G enables analytics and knowledge generation to occur at the source of the data. This approach requires leveraging resources that may not be continuously connected to a network such as laptops, smartphones, tablets and sensors. MEC provides a distributed computing environment for application and service hosting. It also has the ability to store and process content in close proximity to cellular subscribers for faster response time. Edge computing covers a wide range of technologies such as wireless sensor networks, mobile data acquisition, mobile signature analysis, cooperative distributed peer-to-peer ad hoc networking and processing also classifiable as local cloud/fog computing and grid/mesh computing, dew computing, mobile edge computing, cloudlet, distributed data storage and retrieval, autonomic self-healing networks, remote cloud services, augmented and virtual reality, data caching, Internet of Things (massive connectivity and/or latency critical) , critical communications (autonomous vehicles, traffic safety, real-time analytics, time-critical control, healthcare applications) .

The communication system is also able to communicate with other networks 512, such as a public switched telephone network, or a VoIP network, or the Internet, or a private network, or utilize services provided by them. The communication network may also be able to support the usage of cloud services, for example at least part of core network operations may be carried out as a cloud service (this is depicted in Figure 5 by “cloud” 514) . This may also be referred to as Edge computing when performed away from the core network. The communication system may also comprise a central control entity, or a like, providing facilities for networks of different operators to cooperate for example in spectrum sharing.

The technology of Edge computing may be brought into a radio access network (RAN) by utilizing network function virtualization (NFV) and software defined networking (SDN) . Using the technology of edge cloud may mean access node operations to be carried out, at least partly, in a server, host or node operationally coupled to a remote radio head or base station comprising radio parts. It is also possible that node operations will be distributed among a plurality of servers, nodes or hosts. Application of cloudRAN architecture enables RAN real time functions being carried out at or close to a remote antenna site (in a distributed unit, DU 508) and non-real time functions being carried out in a centralized manner (in a centralized unit, CU 510) .

It should also be understood that the distribution of labour between core network operations and base station operations may differ from that of the LTE or even be non-existent. Some other technology advancements probably to be used are Big Data and all-IP, which may change the way networks are being constructed and managed. 5G (or new radio, NR) networks are being designed to support multiple hierarchies, where Edge computing servers can be placed between the core and the base station or nodeB (gNB) . One example of Edge computing is MEC, which is defined by the European Telecommunications Standards Institute. It should be appreciated that MEC (and other Edge computing protocols) can be applied in 4G networks as well.

5G may also utilize satellite communication to enhance or complement the coverage of 5G service, for example by providing backhauling. Possible use cases are providing service continuity for machine-to-machine (M2M) or Internet of Things (IoT) devices or for passengers on board of vehicles, Mobile Broadband, (MBB) or ensuring service availability for critical communications, and future railway/maritime/aeronautical communications. Satellite communication may utilise geostationary earth orbit (GEO) satellite systems, but also low earth orbit (LEO) satellite systems, in particular mega-constellations (systems in which hundreds of (nano) satellites are deployed) . Each satellite in the mega-constellation may cover several satellite-enabled network entities that create on-ground cells. The on-ground cells may be created through an on-ground relay node or by a gNB located on-ground or in a satellite.

It is obvious for a person skilled in the art that the depicted system is only an example of a part of a radio access system and in practice, the system may comprise a plurality of (e/g) NodeBs, the device may have an access to a plurality of radio cells and the system may comprise also other apparatuses, such as physical layer relay nodes or other network elements, etc. At least one of the (e/g) NodeBs or may be a Home (e/g) nodeB. Additionally, in a geographical area of a radio communication system a plurality of different kinds of radio cells as well as a plurality of radio cells may be provided. Radio cells may be macro cells (or umbrella cells) which are large cells, usually having a diameter of up to tens of kilometers, or smaller cells such as micro-, femto-or picocells. The (e/g) NodeBs of Figure 5 may provide any kind of these cells. A cellular radio system may be implemented as a multilayer network including several kinds of cells. Typically, in multilayer networks, one access node provides one kind of a cell or cells, and thus a plurality of (e/g) NodeBs are required to provide such a network structure.

For fulfilling the need for improving the deployment and performance of communication systems, the concept of “plug-and-play” (e/g) NodeBs has been introduced. Typically, a network which is able to use “plug-and-play” (e/g) Node Bs, includes, in addition to Home (e/g) NodeBs (H (e/g) nodeBs) , a home node B gateway, or HNB-GW (not shown in Figure 5) . A HNB Gateway (HNB-GW) , which is typically installed within an operator’s network may aggregate traffic from a large number of HNBs back to a core network.

Claims

An apparatus for a mediation function, the apparatus comprising means for:

receiving, from a client, a first request for analytics to be performed in respect of a network slice comprising at least one network function;

determining a management data analytics service instance associated with the network slice for providing at least part of said analytics;

determining at least one data requirement of the selected management data analytics service instance for performing the analytics, wherein the at least one data requirement comprises a data requirement regarding the at least one network function;

negotiating with the client to obtain data from the client for fulfilling the data requirement regarding the at least one network function by:

signalling, to the client, an indication of at least one capability and/or constraint of the selected management data analytics service instance for performing the requested analytics in respect of the network slice; and

receiving the obtained data from the client, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance;

signalling, to the selected management data analytics service instance, a second request for analytics to be performed in respect of the network slice, the second request comprising an indication of at the at least part of said analytics to be performed by the selected management data analytics service instance;

providing said obtained data to the selected management data analytics service instance; and

receiving, from the selected management data analytics service instance, an analytics report and/or analytics notification comprising at least one indication of a root cause of an error associated with the network slice.
An apparatus as claimed in claim 1, comprising means for coordinating with the client to determine actions for mitigating against the effects of said error using the received at least one indication of the root cause.
An apparatus as claimed in claim 1, comprising means for:

determining a trust level associated with a management domain of the client, wherein said means for selecting the management data analytics service instance comprises means for selecting the management data analytics service instance using the determined trust level.
An apparatus as claimed in claim 3 wherein the means for providing said obtained data to the selected management data analytics service instance comprises means for:

determining at least part of said obtained data relates to data of a first type;

determining that the trust level specifies at least one privacy technique is to be applied to said data of a first type;

performing said at least one privacy technique on said data of a first type to form privatised obtained data; and

providing the privatised obtained data to the selected management data analytics service instance.
An apparatus as claimed in claim 4, wherein said data of a first type comprises data associated with a first level of confidentiality, and wherein said means for performing said at least one privacy technique comprises means for:

selecting said at least one privacy technique in dependence on said first level of confidentiality; and

applying said selected at least one privacy technique to the data of a first type.
An apparatus as claimed in any of claims 3 to 5, wherein the means for determining the trust level comprises means for:

receiving information usable for identifying the trust level of management domain of the client from at least one of: the client; the selected management data analytics service instance; and/or a trust function configured to maintain information related to trust levels between different apparatuses and/or functions; and

determining the trust level from the received information.
An apparatus as claimed in any preceding claim, comprising means for forming the second request by:

selecting the indication of the at least part of said analytics to be performed by the selected management data analytics service instance in dependence on the first analytics request and at least one capability and/or constraint of the selected management data analytics service instance.
An apparatus as claimed in claim 7, comprising means for:

determining at least one intent associated with the first analytics request; and

determining the at least one capability and/or constraint using the determined at least one intent.
An apparatus for a client, the apparatus comprising means for:

signalling, to a mediation function, a first request for analytics to be performed in respect of a network slice comprising at least one network function; and

negotiating with the mediation function to obtain data from the client for fulfilling the data requirement regarding the at least one network function by:

receiving, from the mediation function, an indication of at least one capability and/or constraint of a selected management data analytics service instance for performing the requested analytics in respect of the network slice; and

negotiating the obtained data using said indication as an initial offer, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance.
An apparatus as claimed in claim 9, comprising means for:

coordinating with the mediation function to determine actions for mitigating against the effects of a root cause of an error associated with the network slice, wherein the root cause is identified in response to said signalling of the first analytics request; and

implementing at least one of the determined actions.
An apparatus as claimed in any of claims 9 to 10, comprising means for providing the mediation function with a trust level associated with a management domain of the client.
An apparatus as claimed in any of claims 9 to 11, comprising means for detecting a failure event associated with said network slice, wherein said signalling the first request is performed in response to the failure event being detected.
An apparatus as claimed in any of claims 9 to 12, comprising means for comprising at least one intent in the first request for analytics.
An apparatus as claimed in any preceding claim, wherein the first request for analytics relates to a request for determining a root cause analysis for a failure event detected by the client.
A method for an apparatus for a mediation function, the method comprising:

receiving, from a client, a first request for analytics to be performed in respect of a network slice comprising at least one network function;

determining a management data analytics service instance associated with the network slice for providing at least part of said analytics;

determining at least one data requirement of the selected management data analytics service instance for performing the analytics, wherein the at least one data requirement comprises a data requirement regarding the at least one network function;

negotiating with the client to obtain data from the client for fulfilling the data requirement regarding the at least one network function by;

signalling, to the client, an indication of at least one capability and/or constraint of the selected management data analytics service instance for performing the requested analytics in respect of the network slice; and

receiving the obtained data from the client, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance;

signalling, to the selected management data analytics service instance, a second request for analytics to be performed in respect of the network slice, the second request comprising an indication of at the at least part of said analytics to be performed by the selected management data analytics service instance;

providing said obtained data to the selected management data analytics service instance; and

receiving, from the selected management data analytics service instance, an analytics report and/or analytics notification comprising at least one indication of a root cause of an error associated with the network slice.
A method for an apparatus for a client, the method comprising:

signalling, to a mediation function, a first request for analytics to be performed in respect of a network slice comprising at least one network function; and

negotiating with the mediation function to obtain data from the client for fulfilling the data requirement regarding the at least one network function by:

receiving, from the mediation function, an indication of at least one capability and/or constraint of a selected management data analytics service instance for performing the requested analytics in respect of the network slice; and

negotiating the obtained data using said indication as an initial offer, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance.
A computer program product that, when run on an apparatus for a mediation function, causes the apparatus to perform:

receiving, from a client, a first request for analytics to be performed in respect of a network slice comprising at least one network function;

determining a management data analytics service instance associated with the network slice for providing at least part of said analytics;

determining at least one data requirement of the selected management data analytics service instance for performing the analytics, wherein the at least one data requirement comprises a data requirement regarding the at least one network function;

negotiating with the client to obtain data from the client for fulfilling the data requirement regarding the at least one network function by;

signalling, to the client, an indication of at least one capability and/or constraint of the selected management data analytics service instance for performing the requested analytics in respect of the network slice; and

receiving the obtained data from the client, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance;

signalling, to the selected management data analytics service instance, a second request for analytics to be performed in respect of the network slice, the second request comprising an indication of at the at least part of said analytics to be performed by the selected management data analytics service instance;

providing said obtained data to the selected management data analytics service instance; and

receiving, from the selected management data analytics service instance, an analytics report and/or analytics notification comprising at least one indication of a root cause of an error associated with the network slice.
A computer program product that, when run on an apparatus for a client, causes the apparatus to perform:

signalling, to a mediation function, a first request for analytics to be performed in respect of a network slice comprising at least one network function; and

negotiating with the mediation function to obtain data from the client for fulfilling the data requirement regarding the at least one network function by:

receiving, from the mediation function, an indication of at least one capability and/or constraint of a selected management data analytics service instance for performing the requested analytics in respect of the network slice; and

negotiating the obtained data using said indication as an initial offer, wherein the obtained data is compliant with said at least one capability and/or constraint of the selected management data analytics service instance.