Deploying Access for 3G and 4G Mobile Networks

SP WiFi: Deploying Access for 3G and 4G
Mobile Networks
Cisco Plus Canada

BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

Session Agenda
Outline and Key Takeaways

 Why SP Wifi?

 What are the Requirements?

 Components of an End-to-End Solution

 Mobile Packet Core Integration

 Call flows for typical deployments

 Case Study

 Summary and Key Takeaways


SP WiFi: Addressing Service Provider Challenges
Growth in Mobile
Data: 26x over 5
years

180% increase in Lack of spectrum and
signalling traffic due to inability to rapidly
• Easy Connectivity smartphones increase # cell sites

• Seamless • Deployment
Authentication Complexity
• Session continuity • Consistent user
• Application Economics of indoor
experience
offload and small cell
transparency systems
A shift from outdoor
consumption to indoor

WiFi already used to
support >30% of US
smartphone usage

BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Double pressure on SP economics
Illustrative Results for large European Mobile Operator

Network implications of
exponential data traffic
growth

Decline in voice revenues
and difficulty in monetizing
data traffic

Source: IBSG Research & Economics Practice, 2011

Doing nothing is not an option
Illustrative Results for a Large European Operator
Cash Flow From Operations Financial Metrics

Source: IBSG Research & Economics Practice, 2011


Drivers For Change: Scaling Supply
Delivering 26 fold increase in Supply

 Service usage growing unchecked

 Macrocell capacity growth cannot 26x
Growth
keep up with demand
Macrocell
1000 Capacity
 Licensed spectrum availability not
growing to meet demand 100
Average
Macrocell
Efficiency

Growth
 Smaller Cells are needed to scale Spectrum
10
supply efficiently & economically
Source: Agilent

 Licensed and Unlicensed Spectrum 1
1990 1995 2000 2005 2010 2015
will need to be exploited


Why Small Cells?
Drivers for Deploying Service Provider WiFi Spectrum
(5MHz vs 10,20 MHz)
Multiple carriers
 Meet Subscriber Demand
‒ Increased coverage and service ubiquity
‒ Higher Speed enabling richer applications Footprint Efficiency
(#cells/m ) (Bits/Hz, backhaul
 High Volume Low Cost Technology Small Cells BW)
3G to HSPA to LTE

‒ SP WiFi is to Mobile (3G/4G) as Carrier
Ethernet is to Wired (SDH/PDH)
Macro
 Licensed Spectrum Availability
‒ Not growing to meet demand
 Hierarchical Network Approach
‒ Macro cells & small cells
Consumer Business Community


SP WiFi Vision: End user perspective
Cellular Mobility Experience on Wi-Fi

Cellular Wi-Fi
Example: GSM Phone Example: iPhone

Turn on phone and get secure cellular connectivity Turn on phone and get secure Wi-Fi connectivity

• Roaming anywhere – no logins or passwords
• Automatic Network Selection
• Access anywhere with my profile & services

SP WiFi Vision: Cisco Perspective
WiFi Service Requirements

Ubiquitous Access Common Seamless Unified
Authentication Services Control
• Automatic service • SIM credentials • Monetization • Traffic path selection
advertisement • Non-SIM credentials opportunities • Billing
• Automatic network • Single AAA • QoS
• Consistent services
selection infrastructure
• Session persistence • Quota mgmt
• Roaming
• Inter-access mobility • Wholesale/Roaming • “One Subscriber”

Carrier Class Solution for MNOs, MSOs and Hotspot Providers

SP WiFi
One Access Technology, Many Deployment Models
No SP involvement. User driven offload via
Uncontrolled
unmanaged device.

Home/Soho Dual SSID SP provides dual SSID home device.
(Community) Private and public (community) SSID

SP installed and managed hot spots in Malls,
Hot Spot / Hot Zone
restaurants, Hotels,…

SP installed and managed hot spots in high density
High Density Wireless
user areas (stadiums,..)

SP install and manages outdoor Wi-Fi for large
Metro / Mesh
dense urban areas coverage
1001110100100100010

Enterprise Guest Access Enterprise Guest Access managed by SP

SP WiFi
Key Requirements
Manageability, Network Reliability and Availability
Carrier Grade 100s of thousands of APs ; Millions (residential);
Millions of Clients

Radio differentiation, Link Budgets, Beamforming, MIMO
Radio Performance
Interference Management, Radio Resource Management

Seamless authentication and Fast Roaming/Handoff
Mobility
Wi-Fi to Wi-Fi (inter and intra-vendor), 3G/4G to Wi-Fi

Seamless roaming (with little or no user intervention)
Roaming
Support home and “visited” network scenarios

Critical to support Multi-vendor solution
Standards Compliant
3GPP compliance important to MNOs1001110100100100010

Common Billing, Policy and Subscriber Management
Integration Leverage MPC/EPC for Wi-Fi network
Parental Control / Lawful Intercept / Local Breakout

Components of an End-to-End Solution

SP WiFi Functional Architecture
WLC Transparent
aggregation

IPSG
L3

Policy Enforcement
AP/ PMIPv6
MAG

Subscriber
LMA

L3
PMIPv6
AP= Access Point AP
MAG=Mobility Access Gateway

MAG
WLC= Wireless LAN controller GTP

Policy Enforcement
LMA= Local Mobility Anchor
LMA
GTP= GPRS Tunneling Protocol WLC/

Subscriber
IPSG= IP Services Gateway AP
EWAG= Enhanced Wireless Access
MAG GTP P-GW
Gateway
L2 GTP Or GGSN
L3

PMIP= Proxy Mobile IP (v6) 802.1Q
UE= User Entity (mobile terminal)
AP IPSe L3

L3
c

802.1Q
AP WLC EWAG
IPSec Intelligent Internet
UE aggregation

Access Aggregation Core

End-to-End SP WiFi Integration with Roaming
Enhanced WiFi Access Gateway (EWAG) MNO Visited Network
MNO Home Network
Policy
Policy HLR OCS PCRF CGF
DHCP AAA Portal

Key Capabilities: AP
GGSN Gy Gx Ga

 MPC Integration WLC
P-GW
AP
 Inter-access Mobility

Policy Enforcement
LMA
PMIP 4G Core

MAG
 Roaming

LMA

Subscriber
Policy Enforcement
S2a

 Wholesale

L3
Subscriber
AP

GTP
Aggregation
 Subscriber-aware

L2
GTP

GTP
Switch AZR
3G Core
Gn’
 Local Breakout

IPSec

L3
 Flexible Access AP

Models
AP/CPE
 Flexible Tunnel (L2TP/PMIPv6/IPsec)
Enhanced Internet
Authentication WiFi Access
LAC/MAG/IPsec Initiator LNS/LMA/IPsec Concentrator Gateway


Core SP WiFi functional components
Key Considerations in SP WiFi Network Design

Authentication Address Session Transport Redundancy
Authorization Allocation Management Backhaul Load balancing
AAA / RADIUS Before / After ISG Keep alive CAPWAP HSRP/ GLBP
DIAMETER At LMA Idle Timeout Fragmentation 1:1 Redundancy
HLR / HSS External DHCP Quota enforcement PMIPv6 (MAG/ LMA) N:1 Redundancy
Integration / Roaming IPv4 / IPv6 Policy enforcement L2TP (AZR) / GTP ACE based
Authentication point Pool depletion Session differentiation Autonomous AP Single SSID
EAP / Web Auth Location based Session Initiation MPC integration Multiple SSID

Accounting Web Portals Mobility Network Subscriber
Billing & Policy When to redirect
WiFi only mobility
Management Management
Start and Stop L4 / HTTP 302 Security
Records (CDR) Hierarchical mobility Zero touch rollout Provisioning
Who redirects Pre-paid / Quotas
Who sends them WiFi / Macro Legal Intercept
Redirection Portals WiFi only users
Integration with Max mobility coverage Parental Control
Web Authentication Transparent logon
Existing billing Roaming agreements Analytics / planning
Self service Portals Service profiles
Gx / Gy / Gz Mobility events Asset tracking
Whitelisting Self service portals
Policy definitions Anchors / tracking Rogue AP’s
Location based


Address Allocation & Management
Considerations

 When to assign?
‒ Before authentication for Web-auth users
‒ Post authentication for EAP / 802.1x
 Where in the network?
‒ In the access network (eg. EWAG) or in the core (eg. ISG / IPSG Subscriber Service Managers)
 What to assign?
‒ Location based address assignment with option 82
 Subnet size?
‒ Oversubscription ratio
‒ Lease time
‒ Broadcast domain size
 Overlapping IP address from different administrative domains


The Challenge Independent
Administrative Retailer
AP
Domains Providers
DHCP
WLC
WLC Address
AP DHCP
Pool
Address
Roaming Pool
Partner #1
Core

AP

UEs may Aggregation
DHCP

be Switch
Address
L3 Roaming
allocated Partner #2 Pool
same IP Core

address EWAG
AP
DHCP
Optional
NAT
Home
Address
Network Pool
Provider
Wholesale Provider

Challenge: How to Manage UE address Overlap and Routing in Roaming Scenarios

Separating Roaming Partner Traffic - Single SSID or Multiple SSID?
Subscriber Transport Models in Access Network DHCP Access Network Policy
AP DHCP AAA Portal
MNO Home Network
AP
Policy
AP HLR OCS PCRF CGF
WLC
WLC

AP
Single
SSID Single VLAN or QinQ Roaming
Partner #1
Core
AP

AP EWAG
L2
Switch AZR
Multiple
AZR
SSID Roaming
L3 Partner #2
Single VLAN or QinQ
Core
Single VLAN or QinQ
AP

Single VLAN or QinQ
AP
Optional
AP/CPE NAT
Tunnel (L2TP/PMIPv6/IPsec)

Home
Subs from Network
different Provider
MNOs

EWAG= Enhanced Wireless Access Gateway

Address Allocation and Management
Key Issues in Roaming Scenarios

 Roaming Partners are independent administrative domains
‒ Address pool allocation and overlap will be difficult to coordinate
 Access network design should handle UE address overlap

Options:
 VRF separation on interfaces to roaming partners
 Access network allocates UE IP address with NAT to Home MNO address
‒ Clean solution, but leads to address pool fragmentation in PMIPv6 architectures
 Augmented L2 switching at WiFi gateway
‒ Use combination of MAC address and GRE-Key or GTP TEID for switching and ARP
resolution

IP Host Configuration for WiFi Access
UE/Host Configuration Models

 UEs Require IP Host Configuration; Link model is different for WiFi and
UMTS/LTE
 UMTS model allocated a /32 host address directly to the UE and software stack
is built to suit this model
 WiFi model is standard IP subnet model: Host Address & Mask plus DNS
server address
 LTE with PMIPv6 supports the IP subnet model (PBU along with PCO option)
 WiFi core network supports the IP subnet model (DHCP/ARP control)
 UMTS core integration has challenges:
‒ Obtaining subnet mask and default gateway address
‒ Obtaining DNS and DHCP server addresses

IP Host Configuration for WiFi Access
Solutions to Consider

1. New Information Element (IE) defined to provide the host configuration
‒ Currently applicable only to GTPv2
‒ TSG Core Network Working Group 4 working on this
‒ Standardization for GTPv1 and then implementation will take time
2. Per-APN static configuration
‒ Pragmatic short-term option, but lacks flexibility
3. Dynamic Subnet Extraction
‒ EWAG could create a subnet from the allocated IP address (eg. bit 32 flip)
‒ Use GTP Protocol Configuration Options IE for DNS address; Locally configured DHCP
server address
4. Proprietary IEs

Subscriber Session Management
Initiation and Termination

 Session creation (First Sign of Life - FSOL)
‒ DHCP initiated (L2 connected)
‒ Unclassified MAC (L2 Connected)
‒ Unclassified IP (L3 routed)
‒ Radius proxy (L3 routed)
‒ RADIUS accounting start (L3 Routed)
 Session termination options
‒ Idle timeouts? Keep alives?
‒ DHCP lease expiry
‒ Authentication timeout


Session Management
Service considerations

 Service Differentiation  Dynamic service updates
‒ Gold / Silver / Bronze / policy ‒ Policy push
enforcement  Service Control and Policy
‒ Parental control / DPI
‒ DPI
 Quota enforcement  Targeted Push Advertising
‒ Usage based / Time based
‒ Intelligent, Location-aware
 Location based services  Branding
 Free services
‒ Open garden
‒ Whitelisting


Cisco Tools for Session Management
ASR5000 IP Services Gateway (IPSG)

 Two options for session management  What is IPSG?
on ASR5000:  Standalone or integrated tool for inline
 Manage WiFi session as mobile session management:
session from another RAT Type ‒ DPI, Peer-to-peer control
‒ Gateway does bearer and session ‒ Firewall, NAT
management
‒ PCEF functionality for Policy (Gx) and
‒ Leverage charging, billing and inline Charging (Gy)
services capabilities
 Radius based session creation
 Manage WiFi session using IPSG
‒ No Diameter/GTP initiators
‒ Gateway does bearer and session
management  Sits at edge of packet core between
Gi/SGi reference point and Internet
‒ IPSG does subscriber and session inline
services ‒ Northbound of GGSN or PGW


Cisco Tools for Session Management
Intelligent Services Gateway on ASR1000
Subscriber Policy Layer

Web Cisco Intelligent Services Gateway (ISG) Cisco IOS feature that
AAA Server Policy Server DHCP Server …
Portal provides Session Management and Policy Management services
to a variety of access networks
Addresses IP and PPP protocol sessions over Ethernet used in
Open SP WiFi while maintaining all subscriber management functions
Northbound
Interfaces Is the subscriber management solution for many Cisco hotpsot
and SP-WiFi deployments today

Subscriber Identity Policy Management
Is an integral component of EWAG – Enhanced Wireless Gateway
Management ISG and Enforcement on ASR1000
Deployed at the Internet Edge (Standalone) or in Aggregation
(EWAG)

So focal, that the entire device is often referred as an:
ISG Intelligent Services Gateway router or simply “The ISG”


Subscriber Dynamic Sessions ISG Session

IP-Type Sessions are Most Prevalent in SP WiFi

IP Session: Layer2 Connected
• All traffic associated with the
Access Point Distribution
session is IP traffic
Eth
• Clients are L2 connected
Ethernet • Service Manager is L3 Edge and
default router
• Access may run PMIPv6 for
mobility
IP Session: Routed Connection
• All traffic associated with the
Access Point
session is IP traffic
IP • Clients are L3 connected (UE IP
Any access / distribution technology
must be routable in Access
domain!)
• Session Manager may be more
than one hop away from Client


Dynamic Session Initiation ISG Session

ISG sessions are initiated at the First Sign of Life (FSOL)

IP Sessions - FSOL
FSOL depends on the Session Type. There are options .....
Unclassified MAC or IP  IP packet with unknown MAC or IP source address
Data Traffic Use MAC for L2-connected IP sessions
Use IP for routed IP sessions

DHCP
 DHCP Discover message
DHCP discover ISG must be DHCP Relay or Server

RADIUS
RADIUS  RADIUS Access/Accounting Start
Access Request OR
Accounting Start ISG must be a Radius Proxy for Account Start/Stop
Typically used in PWLAN and WiMAX environments
Wireless Client AP


Authentication Options
Two main authentication models

 EAP/802.1x – WLC or AP Authenticator / ISG - Authorization
‒ AAA is the authentication server
‒ Seamless authentication but requires client config. (certificates, username/pwd, etc)
‒ EAP-SIM/AKA helps if proper supplicant SW available on terminal device

 Weblogin – Portal-based Authentication and Authorization
‒ Open SSID
‒ Requires no client configuration, completely Web-based
‒ Subsequent Logins are transparent/automatic using device MAC address
‒ Vulnerable to MAC Spoofing


ISG Services for Session Management ISG services

 Service: A collection of features that are applicable on a subscriber session Service = {feat.1,
feat.2,...,feat.n}

Portbundle (PBHK)
Session
Keepalives: ICMP and ARP based
Administration Timeouts: Idle, Absolute

QoS: Policing, MQC
Features
Traffic Conditioning
Security: Per User ACLs
Subscriber Address Assignment Control
Traffic Forwarding Redirection: Initial, Permanent, Periodic
Control VRF assignment: Initial, Transfer Associated to Primary Services
GTP or PMIP tunnel assignment1.
PostPaid
Prepaid: Time/Volume based
Traffic Accounting Tariff Switching
Interim
Broadcast

 Primary Service: Contains one “traffic forwarding” feature and optionally other features; only one
primary service can be active on a session
1. New feature with EWAG – Q4-2012

Defining Services ISG services

Location Download
1
 Premium HSI service should be
AAA Server activated
on the session
2 RADIUS Access-request
 Services defined in Service Profiles Username: Premium_HSI
 No definition yet available Password: <service pwd>
 Standard and Vendor Specific RADIUS attributes used
 On demand download on a
need basis  Service Activated on session 3 RADIUS Access-accept
 Service Stored in local cache while in use by at least Features associated w/ service
1 sessions

4

• Definition of all existing Services typically pre-
Policy Manager downloaded on Box

(supporting the SGI Interface)
1 SGI Request
 Services defined in XML Premium, Standard, Basic HSI service
definitions
3
 Pre-download of all existing services  Services permanently stored in local
database
2 SGI Response

ISG
 Services pre-configured using CLI
 Services permanently stored in local
 Services defined on Service Policies: policy-map type database
service <name>


How Services Are Activated on a Session? ISG services

During Subscriber Via an External Policy Via the On-Box Policy Manager
Authentication/ Authorization Manager/Web Portal

from
external PM
Administrator
Subscriber Policy Layer Subscriber Policy Layer

DHCP Web Portal / AAA DHCP Web Portal / AAA

events

Control Policy
actions

plane plane
Server Policy Server Server Server Policy Server Server

from
RADIUS data
RADIUS CoA or plane
Acc-req SGI
RADIUS
Acc-accept Request

plane
Data
Subscriber Subscriber

 Subscriber is successfully authenticated  Service Activation request sent by External  Policy Plane determines what actions to take on
Policy Managers via a RADIUS CoA or a SGI session based on events
 RADIUS Response includes Services and Request message
Features to activate on Session (from  actions *include* applying a service
UserProfile)
 Control Plane ensures actions are taken – i.e.
provisions the data plane
 Data Plane enforces traffic conditioning policies to the
session


Location based services
Simple VLAN based

Library
VLAN 10 Web Portal
VLAN 20 (Library)

WLC ISG
SSID:XYZ

VLAN 30 Web Portal
VLAN 40 (Stadium)

Same SSID from different Separate policies on VLAN’s
AP groups mapped to Redirect traffic to different
Stadium separate VLAN groups Portals.

AP-Groups VLAN-Groups Portals
(500 max) (512 max)


Mobility Management
Essentials for Mobility

 Common anchor point for all access technologies
 A common subscriber identifier across all access technologies
‒ Eg. MAC address, MSISDN…. key for inter-access mobility
 Address allocated from a common DHCP pool
 A common authentication scheme
 Common session identifier
‒ For common billing and subscriber service across WiFi/3G/4G
 Ability to track subscriber


Mobility Management
PMIPv6 - Hierarchical mobility
Subscriber authentication
Tracking

1 Common IP pool
Common Anchor
WLC Same Subscriber ID
2 MAG
Local
Same Session ID
WiFi Mobility

Mobility
3

PGW / LMA
4 WLC
Internet
Domain IPv6
Mobility
5

6 WLC
Local MAG
Mobility
7
Location
Mobility
8 WLC

802.11(x) CAPWAP L2 PMIPv6


Mobility Management
Domain Mobility with PMIPv6
PMIP Signalling:
Proxy Binding Update (PBU) LMA-Local Mobility
 Host-based Mobility: Mobile IP - MIPv4, Proxy Binding Acknowledge (PBA) Anchor
MIPv6
‒ Requires client implementation of Mobile
IP stacks; client signalling needed
‒ Drawback: requires client support
(ubiquity?)
MAG-Mobility
 Network-based Mobility: Proxy Mobile IP – Access Signalling: Access Gateway
PMIPv6 (RFC-5213) DHCP, IPv6
Router Solicitation
‒ Only network entities participate in
mobility related signaling on behalf of
clients
‒ Advantage: transparent to UE; no client
required


Mobility Management
Domain Mobility with PMIPv6 cont’d

 PMIPv6 Entities:
‒ Local Mobility Anchor (LMA):
topological anchor point for UE;
assigns and manages UE address and access network location
Switches UE downstream/upstream data to appropriate MAG via PMIP tunnelling (GRE-based
encapsulation)
‒ Mobility Access Gateway (MAG):
manages mobility signalling for the UE;
tracks UE location subnet-to-subnet;
Switches downstream/upstream UE data between correct access subnet and PMIP tunnel to LMA
notifies LMA of location changes for MAG handoff


Local Mobility Management
Intra Controller roaming

 Intra-Controller roam happens
when an AP moves
association between APs
joined to the same controller
 Client must be re-
authenticated and new
security session established
 Controller updates client
database entry with new AP
and appropriate security
context
 No IP address refresh needed


Inter Controller Layer 2 roaming
 L2 Inter-Controller roam
happens when an AP
moves association
between APs joined to the
different controllers but
client traffic bridged onto
the same subnet
 Client must be re-
authenticated and new
security session
established
 Client database entry
moved to new controller
 No IP address refresh
needed


Inter Controller Layer 3 symmetric roaming
 Foreign controllers will
send Layer 3 roaming
client’s packet back to its
anchor controller through
EtherIP tunneling
 Source IP address of the
packet will be the foreign
controller’s management IP
address
 Upstream routers that have
Reverse Path Forwarding
(RPF) will forward on
packets
 No IP address refresh
needed


Mobile Packet Core Integration

Integrating WiFi into Mobile Packet Core
Clientless and Client-based Options Summary
Converged,
WLAN AAA 3GPP Policy, Charging and
AAA Billing Systems

Devices Trusted Wi-Fi IP Core
Un Tunneled User Data (IP)
IPSG or
Clientless – IPSG ISG
or ISG (IP)

EWAG Clientless Per User PMIPv6 or GTP Tunnel
EWAG (PMIPv6)
EWAG
P-GW
Clientless Un Tunneled User Data (IP)
GGSN
eWAG (GTPv1)
EWAG
Clientless Per User PMIPv6 Tunnel
3GPP2 HSGW
Per User GTP Tunnel
Clientless Per User GTP Tunnel
3GPP SGSN
3G Cellular

Secure Client Per User IPSec Tunnel GTP (Gn)
based iWLAN TTG

Untrusted Wi-Fi Mobile Packet Core


Client-based iWLAN
TTG MNO Network Policy
“Tunnel Termination AAA HLR OCS PCRF CGF
Gateway”
Wx

IPSec/IKEv2 Gy Gx Ga

GTP
3G Core

Gn’
 Client based integration – iWLAN Internet

• Defined in 3GPP 23.234 4G Core

• WiFi infrastructure can be trusted or untrusted
• No dependencies on WiFi infrastructure other then IPSec needs to get through any firewalls
• TTG to terminate IPSec tunnel required in MPC
• Existing MPC infrastructure reused – PCRF, OCS, Billing, LI
• TTG only interfaces to AAA and GGSN – no other MPC integration is needed
• Seamless mobility via Home Agent based on Client Mobile IP or PMIP from GGSN
• Device IPSec client needed


Clientless EWAG MNO Network Policy
EWAG AAA HLR OCS PCRF CGF
“Enhanced Wireless
Wx
Access Gateway”
Gy Gx Ga

3G: GTP over Gn’
4G: PMIPv6 over s2a

3G Core

 Enhanced Wireless Access Gateway – EWAG Internet
4G Core
‒ Clientless Wifi Integration into the mobile packet core
P-GW or GGSN
‒ A mediation device between WiFi access and 3GPP Core
‒ Clean partition of RAT types
‒ Interworking between IP-based Access Network and Mobile Core control planes
‒ Authentication via Mobile AAA infrastructure
‒ PMIPv6 and GTP capability
‒ Existing MPC infrastructure reused – PCRF, Billing, Lawful Intercept…

Enhanced WiFi Access Gateway
Common Subscriber Management and Routing Functions
 Subscriber and Service Aware Aggregation Function
‒ Key to support for Local Breakout, Wholesale access
‒ Per-subscriber APN selection and control
 Policy-controlled subscriber routing, mobility services (PMIP, GTP)
‒ Anchoring to the GGSN, PGW or local-breakout based on subscriber profile
‒ Subscriber service management for home network as well!
‒ Interprovider Roaming with policy control
 Policy interface options:
‒ Radius-based (WiFi evolution) and/or Gx-based (MNO evolution)
 Integrated Accounting for Wholesale and Retail Services
 IP Aggregation support:
‒ DHCP Server and Relay capability
‒ Support for routed and switched access networks
‒ Efficient solution for IP control-plane to Mobile network control plane interworking – i.e. link model mediation
‒ Address Pool overlap management in access network

Key EWAG Functions for 4G Integration
PMIPv6

 Packet Core Interface:
‒ PMIPv6 over S2a is standardized method of integrating trusted non-3GPP access
networks with a 3GPP Evolved Packet Core
‒ 3GPP 29.275 defines PMIPv6 based S2a interface
 Session Triggers: DHCP, IPv6 Router Solicitation, Radius Proxy and
Unclassified MAC for tunnel initiation
 Transport: IPv4 and IPv6 as per RFC-5844 and RFC-5213
 EAP Methods: Agnostic to generic EAP methods (EAP-SIM/AKA and MSISDN)
 PMIP Info Elements: Supports all necessary IEs for interface to the MPC
 Policy: Cisco UE Service VSA for provisioning of differentiated access per
subscriber
‒ Phase 1.5 includes 3 different service options “IPv4”, “IPv6” and “dual”

Key EWAG Functions for 3G Integration
GTP-based 3G Integration

 Packet Core Interface:
‒ GTP over Gn’ Interface as per TS 29.060
‒ GTP control support: PDP context creation, deactivation, PDP echo
 Session Triggers: DHCP, IPv6 Router Solicitation, Radius Proxy and
Unclassified MAC for tunnel initiation
 Transport: IPv4, IPv6
 EAP Methods: Agnostic to EAP method (EAP-SIM/AKA with MSISDN or
user@realm subscriber ID)
 GTP Info Elements: Supports all necessary IEs for interface to the MPC
‒ eg. Protocol Configuration Options, MSISDN, APN


SP WiFi Roaming Architecture
Enabling Roaming and Wholesale Service with EWAG MNO Home Network
Policy
HLR OCS PCRF CGF

AP
Portal DHCP AAA

WLC
WLC
AP Roaming Internet Services
Partner
Core
Access Network Policy
Hotspot PGW/LMA
AP
GTP
Aggregation Roaming Internet Services
Switch Gn’ Partner
L2
Core
AP
EWAG GGSN
Optional
Public/Large NAT Retailer
Venue Providers

AP/CPE Home Internet Services
Network
Core
Wholesale Provider
Community
WiFi

Policy and Charging

50

PCRF Integration Architecture – Mobile Packet Core
Interfaces and Functions

PB – Policy Builder
PS – Policy Server
CS – Charging Server
SM – Unified Subscriber Manager

ASR5000
Mobile Gateway

AAA Integration Architecture – WiFi Core Network
Interfaces and Functions

OSS/BSS Broadband Access
Subscriber Policy Infra
Inventory & Radius
Server Profiles & Portal
HSS Billing Provisioning CRM Polices

SOAP/XM Radius Portal API
L
BroadHop Service
Manager
PB – Policy Builder
PS – Policy Server
CS – Charging Server
SM – Unified Subscriber Manager

WiFi Internet
Access

EWAG Internet
(ASR1000 with ISG) Gateway


AAA and MPC Interworking
Interfaces and Functions ITP- IP Transfer Point
MAP Gateway for
MAP/Radius
interworking

Broadband Access MPC Authentication Roaming
OSS/BSS
Subscriber Policy Infra Interworking Partner
Inventory & Radius
Server Profiles & Portal CAR
HSS Billing Provisioning CRM Polices HLR
SS7
Network
ITP

SOAP/XM Radius Portal API
L

Local HLR

BroadHop Interface to Local
SME HLR if Applicable

Radius
Radius

WiFi Internet
Access

EWAG Internet
(ASR1000 with ISG) Gateway


Call flows for typical deployments

PMIPv6 with EAP-SIM Based Authentication
Call Flows (1/2) EWAG

Device AP+WLC DHCP/MAG P-GW PCRF Policy Manager AAA HLR Configure authorized IMSIs on the
Sub DB Subscriber database with WiFi
Open Association Subscriber Profile.
EAP Request/ID WiFi Subscriber Profile:
EAP ID Response/ID RADIUS Access Request (username= EAP ID, calling station ID = MAC, called-station-ID Realm, WiFi APN, Charging
MAP SEND AUTH Characteristics, IPv4/IPv6 service
= SSID)
INFO Req
EAP-SIM Method, Recover IMSI from Pseudonym or Fast Re-Auth ID MAP SEND AUTH
INFO Res
IMSI Authenticated, but MSISDN
Recover Subscription unknown
Profile (IMSI)

MAP SRI for LCS
Req (IMSI) User Profile VSAs:
MAP SRI for LCS CISCO-SERVICE-SELECTION (APN),
Res (MSISDN) CISCO-MOBILE-NODE-IDENTIFIER
Store MSISDN
(IMSI@realm) ,
CISCO-MSISDN,
Cache MAC, IMSI,
MSISDN, subscriber 3GPP-CHARGING-CHARS,
profile CISCO-MN-SERVICE (IPv4)
EAP SUCCESS RADIUS Access Accept (EAP Success, PMIPv6 VLAN override)

VLAN

Source MAC Address: DHCP Discover
RADIUS Access Request (Calling Station ID = Source MAC address)

RADIUS Access Accept(User Profile)

PMIPv6 with EAP-SIM Based Authentication
Call Flow 2/2
EWAG

Device DHCP/MAG PCRF SPR/ AAA HLR
AP+WLC P-GW
Sub DB
IPv4 HoA = 0.0.0.0
MN-ID (imsi@realm), SSMO (APN),
MSISDN, CHARGING CHARACTERISTICS ,
ATT = WiFi

PBU Gx:CCR-I: IMSI, MSISDN,
Gx:CCR-I APN, RAT Type
Subscriber ID Type = E.164,
Gx:CCA-I RAT=WiFi
DHCP Offer (a.b.c.d) PBA

DHCP Req/Ack SP: Recover Subscriber Profile
(Primary DNS recovered from PBA)
Open PGW-CDR
With container for WiFi
Policy Profile to Apply
Service, subscriber ID =
MSISDN

RF: Diameter ACR PBA: IPv4 Home Address (HoA)
RF: Diameter ACA PCO: Primary DNS

PMIPv6


Case Study

 This case study was presented at the event only
 Please contact your Cisco SE for details if needed


Summary
 SP WiFi access is a business reality today for MNOs and Hotspot providers alike
 Mobile Packet Core integration is a multifaceted problem
‒ attention needed to multiple factors
 WiFi access and aggregation uses IP control plane mechanisms.
‒ WiFi Access Gateways need proper interworking support
 Wholesale access and roaming is a key consideration
‒ WiFi Access Gateway need to support multiple roaming partners; 3G, 4G core interfaces
 Rich service management needed for subscriber differentiation and monetization
 There is no single solution for all access types, but all types of access should be supported
at the service layer
 The results of a good deployment will deliver outstanding user experience!


ISG Subscriber Session TC = Traffic Class
Traffic Forwarding Capabilities (similar to Traffic Flow Template)

Subscriber Session

permit

ACL
Feature
3 TC1Service TC1
Session Feature
deny
Service TC1 1
Feature
Feature Feature 2
1 Feature 3 permit Traffic

ACL
2 TC2 Forwarding
Data
Feature Feature
Feature deny Service
TC2Service
Feature
TC2 1 Allow traffic
Default-
Feature Class
drop traffic
2

Session-Features Traffic Classification Flow-Features Forwarding Service
Apply to the (using traffic classes: Apply to the Forwarding
entire session class-map type classified flow (at L2, e.g. GTP)
e.g. per-user ACL, traffic) (a portion of or Routing
TC1Service: priority 10 Policing, MQC, entire session (at L3, e.g. PMIP, VRF)
TC2Service: priority 20 Accounting traffic) Mutually exclusive


For Your

Building the Identity and Assigning Service Reference

An Example

Subscriber DHCP Exchange Starts DHCP Exchange Completes(*) Subscriber Authentication(*) Dynamic Service Update

T0 T1 T2 TN

Brian Brian
Subscriber Session Subscriber Session Subscriber Session Subscriber Session
ISG

MAC Addr: 00:DE:34:F1:C0:28 MAC Addr: 00:DE:34:F1:C0:28 MAC Addr: 00:DE:34:F1:C0:28 MAC Addr: 00:DE:34:F1:C0:28
Identities IP Addr: ? IP Addr: 10.1.1.211 IP Addr: 10.1.1.211 IP Addr: 10.1.1.211
Username: ? Username: ? Username: Brian Username: Brian
Services Service: DEFAULT_SRV Service: DEFAULT_SRV Service: PPU_SRV Service: PREMIUM_FR_SRV

DEFAULT_SRV PREMIUM_FR_SRV
Only permits management traffic PPU_SRV Flat Rate Premium Data Service:
through the session Pay Per Use Service: - Permits all traffic
- Permits all traffic - 1M/8Mbps US/DS
- 512K/1Mbps US./DS
- Accounting enabled on session

(*) Order of operations not representative of a real call flow


MAG-to-MAG Mobility BRI = Binding Revocation
Call Flow BCE = Binding cache Entry

NEW OLD SPR/
Device NEW AP OLD AP PCRF CAR
AZR/MAG AZR/MAG P-GW
Sub DB
Open Association
IPv4 HoA:
a.b.c.d EAP Request/ID

Standard EAP-SIM flows and PMIPv6 Tunnel Establishment

PMIPv6
Open Association
EAP Request/ID

Standard EAP-SIM flows

EAP SUCCESS RADIUS Access Accept (EAP Success)
(Source MAC address) RADIUS Access Request (Calling Station ID = Source MAC address)

RADIUS Access Accept(User Profile)

PBU: IPv4 HoA: a.b.c.d Gx:CCR-U
Gx:CCA-U

PBA: IPv4 HoA a.b.c.d Update BCE
ARP Response

PMIPv6
BRI: trigger = Inter MAG H/O
BRA

EAP Authentication – ISG on ASR1000
Authorization at the ISG

Device AP WLC AAA DHCP ISG Internet

802.1x (1)
802.1x (1) User record cached
RADIUS (2)
EAP Negotiation (3)
User Authorized
EAP Authentication / Authorization (4) Service profile downloaded
DHCP Discover (5)
DHCP Discover (6)
DHCP Offer (7)
DHCP Request / ACK (8)
Acct Start (9)

User session created
IP Traffic (10) Service Applied
Policies enforced
RADIUS (11)

RADIUS (12)

IP Traffic (13)
IP Traffic (14)

802.11(x) CAPWAP RADIUS DHCP IP


EAP authentication with PMIPv6
Authorization at the MAG EWAG

Device AP WLC AAA DHCP/MAG LMA Internet
Note: example uses Integrated DHCP
Server. External Server also possible.

802.1x (1) 802.1x (1) RADIUS (2) User record cached
EAP Negotiation (3)
EAP Authentication / Authorization (4)
PMIPv6 trigger
STOP
DHCP Discover (5)
DHCP Relay (6) User Authorized
LMA / NAI downloaded
RADIUS Access Request (7)

RADIUS Access Accept (8) Binding created on LMA
PBU (9)

PBA(10)

DHCP Offer (11)
(IP Address, Mask, GW, DNS) DNS option added to offer

IP Traffic (13)

802.11(x) CAPWAP RADIUS PMIPv6 IP


3G/GTP Session Call Flow
EAP SIM Authentication and Radius Control Configure authorized IMSIs on the
AAA Server and there MSISDN
mapping
ITP

Device AP+WLC L3 Router GGSN AAA ITP HLR
EWAG
Open Association Username=EAP ID, Calling Stn
ID = MAC, Called Stn ID = SSID
EAP Request/ID
EAP ID Response/ID RADIUS Access Request
RADIUS Access
MAP SEND AUTH VSA = MAP: getauthinfo
Request
INFO Req
EAP-SIM Method MAP SEND
RADIUS Access
AUTH INFO
Accept
Res

VSA = MAP: authtriplet
EAP SUCCESS RADIUS Access Accept (EAP Success)

Cache mapping between IMSI,
DHCP Discover (MAC address) MAC, address and SSID
RADIUS Access Request (MAC address)
RADIUS Access User Authorized at EWAG
Accept User Profile VSAs:
Create PDP Ctx Req mn-nai=IMSI@realm, APN, MSISDN

Create PDP Ctx Res
GGSN Allocated IP address
GTP
DHCP Offer (IPv4)
DHCP Req/Ack
Gi
Data packet (Src IP=IP) Data packet (Src IP=IP)


EAP authentication – IPSG on ASR5000
Authorization at IPSG, Accounting start as session initiator

reader
SIM Device AP WLC AAA DHCP Home AAA HLR IPSG / GGSN
Client starts
EAP
EAP-SIM/AKA authentication User MAC and IMSI
Cached after
User traffic successful EAP
encrypted using
EAP derived WEP
keys
AAA looks up user
DHCP Req/Resp IMSI / MSISDN
based on MAC
Radius Acct Start (Framed IP, mac)

Radius Acct Response

WLC forwards all Radius Acct Start (Framed IP, IMSI/MSISDN)
traffic to User session on
VLAN_EAP. All IPSG
VLAN_EAP traffic
VPN to mobile core Radius Acct Resp

User traffic


Web Authorization for SP WiFi Access
Why is it needed?

 Web portal based access continues to be demanded by MNOs and WiFi
Access providers
 Many mobile devices do not have SIM cards or SIM-based clients apps
‒ WiFi iPAD and iPod touch are two major examples
‒ Will every WiFi connected device get a SIM? When?
 BYOD will be a major use case for WiFi access going forward
 Exploit visiting “non-subscribers” – a good “churn” opportunity for you
‒ Need a portal login and splash page to offer your service
 However there are many integration challenges….


Web authentication – ISG on ASR1000
L4 redirection at the ISG

Device AP WLC AAA DHCP ISG Portal Internet
Open Association (1)
association Association (2)

DHCP Discover (3) Unauthenticated
DHCP Relay (4)
Session
DHCP Offer (5)
DNS Query (7)
User Profile
cached
DNS Query (8)
DNS Response (9)
HTTP Request (10)

HTTP Response (11)
User Login (12)
RADIUS CoA (13)
RADIUS Auth (14)
CoA Ack (15)
Authenticated
Session

Radius Acct Start (16)


Broadband Community WiFi – Initial Setup
Using Existing Broadband Connectivity to Deliver WiFi Access

Residential Gateway BNG LNS ISG
“Hotspot” DHCP Policy AAA Portal Internet
UE Server Server
Association to Hotspot
ISP PPP Session
SSID triggers
Wireless Setup
L2TP/PPP connection
Association

L2TP Tunnel Establishment LNS Assigns IP
Address to Residential
PPP Session Establishment GW “Hotspot”

RG Hotspot registers
DHCP: Discovery with the ISG. This
clears any previously
existing sessions for
Radius Accting Start this RG

DHCP Discovery Relayed to LNS

DHCP Discover Relayed to DHCP Server

DHCP DHCP DHCP
Offer/Req/Ac Offer/Req/Ac Offer/Req/Ac
k k k
WiFi Client
now has
an IP PPPoE
address
PPPoL2TP
802.11 MAC


Broadband Community WiFi cont’d – Web-Auth Flow
Using Existing Broadband Connectivity to Deliver WiFi Access

Residential Gateway BNG LNS ISG AAA Policy AAA Portal Internet
UE “hotspot” Accounting Server
ISG First Sign of Life.
Initial Services Applied
– eg. HTTP redirect
DHCP Accounting Start

Traffic redirect to Portal
DHCP Accounting Start
for Login
TCP/HTTP

Subscriber enters credentials
Successful Login.
Notify ISG via Radius
Account Logon CoA
CoA Request: Account Logon

RadiusAccess-Request
ISG queries AAA Server
for User service profile
Radius Access-Accept which is returned in
Radius Access-Accept
Message
PPPoE
PPPoL2TP User service and policy
profile applied to user
session. Internet
access established


Deploying Access for 3G and 4G Mobile Networks

More Related Content

What's hot (19)

Viewers also liked (18)

Similar to Deploying Access for 3G and 4G Mobile Networks (20)

More from Cisco Canada (20)

Recently uploaded (20)

Deploying Access for 3G and 4G Mobile Networks