a gateway to integrate heterogenous networks(1)
TRANSCRIPT
2
Outline
‧3G/WLAN Integrated Scenarios–3G/WLAN Interworking Architecture–Packet Data Gateway (PDG)
‧3G/WiMAX Integrated Scenarios–WiMAX Related Specifications–3G/WiMAX Interworking Architecture–WiMAX Access Gateway (WAG)
‧Conclusion
3
3G/WLAN Integrated ScenariosScenario 1 Scenario 2 Scenario 3 Scenario 4 Scenario 5 Scenario 6
Common billing x x x x x xCommon customer care x x x x x x3G based Access Control x x x x x3G based Access Charging x x x x xAccess to 3G PS Services x x x xService Continuity x x xSeamless Service Continuity x xAccess to 3G CS Services with seamless mobility
x
4
AAA Network Architecture (Scenario 2)
Cellular UE
PS services
HLRCGW
Cellular Network
SIM
WISP InternetWLAN/CellularDual Mode UE
3GPP AAA Server
AppleMusic Store
SIM
Wi-Fi/WiMAX Network
SGSN/GGSN
5
PDG Network Architecture (Scenario 3)
Packet basedservices
HLRCGW
Cellular Network
3GPP AAA Server
WISP InternetApple
Music Store
SIM
Wi-Fi or WiMAX/CellularDual Mode UE
Printer Fax
Wi-Fi/WiMAX Network
Packet Data Gateway
6
Non Roaming WLAN Interworking Reference Model
WLAN 3GPP IP Access
3GPP Home Network
WLAN Access Network
WLANUE
Ww
HSS HLR
OfflineChargingSystem
OCSWa
Wn
Wx
D' / Gr'
Wf
Wo
Wi
Intranet / Internet
Wm
WAG Wp PDG
Wg
Wu
Dw
SLF
3GPP AAAServer
Wy
Wz
7
WxD' / Gr'
Ww
Roaming WLAN InterworkingReference Model (1/2)
3GPP Home Network
WLAN AccessNetworkWLAN
UE
Packet DataGateway
HSS
HLR
OfflineChargingSystem
OCS
Wf
Wo
Intranet / Internet
3GPP Visited Network
3GPP AAAProxy
OfflineChargingSystem
WAGWn
WaWf
Wd
Wp
Wm
Wi
WLA
N 3
GP
P IP
Acc
ess
Wg
Wu
Dw3GPP AAA
ServerSLF
Wy
Wz
8
Ww
Roaming WLAN InterworkingReference Model (2/2)
3GPP Home Network
WLAN AccessNetworkWLAN
UE
3GPP AAAServerHSS
HLR
OfflineChargingSystem
OCS
D' / Gr'
Wf
Wo
Intranet / Internet
3GPP Visited Network3GPP AAA
Proxy
OfflineChargingSystem
Packet DataGatewayWAG
Wn Wp
Wa
Wi
Wf
Wd
Wx
Wg
WuWLAN 3GPP
IP Access
DwSLF
Wm
Wz
9
Protocol StackWu
Ww Wn Wp
PDGPDGWAGWAGWLAN ANWLAN ANWLAN UEWLAN UERemoteRemote
IPIP Remote IPRemote IP
TunnelingTunnelinglayerlayer
L2/L1L2/L1
L2/L1L2/L1TransportTransportIPIP
TunnelingTunnelinglayerlayer
TransportTransportIPIP
TransportTransportIPIP
TransportTransportIPIP
TransportTransportIPIP
TransportTransportIPIP
L2/L1L2/L1 L2/L1L2/L1 L2/L1L2/L1 L2/L1L2/L1 L2/L1L2/L1
•Tunneling layer- Support IPsec ESP for secure tunnel- Support IKEv2 for IPsec tunnel negotiation
Exchange tunnel security associationRemote address acquisition
10
PDG System Architecture3GPP Spec. suggested implementation: PDG = TTG + GGSNPDG should support IKEv2, IPSec, Diameter, Gi protocols
3G Networks
Wi-Fi/WiMAX
GTP-U Tunnel
GnGTP-C’
PDG
Wu
Wm
AAA Server
UE
GGSN
Gi/WiIKEv2
IPSec Tunnel
Authen
ticati
on
Authori
zation
DHCPServer
Packet Data Network
TTG
IP Addr.
AP/BS
11
PDG Procedures and Implementation
‧Authentication & Authorization‧IP Connectivity‧Implementation Model
12
Authentication & Authorization
‧Authentication Methods–SIM-based WLAN Access Authentication
‧EAP/SIM Authentication–USIM-based WLAN Access Authentication
‧EAP/AKA Authentication
‧Authorization–WLAN Access Authorization
‧WLAN user profile–Mobile Network PS Service
‧Access Home Network provided services‧Access Visited Network provided services
13
WLAN User Profile‧The WLAN User Profile shall reside in HSS (if operator is using
a legacy HLR, the WLAN user profile may reside in the AAA Server)‧WLAN User Profile
– IMSI– MSISDN– Operator determined barring of 3GPP-WLAN interworking subscription– Subscribed Charging Characteristics and Accounting Server Identifier– WLAN Direct IP access allowed– Roaming allowed– Maximum session duration (optional)– List of authorized W-APNs (optional)
14
WLAN Access Authentication and Authorization
WLAN ANWLAN ANWLAN UEWLAN UE AAA Server/ProxyAAA Server/Proxy HSS/HLRHSS/HLR
1. WLAN connection setup
2. EAP message exchange
3. Authentication inforetrieval from HLR/HSS
4. Subscriber profileretrieval from HLR/HSS
6. Access Accept6. Access Accept
7. EAP / Success7. EAP / Success
[ Keying material and[ Keying material andAuthorization information]Authorization information]
8. WLAN Registration to HLR/HSS
WAGWAG
5. Policy enforcement info delivery5. Policy enforcement info delivery
15
IP Connectivity‧WLAN Direct IP Access
–WLAN UE needs to use local IP address only‧WLAN 3GPP IP Access
–WLAN UE needs two IP address‧Local IP address and Remote IP address
–IP tunnel reside between the WLAN UE and PDG‧WLAN UE initiates the establishment of tunnels‧Tunnel establishment between WLAN UE and PDG includes
mutual authentication–WLAN UE shall use W-APN to indicate to the
network the services it wants to access
16
Why Tunnel in Scenario 3 ?‧Cellular network is private network ‧Address space of WLAN AN is different from
address space of Cellular network–Remote IP address identifies the WLAN UE in the
network that the WLAN UE is accessing for the 3G PS service
–WLAN UE IP allocation‧Local IP address can be assigned by WLAN AN or by
PLMN–Assigned by WLAN AN need tunnel–Assigned by PLMN maybe don't need tunnel
‧Secure data transmission
17
W-APN Resolution & Tunnel Establishment to PDG in HPLMN
AAA Proxy/ServerWLAN UE AAA ServerWLAN AN WAG Visited PDG Home PDG
1. WLAN Access Authentication & Authorization and WLAN UE local IP address allocation
2.1 DNS Query
2.2 End-to-end tunnel establishment( (User ID and W-APN))
2.5 Tunnel packet flow filter exchange
2.3 Retrievingauthentication &
authorization data
2. W-APN resolution & tunnel establishment to PDG in Home PLMN External AAA Server
2.4 next authentication &
authorization
•WLAN UE constructs an FQDN using the W-APN Network Identifier and HPLMN ID as the Operator Identifier
18
W-APN Resolution & Tunnel Establishment to PDG in VPLMN
AAA Proxy/ServerWLAN UE AAA ServerWLAN AN WAG Visited PDG Home PDG
2.3 Retrievingauthentication &
authorization data
1. WLAN Access Authentication & Authorization and WLAN UE local IP address allocation
2.1 DNS Query
2.2 End-to-end tunnel establishment (User ID and W-APN)
2.5 Tunnel packet flow filter exchange
2. W-APN resolution & tunnel establishment to PDG in Visited PLMNExternal
AAA Server
2.4 next authentication & authorization
•WLAN UE constructs an FQDN using the W-APN Network Identifier and VPLMN ID as the Operator Identifier
19
WLAN UE Initiated Tunnel Disconnection Procedure
HLR/HSSWLAN UE AAA ServerWLAN AN PDGWAG
1. UE determine torelease the tunnel
2. Release tunnel req.
3. Release the tunnelresource and info
3. Release ack
3. Tunnel disconnectionReport
4. Release the tunnelresource and info
6a. service info/status update
6b. Filtering policy remove from WAG
5. Stop accounting (if needed)
External AAA Server
20
PDG Implementation Re-using GGSN Functionality (1/2)
DHCP
Application Servers
WLAN UE
3GPP PS Services
Gn Radius PDG
Application Servers
WLAN UE
GGSN Wu GiDHCP DHCP
Application Servers
WLAN UE
3GPP PS Services
Gn’ Radius Radius TTG
Application Servers
WLAN UE
GGSN subset Gi / Wi
between each end tunnel and a corresponding GTP tunnel.
One-to-one mapping between each end-to-end tunnel and a corresponding GTP tunnel.
PDG
21
PDG Implementation Re-using GGSN Functionality (2/2)
‧Normative Annex‧Re-using GGSN functions
–Charging Gateway Function– IP address allocation–Authentication in external networks–Single access to 3GPP PS domain services
‧Gn' shall comprise subset of Gn procedures–Create PDP Context Request/Response–Update PDP Context Request/Response–Delete PDP Context Request/Response–Error Indication–Version Not Supported–GTP Payload Forwarding
22
Tunnel Establishment Procedure
WLAN ANWLAN UE WAG TTG GGSN
2.DNS Query
4. Retrievingauthentication &authorization data
AAA Proxy/Server
5. Create PDP context request
1. WLAN Access Authentication and Authorization
6. Create PDP context response
3. End-to-end Tunnel establishment request
7. End-to-end Tunnel establishment ack
8. Apply packet filter policy to WAG
23
WLAN UE Initiated Tunnel Disconnection Procedure
WLAN ANWLAN UE WAG TTG GGSNAAA Proxy/Server
2. Delete PDP context request
3. Delete PDP context response
1. Release tunnel request
4. Release ack
6. packet filter policy remove from WAG
5. Tunnel disconnection report
24
Outline
‧3G/WLAN Integrated Scenarios–3G/WLAN Interworking Architecture–Packet Data Gateway (PDG)
‧3G/WiMAX Integrated Scenarios–WiMAX Related Specifications–3G/WiMAX Interworking Architecture–WiMAX Access Gateway (WAG)
‧Conclusion
25
IEEE Related Spec. • IEEE 802.16 Completed Projects
– Air interface• 802.16-2001, 802.16a-2003, 802.16c-2002, 802.16-2004, 802.16f-2005,
802.16-2004/Cor1-2005, 802.16e-2005– Conformance
• 802.16/Conformance01-2003, 802.16/Conformance02-2003, 802.16/Conformance03-2004
– Coexistence• 802.16.2-2001, 802.16.2-2004
• IEEE 802.16 Active TG and SG– TG C Conformance04– Network Management TG 802.16g (Management Plane Procedures
& Services), 802.16i (Mobile MIB)– License-Exempt TG 802.16h– Mobile Multihop Relay (MMR) SG 802.16j
26
WiMAX Forum Related Spec.• Marketing Working Group (MWG)• Service Provider Working Group (SPWG)• Regulatory Working Group (RWG) • Technical Working Group (TWG)• Network Working Group (NWG)
– WiMAX E2E Network System Architecture (stage 2: Architecture Tenets, Reference Model and Reference Points), 2006-3-1, Draft.
• Application Working Group (AWG)• Certification Working Group (CWG)
27
3G/WiMAX Integrated Architecture
Billing Server
Home Agent
Local AAASGSN
3GPPcard
WiMAX Base Stations
Home AAA
RNC
WiMAXcard
WiMAX ASN
WiMAX NetworkService Provider
3GPP CoreNetwork
3GPP AccessNetwork
FA
Internet
PDG
GGSN
WAG
Loosely CoupledInterworking
UE
28
WiMAX-3GPP Interworking (Non-Roaming Case)
29
WiMAX E2E Network Reference Model
NAP Network Access Provider NSP Network Service Provider ASN Access Service Network CSN Connectivity Service Network ASP Application Service Provider
30
ASN Reference Model
ASNGateway &Decision
EnforcementPoints
ASN
BS
R3
R4R6
R6R8
BS
R1
R1
31
Overall Network Reference Model
R1
MS
ASN GW
ASN
R8
CSN
R3R3
ASN GWASNR4
BS 1 BS 2 BS 3
R6 R6 R6
R2
CSNR5
32
Functions of Reference Points• R3 consists of the set of control plane protocols between the ASN and the
CSN to support AAA, policy enforcement and mobility management capabilities. It also encompasses the bearer plane methods (e.g., tunneling)to transfer user data between the ASN and the CSN.
• R4 consists of the set of Control and Bearer plane protocols originating/terminating in various functional entities of an ASN that coordinate MS mobility between ASNs and ASN-GWs. R4 is the only interoperable RP between similar or heterogeneous ASNs.
• R6 consists of the set of control and bearer plane protocols for communication between the BS and the ASN-GW. The bearer plane consists of intra-ASN datapath between the BS and ASN gateway. The control plane includes protocols for datapath establishment, modification, and release control in accordance with the MS mobility events. R6, in combination with R4, may serve as a conduit for exchange of MAC states information between BSs that can’t interoperate over R8.
33
Functional Design and Decomposition
• IP Addressing• AAA Framework• ASN Security Architecture• Accounting• Mobility Management• Radio Resource Management• Paging and Idle-Mode MS Operation
34
IP Addressing (example in IPv4)‧ PoA (Point-of-Attachment) IP address could be static or dynamic,
could be assigned by visited CSP or home CSP.‧ The DHCP Server address is retrieved from the AAA access
authentication or configured locally at the ASN.
35
36
AAA Framework
MS NAS(ASN)
AAAProxy(s)
AAAServer
(Home CSN)
Supplicant Authenticator AuthenticationServer
Auth. Relay Protocol AAA Protocol
EAP
Auth. Relay UDP/IP
BS ( ASN )
Authetication Relay
PKMv2
802.16
EAP methods such as EAP-TLS, Protected EAP (PEAP) , Tunneled TLS (TTLS), EAP AKA etc.
R6 R3
37
Authentication and Authorization Procedures – PKMv2 Procedures
38
ASN Security Architecture
‧ AK Txfer could be triggered by:– MOB_HO_IND– RNG_REQ– MOB_MSHO_REQ–…
‧ It is expected that AK TxferProtocol primitives be implemented in TLV forms and be exchanged as part of intra-ASN and inter-ASN mobility management protocols
Authenticator
Key Distributor
AuthenticationRelay
Key Receiver
BS
BS
BS
BS
Authentication +Key Distributor
Authentication Domain = ASN n
Authentication Domain = ASN 1
Mobility Domain = NAP
Authentication Relay ProtocolAK Transfer Protocol
39
Accounting
‧Based on RADIUS Protocol‧Offline accounting(post-paid)
–Create one UDR (Usage Data Records) per R6 connection ID
‧Online accounting(pre-paid)–On-line quota update opeartion
‧Hot-Lining–To efficiently address issues with users that would
otherwise be unauthorized to access packet data services
40
Mobility Management
‧ Intra-ASN Mobility (w/o CoA Update)– Synonym
‧R6 Mobility‧ASN Anchored Mobility
– Functional Decomposition‧Data Path (DP) Function‧Handoff (HO) Function‧Context Function
‧ Inter-ASN Mobility (w/ CoA update)– Synonym
‧R3 Mobility‧CSN Anchored Mobility
– Based on Mobile IP (RFC3344 and related RFCs)‧Proxy-MIP (PMIP) ‧Client-MIP (CMIP)
41
Overall Reference for ASN Mobility Functions
42
Data Path Function‧ Type1: typically a generic IP-in-IP tunnel, e.g. GRE, Ethernet, MPLS
– Payload is an IP datagram or an Ethernet packet‧ Type2: typically a generic IP-in-IP tunnel, e.g. GRE, Ethernet, MPLS
– Payload is a 802.16e SDU or part of it appended with additional info. (CID of Target BS, ARQ para. …)
43
Data Path Function Network Transaction
44
Context Function
‧To populate the context, security context corresponding to a MS at a target BS
‧To inform the network regarding the idle/sleep mode behaviors of the MS
‧To inform the network of initial network entry of a specific MS
45
HO Function Network Transaction
46
Mobility w/ CoA Update (Mobile IP)
47
Radio Resource Management
case bcase a
‧ RRA (Agent) : resides in BS, responsible for assisting local RRM as well as communication to the RRC
‧ RRC (Controller) : may resides in BS (case b), in ASN-GW (case a), or in a standalone server in ASN. An RRC is responsible for collection of radio resource indicators from associated RRA and communication between/across RRCs.
‧ RRM procedures:– Spare capacity report (per BS)– PHY measurement report (per-MS)– Neighbor BS radio resource status update
48
Paging and Idle-Mode MS Opearation
‧ Paging Controller (PC)– Administers the
activity of idle mode MS, contains the location info. of MS.
‧ Paging Agent (PA):– Resides in BS, handles
interaction between PC (R6) and R1 paging related function
‧ Paging Group (PG):– comprising one or
more PAs.‧ Location Register (LR):
– A distributed DB, which contain information about Idle mode MS.
R6
49
Generic Depiction of Functional Entities after MS Enters Idle Mode
50
Conclusion
‧The 3G/WLAN interworking scenarios 1, 2, and 3 could be applied to integrate 3GPP networks and other access networks.
51
Reference
‧3GPP TR 22.934, Feasibility Study on 3GPP System to WLAN Interworking.
‧3GPP TS 23.234 v6.4.0, 3GPP System to WLAN Interworking.
‧3GPP TS 33.234 v6.3.0, 3G WLAN InterworkingSecurity.
‧WiMAX Forum, WiMAX End-to-End Network System Architecture (Stage 2: Architecture Tenets, Reference Model and Reference Points).