wi-fi offload how v2!03!13

8/12/2019 Wi-Fi Offload HOW v2!03!13

1/25

ABSTRACTSeamless Wi-Fi ofoad is a new paradigm in unied mobile and wireless data services. This paper

examines how mobile network operators can build on EAP-SIM and convergent Wi-Fi / 3G / LTE

service management solutions to deliver high-quality carrier-class Wi-Fi to smartphones, tablets

and non-SIM devices. Solutions will empower operators to address a broad base of users with

new business models reecting a range of new and attractive data service.

HOWWI-FI OFFLOAD

SEAMLESS WI-FI OFFLOAD:FROM VISION TO REALITY

APTILO NETWORKS WHITE PAPERBy Claus Hetting, Senior Consultant & Analyst

Copyright Aptilo Networks v2 03-13

Interested in WHY? Read our other white paper Seamless Wi-Fi Ofoad: A business opportunity today


2/25


3/25

3

SEAMLESS WI-FI OFFLOAD: FROM VISION TO REALITY

SEAMLESS WI-FI:A NEW PARADIGM IN UNIFIED COMMUNICATIONSThere is no question that Wi-Fi ofoad is one of the mobile industrys most hotly debated business

opportunities right now. Many of the worlds largest mobile operators already recognize Wi-Fi

as a business-critical technology and some are in the early phases of deploying seamless Wi-Fi

ofoad. A few progressive new operators entering the mobile arena today even consider Wi-Fi

their primary technology and use mobile services as a secondary network layer only.

The drivers for Wi-Fi ofoad are well known: Wi-Fi-capable devices are everywhere and more

than a billion are equipped with SIM cards. For many users of tablets, smartphones, and laptops,

Wi-Fi has become the preferred means of connectivity. Razor-sharp competition is forcing many

mobile carriers to cut spending while looking for new ways to stand out in the market. Seamless

Wi-Fi services for SIM-enabled users may well be the differentiator that the mobile industry hasbeen looking for.

So how can mobile operators turn the vision of seamless Wi-Fi into reality? Aptilo has for more

than 10 years been instrumental in transforming the potential of Wi-Fi technology into successful

commercial data services serving millions of satised Wi-Fi users worldwide through close to 100

service provider customers.

The next step is using seamless Wi-Fi ofoad to satisfy the millions of smartphone and tablet users

demanding still more data. Many view the unication of the widely successful world of mobile

broadband with the equally successful world of Wi-Fi as a paradigm shift for both.

This White Paper examines how to build the right solutions and services to achieve the goal of

making carrier-class Wi-Fi seamlessly accessible to SIM-enabled users while efciently supporting

a growing base of non-SIM devices. Contrary to common belief seamless Wi-Fi ofoad is alreadyavailable today. The evolution of seamless Wi-Fi will within a few years empower mobile operators

to manage and control Wi-Fi networks as fully integrated extensions of their mobile 3G/ LTE

infrastructure and services.

WHAT IS SEAMLESS WI-FI AUTHENTICATION?Seamless Wi-Fi authentication allows SIM-enabled smartphones and tablets to access Wi-Fi

networks without any user interaction. An iPhone will for example automatically connect to a

Wi-Fi network once inside the carriers Wi-Fi coverage area and following authentication based

on information stored on his or her SIM. This does not otherwise restrict the use of any 3G or LTE

network because Wi-Fi and mobile transceivers operate independently on devices 1.

A number of carriers and vendors today offer seamless Wi-Fi services for SIM-enabled devices

using a device client in the form of a downloaded or preloaded application. An important aspect

of nearly all the seamless Wi-Fi solutions examined in this paper is that they do not require third-

party clients in devices2.

Solutions that require the user to take an active role in provisioning his or her cellular device for

a service have historically gained only a few subscribers despite the promise of convenience and

lower costs.

1 In the current version of iOS the smartphone or tablet will automatically prefer Wi-Fi to mobile broadband car-riers. Over the next couple of years seamless Wi-Fi solutions will evolve to allow the device and the network tointeractively control the preferred carrier depending on number of parameters. The evolution of seamless Wi-Fiis discussed later in this paper.

2 Clients may be a requirement e.g. for CDMA operators. Clients can be pre-provisioned in the factory for specicMNOs or provisioned over-the-air although this will introduce an additional administrative process for MNOs.

1


4/25

4


Even offers of Free Wi-Fi or Free VoIP suffer from this difculty. From experience it seems thatrelying on user self-provisioning reduces the addressable market to no more than a few percent.

Seamless Wi-Fi ofoad with EAP-SIM authentication carries with it the potential for global mass-

market adoption because smartphone users need to do precisely nothing to enable the service.

This is one of the reasons why many industry experts expect EAP-SIM to be a game-changing

enabler of new Wi-Fi business opportunities for service providers in the Wi-Fi space.

FROM SIM-BASED AUTHENTICATION TO FULL SERVICE CONTINUITYEAP-SIM authentication for Wi-Fi ofoad is the rst step on a dened path towards full service

continuity across Wi-Fi and mobile networks. A great deal of standardization and industry

consensus work is being carried out within the 3GPP and Wi-Fi communities in order that both

industries receive the full commercial benet of offering unied Wi-Fi / 3GPP broadband data

services.

The unication of Wi-Fi and 3GPP-based networks and services can be broken down into three

phases. This evolutionary path will almost certainly be realized over the coming years as it is

supported by all major vendors, standardization bodies, and industry organizations. MNOs will be

able to choose from a variety of options over the coming years as technologies mature.

The evolution of seamless Wi-Fi for mobile carriers

Figure 1: The evolution of seamless carrier-class Wi-Fi authentication and interworking. Todayssolutions are all currently available from Aptilo as are a selection of the integration options of Phase2 including GTP trafc routing.


5/25

5


SEAMLESS WI-FI OFFLOAD TODAYThe 3GPP and Wi-Fi communities have been working together for years to agree on how mobile

and Wi-Fi should interwork. One of the most important items agreed upon is the acceptance of

EAP-SIM and EAP-AKA methods for authentication of SIM-enabled devices on Wi-Fi networks.

Seamless and automatic Wi-Fi authentication offers great convenience to the smartphone or

tablet user. It relies on a signaling exchange between the SIM-enabled device, the Wi-Fi network

(including the Wi-Fi service management platform), and the core network of the mobile operator.

EAP-SIM Wi-Fi authentication can be implemented between a Wi-Fi network and a mobile 3G /

LTE network as shown in the diagram below. All of the parts of the solution are currently available

and are fully tested allowing mobile carriers to implement the rst phase of seamless Wi-Fi today.

Figure 2: Seamless Wi-Fi ofoad using EAP-SIM (EAP-AKA) and local WLAN trafc breakout. Thedevice authenticates on the mobile network HLR (or HSS) through the Wi-Fi service managementplatform including a SIM authentication server.

The interaction-free authentication starts with an EAP-SIM or EAP-AKA message from the

smartphone or tablet. The Wi-Fi AP encapsulates the message using a secure 802.1X link and

RADIUS. A Wi-Fi access gateway (AG) and service management platform signals toward the HLR

(or HSS in the case of LTE) MNO core network using standard SS7 / MAP. The IP-based SIGTRAN

protocol can also be used for this signaling, which is especially useful in the case of hosted

authentication services.

Most vendors use a SIM authentication server to manage the authentication toward the HLRor HSS. Some vendors including Aptilo also have this function pre-integrated in the service

management platform. Once SIM-authentication is complete, the device is free to use the Wi-Fi

network for data services subject to service policies. Today, device trafc is usually passed to the

local Internet with local WLAN breakout, i.e. trafc is routed from the Wi-Fi access gateway to

the local Internet thus saving backhaul transmission resources.

One of the important benets of EAP-SIM authentication is that it complies with the known and

trusted 3GPP method of using authentication vectors. The method is known for its high level

of access security and has played an important role in the global success of GSM and 3G. Wi-Fi

network access with EAP-SIM is therefore as secure as todays mobile network access.

2


6/25

6


TECHNICAL REQUIREMENTS FOR TODAYS SEAMLESS WI-FIThe evolution of Wi-Fi and mobile interworking in the coming years will allow for much

sophistication above and beyond the current approach. But already today many MNOs are

realizing that seamless Wi-Fi services are achievable through proven means with signicant

economic benets. The technical requirements for the rst phase of seamless Wi-Fi ofoad are

relatively light:

Smartphone and tablet devices need to support EAP-SIM authentication

Although EAP-SIM authentication is clientless in the sense that no app or other third-party

client is needed, devices still need to support EAP-SIM. Today most leading smartphone

operating systems support EAP-SIM including Apples iOS, Android 4.0 or above, Blackberry,

Nokia (Symbian) and Windows 8. With a typical replacement cycle for smartphones of two

years or less, the global installed base of EAP-SIM and EAP-AKA capable devices is expected

to grow quickly.

Wi-Fi Access Points need to support 802.1X

While EAP-SIM and EAP-AKA dene authentication messages, the 802.1X protocol

encapsulates messages for delivery. As a consequence Wi-Fi Access Points used for EAP-

SIM authentication need to support the 802.1x protocol. This is a light requirement because

current carrier-class Wi-Fi APs are 802.1X-compliant.

SIM authentication services in the Wi-Fi core network

Seamless Wi-Fi authentication needs support from the Wi-Fi core network in order to interwork

with the HLR or HSS to which the user is subscribed. To complete this part of the process a

EAP-SIM / AKA authentication service is needed for example in the form of the Aptilo SIM

Authentication Server (SAS). This server forms a part of the Wi-Fi core together with the

Wi-Fi service management platform. In Aptilos case the SIM authentication functionality isincluded as an option in the Aptilo Service Management Platform (SMP).

All of the above components are available today and the amount of investment and technical

deployment required is minimal compared to the cost and complexity of deploying for

example LTE or 3G-based solutions. This is one of many reasons why seamless Wi-Fi ofoad

is gaining momentum as a complement to building mobile broadband capacity with LTE or

3G small cells.

Non-SIM users can also be authenticated with EAP-TLS and EAP-TTLS although this is less

common today. These methods are mostly used for authentication of devices in enterprise

or mobile CDMA networks but can also be used for secure access of non-SIM-enabled Wi-Fi

subscribers through certication of devices (EAP-TLS) and authentication servers (EAP-TTLS).

The Aptilo solution offers the exibility of including EAP-TLS and EAP-TTLS in order thatMNOs may address the largest possible subscriber base3.

3 For more on authentication types and methods see chapter 6 of this paper.


7/25


8/25

8


HOW DOES CARRIER-CLASS WI-FI MEASURE UP TO 3G & LTE?Wi-Fi is a best effort and shared resource data service - as are 3G and LTE but there are distinct

differences. Comparing Wi-Fi to mobile broadband is a bit like comparing apples to oranges

because the two were designed and conceived differently although they often serve the identical

purpose of providing wireless broadband connectivity.

Wi-Fi is a capacity and not a coverage solution. The range of a Wi-Fi AP is 200 meters at best and

is in practice often less than 100 meters. The limited range is governed in part by the fact that

Wi-Fi APs by regulation only are allowed to operate at 100 mW of emitted power (in the EU) with

devices typically operating at 20 or 30 mW. On the other hand capacity constraints are precisely

what many MNOs are facing as a result of the surge in data consumption.

Todays carrier-class Wi-Fi solutions use state-of-the-art radio technology to provide an order of

magnitude better performance than the sluggish data rates often experienced by users on privatehome or ofce Wi-Fi networks. A number of advancements in Wi-Fi radio technology have taken

place over the past few years based on the IEEE 802.11n standard and many of them have been

achieved by Aptilo partners.

The table below indicates performance levels for Wi-Fi, 3G, and LTE. While peak rates are well

dened, the user rates in the table are based on typical average conditions. The user rate for

carrier-class Wi-Fi assumes dual-band 2.4 GHz and 5 GHz operation.

The rates will vary according to distances from the AP, device capabilities, and deployment

schemes. Carrier-class Wi-Fi using 802.11n typically performs better than 3G / HSPA+ and will

in some cases be comparable in performance to LTE. O2 of the U.K. has openly announced that

their outdoor and street-level carrier-class Wi-Fi service provides speeds up to ten times faster

than a normal mobile connection.4

Comparing Wi-Fi and 3G/LTE performance:

Figure 3: Typical carrier-class Wi-Fi networks using 802.11n offer better performance than 3G/HSPA+.In some cases 802.11n will perform at levels comparable to LTE depending on device capabilities andWi-Fi deployment schemes. The table above is indicative only as assumptions beyond the scope of thispaper have been applied in deriving the values. For more information on the assumptions contact Aptilo.

4 The 600 MHz of unlicensed Wi-Fi band is typically not used in a single block but should be viewed as a poolof available frequencies from which Wi-Fi service providers select a number of sub-bands also known as Wi-Fichannels. In the 2.4 GHz band carrier-class Wi-Fi deployments typically use 3-4 channels of 20 MHz bandwidtheach. In the 5 GHz band most service providers today will use up to a maximum 9 channels of 20 MHz. Thesechannels are then arranged into a frequency reuse pattern. By selecting from a large pool of available channels,Wi-Fi service providers can keep interference low to achieve high service quality and throughput.

3


9/25

9


BUILD OPTIONS FOR REALIZING SEAMLESS WI-FI SERVICESA number of build options exist for MNOs wanting to deploy seamless Wi-Fi services. In many

ways the inclusion of Wi-Fi into the mainstream of MNO technologies is a departure from the

tried-and-true site acquisition and deployment processes of MNOs that have been in existence

since the beginning of mobile.

Figure 4: Build options for monetizing

the MNO Wi-Fi ofoad opportunity.Any or all of the above can bepursued in parallel based on similartechnical approaches to EAP-SIMauthentication. All of the aboverequire exible service managementto accommodate a variety of servicesincluding ad-hoc users and MNOsubscribers.

MNOs are faced with a number of options: Building their own Wi-Fi networks to complement

3G / LTE networks, partnering with Wireless ISPs (or cable operators, hotel owners, etc.) or a

combination of the two. MNOs may also choose to partner with Wi-Fi hotspot aggregators such

as iPass or Boingo. Some MNOs own Wi-Fi hotspot networks that can be used to provide seamless

Wi-Fi ofoad and a number of MNOs are already doing this successfully.

A fourth option is for MNOs to acquire existing WISP businesses. Finally, MNOs can choose to

offer international SIM-enabled Wi-Fi roaming through partnerships with foreign WISPs. In all

cases EAP-SIM seamless Wi-Fi authentication will apply although the details of the Wi-Fi services,

Wi-Fi core network support, and mobile core interworking may differ widely.

4


10/25

10


Any seamless Wi-Fi solution requires not only compliance with 3GPP standards but also exibilityin service management including multiple means of authentication, policy control, and billing.

Wi-Fi networks are nearly always multi-purpose serving not only MNO subscribers but also ad-

hoc users and roaming users through other service providers on the same or on parallel physical

Wi-Fi networks.

Figure 5: Serving SIM-enabled

subscribers seamlessly acrossWi-Fi and 3GPP-based net-works and serving non-SIMdevices on a single combinedWi-Fi network.

WHERE TO BUILD MNO CARRIER-CLASS WI-FI NETWORKSSeamless Wi-Fi gives MNOs the opportunity to ofoad mobile trafc to their own Wi-Fi networks for

relief of trafc congestion and to offer high-quality Wi-Fi services to both SIM-enabled and non-SIM

subscribers. Wi-Fi ofoad also reduces the need for licensed spectrum. Many 3G / LTE radio equipment

vendors offer a Wi-Fi AP option for small cell base stations although Wi-Fi ofoad networks can be

built independently of 3G / LTE networks using standard indoor or outdoor Wi-Fi APs.

MNOs need to decide not only how but also where to deploy Wi-Fi. Some parts of the industry are

promoting seamless Wi-Fi as part of a hetnet solution for providing service to a few high-density

places of congregation, such as sports stadiums and transport hubs. Although such deployment

scenarios are attractive, Wi-Fi ofoad allows operators to benet from Wi-Fi in a more general sense.


11/25

11


Typical traffic distribution for mobile broadband

Figure 6: The typical distribution of trafc on a mobile broadband network. The few mobile sites carryinga large proportion of the total trafc can be ofoaded by up to 50% with seamless Wi-Fi ofoad.

The gure above shows the typical data trafc distribution experienced by many MNOs. The

distribution is highly uneven as most of the trafc comes from a few sites. The 80% / 20% rule

often applies and some distributions can be even more skewed. This applies not only to cities but

also to suburban and rural areas. Seamless Wi-Fi ofoad can be used effectively in any area where

mobile sites are heavily loaded.

CAPACITY GAINS AND SPECTRUM SAVINGS WITH WI-FI OFFLOADCarrier-class Wi-Fi has been designed to provide enormous amounts of capacity in small areas.

For indoor applications it is typical to deploy about 100 Wi-Fi APs for example in an airport

building of 100.000 m2. With 802.11n APs comfortably delivering 50 Mbps each the result

is 5 Gbps of capacity5. In the case of outdoor Wi-Fi the AP density is typically lower 6reaching

capacities of 1-2 Gbps per km2. Compare this to a single LTE macrosite capable of delivering

around 100-120 Mbps.

Seamless Wi-Fi solutions today typically ofoad 20-30% of mobile trafc to Wi-Fi with some

Aptilo c reporting up to 50% ofoad of individual sites. Because the relation between the licensed

spectrum need and the peak trafc load is linear, MNOs can today reduce their peak spectrum

needs by an equivalent 20-30% or more if mobile trafc can be ofoaded during the busy hour

in the right high-trafc areas.

A practical restriction today is that networks and devices offer little intelligence in controlling

where and when mobile trafc is ofoaded. The evolution of Wi-Fi ofoad includes the ANDSF

and Hotspot 2.0 functions and device intelligence features addressing this issue.

5 According to Ruckus Wireless, U.S.A.

6 See the Aptilo White Paper: Seamless Wi-Fi Ofoad for MNOs A real business opportunity today


12/25

12


MNO CARRIER-CLASS WI-FI CHALLENGESCarrier-class Wi-Fi is an opportunity but also a challenge. Some of the most important issues are:

Lack of deployment opportunities

Many attractive indoor locations malls, hotels, airports, retail outlets, sports arenas etc. are

already being served by a number of WISPs and it may be difcult for MNOs to negotiate

access to such sites in order to install equipment. Access to outdoor installation sites on street

furniture such as lampposts and billboards is occasionally possible as local governments realize

the growing importance of Wi-Fi connectivity to everyone in the community. The mobile carrier

O2 of the U.K. (owned by Telefonica of Spain) in the summer of 2012 deployed a Wi-Fi network

on lamppost in the Central London area. O2 smartphone users are today using this Wi-Fi service.

Backhaul of traffic from Wi-Fi APs

Trafc from indoor Wi-Fi APs can be backhauled through LAN cabling and local switchesinside the buildings but identifying suitable backhaul solutions for a grid of densely deployed

outdoor Wi-Fi APs is more challenging. Current options include the use of unlicensed 5 GHz

mesh Wi-Fi networks for transmission and new forms of non-line-of-sight, point-to-multipoint

microwave systems.

Dealing with new venue types

MNOs with much experience in acquiring and operating base station sites may not fully realize

the organizational and sales skills needed to partner with Wi-Fi venue owners. The nature of

the Wi-Fi business is such that venue owners must have a vested interest in allowing MNOs to

access facilities. This is in sharp contrast to the case where MNOs have full authority over their

own base station sites. MNOs thus need to change mindsets from ownership to partnership.

Managing multiple authentication types, service packages, and payments

If MNOs choose to build hotspots in traditional Wi-Fi venues such as hotels, retail outlets,

transport hubs, etc. venue owners will typically require that Wi-Fi networks also serve clients

that are not SIM-enabled or existing subscribers of the MNO. Multiple means of authentication

and payment are needed. This accentuates the need for a Wi-Fi core network capable not only of

seamless Wi-Fi authentication but a range of both standard and new service provisioning options.

Part of the solution to dealing with new venue types lies in using the right Wi-Fi service

management platforms with features specically designed to meet a variety of consumer and

B2B needs. These include guest Internet services for the hospitality industry that integrate with

hotel billing systems, bring-your-own-device (BYOD) Wi-Fi access, customized portals, and

more. Aptilo has for years been serving the full range of venues from airports and hospitals

to retail chains and stadiums.

PARTNERING WITH WISPS OR CABLE OPERATORSPartnering with WISPs or cable operators with Wi-Fi networks may be the best option for MNOs

with limited access to the right indoor locations. Using the exibility of for example the Aptilo

Service Management Platform (SMP) a range of practical and eld-proven solutions is available.

A partnering strategy allows MNOs to obtain large seamless Wi-Fi coverage footprints without

making their own Wi-Fi investments except for Wi-Fi core and management systems. MNOs also

avoid having to refocus their businesses on the unfamiliar processes of building and managing

Wi-Fi radio infrastructure and can concentrate efforts on operating mobile infrastructure.


13/25

13


Not all WISP partners may fulll the technical requirement for EAP-SIM authentication, as olderWi-Fi access points may not be 802.1X-enabled. MNOs need to ensure that WISP partners comply

with such requirements or select partners that own and operate fully EAP-SIM-capable networks.

It is also important wherever possible for MNOs to select partners providing the right Wi-Fi service

quality using for example 802.11n-based systems as opposed to legacy APs.

Various WISP partners may request a multitude of service policies and roaming payment options

as individual WISP expectations and business models can vary widely. The MNO needs to have the

right business processes and service platforms in place to manage in the worst case dozens

of tariffs and policies across its partnering footprint. Aptilo has years of experience in conguring

Wi-Fi service platforms to manage such scenarios effectively.

INTERNATIONAL SEAMLESS WI-FI ROAMING

International seamless data roaming using EAP-SIM and Wi-Fi is perhaps one of the largestuntapped business opportunities in the mobile industry today. With mobile roaming tariffs at 1

EUR per megabyte (within the EU) only very few subscribers currently use mobile data roaming.

One reason for the high tariffs is that mobile roaming trafc is backhauled to the home network

of the MNO through costly international transmission links. Not only is Wi-Fi generally less CAPEX

-intensive, it also allows routing of trafc to the local Internet of the Wi-Fi roaming partner.

There are few technical and business differences between national seamless Wi-Fi ofoad and

international SIM-enabled Wi-Fi roaming although partnering with foreign WISPs requires careful

service management and policy coordination. Any Wi-Fi roaming business case also needs to

strike the right balance between sharing revenues with roaming partners and benetting from

better customer retention.

AT&T of the USA began offering SIM-based international roaming for smartphone clients in

November 2012 as one of only a few active cases. In the AT&T case the smartphone needs a

third-party client in the form of an app. This is not technically necessary if the Wi-Fi network of

the roaming partner supports 802.1X.


14/25

14


MONETIZING NON-SIM WI-FI USERSThe greater installed base of Wi-Fi devices are not SIM-enabled and do not qualify for EAP-SIM

authentication. This segment includes large-screen devices such as laptops and tablets used by

both consumers and professionals. With a high-quality Wi-Fi network MNOs may benet from

offering ad-hoc or subscription-based Wi-Fi through a service management platform handling

both SIM and non-SIM services. Various managed services, wholesale and direct-to-consumer

business models are possible:

Managed carrier-class Wi-Fi services

Business and organizations need quality Wi-Fi connectivity. These may include hotels, retail

chains, and branch ofces of small or medium-sized businesses without the budget or

organization to deploy or maintain their own Wi-Fi systems. The managed services business

model can be extended to include any kind of public venue including hospitals and airports.

Wholesale of excess Wi-Fi capacity

With carrier-class Wi-Fi delivering several Gbps per km2, MNOs with their own Wi-Fi

networks will have capacity to spare. Wholesale customers may include other MNOs, WISPS,

enterprises, communities or any other business or organization in need of high-quality Wi-Fi

services. Multiple virtual Wi-Fi networks (virtual SSIDs) can be congured on the same Wi-Fi

infrastructure.

Ad-hoc Wi-Fi services direct to the consumer:

The market for ad-hoc Wi-Fi services can be a new source of revenue for MNOs. Multiple

authentication and payment schemes are possible including SIM-authentication, SMS loops,

credit card payment, prepaid vouchers, direct subscription services and more. Providing

carrier-class Wi-Fi services also to non-subscribers can be an effective new way for MNOs to

attract new mobile subscribers.

One service for all devices

Many MNO subscribers own multiple Wi-Fi capable devices including a laptop and a tablet. A

combined EAP-SIM authenticated Wi-Fi and mobile broadband service bundle for all devices

even for those without SIM cards will boost subscriber loyalty as well as data service

revenues.

New Wi-Fi business models

Wi-Fi services can be congured to support specic applications such as premium video

streaming or gaming based on subscriptions, prepaid vouchers, or ad-hoc. Free services can

be offered for example by asking the user to pick from a variety of commercial downloadable

apps or advertisements. Similar business models may be offered by for example retail-

shopping chains.

5


15/25

15


6FLEXIBILITY: PROVISIONING A RANGE OF MOBILE / WI-FISERVICESThe worlds of Wi-Fi and mobile are merging but the evolution of seamless Wi-Fi will be gradual

and will require continued core network support on the Wi-Fi side. EAP-SIM is an indispensable

enabling technology for seamlessness but further to authentication, Wi-Fi services for MNO

subscribers also need to be authorized, accounted for, and service policies need to be enforced.

This is the combined role of the AAA and PCRF 7(PCEF8) functions in the Wi-Fi and 3G / LTE core

networks.

As seamless Wi-Fi services and policies vary according to carrier preferences the key feature of any

Wi-Fi core network and service management platform is adaptability of conguration and interfaces.

Examples of combined mobile and Wi-Fi data services may include the following use cases:

Mobile data (limited or unlimited) & unlimited Wi-Fi data bundle

The Wi-Fi service management platform authenticates the user through the SIM Authentication

Server toward the mobile network HLR and interfaces with the billing and CRM system of the

mobile network. MNOs can choose to apply service policies if smartphone trafc for example

is routed to the mobile core.

Combined capped 3G & Wi-Fi data bundles

In extension of the solution above the Wi-Fi service management platform interfaces with the

PCRF of the 3G mobile core to enforce the cap on the combined 3G and Wi-Fi data volume. If

data caps are exceeded the user is redirected to a portal to conrm and authorize additional

charging.

Casual Wi-Fi with or without SIM

Subscribers with Wi-Fi capability but belonging to another MNO (or subscribers roaminginternationally) with or without SIM can be routed to a portal via the service management

platform for pay-as-you-go casual Wi-Fi services. This service can also be extended to include

EAP-SIM authentication toward the mobile HLR for casual SIM-enabled Wi-Fi.

Wi-Fi for 3G subscribers without a 3G data plan

Smartphone users without a 3G data plan may be offered ad-hoc, SIM-authenticated Wi-Fi

services on a daily or hourly basis using multiple payment options. The user is directed to

a portal for payment via the Wi-Fi service management platform or the payment can be

detracted from the users prepaid account via the MNOs billing system. This type of service

may give MNOs an opportunity to reach a new segment of users looking for more affordable

data services for example in emerging markets.

7

Policy and Charging Rules Function8 Policy and Charging Enforcement Function


16/25

16


Figure 7: Multiple authentication methods allow SIM-based and non-SIM devices to access carrier-class Wi-Finetworks through a exible service management platform. The SMS & MAC method uses an SMS message from

the users phone to authenticate the service after which the MAC address of the device is used for future logins.

THE NEED FOR MULTIPLE AUTHENTICATION METHODS

Regardless of whether an MNO deploys their own carrier-class Wi-Fi network or elects to partnerwith one or more WISPs, Wi-Fi services need to support a variety of user types, services, and

devices in order for the MNO to receive the full return on investments in Wi-Fi. MNOs also face a

variety of security concerns depending on the mix of authentication types.

The most secure (and 3GPP-approved) form of authentication is EAP-SIM and 802.1X while the

least secure employs usernames and passwords. A tradeoff exists between offering Wi-Fi services

to address the broadest user base and reaching the highest level of access security using 3GPP-

based methods. Individual MNOs will need to decide what may be the acceptable level of security.


17/25

17


Figure 8: The full matrix of authentication schemes supported by the Aptilo Service Management Platform. The

most secure authentication is EAP-SIM using 802.1X encryption while the least secure uses manual login witha user ID and password. Any combination of the methods can be applied for any given Wi-Fi service provider.

There are many examples of the need for multiple methods and as MNOs develop new business

models for combined Wi-Fi and 3G / LTE services more will emerge. Here are a few examplesrequiring the specialized support of the service management platform as well as mobile core and

billing systems:

EAP-SIM authentication with bill-shock prevention:

When Wi-Fi services are capped (either in combination with 3G data quotas or independently)

users need to be advised of and acknowledge the additional charge once the cap has been

reached to prevent bill shock. The user is directed to a captive portal to conrm or reject the

additional charge. Aptilo has already implemented such a scheme for a large MNO customer

in Latin America.

SMS-based authentication for devices not supporting EAP-SIM

Users with devices not supporting EAP-SIM (such as legacy smartphones) can be authenticated

for Wi-Fi based on their mobile subscription by sending a one-time password to the device viaSMS. The identity of the user can be veried by lookup in the HLR or HSS of the MNO. It is

also possible to use a client on the device to automatically connect using the SMS-transmitted

password.

WISPr 1.0-based authentication for non-SIM devices

Some hotspot aggregators such as iPass and Boingo use WISPr-compatible clients in the

devices to automatically authenticate the Wi-Fi user via home or visited AAA.


18/25


19/25

19


PHASE 2: INTERWORKING WITH 3G / LTE CORE NETWORKSPhase 2 in the evolution of seamless Wi-Fi ofoad is about giving MNOs more sophisticated

means of controlling the ow of Wi-Fi trafc and enforcing their own policies from inside the

mobile core. An important part of this is the routing of Wi-Fi trafc from smartphones to the

mobile core instead of only allowing local WLAN breakout of Wi-Fi trafc. A number of options

exist for realizing the features of Phase 2.

The gure below gives an overview of the many Wi-Fi / 3GPP integration options ranging from

simple EAP-SIM authentication and local WLAN breakout to full service integration and trafc

routing to the mobile core. Many alternatives are possible and Aptilo supports them all. Individual

MNOs will need to decide what approach or combination of methods serves their specic business

needs in the best manner.

Wi-Fi Core

Mobile Core

Internet

MobileRAN

Wi-FiRAN

Wi-Fi Offload

Local break-out of Wi-Fi

(Mobile RAN + Core offload)

BackhaulingWi-Fi toMobile Core(RAN offload)

DPI

HLR

HSS

SMS-C

WAG

TWAG

SGSN

S-GW

TTG

ePDG

or 3rdpartyaccess GW

AccessController

TM

APController

CRM

BillingPrepaid

PCRF

GGSN

P-GW

Existing OSS /BSS

Policy&

Charging

EAP-SIM/AKA

Databaselookups

XML / SOAP,LDAP, RADIUS

Wm/STa/Gxa

SWa/Wa

Policy-based routing to DPI

Wm/SWm S6b

Wx/SWx

Gx

SWo SWfCDR

D/Gr

One-time-password

Gx/Gy/Gz

IPSec to Device

GTP/PMIP/MIP

GTP/PMIP

RADIUS / http

Aptilo Wi-FiOffloadSolution

EAP-SIM/AKA

Policy & ChargingIntegration

Carrier-Class Wi-FiService Management

Service ManagementPlatformTM

SIM Authentication ServerTM

7


20/25

20


DIRECTING SMARTPHONE WI-FI TRAFFIC TO THE MOBILE CORE EDGE (DPI)Instead of directing the trafc from EAP-SIM-enabled devices and other services indiscriminately

to the local Internet using local WLAN breakout the MNO can retain a rst degree of control over

smartphone trafc inside the 3GPP core by routing trafc to the edge of the core, i.e. to a DPI

(Deep Packet Inspection) node.

This scheme allows for non-SIM trafc to travel the usual route via local WLAN breakout while the

DPI node takes care of policy enforcement for SIM-based trafc. As most MNOs use DPI nodes to

control trafc this option may be attractive to many. There are multiple MNO benets of using

this approach in for example a second phase of seamless Wi-Fi integration:

Non-SIM devices can be served for additional revenue but their trafc is routed outside

the mobile core for security and backhaul transmission efciency. The access gateway or

Aptilo Access Controller directs non-SIM trafc to the local Internet based on policiescongured in the Wi-Fi service management platform.

SIM-enabled smartphone trafc is routed back to an existing DPI platform at the mobile

core edge. The DPI node extracts policy information from the Wi-Fi service management

systems PCRF-function and enforces service policies (acting as a 3GPP PCEF) on smartphone

Wi-Fi trafc before routing the trafc to the Internet.

DPI nodes function independently of their associated network and can also be used as a

seamless Wi-Fi trafc policy control mechanism outside of the mobile network core. This

gives MNOs more options for optimizing trafc ows and minimizing transmission costs.

BEST OF BOTH WORLDS:TRUSTED ACCESS USING YOUR WI-FI ACCESS GW AS A VIRTUAL SGSN / S-GW

GGSN

P-GW

WAG

TWAG Internet

Wi-Fi

Tunnel

GTP/MIP/PMIPAP

In 2G and 3G mobile broadband the radio access network connects to an SGSN network node

before entering the mobile core GGSN. A Wi-Fi network can emulate this architecture by making

Wi-Fi an integrated sub-network of the mobile core. As in the case above non-SIM Wi-Fi trafc

breaks out locally, while the EAP-SIM-authenticated Wi-Fi trafc is tunneled (with GTP or PMIP) tothe MNOs GGSN using a Wireless Access Gateway (WAG) emulating an SGSN.

MNOs may be attracted to this option because it uses 3GPP specications for interworking with

Wi-Fi including in the Aptilo case a 3GPP-compliant AAA platform as a part of the service

management platform or as a stand-alone server. This method also uses policy control functions

(PCEF) already congured in the mobile core so that ideally less system integration is required.

This option also supports all well-known management functions for general Wi-Fi services

including open SSID for non-SIM-based Wi-Fi users for example with Web-based login. In many

ways this solution represents a best of both worlds approach to combined Wi-Fi & 3G services.


21/25


22/25

22


PHASE 3: INTELLIGENT NETWORK SELECTION & SERVICETRANSPARENCYThe target for the third phase of seamless Wi-Fi is full service continuity and device mobility across

Wi-Fi and 3G / LTE networks. This involves not only the mobile and Wi-Fi network cores but also

their interaction with the mobile device. As a result the 3GPP has dened a number of standards

that are expected to enable intelligent ofoading through interaction between the network and

the device. Some of the functionalities below are expected to become commercially available

during 2013-2015, but it will take some time before they are widely deployed.

ANDSF: INTELLIGENT NETWORK SELECTION ACROSS 3GPP AND WI-FITodays device operating systems (such as iOS and Android) automatically prefer Wi-Fi services to

mobile broadband for example via EAP-SIM authentication. Applications on mobile devices use

data buffering to preserve a form of mobility and are often robust in assigning new IP addresses

and continuing to run. In this way the experience of seamlessness is to some degree preserved.

But application-based switching of this kind is not ideal for MNOs wanting to control trafc ows.

If MNOs are to benet fully from Wi-Fi ofoad, network selection needs to be controlled

intelligently. ANDSF Access Network Discovery and Selection Function dened in 3GPP

Releases 8, 10 and 12 allows devices to know when, where and how to select a suitable Wi-Fi

network connection.

In practice ANDSF relies on interaction between the PCRF (policy control) server in the 3G /

LTE core and an ANDSF client in the device. The further development of the ANDSF standard

will mean that policies can for example allow the device to select a specic Wi-Fi network for

preferred access based on time-of-day, location, subscriber type, application, and device type.

Network selection based on radio network quality and backhaul bandwidth availability is left up to

individual device vendors to implement, i.e. they are beyond the scope of the 3GPP specications

today. But they are still very much needed. Some vendors report that they already offer such

solutions based on device measurements, although it remains to be seen if this will become part

of a future ANDSF framework.

3GPP INITIATIVES TOWARDS A TRUE HETEROGENOUS RADIO NETWORKA number of other 3GPP-dened functions are expected to further enhance the seamless Wi-

Fi user experience as well as network efciency: DSMIP (Dual Stack Mobile IP of 3GPP Release

8) preserves the IP address of the device when the network changes so that applications can

continue to run without executing their own switching routines, while IP Flow Mobility (3GPP

Release 10) allows IP trafc ows to split between Wi-Fi and 3GPP networks based on for example

application-specic criteria.

8


23/25

23


A BUSINESS-CRITICAL FUNCTION: SERVICE MANAGEMENTPLATFORM FLEXIBILITYRegardless of the chosen build strategy and combination of business models, MNOs offering

Wi-Fi services will be required to manage and operate a number of service types across multiple

core networks enforcing multiple policy controls while using multiple means of authentication.

At the same time exible service management platforms need to interact with billing and other

support systems.

This complexity requires an approach that advances well beyond the methods and functionality

dened in the 3GPP standards for interworking. In addition to the 3GPP standards which are

fully supported by Aptilo MNOs with carrier-class Wi-Fi services will need service platforms that

support the multi-dimensional business models and service scenarios of this new reality.

9

Small Cell Wi-Fi

Public Wi-Fi

Office Wi-Fi

Home Wi-Fi

Partner NetworkRoaming

Wi-FiGateway

LocalBreak-out

EAP-SIM/AKA

3GPP Wi-Fi Access

non-SIM

AccessPoint

Backhaul to mobile core through tunnels

Wi-Fi UserExperience

OSS / BSSIntegration

Wi-Fi ServiceControl

Mobile CoreIntegration

Policy&

Charging


24/25

24


THE APTILO SERVICEGLUETM

CONCEPTTo meet any service logic requirement Aptilo has developed the Aptilo ServiceGlueTMfunctionality

as an integral part of the Aptilo Service Management Platform. This is a logical framework for

linking the Wi-Fi, 3G, and LTE access and gateway network on one side to any Mobile Core and

OSS / BSS functions and databases on the other side. The Aptilo ServiceGlue can be congured to

deliver the precise service logic required by individual MNOs or WISPS across multiple networks.

Lookups &parametermapping

Configurable Functions

Aptilo ServiceGlue

SOSS

BSSBSS

SOAP/XMLLDAPRADIUSDiameter

IDI

Diameter, RADIUS, BGP Diameter, RADIUS

ActionAction

RequestRequest

ActionAction

ActionAction

RequestRequest

RequestRequestActionAction

oLookup

oLookup

Action/PostAction/Post

LoLookup

100

101 102

103 104

PCRF

HLR/HSS

Gateway

105

Aptilo ServiceGlue offers exibility of service control beyond the capabilities of any ready-made

service management platforms and it is especially valuable in the case of Wi-Fi ofoad: MNOs can

look up policies from several mobile core sources and map these to corresponding functions in

the Wi-Fi core network including vendor specic attributes (VSA).

CLOUD-BASED EAP-SIM AUTHENTICATION AND SERVICE MANAGEMENTCloud-based or hosted service management solutions may be an attractive option for MNOs on

the fast track to Wi-Fi ofoad or for quick seamless Wi-Fi proof-of-concept testing. Some MNOs

may even prefer to outsource operations indenitely to obtain a better operational efciency.

The cloud-based alternative can be particularly attractive for MNOs that are not building their

own Wi-Fi footprint.

To this end Aptilo offers a fully managed cloud-based service, operating the Aptilo Service

Management Platform from one of Aptilos Network Operation Centers (NOC) or from the MNOs

NOC. The service ensures a very high availability and all the features and functionality of the

Service Management Platform including EAP-SIM seamless authentication. Many conguration

options are possible including remote or local access controllers for local WLAN breakout as well

as interfacing to third-party access gateways.


25/25

wi-fi offload how v2!03!13

Documents