Wi-Fi & packet core integration

Kwangwon Kim Technology research and Standardization Ericsson-LG

Contents
Drivers Evolution of I-WLAN Integration of Non-3GPP IP access technology with EPC BBAI HS 2.0/Wi-Fi CERTIFIED Passpoint SAMOG & Rel-12 Conclusion

Public | 2012-10-19 | Page 1

Drivers

Public | 2012-10-19 | Page 2

Requirements
those we will face

Connectivity will be the performance bottleneck and differentiator in the world of cloud services on mobile devices. Within 10 years, we predict to see:

X10
devices

X100
Service offerings

X1000
capacity

This requires a new way of building a network = Heterogeneous Network

Public | 2012-10-19 | Page 3

Its about end user experience

Coverage
Coverage is taken for granted But is bitrate dependent

Capacity
Data and voice volume capacity to serve all subscribers

Speed Low latency

Cell edge performance User experience

Always on
Signaling capacity everywhere

Providing connectivity to support individuals creativity and promote socio-economy

Public | 2012-10-19 | Page 4

Network architecture
Leverage proven macro functionality Advanced radio coordination Network integrated carrier grade Wi-Fi
Iub/S1/X2

mRBS

pRBS
Iub/S1/X2

Internet grade

pRBS

Wi-Fi

CTRL
Main Unit

mRRU

RRU

Macro RBS

RRU

Public | 2012-10-19 | Page 5

Evolution of I-WLAN

Public | 2012-10-19 | Page 6

High level requirements

3GPP began to speak of inter-working with wireless LAN in Rel-6 6 inter-working scenarios with 3GPP cellular networks are agreed
Common billing, Common customer care 3GPP system based access control, 3GPP system based access charging Access to 3GPP system PS based services from WLAN Service continuity Seamless service Access to 3GPP system CS based services with seamless mobility
Public | 2012-10-19 | Page 7

Network reference model

Intranet / Internet

3GPP system based authentication and accounting

UE: UICC/NAI

3GPP Visited Network 3GPP AAA Proxy

Wg

Wf

Wa

Offline Charging System

WLAN Access Network WLAN Ww UE Wn WAG

WLAN 3GPP IP Access

Wd

Wo

Roaming architecture
W-APN, Local IP & Remote IP
Wu

3GPP AAA Server

W m
Wy

Dw Wx
/ D' r' G

SLF HSS HLR

Wp

W f

Packet Data Gateway

OCS
Wz

Wi

Offline Charging System

3GPP Home Network

Roaming reference model - 3GPP PS based services provided via the 3GPP Home Network, TS23.234

Public | 2012-10-19 | Page 8

Mobility support before EPS

Mobility between 3GPP access network and I-WLAN before EPS (TS23.327) (FS_SM3GWLAN)
Requested by a couple of European operators (T-Mobile, Orange, Telenor,...) Unclear standardization timeline of TS23.402

Considering legacy 3GPP system and I-WLAN architecture, DSMIPv6 was selected as a mobility protocol
3GPP AAA Server WLAN Access Network
Wn Wx

HSS

WAG

Wp

PDG/ AR
H3

H2

Ww

Wu H1

UE
Uu/Um

HA

HGi

External PDN

H3

GERAN/UTRAN

Iu_ps/Gb

SGSN

Gn

GGSN/ AR

Home Mobility Service Architecture for I-WLAN Mobility , TS23.327

Public | 2012-10-19 | Page 9

Integration of Non-3GPP IP access technology with EPC

Public | 2012-10-19 | Page 10

Trusted vs. Non-trusted

Recent LS from GSMA to 3GPP regarding how to define trusted and nontrusted access technology provides the opportunity to share the definition of technology between SDOs
Also, Wi-Fi alliance will allow 3GPP to access their internal specification regarding Hotspot 2.0/NGH to be aligned with 3GPP specifications

In TS23.402 4.3.1.2., Trusted and Untrusted Non-3GPP access network are described as followings:
Trusted and Untrusted Non-3GPP Access Network are IP access networks that use access technology whose specification is out of the scope of 3GPP. Whether a Non-3GPP IP access network is Trusted or Untrusted is not a characteristics of the access network In non-roaming scenario it is the HPLMN's operator decision if a Non-3GPP IP access network is used as Trusted or Untrusted Non-3GPP Access Network. In roaming scenario, the HSS/3GPP AAA Server in HPLMN makes the final decision of whether a Non-3GPP IP access network is used as Trusted or Untrusted non3GPP Access Network. The HSS/3GPP AAA Server may take the VPLMN's policy and capability returned from the 3GPP AAA Proxy or roaming agreement into account.

Public | 2012-10-19 | Page 11

PMIPv6/GTPv2 vs. DSMIPv6

3. MN-ID@MAG1 4. MN-ID@MAG1, HNP 3. MN-ID SGSN(S-GW) @ 4. Determine MNs L3 Address

LMA (P-GW)
2.PBU (MN-ID,MAG1,Reg) 5.PBA (MN-ID,HNP) 6.Bi-directional tunnel

GGSN P-GW
2.Create Session Request (MN-ID,S-GW)

5.Create Session Response (MN-ID, L3 Address)

HA (P-GW)
Signaling DSMIPv6 bootstrapping Security IKEv2 Auth Home network @ Binding update Binding update Acknowledge Finding HA Pre-loaded DNS look-up Acquire/Configure CoA

6.GTP tunnel

MAG (S-GW)
1.Router solicitation (MN-ID) 7.Router Advertisement1.L3 Trigger (MN-ID, HNP) (MN-ID)

SGSN S-GW

7.L3 Address Configuration

Public | 2012-10-19 | Page 12

PMIPv6 via S2b

S2b based mobility
Employs IPsec between UE and ePDG Requires network based mobility between ePDG and EPC, GTP or PMIP PDN-GW as anchor for Mobile Access and IP Fixed Access

Public | 2012-10-19 | Page 13

DSMIPv6 via S2c

S2c based mobility
DSMIPv6 between UE and PDN GW Works with both Untrusted and trusted non-3GPP access PDN-GW as anchor for Mobile Access and IP Fixed Access

Public | 2012-10-19 | Page 14

GTP/PMIPv6 via S2a

S2a based mobility
S2a integration between BNG and EPC, GTP or PMIP PDN-GW as anchor for Mobile Access and IP Fixed Access

Public | 2012-10-19 | Page 15

multiple access PDN connectivity

Studied under working item MAPIM (TR23.861) and specified in TS23.402 Enables establishment of PDN connections (different APNs) over multiple accesses Support PDN connection level (APN level) hand-over to different access network
Selective transfer of PDN connections between accesses Transfer of all PDN connections out of a certain access

Able to utilize all EPS MM protocol e.g. PMIPv6, DSMIPv6 and GTP
PDN #1 3GPP Access

SGW

APN #1 APN #2

Non-3GPP Access

PGW
ePDG

PDN #2

Public | 2012-10-19 | Page 16

IP Flow mobility
Support more flexible and ramified traffic flow handling than MAPCON Enables establishment of multiple IP flows with same APN over multiple accesses Support different access network connection although the same APN is used (the same PDN) The base granularity for mobility and offloading is IP flow e.g. 5 tuple, not PDN connectivity level Currently based on only DSMIPv6 (RFC5555) and complementary, specified in TS 23.261

3GPP Access

SGW
IP flow #1

PGW
Non-3GPP Access

IP flow #2 Same PDN

ePDG

HA

Public | 2012-10-19 | Page 17

IP Flow mobility
Simplicity of network support mobility increases burdens of each end node
P-GW (Home agent)/ UE (Mobile node)
UE ePDG/IPSEC IP ePDG EUTRAN PDNGW HSS/ AAA PCRF

HA
1: (HoA1, CoA1, BID1,x) 2: (HoA2, CoA2, BID2,y) 3: 1: (HoA1, CoA1, BID1,x) 2: (HoA2, CoA2, BID2,y) 3:

LTE bearer assignment as per TR23.401 DSMIPv6 bootstrapping & Binding update over LTE IP-in-IP tunnel ( in case of standalone HA and dedicated home prefix) Wi-Fi connection preparation as per TR 23.402 IPSec tunnel with IKEv2 signaling DSMIPv6 bootstrapping & Binding update over Wi-Fi IPSec tunnel DSMIPv6 tunnel

ePDG/IPSEC IP

HA

Exchange of routing filter, update of binding cache & IP-CAN modification Exchange of routing filter, update of binding cache & IP-CAN modification

1: (HoA1, CoA1, BID1,x,FID1,a,RF1) 2: (HoA1, CoA1, BID1,x,FID2,b,RF2) 3: (HoA2, CoA2, BID2,y,FID3,,) 4:

1: (HoA1, CoA1, BID1,x,FID1,a,RF1) 2: (HoA1, CoA1, BID1,x,FID2,b,RF2) 3: (HoA2, CoA2, BID2,y,FID3,,) 4:

Exchange of routing filter, update of binding cache & IP-CAN modification

Public | 2012-10-19 | Page 18

NON-SEAMLESS OFFLOADING
Optional capability of a UE supporting WLAN radio access in addition to 3GPP radio access. Route specific IP flows via the WLAN access without traversing the EPC Non seamless offloaded IP flows are identified:
User preferences The Local Operating Environment Information defined in TS 23.261 Statistically pre-configured or dynamically provided by ANDSF offloading policies

Uses the local IP address allocated by the WLAN access network and no IP address preservation is provided between WLAN and 3GPP accesses
SGW PGW

3GPP Access

IP flow via EPC

Non-3GPP Access

ePDG
Non-seamlessly offloaded traffic

Public | 2012-10-19 | Page 19

Non-3GPP Access INTEGRATION

3GPP have developed I-WLAN architecture to allow wireless LAN to access packet core network & services
Initially focused on core network access using WLAN Developed to support data offloading

R6/7
3GPP-WLAN Interworking scenario I-WLAN architecture Access control, billing and service based on 3GPP framework

R8/9
I-WLAN seamless handover and service continuity support I-WLAN mobility support with UTRAN/GERAN over pre-EPS network

R10/11
Multiple access connectivity IP flow mobility (IFOM) & seamless offloading Non-seamless WLAN offloading BBF inter-working
S2a mobility based on GTP & WLAN

Public | 2012-10-19 | Page 20

BBAI
(Broad band access interworking)

Public | 2012-10-19 | Page 21

Motivation & Issues

3GPP and Broadband forum agreed the base service scenario and corresponding requirements
Network, PCC and QoS interworking architecture Part of works were standardized in Rel11 (3GPP)

Protocol options for integration

S2b or S2c Wi-Fi or H(e)NB Procedures considerations for each protocol option Initial attach Detach - UE/GW initiated or HSS/AAA initiated Network initiated dynamic PCC - EPC-routed or NSWOed traffic Handover Additional PDN Network initiated resource allocation deactivation Security

Policy & QoS Interworking

3GPP PCC to Fixed broadband access interworking QoS procedures to map QoS identifier QCI and DSCP Authentication & security procedure interworking

Public | 2012-10-19 | Page 22

Wi-Fi access architecture

Evolved Packet System HSS Swx S6a Gxc Gx Gxb* 3GPP Access Serving Gateway PDN Gateway S2c S9a Rx Operators IP Services (e.g. IMS, PSS etc.) S6b SWm 3GPP AAA Server SWa

PCRF
SGi

S5

ePDG
SWn

BPCF BNG/BRAS BBF AAA Proxy

AN (e.g. DSLAM/ONT)

BBF Defined Access and network Customer Premises Network

RG S2c WiFi AP BBF Device

UE

Non-Roaming Architecture for untrusted fixed broad bad access, TS23.139

Public | 2012-10-19 | Page 23

H(e)NB access architecture

Evolved Packet System HSS S6a S10 MME S1-MME Gxc (Only for PMIP based S5) Gx Serving Gateway HeNB GW S5 PDN Gateway SGi PCRF Rx Operator's IP Services (e.g. IMS, PSS

S1-U E-UTRAN UTRAN GERAN S4 SGSN

S9a S15

Iu-PS
MSC

HNB GW SeGW

Iu-CS

BPCF

BBF defined access and network

AN (e.g DSLAM/ONT) BRAS/BNG

RG

Customer Premise Network

3GPP Femto

BBF Device

Non-Roaming Architecture, TS23.139

Public | 2012-10-19 | Page 24

HS 2.0/Wi-Fi CERTIFIED Passpoint

Public | 2012-10-19 | Page 25

Motivation
Technology segmentation increases as much as Wi-Fi access is getting popular
MAC based, user name and password based...

Interoperability and roaming issues

Global roaming like 3G brings up new business opportunity

In 2010, Hotspot 2.0 Task groups in Wi-Fi Alliance was formed

Common set of standards to improve end user hotspot experience

Source: Driving next generation Wi-Fi experience, Tiago Rodrigues , Wi-Fi global congress 2012

Public | 2012-10-19 | Page 26

HS 2.0
Specifies capabilities and requirements as per AP and mobile device
Minimal set of capabilities for APs and mobile devices WPA2, User credentials, Interworking information element including Venue info and HESSID field Roaming consortium information element BSS load element (Mobile device population and channel utilization)

Operators and service providers are specified separately

Operators: responsible for the configuration and operation of the hotspot Service providers: providing a service as a business

Selective ANQP elements

Info. about authentication and roaming including cellular operators

HS 2.0 ANQP elements

Details about operators and WAN link attributes

Public | 2012-10-19 | Page 27

Wi-Fi CERTIFIED Passpoint

WBA announced commercial standardization plan of Wi-Fi CERTIFIED Passpoint program
In Wi-Fi global congress 2012 Seoul

Mainly focused on the expansion of Wi-Fi hotspot coverage based on the roaming agreement between different local/global MNOs Major underlying technologies
Benefit of Wi-Fi CERTIFIED Passpoint

IEEE 802.11u,IEEE 802.11i and EAP based authentication

Public | 2012-10-19 | Page 28

Network discovery and selection

Client devices discover and automatically choose networks based on user preferences, provisioned operator policy, and network availability based on IEEE 802.11u Improve the ability of devices to discover, authenticate, and use nearby Wi-Fi access points Newly introduced SSPN (Subscription service provider networks) concept
Multiple service provider IDs available on the same Aps Roaming consortium OI (Organization ID) A roaming consortium is a group of subscription service providers (SSPs) having inter-SSP roaming agreements GAS (Generic advertisement service) in public action frame convey ANQP (Access Network Query Protocol) ANQP is used to transport information about access network e.g. location, cellular network info., emergency service and authentication realm

Main extensions to Beacon/Probe/Association messages

Interworking Advertising Protocol Roaming Consortium QoS Map SSPN Interface
Public | 2012-10-19 | Page 29

Comments Identifying a particular advertisement protocol supported. e.g. ANQP or 802.21 Identifying roaming consortium and/or SSP authorized to provide accessibility on the AP Support for the QoS service Indication whether the AP supports an interface to SSPNs

Seamless Network Access

Traditional Wi-Fi hotspot access requires an active selection or input from the subscriber
Manual input of valid credential information in the Web authentication portal SSID identification by end user Established security association is usually stored only specific AP, not managed central way henceforth, traditional Wi-Fi authentication produces service discontinuity and user intervention

The purpose of seamless network access is to remove all complicated procedures to establish Wi-Fi client configuration
No need of user management for Wi-Fi access/authentication More preferred option for MNOs: Subscriber identity module based Username/password combinations are also considered for non-MNO Wi-Fi service providers No end-user intervention is required in order to establish a connection to a trusted network

Public | 2012-10-19 | Page 30

SaMOG
(S2a Mobility based On GTP & WLAN access to EPC)

Public | 2012-10-19 | Page 31

Motivation
Existing overlay solution for Wi-Fi access do not lead to market uptake
IPsec/IKEv2 based client towards TTG/ePDG DSMIPv6 based client towards PGW CMIPv4 based client towards a standalone HA GBA-based authentication for HTTP based services

It's all about user experience

Also it heavily impacts to the terminal design

Rising of Wi-Fi technology to complement operators' MBB offerings

GSMA Wi-Fi roaming task force pushes each SDOs Very useful/economical toolset for offloading

More pragmatic approach is required

Integrated operators begin to consider the 3GPP compatibility of new Wi-Fi technology e.g. WPA2 and UICC based credential info, authentication

Public | 2012-10-19 | Page 32

SAMOG

Study on S2a Mobility based on GTP & WLAN access to EPC

Part of BBF inter-working activities between 3GPP and Broadband forum Solution to provide the ease of WLAN access to EPC
Complicated authentication and security overhead of WLAN interworking have been obstacles of largescale I-WLAN deployment
IPSec, IKEv2 to encrypt and authenticate WLAN via ePDG

Increased security, easy discovery and set up procedure are already mature
802.1x/802.1i/802.1u/Hotspot 2.0

BNG (Border network gateway) interconnects trusted WLAN and PDN-GW

Public | 2012-10-19 | Page 33

Example call flow

Additional PDN
USIM-based authentication via communication with the HSS
No need to be aware of complicated user credential such as ID/password

Converged policy control, where a policy controller can provide both fixed and mobile policy control
The same PCC rule can be installed in the fixed access with single point of control

Full mobile-service availability regardless of access type

LTE Access
1. UE establish the first PDN connection over LTE as per specified in TS 23.401/402/0602 PCRF

EPC
APN 1

PDN #1

MME

HSS

APN 2
S/PGW

PDN #2
7. UE completes L3 establishment with PDN#2 3. UE triggers L3 establishment 5. PCRF installs PCC rules except BBERF interaction

2. UE detects Wi-Fi (EPC-routed) SSID: EPC-routed availability and begin to EAP authentication procedure. AAA downloads required data for BNG to create GTP tunnel to PGW upon successful authorization
SSID: NSWO

IP fixed access
VLAN-EPC VLAN-NSWO

AAA

4. BNG initiates GTP tunnel creation session 6. PGW responds to BNG with GTP tunnel creation

BNG

Public | 2012-10-19 | Page 34

ANDSF highlights
Access Network Discovery and Selection Function Operators use the ANDSF to assist the UE to scan and select an appropriate access network for the establishment of an IP flow. ANDSF contains data management and control functionality necessary to provide network discovery and selection assistance data as per operators' policy Simple architecture leveraging OMA Device Management specifications protocol
Actually, OMA DM uses a SyncML protocol bound to, e,g, HTTP The SyncML protocol carries an ANDSF Management Object (MO), which is encoded in XML or WBXML.

The ANDSF can be located in the home or visited networks (or both) UE ANDSF

HTTP Request HTTP Response

Public | 2012-10-19 | Page 35

Hotspot 2.0 vs. ANDSF

Created by WiFi Alliance HS 2.0 is independent of ANDSF but, somehow related Defines a protocol that allows the UE to query the Access Point prior to associating with it.
The protocol is called Access Network Query Protocol (ANQP) and is an extension to IEEE 802.11u.

Additionally, HS 2.0 defines policies by means of a a HS Management Object

The HS 2.0 MO can be sent from an ANDSF MO using OMA DM Or it can be sent from a regular HTTP server using SOAP-XML

AP
ANQP Request ANQP response
Public | 2012-10-19 | Page 36

QoS Extension to Wi-Fi access

WMM Qos with Admin Control on Radio Session Rate-limit/Throttling/Queue on Core

PCRF

Per Session Rate-limit Queue/Qos Map to L2

Radius CoA

Gx QoS

(802.11p)/DSCP

GTP
BNG PGW

UE 802.11e WMM EDCF

AP

* EDCF is fairly simple to implement, but does not guarantee bandwidth, Jitter or latency
Public | 2012-10-19 | Page 37

Client or Clientless solution

Criteria
Impact on UE

Clientless
No impact, based on 802.1x and available EAP methods supported by the device (SIM, AKA, TTLS) Yes, requires 802.1x enabled Wifi Access Points on the operators SSID, AAA supporting EAP and MAP interface towards HLR or DIAMETER towards HSS. User IP packet awareness Very low. The fixed edge could look like a new GGSN or using S2a GTP it could look like a new SGSN or SGW Yes, using S9a or Policy interfaces between Mobile and Fixed Policy Managers, or also using GTP-C in band signaling. Marking packets on down and up streams Yes BBF, 3GPP, WIFI ALLIANCE (HOTSPOT 2.0) YesNon SIM Based devices are already 802.1x capable and could use any supported EAP method e.g. EAP-TTLS or TLS

Client Based (I-WLAN)

Heavy impact. Requires the integration of an IPsec Client, IKEv2 and EAPSIM/AKA support No impact. It assumes that the Device/User has already managed to acquire an access i.e. IP@ and uses it to build the IPsec Tunnel, No user IP packet awareness High. Requires to deploy a new access technology (WAG, PDG/ePDG and AAA) Difficult. even if IPsec packets are marked the fixed network could choose not to honor it Yes3GPP

Impact on Fixed Network

Impact on Mobile Network

End to End QoS

Standardized Compatible with non SIM based Devices

No

Public | 2012-10-19 | Page 38

Ongoing Working Items in Release 12

WLAN Network Selection for 3GPP Terminals (WLAN_NS)
To evaluate and if needed enhance existing 3GPP solutions for network selection for WLAN taking into account WFA Hotspot 2.0 solutions. The proposed work is based on existing TS 23.402 architectures. 3GPP operators policies for WLAN network selection will be provisioned on 3GPP terminals via pre-configuration or using ANDSF.

Policy and Charging Control for Supporting Fixed Broadband Access Networks (P4C)
Policy and Charging Control in the fixed broadband access network in the convergent scenario where a single operator is deploying both the fixed broadband access network and the Evolved Packet Core (EPC).

Public | 2012-10-19 | Page 39

Conclusion

Public | 2012-10-19 | Page 40

Summary & Conclusion

Lots of technology variation emerged to integrate Wi-Fi and 3GPP cellular network And It is moving towards simplified and pragmatic approach Driving forces of this trend are MBB penetration and User experience Release 8
Single radio connection NW Discovery & Selection Intersystem Mobility, ANDSF Policy

Release 10
Inter-flow mobility Multiple radio connections UE-driven IP flow mobility

Release 12
Network driven flow mobility HS discovery & selection And more

Current
NW discovery & selection Seamless authentication, Wi-Fi global roaming and mobility

Future
Load balancing, multi-band steering ANDSF policy integration And more

Public | 2012-10-19 | Page 41