1 Subject:Femto Network Gateway (FNG) Architecture Date: 15 October 2007 Source: Airvana Contact: Baw Ch’ng, Minsh Den, Woojune Kim, Doug Knisely, Balaji

1

Subject: Femto Network Gateway (FNG) Architecture

Date: 15 October 2007Source: AirvanaContact: Baw Ch’ng, Minsh Den, Woojune Kim, Doug Knisely, Balaji Raghothaman{baw, mden, wkim, dknisely, braghothaman}@airvana.com

cdma2000® is the trademark for the technical nomenclature for certain specifications and standards of the Organizational Partners (OPs) of 3GPP2.

Airvana, Inc., grants a free, irrevocable license to 3GPP2 and its Organizational Partners to incorporate text or other copyrightable material contained in the contribution and any modifications thereof in the creation of 3GPP2 publications; to copyright and sell in Organizational Partner's name any Organizational Partner's standards publication even though it may include all or portions of this contribution; and at the Organizational Partner's sole discretion to permit others to reproduce in whole or in part such contribution or the resulting Organizational Partner's standards publication. Airvana, Inc., is also willing to grant licenses under such contributor copyrights to third parties on reasonable, non-discriminatory terms and conditions for purpose of practicing an Organizational Partner’s standard which incorporates this contribution.This document has been prepared by Airvana, Inc., to assist the development of specifications by 3GPP2. It is proposed to the Committee as a basis for discussion and is not to be construed as a binding proposal on Airvana, Inc. Airvana, Inc., specifically reserves the right to amend or modify the material contained herein and to any intellectual property of Airvana, Inc.,other than provided in the copyright statement above.

2

Focus of Contribution (1)

Cable, DSL, or other Broadband Internet Service

Femtocells(Home Base Stations)

PublicInternet

“The Phone Network”

The Internet

FemtoNetwork Gateway

(FNG)

Operator’sCore Network

• Radio Interface to mobile devices

• Interface to the broadband Internet

• Management capabilities

• Security against tampering

• Security for data transport

• Firewall/security from public Internet

• Security data transport to femtos

• Scalability to support large numbers of femtos

• Scalability toward Core Network

• Topology hiding

• Existing circuit or IP-based telephony services

• Supplementary Services (e.g., SMS)

• Emergency Services, etc.

• Packet Data Services

3

• Packet Data Service architectures also fall into two broad categories:– Legacy Packet Data Service architecture

• Legacy IOSs (e.g., A10/A11 from the femtocell to the legacy PDSN)

– All-IP Packet Data Service architecture• Most PDS Termination (PDST) functions performed in the

femtocell

• FNG follows a PDIF-like architecture and interfaces to the Packet Data Core Network

Focus of Contribution (2)

4

Outline

• Femto Network Gateway (FNG) Architecture• Tunnel Structure

– Tunnels for 1x Voice

• Femto/FNG Packet Data Services Functional Split• FNG Packet Data Services

– Simple IP, Mobile IP, Proxy-MIP

• Authentication– Femto device, A12, and user authentications

• QoS• Accounting• A-Interface Proxy Functions• Detailed Call Flows

5

Conceptual Deployment Model

Access Network(owned by same operator as wireless

service provider, or broadband ISP networks that have direct peering with

wireless operator’s network)

Wireless Operator’sCore Network

(controlled by wireless operator,assumed trusted, secured)

Internet(not controlled by wireless operator,

assume untrusted, unsecured)

TrustedNetwork

UntrustedNetwork

Femto Cell

IMS

1xMSC/xLR

AAA

MIP-HA

AGW

Databases

etc.

Femto CellFemto Cell

Femto CellFemto CellFemto

CellFemto Cells

Femto Cells

Security

Very large number of femtocells

Scalability

Efficiency

NAT Traversal

Very large number of femtocells

6

Femto Network Gateway Architecture (1)

• What is the Femto Network Gateway (FNG) Architecture?– PDIF-like architecture that provides highly scalable

• Secure access to core network services from untrusted networks

• Mobility support

• QoS support

• Accounting support

• NAT traversal support

– … and addresses femto network specific scalability issues• Concentrator or Proxy functions to allow large number of femtocells

to inter-operate with legacy macro and core network elements not originally designed to interface with a large number of other network elements.

– Example: A13 Proxy» FNG proxies A13 interfaces from femtocells so a macro RNC

needs to deal with only one A13 interface proxy instead of one million A13 interfaces from one million femtocells

Re-use existing PDIF standards and protocols

Re-use existing A13, A16-A19, A21 standards and protocols

7

Femto Network Gateway Architecture (2)

EV-DO

VoIP capableEV-DO Device

Legacy 1x Device

1xRTT

FemtoEV-DO


Legacy 1x Device

1xRTT

Femto

Femto Network Gateway

(FNG)

IP Network(Assume unsecure, untrusted)

Operator’s Core Network

IPSec tunnels

UntrustedNetwork

TrustedNetwork

Home Router / Residential GatewayNAT/Firewall

• PDIF-like secure access architecture

• IKEv2 & IPSec provides authentication, security, NAT traversal support

8

Common Aspects of Femto Networks(Technology Independent)

FemtocellPublic

Internet

LegacyCircuit

Network

Packet DataServices

FemtoNetwork Gateway

Operator’sCore Network

Secure IPSec tunnels for signaling, voice, and

packet data

Packet Data Traffic

Circuit Traffic

9

Tunnel Structure (1)

Femtocell FNG

1xVoice-Tunnel

Base-Tunnel

Per-user Data-Tunnel (1x-Data or EV-DO)

toAT

toAT

toAT

Mobile IP or Simple IP

PPP

PPP

PPP



SIP, Management

Signaling (A13, A16-A19, A21, etc.)

EVRC/RTP for user 1

EVRC/RTP for user 2

EVRC/RTP for user N

toAT

EVRC

1x-TCH

toAT

EVRC

1x-TCH

toAT

EVRC

1x-TCH

10

Tunnel Structure (2)

• “Base-Tunnel”– For signaling

• “1xVoice-Tunnel”– For 1x voice transported

over RTP

• “Data-Tunnel”– For user packet data

– Per-user tunnels consistent with PDIF model

Femtocell

FNG

1x

Vo

ice

-Tu

nn

el

Ba

se-

Tu

nn

el

Per

-us

er

Da

ta-T

un

ne

l (1

x-D

ata

or

EV

-DO

)

toAT

toAT

toAT

Mo

bil

e I

P o

r S

imp

le I

P

PP

P

PP

P

PP

P

Mo

bil

e I

P o

r S

imp

le I

P

Mo

bil

e I

P o

r S

imp

le I

P

SIP

, M

an

ag

em

en

t

Sig

na

lin

g (

A1

3, A

16

-A1

9, A

21

, etc

.)

EV

RC

/RT

P f

or

us

er

1

EV

RC

/RT

P f

or

us

er

2

EV

RC

/RT

P f

or

us

er

N

toAT

EV

RC

1x-T

CH

toAT

EV

RC

1x-T

CH

toAT

EV

RC

1x-T

CH

Color Code (to be used in all future call flows):* RED = Base-Tunnel (per Femto-cell permanent tunnel)* BLUE = 1xVoice-Tunnel (per Femto-cell permanent tunnel)* GREEN = Data-Tunnel (per AT, tunnel life time same as corresponding PPP session)

11

Tunnels for 1x Voice

• “Base-Tunnel”– Used for SIP signaling– Tunnel Inner Address (TIA) is SIP UA’s address

• “1xVoice-Tunnel”– Used for RTP transported 1x voice traffic– Tunnel Inner Address (TIA) is RTP media termination point’s

address– Separate streams using different port numbers

• Motivation to use separate tunnels for signaling and media traffic– Support differentiated QoS without running into IPSec “anti-

replay window” issue

12

“Base” and “1xVoice” Tunnel Setup

• PDIF-like IPSec tunnel setup

• Separate IKE sessions for “Base” and “1xVoice” tunnels

– Future optimization: setting up “1xVoice” tunnel as child of “Base” tunnel

Femtocell FNGHome Ruoter(NAT + DHCP)

AAA

1: IKE_SA_INIT exchange

2: IKE_AUTHCFG_REQUEST(INTERNAL_IP4_ADDRESS)

TIA allocation

9: IKE_AUTHCFG_REPLY(TIA), AUTH IPSec tunnel established

3: RADIUSAccess-Request or

DIAMETEREAP-Request

4a: RADIUSAccess-Challenge or

DIAMETEREAP-Answer

4b: IKE_AUTHEAP message

5b: RADIUSAccess-Request or

DIAMETEREAP-Request

5a: IKE_AUTHEAP message

6: RADIUSAccess-Accept or

DIAMETEREAP-Answer

7: IKE_AUTHEAP Success

8: IKE_AUTHAUTH

Re-use existing PDIF tunnel setup call flow

13

All-IP PDST/FNG-Based Femto Network Architecture for 1x and DO Packet Services

EV-DO


Legacy 1x Device

1xRTT

Femto NetworkGateway

(FNG)

SIP/IMS Core

IP CoreNetwork

HA

IPSec Tunnels

Femto

MGW

RTP

SIP

Internet

(Proxy-) MIP

IP in IPSec

• Terminate 1x Packet Data Service Option (SO33)• Provides NULL 1x PCF function• Provide EV-DO Packet Data Service termination

• Terminate PPP• ROHC (for DO VoIP)• Authentication Agent for PDS-AAA• Accounting Agent

• AN-AAA authentication agent for EV-DO (AN-AAA)• Exchange IP packets within IPSec with FNG

• Proxy (mux/demux) functions for scalability:• Access Authentication (AN-AAA) – IKE to Radius Proxy• A13/A16 for EV-DO handoff• A21 (optional; required only if A21-based handoff is chosen)• AAA for accounting (more details to follow…)

• IPSec Terminations

14

Femto Network Gateway Functions (1)

• Security– Security for Core Network (firewall function)– Security for User Media (encrypted tunnel function, i.e., IPSec)

• Authentication– Facilitate Femtocell Device Authentication– Facilitate EV-DO Terminal Authentication– Facilitate Packet Data User Authentication

• Mobility– Packet Data IP Layer (L3) Mobility

• MIP-FA (v4) and Attendant (v6)

• Simple IP (v4 & v6)

• Proxy-MIP (v4 & v6) support

– Packet Data Link Layer (L2) Mobility• “A-Interface Proxy” functions for A13, A16(-A19), A21

15

Femto Gateway Functions (2)

• Billing and Accounting– IP level accounting performed by FNG– Aggregates air link accounting information from femtocells– Generates accounting records for AAA

• QoS– IP level traffic profile transfer and enforcement

16

Femtocell and FNG Functional Split

Functionality Femtocell and FNG Division of Responsibility

PPP and ROHC PPP terminated by femtocellROHC performed by femtocell

IPSec IPSec tunnels terminated by femtocell and FNG.

Mobility MIP-FA and PMIP mobility agent functionalities in FNG.

Authentication Mutual authentication between femtocell and FNGA12 Terminal Authentication via IKE/EAP relay through FNGPPP-CHAP/PAP user authentication via IKE/EAP relay through FNG.Mobile IP user authentication done as part of MIP Registration process through MIP-FA in FNG.

Accounting Air link accounting done by femtocell and relay accounting records to FNGFNG does IP level accounting and provide AAA with consolidated accounting records

QoS policy enforcement Airlink QoS handled by femtocellIP level reverse link QoS handled by femtocellIP level forward link QoS handled by FNG

IP routing When reverse tunneled (P)MIP is required, user traffic is always routed through PDIF.

17

FNG Packet Data – Simple IP

Mobile Station

Femto FNG

Simple IP / PPP Simple IP / IPSec Simple IP

Internet

CN

CNAT Femtocell FNG

Apps

IP

PPP

RLP

MAC

PHY

PPP

RLP

MAC

PHY

IP Relay

L2 L2 L2

IP

L2

Apps

IP

UDP

ESP

IP

UDP

ESP

IP Relay

18

FNG Packet Data – Client Mobile IP

Mobile Station

Femto FNG(MIP-FA)

HA

Mobile IP / PPP Mobile IP / IPSec Mobile IP

CNAT Femtocell FNG HA

Apps

IP

PPP

RLP

MAC

PHY

PPP

RLP

MAC

PHY

IP Relay

IP

L2 L2

IP

L2

IP (tunnel)

L2

IP (tunnel)

L2

IP

L2

Apps

UDP

ESP

UDP

ESP

IP Relay IP Relay

19

FNG Packet Data – Proxy Mobile IP

Mobile Station

Femto FNG(PMIP)

HA

Simple IP / PPP Simple IP / IPSec Proxy-MIP

CNAT Femtocell FNG HA

Apps

IP

PPP

RLP

MAC

PHY

PPP

RLP

MAC

PHY

IP Relay

IP

L2 L2

IP

L2

IP (tunnel)

L2

IP (tunnel)

L2

IP

L2

Apps

UDP

ESP

UDP

ESP

IP Relay IP Relay

20

Authentication (1)

• Have to account for– Femto FNG mutual authentication– A12 Terminal Authentication with AN-AAA (omitted for 1x)– Packet data user authentication

• Use IKE Multiple-Authentication– Use one IKE session to perform multiple authentications

• Femto FNG mutual authentication• A12 Terminal Authentication with AN-AAA (omitted for 1x)• Packet data user authentication

– References:• X50-20070212-016 (WLAN Enhancement) and RFC 4739• Already approved for PDIF

21

Authentication (2)

Femto-FNGMutual Authentication(Use Femto’s Credential)

FNGFemtoAAA

EAP / IKEv2Use Femto Cell’s credential

RADIUS or DIAMETER

A12 TerminalAuthentication(Use AT’sCredential)

FNGFemtoAAA

IKEv2/EAP-MD5Relay AT’s credential

RADIUS or DIAMETER

AT

PPP-CHAP(Use AT’s credential)

Simple IP & Proxy-MIPPacket Data UserAuthentication(Use AT’sCredential)

FNGFemtoAAA

IKEv2/EAP-MD5/GTCRelay AT’s credential

RADIUS or DIAMETER

AT

PPP-CHAP/PAP(Use AT’s credential)

Mobile IPPacket Data UserAuthentication(Use AT’sCredential)

AT

FNGFemtoAAA

Mobile IP Registration(Use AT’s credential, MN-NAI, MN-FA, MN-AAA extensions)

RADIUS or DIAMETER

22

Authentication – High Level Call FlowSimple IP / Proxy-MIP

UserAuthentication

(Simple IP orProxy-MIP)

A12 TerminalAuthentication

Femto-FNGAuthentication

HAAT Femto FNGHome Ruoter(NAT + DHCP)

AAA4. PPP-LCP

11a: User Traffic Flowing

5a. PPP-CHAP/PAP5b. IKEv2/EAP-MD5 (for CHAP)

IKEv2/EAP-GTC (for PAP)5c. RADIUS

10. PPP-IPCPFemto gives TIA to AT as link address and gives DNS server addresses from IKEv2 to AT during PPP-IPCP

7: Proxy-Mobile IP Registration - RRQ(CoA=FNG)

8b: Proxy-Mobile IP Registration - RRP(HoA, DNS addresses, ...)

11c: User Traffic Flowing11b: User Traffic Flowing

Femto-AAA

2. PPP-LCP

3a. PPP-CHAP 3b. IKEv2/EAP-MD5

1a. IKEv2/EAP-AKA or EAP-TLS

AN-AAA

3c. RADIUS

1b. RADIUS or DIAMETER

SimpleIP/PMIP

decision

9. IKEv2/EAP Success(CFG_REPLY assigns HoA as TIA)

0. Data Call or Session setup

IKE_AUTH(ANOTHER_AUTH_FOLLOWS)


23

Authentication – High Level Call FlowMobile IP (MIP-FA Mode)

UserAuthentication

(Mobile IP)



HAAT Femto FNGHome Ruoter(NAT + DHCP)

AAA4. PPP-LCP


5a. PPP-IPCP

5c. RADIUS


Femto-AAA

2. PPP-LCP

3a. PPP-CHAP 3b. IKEv2/EAP-MD5

1a. IKEv2/EAP-AKA or EAP-TLS

AN-AAA

3c. RADIUS


0. Data Call or Session setup

IKE_AUTH(CFG_REPLY assigns temp TIA)


11b: Mobile IP Registration (Agent Solicitation, Agent Advertisement, MIP-RRQ)

5c. MIP-RRQ/RRPMIP-RRQ

([HA], HoA, DNS addresses, etc.)

5a. MIP Registraton

MIP-RRP

IKE CREATE_CHILD_SA(TS=HoA, …)

IKE INFORMATIONALDelete(old SA)

24

All-IP PDST/FNG-Based Femto Network QoS, Policy, and Accounting Architecture for Packet Services

EV-DO


Legacy 1x Device

1xRTT

Femto NetworkGateway

(FNG)IP CoreNetwork

HA

IPSec Tunnel(s)

Femto

Internet

AAA

Airlink Accounting

(Radius)

IP Usage Accounting

(Radius)

PCRF

Policy(Ty)

25

Packet Data QoS Support

• QoS:– During authentication, FNG receives QoS Profile from AAA

(common for PDIF)– FNG shares the QoS Profile with the femtocell (required

whenever the RNC function is in the femtocell)– EV-DO multi-flow QoS is implemented in the femtocell

• Terminates RSVP-like protocol; passes packet filters to FNG for enforcement on forward traffic and accounting purposes

• Femtocell implements EV-DO over-the-air QoS as part of its RNC/air interface functions

26

Packet Data QoS Support

• Air Link QoS– Enforced in femtocell– Have dependency on QoS Profile

• Today, user’s QoS Profile obtained from AAA

– FNG needs to transfer QoS Profile to femtocell• QoS Profile to be transferred during user authentication• In the future, expects to obtain QoS profile through Ty interface

from PCRF

• Backhaul/IP Level QoS– Enforced by both femtocell and FNG

• Femtocell enforces QoS on the up link• FNG enforces QoS on the down link

– Both femtocell and FNG must be aware of and enforce user’s QoS Profile

27

QoS Support and IPSec Tunnels

• In theory– Need one IPSec tunnel per user per QoS class to support differentiated

QoS and to avoid IPSec “anti-replay attack window” issue

• In practice– Expect to maintain only two QoS classes on the backhaul

• One for “delay sensitive” traffic (e.g., for EV-DO VoIP)• One for “best effort” traffic (e.g., everything else)

– Use child tunnels (child SAs) to accommodate QoS-differentiated tunnels

• QoS Management over Untrusted Backhaul:– Femtocell establishes IPSec child tunnels as needed for differentiated QoS– Femtocell performs packet filtering and mapping to IPSec tunnels for

reverse traffic– FNG performs packet filtering and mapping to IPSec tunnes for forward

traffic

28

Packet Data Accounting Support

• Prepaid, Rescinding of Services, etc., Performed by Radius Interface between AAA and FNG– Re-use from PDIF; may need to supplement some features

that have not been specified for PDIF yet

• FNG has AAA interface for basic usage accounting– Re-use from PDIF

• Air-link accounting comes from AAA client in femtocell– Standard Radius interface– FNG provides proxy mux/demux function for scalability

29

Secure A-Interface Proxy Functions

• Certain A-interfaces are terminated by macro RAN elements that are not meant to scale to very large number of peers– E.g., “hundreds” instead of “millions” of A-interface peers

• These macro RAN elements are deployed in operator’s secure, private networks– Should not allow elements coming from the public Internet to

interface with macro RAN elements directly

• Use mux/demux “proxies” to solve scalability and security issues for femto to inter-operate with macro RAN elements using (proxied) A-interfaces

30

A13Proxy

Security Gateway

Macro EV-DO RNC

FemtoPBS

FemtoPBS

FemtoPBS

FemtoPBS

FemtoPBS

A13

A13

A13

A13

A13 A13

A13

A13

Internet

Trusted Network

Untrusted Network

Macro EV-DO RNC

Macro EV-DO RNC

Secure A13 Proxy Architecture

Appear to Macro EV-DO RNC as one EV-DO Subnet

• A16(-A19) treatment is similar

FNG

31

Secure A21 Proxy Architecture

A21Proxy

Security GatewayFunction

BSC

BSC

BSC

FemtoPBS

FemtoPBS

FemtoPBS

FemtoPBS

FemtoPBS

A21

A21

A21

A21

A21 A21

A21

A21

Internet

Trusted Network

Untrusted Network

FNG

Appear to Macro BSC as one A21 interface

32

FNG Architecture Recap

Packet Data Services +SIP/IMS Core Network

(MMD)

PSTN

“Home Network”

“Vis

ited

Net

wo

rk”

EV-DO RAN

Home Agent

CSCF

HSSAAA

PSTN MGW

SGW/MGCF

MGW

IMS-AS /SMS GW

HLR / AuC

PDSN

RNCFemto Cell

SIP UA

PDSTBSC/RNC

MSC

BSCA

21 Cx

SIP

ISC

ISUP / PCM

(P)MIP

A13, A16-A19

Sh

CSRV

ipVLR/IMS-ASISC

AN

SI-4

1

FNG

Sec

urity

Gat

eway A13, A16-A19

Proxies

MIP-FA/PMIP/ Attendant

A21 Proxy

SIP

33

Thank you!

Specific details on proposed femto network architecture, Stage 2 description, and high-level call flows can be found

in Airvana contributions to TSG-A and TSG-X.

A40-20070723-006_Airvana_Femto Overview Architecture and Stage 2 Aspects R2 0 Final.pdfX10-20070723-012_Airvana_Femto Overview Architecture and Stage 2 Aspects R2 0 Final.pdfX30-20070723-043 Airvana_Femto Overview Architecture and Stage 2 Aspects R2 0 Final.pdfX50-20070723-030 Airvana_Femto Overview Architecture and Stage 2 Aspects R2 0 Final.pdf

34

Backup

35

Detailed Call Flows – Tunnel Setup (1)

• Femto-FNG mutual authentication• A12 Terminal Authentication (optional, omitted for 1x)

UserAuthentication

& Per-ATTunnel Setup



HAAT Femtocell FNGHome Ruoter(NAT + DHCP)

16. PPP-LCP

Femto-AAA

0. Data Call orSession setup

3a. IKEv2/EAP-AKA(mutual auth between femtocell and FNG)

AN-AAA


1. IKE_SA_INIT.req

2. IKE_SA_INIT.rsp(MULTIPLE_AUTH_SUPPORTED)

9. PPP-CHAP.challenge

10. PPP-CHAP(NAI, challenge-rsp)

11. IKE_AUTH.req(EAP.rsp(MD5-Challenge))

14. IKE_AUTH.rsp (EAP-Success)

12. Access-Request(NAI, CHAP-rsp,

CHAP-ID, challenge)

13. ACCESS.Accept15. PPP-CHAP.

success

5. IKE_AUTH.req(AUTH,N(ANOTHER_AUTH_FOLLOWS))

8. IKE_AUTH.rsp(EAP.req(MD5-Challenge))

CHAP-ID from EAP header

NAI in NAME field of MD5-Challenge

4. PPP-LCP

6. IKE_AUTH.rsp

7. IKE_AUTH.req

36

Detailed Call Flow – Tunnel Setup (2)• Simple IP user authentication & PMIP (continued from previous slide)

UserAuthentication


AAA

16. PPP-LCP


Femtocell gives new HoA to AT as link address and gives DNS server addresses from IKEv2 to AT in PPP-IPCP phase

32: Proxy-Mobile IP Registration - RRQ(CoA=FNG)

35: Proxy-Mobile IP Registration - RRP(HoA, DNS addresses, ...)


17. IKE_AUTH.req(AUTH,N(ANOTHER_AUTH_FOLLOWS))

20. IKE_AUTH.rsp(EAP.req(MD5-Challenge))

21. PPP-CHAP.challenge

28. IKE_AUTH.rsp(EAP-Success)

25. ACCESS.Accept(QoS Profile,

[HA])

29. PPP-CHAPsuccess

33. ACCESS.Request(MN-HA SPI, ...)

34. ACCESS.Accept(MN-HA key, Auth, …)

22. PPP-CHAP(NAI, challenge-rsp)

23. IKE_AUTH.req(EAP.rsp(MD5-Challenge))


CHAP-ID, challenge)NAI in NAME field of MD5-Challenge

CHAP-ID from EAP header

SimpleIP/PMIP, AAA-selection based on locally configured profile keyed by NAI.

37. PPP-IPCP(Config-Ack)

30. PPP-IPCP(Config-Req)

31. IKE_AUTH.req(AUTH)

36. IKE_AUTH.rsp(CFG_REPLY(TIA=HoA), DNS addresses…)

26. IKE INFORMATIONAL(Notification(QoSProfile))

27. IKE INFORMATIONAL

18. IKE_AUTH.rsp

19. IKE_AUTH.req

22. Accounting-Start

AT Femto FNG HA

37

Detailed Call Flow – Tunnel Setup (3)• Mobile IP user authentication (continued from slide before last)

AT Femto FNG HA

UserAuthentication



20b: MIP Agent Solicitation

21a: MIP Agent Advertisement(MN-FA challenge, CoA={FNG, …})

21b: MIP Agent Adv.(MN-FA challenge.,

CoA={FNG, ...})

22a: MIP-RRQ(MN-NAI, MN-AAA,

MN-FA, MN-HA)

22b: MIP-RRQ(MN-NAI, MN-AAA, MN-FA, MN-HA)

TIA allocation

29: MIP-RRP.([HA], HoA, DNS IP addresses, ...)

30: MIP-RRP([HA], HoA, DNS

addresses...)

Create new SA that uses the new

HoA in Traffic Selector, then delete old SA


36b: User Traffic Flowing 36c: User Traffic Flowing


CHAP-ID, challenge)

24. ACCESS.Accept(QoS Profile,

[dynamic-HA])

27: MIP-RRQ(MN-NAI, MN-HA)

28: MIP-RRP.(HoA, DNS IP addresses, ...)

31. IKE CREATE_CHILD_SA.req(TS=HoA, …)

32. IKE CREATE_CHILD_SA.rsp

18. IKE_AUTH.req(AUTH)

AAA

16: PPP-LCP(AT rejects CHAP)

17: PPP-IPCP(no address config)

19. IKE_AUTH.rsp(CFG_REPLY(TIA=tmp))

Assign temporary TIA

25. IKE INFORMATIONAL(Notification(QoSProfile))


33. IKE INFORMATIONAL(Delete(old SA))


20a: MIP Agent Sol.

35. Accounting-Start

38

Detailed Call Flow – Tunnel Disconnect (1)

FNG Initiated Termination

MIP-HA Initiated Termination (PMIP only)

AAA Initiated Termination

AT Initiated Termination


AAA

1. PPP-LCP.Terminate-Request

2. IKE INFORMATIONAL.req(Delete)

3. RADIUS Accounting-Req(stop)/Session-Termination-Request(STR)

5. MIP-RRQ(lifetime=0)

7. IKE INFORMATIONAL.rsp(Delete)

4. RADIUS Accounting-Rsp(stop)/Session-Termination-Answer(STA)

6. MIP-RRP

8. PPP-LCPTerminate-Ack

For PMIP only



1. RADIUS Disconnect-Req(stop)/Abort-Session-Request(ASR)


2. RADIUS Disconnect-Rsp(stop)/Abort-Session-Answer(ASA)




5. IKE INFORMATIONAL.rsp(Delete)4. PPP-LCP

Terminate-Ack

1. MIP-Revocation

6. MIP RevocationAcknowledgement

For PMIP only










8. MIP-RRPFor PMIP only


8. MIP-RRPFor PMIP only

39


AAA Initiated Termination

FNG/MIP-FA Initiated Termination (CMIP4 Registration Revocation case)

MIP-HA Initiated Termination (CMIP4 Registration Revocation case)


AAA





1. MIP Revocation




2. MIP Agent Advertisement [unicast](sequence number = 0)

3. MIP Agent Adv.(seq # = 0)





1. MIP Revocation










3. MIP Revocation




1. RADIUS Disconnect-Req(stop)/Abort-Session-Request(ASR)

2. RADIUS Disconnect-Rsp(stop)/Abort-Session-Answer(ASA)

40


FNG/MIP-FA Initiated Termination (CMIP4 [Re-]Registration Failure case)

MIP-HA Initiated Termination (CMIP4 [Re-]Registration Failure case)


AAA





1. MIP-RRQ

6. MIP-RRP(Fail)



2. MIP-RRQ

5. MIP-RRP(Fail)

3. MIP-RRQ

4. MIP-RRP(Fail)

Timer, counter

FNG starts timer/counter after MIP-RRP(Fail). AT may retry MIP-Registration. If no retry is attempted before timer expiration or retries exceed certain maximum number, proceed to disconnect IPSec tunnel.







2. MIP-RRQ

5. MIP-RRP(Fail)

3. MIP-RRQ

4. MIP-RRP(Fail) Timer,

counter

FNG starts timer/counter after MIP-RRP(Fail). AT may retry MIP-Registration. If no retry is attempted before timer expiration or retries exceed certain maximum number, proceed to disconnect IPSec tunnel. No MIP4 signaling to MIP-HA (state clean-up depends on time-out on MIP-HA).

Documents

1 Subject:Femto Network Gateway (FNG) Architecture Date: 15 October 2007 Source: Airvana Contact: Baw Ch’ng, Minsh Den, Woojune Kim, Doug Knisely, Balaji