Upload
sasanka-chamara-gamage
View
217
Download
0
Embed Size (px)
Citation preview
8/21/2019 LightRadio Wifi
1/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Sanjay Wadhwa
lightRadioTMWIFI
8/21/2019 LightRadio Wifi
2/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
AGENDA SERVICE PROVIDER WIFI
Use Cases
Architecture Blueprint
SolutionElements
Tunneling
Authentication
Subscriber Management
Seamless mobility
3G/4G Interworking
Products & Solution Availability
8/21/2019 LightRadio Wifi
3/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Devices and Apps
46% 3.7Billion 129%SMARTPHONES AND TABLETSNOW REPRESENT 46% OFHOTSPOT CONNECTIONSWORLDWIDE
3.7 BILLION SMARTPHONE AND IP-ENABLED DEVICES BY 2014WORLDWIDE
APPLICATIONDOWNLOADS TO RISEFROM 18.2b (2011) TO41.7b (2015)
8/21/2019 LightRadio Wifi
4/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
70%1.3million350%
Wi-Fi
USERS ARE IN WI-FI
COVERAGE ZONES MORE
THAN 70% OF THE TIME
DURING A 24 HOUR
PERIOD
TOTAL NUMBER OF WI-FI
PUBLIC HOTSPOTS
WORLDWIDE IN 2011
NUMBER OF GLOBAL PUBLIC
HOTSPOTS SET TO GROW FROM
1.3 MILLION (2011) TO 5.8
MILLION (2015)
8/21/2019 LightRadio Wifi
5/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
STEP 1 : WiFi COMMUNITY BROADBAND
WIRELINE OPERATOR OFFERING FREE WIFI SERVICE
UE authentication via IEEE 802.1X/EAP
Alternative to redirect customers to a portal to supply their credentials
Traffic tunneled/routed from HGW/AP to WLAN-GW (optionally with IPSEC)
Central WLAN-GW for WiFi subscriber management
IP@ management on WLAN-GW to allow for IP@ mobility between WAPs
DHCP, LI, accounting + optionally NAT and DPI on the WLAN-GW
WLAN-GW has local breakout to the internet
AP
7750 SR
portal
Wi-Fi
Wi-Fi Access Wholesale Provider
AP
AP
Wi-Fi
Wi-Fi
HomeSpot
HotSpot
Enterprise
AAA
WLANGW
Customers
8950 AAA
Advantages
Reduce ChurnGood Coverage
8/21/2019 LightRadio Wifi
6/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
M(V)NO OFFLOADING THE MOBILE NETWORK
AP
7750 SR
portal
Wi-Fi
Wi-Fi Access Wholesale Provider
AP
AP
Wi-Fi
Wi-Fi
HomeSpot
HotSpot
Enterprise
(e)NB 7750 SR
M(V)NO
(e)NB
UMTS/LTE
UMTS/LTE
HLR
AAA
WLANGW
SGW/PGW/GGSN
GTPTunnel
Customers
8950 AAA
8650 SDM
UE tries to switchover to WiFi upon detection of the M(V)NOs SSID
Transparent IEEE 802.1X/EAP authentication between HGW/AP and UE
Optionally GTP tunnel between WLAN GW and GGSN/PGW for IP@ Mobility
GTP interface available in 10.0R4
Seamless
Mobility
Advantages
Unlicensed SpectrumLow Cost per BitBetter CoverageIP@ Mobility
STEP 2 : WiFi OFFLOAD
8/21/2019 LightRadio Wifi
7/42COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
WIRELINE OPERATOR SELLS WI-FI OFFLOAD TO M(V)NO
AP
7750 SR
portal
Wi-Fi
Wi-Fi Access Wholesale Provider
AP
AP
Wi-Fi
Wi-Fi
HomeSpot
HotSpot
Enterprise
(e)NB 7750 SR
MNO
(e)NB
UMTS/LTE
UMTS/LTE
HLR
AAA
WLANGW
SGW/PGW/GGSN
GTPTunnel
Customers
8950 AAA
8650 SDM
Seamless
Mobility
Wi-Fi RetailerWi-Fi Retailer
MVNO Retailer
Wi-Fi + MVNORetailer
Advantages
Unlicensed SpectrumBetter Coverage IP@ Mobility
MVNO Retailer
STEP 3 : WiFi WHOLESALE
8/21/2019 LightRadio Wifi
8/42COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Broadband ISPsnot noticing
the Wi-Fi users
Wi-Fihotspot
EnterpriseWi-Fi
PrivateSSID
THREAT: OFFLOADING 2G/3G AND LTE TRAFFIC
TO UNCONTROLLED FREE Wi-Fi
Internet
2.5G 3G LTE
Mobilenetwork
operators
8/21/2019 LightRadio Wifi
9/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
EVERYBODY LOVES HOTSPOTS
MUCH CHEAPER THAN ROAMING
$10.00 per MB$10,000.00 per GB !!!
Sou rc e WeF i
8/21/2019 LightRadio Wifi
10/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
BUT
COMPLICATEDAUTHENTICATION
MANY SSIDsTO REMEMBER
NoQoS guarantees
Nostrong security
Noimplicit trust in operator
Noservice bundling
Nounified billing
Nomy content everywhere
NoWi-Fi cellular mobility
8/21/2019 LightRadio Wifi
11/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Trusted Wi-Fi SOLUTION - Functions
INTERNET
RESIDENTIAL
ENTERPRISE
TWAG/WLAN-GW
PGW/GGSN
AAA HSS/HLR
HOTSPOT
END-TO-END NETWORK MANAGEMENT
CDN
ONLINECHARGING
PCRF / ANDSF
PACKET CORE
TWAG Trusted Wireless Access Gateway (aka WLAN-GW)PCRF Policy Charging Rules Function
ANDSF Automatic Network Discovery and Selection FunctionAAA Authentication, Authorization and AccountingHSS/HLR Home Subscriber Server / Home Location RegisterPGW Packet Data Network GatewayGGSN GPRS Gateway Support NodeCDN Content Distribution Network
8/21/2019 LightRadio Wifi
12/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
lightRadio ecosystem program with leading Wi-Fi AccessPoint and Residential Gateway (APs/RGs) vendors to
ensure quick and easy deployment and interoperable end-to-end solution
Wi-Fi Control Module enhanced implementation of 3GPPAccess Network Discovery and Selection Function on the 5780Dynamic Services Controller, enabling users to beautomatically connected to the best network
Integrated Wi-Fiaccess on small cells part of lightRadioportfolio - for seamless carrier-grade capacity and coverageacross Wi-Fi and cellular networks
Trusted and secure WLAN (Wi-Fi) gateway functionality on
the 7750 Service Router, with interfaces towardsAAA andbilling/chargingsystems, and integration with WirelessPacket Corewhich supports 2G, 3G, 4G/LTE and Wi-Fi
Alcatel-Lucent lightRadio Wi-Fiseamless wireless broadband
7750 SR
(WLAN GW)
5780 DSC
(Wi-Fi Control Module)
WLAN AP(Wi-Fi)
TM
8/21/2019 LightRadio Wifi
13/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
2.5G 3G LTE
MSO Mobile Broadband
WIFI Mobility
Internet, Media, VPNs
3G/4G Interworking
MVNO core OR Partner MNO core
Access/Backhaul
WLAN-GW WLAN-GW
HLR/HSS
AAA GGSN/PGW
Mobile BroadbandInter Provider WIFI Roaming3G/4G Interworking
Quad Play Macro cellular offload
for partner MNO
AAA
AAA
Captive
Portal
Inter-ProviderRoaming
8/21/2019 LightRadio Wifi
14/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Partner AP and CPEs tested in e2e solution with 7750 WLAN-GW.
- Portal auth, 802.1x/EAP, soft-GRE, Mobility
Trusted Wi-Fi / MetroCell Alcatel-Lucent solution
Trusted Wi-Fi Certified Partner solutions (APs)
TRUESTED WIFI PARTNER PROGRAM
http://meraki.com/http://www.ubeeinteractive.com/8/21/2019 LightRadio Wifi
15/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Wi-Fi network selection and log-in carried out automatically by the device and the
network without the need for user intervention Hotspot 2.0 addresses carrier Wi-Fis for easy network discovery, simple
authentication and robust security
IEEE 802.11u (Network discovery)
IEEE 802.11i (Encryption)
IEEE 802.11x (Authentication)
A wide variety of user/device credentials supported
Some devices have SIM cards: smartphones, SIM-equipped tablets
Some do not: (need web-based authentication, password over SMS to authorized SIM-device)
Network / Device Type of Authentication EAP types
GSM SIM EAP-SIM (RFC4186)
UMTS USIM EAP-AKA (RFC 4187)
Wi-Fi only devices X.509 EAP-TLS (RFC 5216)
Non-SIM devices (e.g., CDMA) User/PW EAP-FAST (RFC 4851)
HOTSPOT 2.0Next Gen Hot Spot
8/21/2019 LightRadio Wifi
16/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Light-Radio WIFI Requirements & Considerations
8/21/2019 LightRadio Wifi
17/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
3GPP - WLAN to 3G/4G interworking
Current 3GPP/2 standard for access to EPC over non trusted access
WLAN GW solution over trusted or un-trusted access
WLANAP
WLAN
PGW
(possibly unsecure) WLANAP & Backhaul a priori
owned by any provider
ePDG/PDIF
AAA
SWx
S2b: GTP
HSS
PGW
(secure) WLAN AP &Backhaul AAA
SWx
S2a: GTP
HSS
PDG/WLAN GW
Radius
WLANAP Protected tunnel
IPSec: 3GPP/2 VPN
802.11i
Standards Approachissues:
IPSec/IKEv2 required onUE
Battery drain effect on
UE and intensive CPU
processing.
IPSec overhead &
associated packet
fragmentation on WLAN
air interface
Poor user experience
with Latency associated
with tunnel
establishment for short-
sessions (e.g. MMSaccess)
Multiple tunnels one for
each service
ALU solution (fat-pipe model) that
overcome standard issues
Single tunnel / AP
8/21/2019 LightRadio Wifi
18/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Why Bridging & Tunnelling from HGW/WAP ?
- Support for any access type: DSL, cable, GPON, 3G/LTE
- No impact on Access-Nodes & Backhaul- Full subscriber visibility in the network
- Minimum operations impact on CPE/AP
- Separation of public Wi-Fi traffic and private subscriber traffic
- Flexible wholesale (L2 or L3)
- IP@ sharing
- Same architecture across community Wi-Fi from home, outdoor AP(s),venues, SMBs
- Flexible authentication models (open-SSID via portal-auth or secure SSIDvia 802.1x/EAP).
- 3G/4G Interworking via GTP
8/21/2019 LightRadio Wifi
19/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
WI-FI access point options
Offload SSID
Bridge
Offload SSID
TUNNELIP
L2 SOLUTION L3 SOLUTION
L2 Wholesale L3 Wholesale with overlapping IP@
GTP Roaming with overlapping IP@
Faster mobility triggering
Simple CPE
Network portal
Subscriber visibility in the network withNAT
IP@ Sharing
No L2 Wholesale No L3 Wholesale with overlapping IP@
No GTP Roaming with overlapping IP@
L3 mobility which is slower
Complex CPE
Portal on CPE/Network
No Subscriber visibility in the network withNAT
No IP@ Sharing
8/21/2019 LightRadio Wifi
20/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Blue-Print Architecture
Public SSID Bridged/Tunneled
8/21/2019 LightRadio Wifi
21/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Public SSID Bridged/TunneledGRE/L2 tunneling from AP or RG/CM with separate SF for public WIFI
AP/RG/CM
Access
AN / CMTS WLAN GW
IP
L2oGRE OR L2VPNoGRE
Bridge into L2VPNover GRE GRE end-point WAN
IP
GRE end-pointloopback address -
Soft GRE
Public SSID
L2VPN termination(sub-Mgmt on tunnel)
Mobile content
PGW/GGSNGTP
S2a
DIAMETER
MAP &
DIAMETER
8950 AAAHLR
HSS
AuCCaptive
Portal
8950 AAA
Access Model
- Bridge in HGW/AP prevents user-to-user communication
- GRE tunnel per HGW/AP towards WLAN GW no network requirements
- No provisioning on CMTS/BNG - Automatic provisioning on WLAN GW
- Radius Client
WLAN GW
- Subscriber Management on GRE tunnel
- Portal authentication (via http-redirect)
- OR 802.1x/Radius EAP SIM/AKA authentication
- DHCP per UE
- Radius Proxy HWG/AP is client
8/21/2019 LightRadio Wifi
22/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
7750 WLAN-GW Why Gateway basedarchitecture ?
WLAN-GW Subscriber Management
Zero-touch subscriber provisioning & Subscriber Creation
EAP based & Portal based authentication
Flexible IP Address Management (DHCP relay, DHCP Server,RADIUS)
Dynamic Service Creation (subscriber policy)
Per-Subscriber Accounting (RADIUS) & DIAMETER based CreditControl (Gy)
Per-subscriber and per AP Bandwidth Control (classification,traffic shaping, policing, queuing)
Per-subscriber WLAN to 3G/4G Interworking (GTP based S2a)
Per-Subscriber Lawful Intercept
L2 & L3 wholesale
Per-Subscriber Security (anti-spoof , control plane protection)Per-Subscriber, Per-application assurance, accounting,monitoring
Per-Subscriber Security (anti-spoof , control plane protection)
Integrated Carrier Grade NAT
Dual-Stack (IPv4/v6) access
2008Winner
FP2 Silicon
Multi-ServicesIntegrated Services
Adaptor
50G (IOM3/IM)M or100G layout (IMM)
SF/CPM3Multi-core CPU with SMP
8/21/2019 LightRadio Wifi
23/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
WIFI TELCO / MSOs
7750 SR
AP WLAN GW
7750 SR
AAA
Partner product
(e.g. Belair)
8950 AAA
portal
Partner product
(e.g. Aptilo)
WiFi
Access
CMTS
eBNG/WLAN GW
AAA
Partner product
(e.g. Belair)
8950 AAA
portal
Partner product
(e.g. Aptilo)
WiFi
AP
Access
DSL/PON
When the 7750 is used as BNG, the BNG functionality and WLAN GW functionality can besupported on a single box, the eBNG
8/21/2019 LightRadio Wifi
24/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
RG/AP Tunnel end-point does not need to be configured on WLAN-GW
Stateless GRE
Tunnel context & subscriber context auto-created
SOFT-GRE Tunnels to WLAN-GW
IP
Public SSID
L2VPN termination:(SubMgtOnTunnel)
CM/RG
Access
AN/CMTSWLAN GW
GRE per CM/RG
LLC / MAC / PhyIP (CM IP)PWE (lbl X)Eth (AP mac) GREDHCP (Discover)
RG/AP to receive GWIP and PWE label (opt.)
via DHCP?
First packet from UE to
WLAN GW is DHCPdiscover
IP SA: WAN IPIP DA: WLAN GW IP
VLAN1
optional
8/21/2019 LightRadio Wifi
25/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Authentication
8/21/2019 LightRadio Wifi
26/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Portal Based Authentication
Use-cases
- SmartPhone/Tablet without 802.1X support
- PC with Dongle without EAP supplicant software
- PC without any mobile subscription
Complement EAP-SIM/AKA with Portal Access
8/21/2019 LightRadio Wifi
27/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Portal Based Authentication (WISPr concept)
UE WAP AAA Portal
DHCP Discover RADIUS: Access-Request (Uname=UE-MAC)
RADIUS: Access-Accept (ID, Redirect-Policy)DHCP Offer (IP Address)
DHCP Request / Ack
HTTP Get (www.google.com)
HTTP 302 Redirect (Portal IP)
HTTP Get (www.google.com)
Portal-Page / HTTP Authentication
Auth Request (Client-IP)
Authentication Success
RADIUS: Acct-Start (Client-IP)
Store Unauthorized User(Client-IP, AcctSessID)
Update User asauthorized
RADIUS: CoA (AcctSessID , Remove Redirect)
HTTP 302 Redirect (Portal IP)
HTTP Get (www.google.com)
WLAN GW
8/21/2019 LightRadio Wifi
28/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Mobile content
7750 SR
WLAN GWMAP
Offload SSID
EAP EAPSIM/AKA
802.1x UDP
RADIUS
IP
802.1x
802.11 802.11 802.3
UDP
RADIUS
IP
802.3
EAP
SIM/AKA
WAP
UE
8950 AAAHLR
AuC
Online
Charging
System DIAMETER
GRE/IPSec
Wi-Fi OFFLOAD WITH EAP-SIM/AKA
EAP-SIM/EAP-AKA for device authentication
- Leverage existing authentication infrastructure (AAA, HLR/AuC)
- Authorization allows control of the UE forwarding (VPN, IP pool selection, uplink next-hop)
- Subscriber DHCP session created in WLAN gateway
8/21/2019 LightRadio Wifi
29/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
EAP-SIM or EAP-AKA Authentication with RADIUS proxy: GREwith sub-management
UE WAP PDG/WLAN-GW AAA Server HSS
802.1XUnauthorized State
EAP: Response (ID)
EAP: Request (ID)
RADIUS: Access-Request (EAP ID, Calling-Station-ID=UE-MAC)
RADIUS: Access-Challenge (EAP ID, EAP Challenge)EAP: Request (ID, Challenge)
EAP: Response (ID, Challenge) RADIUS: Access-Request (EAP ID, Response, Calling-Station-ID=UE-MAC)
RADIUS: Access-Accept (EAP ID, Success)EAP: Success (ID)
802.1XAuthorized State
Cache AuthorizedMAC + NAS-Port + IPinformation + profile
information
DHCP Discover
DHCP Offer (IP Address)
DHCP Request / Ack
SWxAuthentication Vectors, UE profile
DHCPRelay
DHCP Discover
DHCP Offer (IP Address)
DHCP Request / Ack
DHCP proxy inrouted
environmentover secureGRE Tunnel
AuthenticateRequest
8/21/2019 LightRadio Wifi
30/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Inter-AP Mobility
8/21/2019 LightRadio Wifi
31/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Seamless Inter-AP Mobility (via WLAN-GW)
GRE tunnel #2
GRE tunnel #1
VLAN 1
UE Anchor point
UE MAC relearning on different tunnel
Wireless AP
Full Re-Authentication on Re-association can be avoided if
PMK caching enabled on AP & UE or if WIFI AP/AC implements 802.11r or OKC
8/21/2019 LightRadio Wifi
32/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
3G/4G Interworking
8/21/2019 LightRadio Wifi
33/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
GTP TUNNEL TO THE PGW/GGSN
WLAN gateway initiates GTP tunnel
- APN selection based on authorization data received over STa
- IMSI (MCC/MNC) and APN resolution by DNS
- IP encapsulation into GTP-based S2 interface to the home PGW/GGSN
- Retail charging (online/offline) by home network, allowing seamless inbound roaming
Mobile content
WLAN GW MAP &DIAMETER
Offload SSID
WAP
UEPGW/GGSNGTP
S2
STa
Online
Charging
System
DIAMETERDNSIMSI MCC/MNC
& APN
CGF
Ga
8950 AAAHLR
HSS
AuC
GRE/IPSec
8/21/2019 LightRadio Wifi
34/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
EAP-SIM or EAP-AKA Authentication with RADIUS proxy: withsub-management + GTP (S2a/S2b) to PGW
UE WAP PDG/WLAN-GW AAA Server HSS
802.1XUnauthorized State
EAP: Response (ID)
EAP: Request (ID)
RADIUS: Access-Request (EAP ID, Calling-Station-ID=UE-MAC)
RADIUS: Access-Challenge (EAP ID, EAP Challenge)EAP: Request (ID, Challenge)
EAP: Response (ID, Challenge) RADIUS: Access-Request (EAP ID, Response, Calling-Station-ID=UE-MAC)
RADIUS: Access-Accept (EAP ID, Success)EAP: Success (ID)
802.1XAuthorized State
CacheAuthorized MAC
+ NAS-Port
DHCP Discover
DHCP Offer (IP Address)
DHCP Request / Ack
DHCPRelay
DHCP Discover
DHCP Offer (IP Address)
DHCP Request / Ack
DHCP proxy in routedenvironment oversecure GRE Tunnel
PGW
Create Session request (IMSI, APN,TEID, RAT Type, etc)
Create session response (IP address, DNS, Profile, etc)
AuthenticateRequest
Authentication Vectors, UE profileSWx
Mobility from WIFI to Macro network (LTE) IP@
8/21/2019 LightRadio Wifi
35/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Mobility from WIFI to Macro network (LTE) IP@preservation
UE detects 3GPPaccess & initiates
Handover
UE WAP PDG/WLAN-GW HSS/AAAPGW
Modify Bearer Resp
GTP tunnel for non-3GPP access delete
PCRF
PCEF initiatedIP CAN session
modification procedure
MME SGW
GTP Tunnel (S2b)
Attach
Access Authentication
Access Authentication Response
Create Session Req(IMSI, APN,TEID, RAT Type, Handover bit)
Create Session Response (existing IP@,DNS,profile etc)Create Session Resp(IP@)
Radio and access bearer establishment
Modify Bearer ReqModify Bearer Req
Modify Bearer Resp
Radio and access bearer GTP Tunnel (S5/S8)
Create Session Req(IMSI, APN,TEID, RAT Type, Handover bit)
S6a
Mobility from Macro network(LTE) to WIFI - IP@
8/21/2019 LightRadio Wifi
36/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Mobility from Macro network(LTE) to WIFI IP@preservation
UE WAP PDG/WLAN-GW AAA HSS
802.1XUnauthorized State
EAP: Response (ID)
EAP: Request (ID)
RADIUS: Access-Request (EAP ID, Calling-Station-ID=UE-MAC)
RADIUS: Access-Challenge (EAP ID, EAP Challenge)EAP: Request (ID, Challenge)
EAP: Response (ID, Challenge) RADIUS: Access-Request (EAP ID, Response, Calling-Station-ID=UE-MAC)
RADIUS: Access-Accept (EAP ID, Success, GGSN/PGW address)
EAP: Success (ID)
802.1XAuthorized State
CacheAuthorized MAC
+ NAS-Port
DHCP Discover (option 50)
DHCP Offer (IP@)
DHCP Request / Ack
DHCP Discover (option 50)
DHCP Offer (IP Address)
DHCP Request / Ack
DHCP proxy in routedenvironment oversecure GRE Tunnel
PGW
Create Session request (IMSI, APN,TEID, RAT Type, Handover-bit etc)
Create session response (existing IP@, DNS, Profile, etc)
AuthenticateRequest
Authentication Vectors,UE profile
SWx
PCRF
PCEF initiated
IP CAN session
modificationprocedure
Auth
entication
DHCP
GTP Tunnel
3GPP old EPS Bearer Release
8/21/2019 LightRadio Wifi
37/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
7750-SR based WLAN-GW
7750 SR based WLAN-GW
8/21/2019 LightRadio Wifi
38/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
7750 SR based WLAN GW
Base functions
Per AP Tunnel termination (soft-GRE or IPSEC)
DHCP session management (on VLAN or Tunnel)
IPv4/IPv6 address assignment, Per UE policing
Per AP per ISP /MNO bandwidth control , fairness & SLA management
Accounting Online & Offline charging
Lawful Intercept
Seamless Inter-AP mobility
CG-NAT
L2 or L3 handoff to MNO/ISP
High Performance Routing and data offload
WLAN Gateway with GTP instantiation
GTP for GGSN/PGW anchoring
Single IP address, mobility, in-bound roaming
On-line charging/off-line charging : one-bill
Enabler for in-bound roaming
GTP GRE QOS translation/mapping (DSCP based)
IP @ preservation (WLAN 3G/4G)
7750 SR
MS-ISAGRE /IPSEC tunnel termination
128K Tunnels/Chassis
128K Subscribers/Chassis
1M migrant users/chassis
8/21/2019 LightRadio Wifi
39/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Access Network Discovery & Selection Function
8/21/2019 LightRadio Wifi
40/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
Access Network Discovery & Selection23.402, 24.312
V-ANDSF
H-ANDSF
HPLMN
VPLMN
3GPP / non-
3GPP IP Access
S14
S14
UE Location
Policy [via Push/Pull]
ISMPInter-System mobility allowed?Preferred access technology /access network IdValidity
SingleRadio
Discovery InfoAccess Network List &InfoValidity
ISRPPreferred access technology /access network Id IP flow[IFOM] / APN [MAPCON]Validity
Multi
Radio
http://france.asus.com/products.aspx?l1=24&l2=164&l3=0&l4=0&model=2611&modelmenu=18/21/2019 LightRadio Wifi
41/42
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
ANDSF+
Billing Domain
Account status, creditstatus, recharging
control
UE
Location,&measurement
SubscriberPreference
NetworkIntelligence
Abusive users, virusbehavior, unwanted
traffic
Decision Engine
ISMP
Discovery Information
ISRP
http://france.asus.com/products.aspx?l1=24&l2=164&l3=0&l4=0&model=2611&modelmenu=18/21/2019 LightRadio Wifi
42/42