1

A Gateway to Integrate Heterogenous Networks

ICL K400徐玉青

YuChing@itri.org.tw

2

Outline

‧3G/WLAN Integrated Scenarios–3G/WLAN Interworking Architecture–Packet Data Gateway (PDG)

‧3G/WiMAX Integrated Scenarios–WiMAX Related Specifications–3G/WiMAX Interworking Architecture–WiMAX Access Gateway (WAG)

‧Conclusion

3

3G/WLAN Integrated ScenariosScenario 1 Scenario 2 Scenario 3 Scenario 4 Scenario 5 Scenario 6

Common billing x x x x x xCommon customer care x x x x x x3G based Access Control x x x x x3G based Access Charging x x x x xAccess to 3G PS Services x x x xService Continuity x x xSeamless Service Continuity x xAccess to 3G CS Services with seamless mobility

x

4

AAA Network Architecture (Scenario 2)

Cellular UE

PS services

HLRCGW

Cellular Network

SIM

WISP InternetWLAN/CellularDual Mode UE

3GPP AAA Server

AppleMusic Store

SIM

Wi-Fi/WiMAX Network

SGSN/GGSN

5

PDG Network Architecture (Scenario 3)

Packet basedservices

HLRCGW

Cellular Network

3GPP AAA Server

WISP InternetApple

Music Store

SIM

Wi-Fi or WiMAX/CellularDual Mode UE

Printer Fax

Wi-Fi/WiMAX Network

Packet Data Gateway

6

Non Roaming WLAN Interworking Reference Model

WLAN 3GPP IP Access

3GPP Home Network

WLAN Access Network

WLANUE

Ww

HSS HLR

OfflineChargingSystem

OCSWa

Wn

Wx

D' / Gr'

Wf

Wo

Wi

Intranet / Internet

Wm

WAG Wp PDG

Wg

Wu

Dw

SLF

3GPP AAAServer

Wy

Wz

7

WxD' / Gr'

Ww

Roaming WLAN InterworkingReference Model (1/2)

3GPP Home Network

WLAN AccessNetworkWLAN

UE

Packet DataGateway

HSS

HLR

OfflineChargingSystem

OCS

Wf

Wo

Intranet / Internet

3GPP Visited Network

3GPP AAAProxy

OfflineChargingSystem

WAGWn

WaWf

Wd

Wp

Wm

Wi

WLA

N 3

GP

P IP

Acc

ess

Wg

Wu

Dw3GPP AAA

ServerSLF

Wy

Wz

8

Ww

Roaming WLAN InterworkingReference Model (2/2)

3GPP Home Network

WLAN AccessNetworkWLAN

UE

3GPP AAAServerHSS

HLR

OfflineChargingSystem

OCS

D' / Gr'

Wf

Wo

Intranet / Internet

3GPP Visited Network3GPP AAA

Proxy

OfflineChargingSystem

Packet DataGatewayWAG

Wn Wp

Wa

Wi

Wf

Wd

Wx

Wg

WuWLAN 3GPP

IP Access

DwSLF

Wm

Wz

9

Protocol StackWu

Ww Wn Wp

PDGPDGWAGWAGWLAN ANWLAN ANWLAN UEWLAN UERemoteRemote

IPIP Remote IPRemote IP

TunnelingTunnelinglayerlayer

L2/L1L2/L1

L2/L1L2/L1TransportTransportIPIP

TunnelingTunnelinglayerlayer

TransportTransportIPIP

TransportTransportIPIP

TransportTransportIPIP

TransportTransportIPIP

TransportTransportIPIP

L2/L1L2/L1 L2/L1L2/L1 L2/L1L2/L1 L2/L1L2/L1 L2/L1L2/L1

•Tunneling layer- Support IPsec ESP for secure tunnel- Support IKEv2 for IPsec tunnel negotiation

Exchange tunnel security associationRemote address acquisition

10

PDG System Architecture3GPP Spec. suggested implementation： PDG = TTG + GGSNPDG should support IKEv2, IPSec, Diameter, Gi protocols

3G Networks

Wi-Fi/WiMAX

GTP-U Tunnel

GnGTP-C’

PDG

Wu

Wm

AAA Server

UE

GGSN

Gi/WiIKEv2

IPSec Tunnel

Authen

ticati

on

Authori

zation

DHCPServer

Packet Data Network

TTG

IP Addr.

AP/BS

11

PDG Procedures and Implementation

‧Authentication & Authorization‧IP Connectivity‧Implementation Model

12

Authentication & Authorization

‧Authentication Methods–SIM-based WLAN Access Authentication

‧EAP/SIM Authentication–USIM-based WLAN Access Authentication

‧EAP/AKA Authentication

‧Authorization–WLAN Access Authorization

‧WLAN user profile–Mobile Network PS Service

‧Access Home Network provided services‧Access Visited Network provided services

13

WLAN User Profile‧The WLAN User Profile shall reside in HSS (if operator is using

a legacy HLR, the WLAN user profile may reside in the AAA Server)‧WLAN User Profile

– IMSI– MSISDN– Operator determined barring of 3GPP-WLAN interworking subscription– Subscribed Charging Characteristics and Accounting Server Identifier– WLAN Direct IP access allowed– Roaming allowed– Maximum session duration (optional)– List of authorized W-APNs (optional)

14

WLAN Access Authentication and Authorization

WLAN ANWLAN ANWLAN UEWLAN UE AAA Server/ProxyAAA Server/Proxy HSS/HLRHSS/HLR

1. WLAN connection setup

2. EAP message exchange

3. Authentication inforetrieval from HLR/HSS

4. Subscriber profileretrieval from HLR/HSS

6. Access Accept6. Access Accept

7. EAP / Success7. EAP / Success

[ Keying material and[ Keying material andAuthorization information]Authorization information]

8. WLAN Registration to HLR/HSS

WAGWAG

5. Policy enforcement info delivery5. Policy enforcement info delivery

15

IP Connectivity‧WLAN Direct IP Access

–WLAN UE needs to use local IP address only‧WLAN 3GPP IP Access

–WLAN UE needs two IP address‧Local IP address and Remote IP address

–IP tunnel reside between the WLAN UE and PDG‧WLAN UE initiates the establishment of tunnels‧Tunnel establishment between WLAN UE and PDG includes

mutual authentication–WLAN UE shall use W-APN to indicate to the

network the services it wants to access

16

Why Tunnel in Scenario 3 ?‧Cellular network is private network ‧Address space of WLAN AN is different from

address space of Cellular network–Remote IP address identifies the WLAN UE in the

network that the WLAN UE is accessing for the 3G PS service

–WLAN UE IP allocation‧Local IP address can be assigned by WLAN AN or by

PLMN–Assigned by WLAN AN need tunnel–Assigned by PLMN maybe don＇t need tunnel

‧Secure data transmission

17

W-APN Resolution & Tunnel Establishment to PDG in HPLMN

AAA Proxy/ServerWLAN UE AAA ServerWLAN AN WAG Visited PDG Home PDG

1. WLAN Access Authentication & Authorization and WLAN UE local IP address allocation

2.1 DNS Query

2.2 End-to-end tunnel establishment( (User ID and W-APN))

2.5 Tunnel packet flow filter exchange

2.3 Retrievingauthentication &

authorization data

2. W-APN resolution & tunnel establishment to PDG in Home PLMN External AAA Server

2.4 next authentication &

authorization

•WLAN UE constructs an FQDN using the W-APN Network Identifier and HPLMN ID as the Operator Identifier

18

W-APN Resolution & Tunnel Establishment to PDG in VPLMN

AAA Proxy/ServerWLAN UE AAA ServerWLAN AN WAG Visited PDG Home PDG

2.3 Retrievingauthentication &

authorization data

1. WLAN Access Authentication & Authorization and WLAN UE local IP address allocation

2.1 DNS Query

2.2 End-to-end tunnel establishment (User ID and W-APN)

2.5 Tunnel packet flow filter exchange

2. W-APN resolution & tunnel establishment to PDG in Visited PLMNExternal

AAA Server

2.4 next authentication & authorization

•WLAN UE constructs an FQDN using the W-APN Network Identifier and VPLMN ID as the Operator Identifier

19

WLAN UE Initiated Tunnel Disconnection Procedure

HLR/HSSWLAN UE AAA ServerWLAN AN PDGWAG

1. UE determine torelease the tunnel

2. Release tunnel req.

3. Release the tunnelresource and info

3. Release ack

3. Tunnel disconnectionReport

4. Release the tunnelresource and info

6a. service info/status update

6b. Filtering policy remove from WAG

5. Stop accounting (if needed)

External AAA Server

20

PDG Implementation Re-using GGSN Functionality (1/2)

DHCP

Application Servers

WLAN UE

3GPP PS Services

Gn Radius PDG

Application Servers

WLAN UE

GGSN Wu GiDHCP DHCP

Application Servers

WLAN UE

3GPP PS Services

Gn’ Radius Radius TTG

Application Servers

WLAN UE

GGSN subset Gi / Wi

between each end tunnel and a corresponding GTP tunnel.

One-to-one mapping between each end-to-end tunnel and a corresponding GTP tunnel.

PDG

21

PDG Implementation Re-using GGSN Functionality (2/2)

‧Normative Annex‧Re-using GGSN functions

–Charging Gateway Function– IP address allocation–Authentication in external networks–Single access to 3GPP PS domain services

‧Gn＇ shall comprise subset of Gn procedures–Create PDP Context Request/Response–Update PDP Context Request/Response–Delete PDP Context Request/Response–Error Indication–Version Not Supported–GTP Payload Forwarding

22

Tunnel Establishment Procedure

WLAN ANWLAN UE WAG TTG GGSN

2.DNS Query

4. Retrievingauthentication &authorization data

AAA Proxy/Server

5. Create PDP context request

1. WLAN Access Authentication and Authorization

6. Create PDP context response

3. End-to-end Tunnel establishment request

7. End-to-end Tunnel establishment ack

8. Apply packet filter policy to WAG

23

WLAN UE Initiated Tunnel Disconnection Procedure

WLAN ANWLAN UE WAG TTG GGSNAAA Proxy/Server

2. Delete PDP context request

3. Delete PDP context response

1. Release tunnel request

4. Release ack

6. packet filter policy remove from WAG

5. Tunnel disconnection report

24

Outline

‧3G/WLAN Integrated Scenarios–3G/WLAN Interworking Architecture–Packet Data Gateway (PDG)

‧3G/WiMAX Integrated Scenarios–WiMAX Related Specifications–3G/WiMAX Interworking Architecture–WiMAX Access Gateway (WAG)

‧Conclusion

25

IEEE Related Spec. • IEEE 802.16 Completed Projects

– Air interface• 802.16-2001, 802.16a-2003, 802.16c-2002, 802.16-2004, 802.16f-2005,

802.16-2004/Cor1-2005, 802.16e-2005– Conformance

• 802.16/Conformance01-2003, 802.16/Conformance02-2003, 802.16/Conformance03-2004

– Coexistence• 802.16.2-2001, 802.16.2-2004

• IEEE 802.16 Active TG and SG– TG C Conformance04– Network Management TG 802.16g (Management Plane Procedures

& Services), 802.16i (Mobile MIB)– License-Exempt TG 802.16h– Mobile Multihop Relay (MMR) SG 802.16j

26

WiMAX Forum Related Spec.• Marketing Working Group (MWG)• Service Provider Working Group (SPWG)• Regulatory Working Group (RWG) • Technical Working Group (TWG)• Network Working Group (NWG)

– WiMAX E2E Network System Architecture (stage 2: Architecture Tenets, Reference Model and Reference Points), 2006-3-1, Draft.

• Application Working Group (AWG)• Certification Working Group (CWG)

27

3G/WiMAX Integrated Architecture

Billing Server

Home Agent

Local AAASGSN

3GPPcard

WiMAX Base Stations

Home AAA

RNC

WiMAXcard

WiMAX ASN

WiMAX NetworkService Provider

3GPP CoreNetwork

3GPP AccessNetwork

FA

Internet

PDG

GGSN

WAG

Loosely CoupledInterworking

UE

28

WiMAX-3GPP Interworking (Non-Roaming Case)

29

WiMAX E2E Network Reference Model

NAP Network Access Provider NSP Network Service Provider ASN Access Service Network CSN Connectivity Service Network ASP Application Service Provider

30

ASN Reference Model

ASNGateway &Decision

EnforcementPoints

ASN

BS

R3

R4R6

R6R8

BS

R1

R1

31

Overall Network Reference Model

R1

MS

ASN GW

ASN

R8

CSN

R3R3

ASN GWASNR4

BS 1 BS 2 BS 3

R6 R6 R6

R2

CSNR5

32

Functions of Reference Points• R3 consists of the set of control plane protocols between the ASN and the

CSN to support AAA, policy enforcement and mobility management capabilities. It also encompasses the bearer plane methods (e.g., tunneling)to transfer user data between the ASN and the CSN.

• R4 consists of the set of Control and Bearer plane protocols originating/terminating in various functional entities of an ASN that coordinate MS mobility between ASNs and ASN-GWs. R4 is the only interoperable RP between similar or heterogeneous ASNs.

• R6 consists of the set of control and bearer plane protocols for communication between the BS and the ASN-GW. The bearer plane consists of intra-ASN datapath between the BS and ASN gateway. The control plane includes protocols for datapath establishment, modification, and release control in accordance with the MS mobility events. R6, in combination with R4, may serve as a conduit for exchange of MAC states information between BSs that can’t interoperate over R8.

33

Functional Design and Decomposition

• IP Addressing• AAA Framework• ASN Security Architecture• Accounting• Mobility Management• Radio Resource Management• Paging and Idle-Mode MS Operation

34

IP Addressing (example in IPv4)‧ PoA (Point-of-Attachment) IP address could be static or dynamic,

could be assigned by visited CSP or home CSP.‧ The DHCP Server address is retrieved from the AAA access

authentication or configured locally at the ASN.

35

36

AAA Framework

MS NAS(ASN)

AAAProxy(s)

AAAServer

(Home CSN)

Supplicant Authenticator AuthenticationServer

Auth. Relay Protocol AAA Protocol

EAP

Auth. Relay UDP/IP

BS ( ASN )

Authetication Relay

PKMv2

802.16

EAP methods such as EAP-TLS, Protected EAP (PEAP) , Tunneled TLS (TTLS), EAP AKA etc.

R6 R3

37

Authentication and Authorization Procedures – PKMv2 Procedures

38

ASN Security Architecture

‧ AK Txfer could be triggered by:– MOB_HO_IND– RNG_REQ– MOB_MSHO_REQ–…

‧ It is expected that AK TxferProtocol primitives be implemented in TLV forms and be exchanged as part of intra-ASN and inter-ASN mobility management protocols

Authenticator

Key Distributor

AuthenticationRelay

Key Receiver

BS

BS

BS

BS

Authentication +Key Distributor

Authentication Domain = ASN n

Authentication Domain = ASN 1

Mobility Domain = NAP

Authentication Relay ProtocolAK Transfer Protocol

39

Accounting

‧Based on RADIUS Protocol‧Offline accounting(post-paid)

–Create one UDR (Usage Data Records) per R6 connection ID

‧Online accounting(pre-paid)–On-line quota update opeartion

‧Hot-Lining–To efficiently address issues with users that would

otherwise be unauthorized to access packet data services

40

Mobility Management

‧ Intra-ASN Mobility (w/o CoA Update)– Synonym

‧R6 Mobility‧ASN Anchored Mobility

– Functional Decomposition‧Data Path (DP) Function‧Handoff (HO) Function‧Context Function

‧ Inter-ASN Mobility (w/ CoA update)– Synonym

‧R3 Mobility‧CSN Anchored Mobility

– Based on Mobile IP (RFC3344 and related RFCs)‧Proxy-MIP (PMIP) ‧Client-MIP (CMIP)

41

Overall Reference for ASN Mobility Functions

42

Data Path Function‧ Type1: typically a generic IP-in-IP tunnel, e.g. GRE, Ethernet, MPLS

– Payload is an IP datagram or an Ethernet packet‧ Type2: typically a generic IP-in-IP tunnel, e.g. GRE, Ethernet, MPLS

– Payload is a 802.16e SDU or part of it appended with additional info. (CID of Target BS, ARQ para. …)

43

Data Path Function Network Transaction

44

Context Function

‧To populate the context, security context corresponding to a MS at a target BS

‧To inform the network regarding the idle/sleep mode behaviors of the MS

‧To inform the network of initial network entry of a specific MS

45

HO Function Network Transaction

46

Mobility w/ CoA Update (Mobile IP)

47

Radio Resource Management

case bcase a

‧ RRA (Agent) : resides in BS, responsible for assisting local RRM as well as communication to the RRC

‧ RRC (Controller) : may resides in BS (case b), in ASN-GW (case a), or in a standalone server in ASN. An RRC is responsible for collection of radio resource indicators from associated RRA and communication between/across RRCs.

‧ RRM procedures：– Spare capacity report (per BS)– PHY measurement report (per-MS)– Neighbor BS radio resource status update

48

Paging and Idle-Mode MS Opearation

‧ Paging Controller (PC)– Administers the

activity of idle mode MS, contains the location info. of MS.

‧ Paging Agent (PA):– Resides in BS, handles

interaction between PC (R6) and R1 paging related function

‧ Paging Group (PG):– comprising one or

more PAs.‧ Location Register (LR):

– A distributed DB, which contain information about Idle mode MS.

R6

49

Generic Depiction of Functional Entities after MS Enters Idle Mode

50

Conclusion

‧The 3G/WLAN interworking scenarios 1, 2, and 3 could be applied to integrate 3GPP networks and other access networks.

51

Reference

‧3GPP TR 22.934, Feasibility Study on 3GPP System to WLAN Interworking.

‧3GPP TS 23.234 v6.4.0, 3GPP System to WLAN Interworking.

‧3GPP TS 33.234 v6.3.0, 3G WLAN InterworkingSecurity.

‧WiMAX Forum, WiMAX End-to-End Network System Architecture (Stage 2: Architecture Tenets, Reference Model and Reference Points).