Scribd Logo
Carica

Benvenuto in Scribd!

  • LightRadio Wifi

    Caricato da

    Sasanka Chamara Gamage
    126 visualizzazioni42 pagine
    ALCATEL-LUCENT -- INTERNAL PROPRIETARY -- USE PURSUANT TO COMPANY INSTRUCTION AGENDA - SERVICE PROVIDER WIFI Use Cases Architecture Blueprint Solution Elements Tunneling Authentication Subscriber Management Seamless mobility 3G / 4G Interworking Products and Solution Availability.

    Descrizione originale:

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    ALCATEL-LUCENT -- INTERNAL PROPRIETARY -- USE PURSUANT TO COMPANY INSTRUCTION AGENDA - SERVICE PROVIDER WIFI Use Cases Architecture Blueprint Solution Elements Tunneling Authentication Subscriber Management Seamless mobility 3G / 4G Interworking Products and Solution Availability.

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    126 visualizzazioni42 pagine

    LightRadio Wifi

    Caricato da

    Sasanka Chamara Gamage
    ALCATEL-LUCENT -- INTERNAL PROPRIETARY -- USE PURSUANT TO COMPANY INSTRUCTION AGENDA - SERVICE PROVIDER WIFI Use Cases Architecture Blueprint Solution Elements Tunneling Authentication Subscriber Management Seamless mobility 3G / 4G Interworking Products and Solution Availability.

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 42

    lightRadioTM WIFI

    Sanjay Wadhwa

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    AGENDA SERVICE PROVIDER WIFI


    Use Cases
    Architecture Blueprint

    Solution Elements
    Tunneling
    Authentication
    Subscriber Management
    Seamless mobility
    3G/4G Interworking
    Products & Solution Availability

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Devices and Apps

    46

    SMARTPHONES AND TABLETS


    NOW REPRESENT 46% OF
    HOTSPOT CONNECTIONS
    WORLDWIDE

    3.7

    Billion

    3.7 BILLION SMARTPHONE AND IPENABLED DEVICES BY 2014


    WORLDWIDE

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    129

    APPLICATION
    DOWNLOADS TO RISE
    FROM 18.2b (2011) TO
    41.7b (2015)

    Wi-Fi

    70% 1.3

    million

    USERS ARE IN WI-FI


    COVERAGE ZONES MORE
    THAN 70% OF THE TIME
    DURING A 24 HOUR
    PERIOD

    TOTAL NUMBER OF WI-FI


    PUBLIC HOTSPOTS
    WORLDWIDE IN 2011

    350%
    NUMBER OF GLOBAL PUBLIC
    HOTSPOTS SET TO GROW FROM
    1.3 MILLION (2011) TO 5.8
    MILLION (2015)

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    STEP 1 : WiFi COMMUNITY BROADBAND


    WIRELINE OPERATOR OFFERING FREE WIFI SERVICE
    Customers
    Wi-Fi

    Wi-Fi Access Wholesale Provider


    portal

    AP
    Enterprise

    Wi-Fi

    Wi-Fi

    AP

    WLAN
    GW

    HotSpot

    7750 SR

    AP
    HomeSpot

    Advantages
    Reduce Churn
    Good Coverage

    AAA
    8950 AAA

    UE authentication via IEEE 802.1X/EAP


    Alternative to redirect customers to a portal to supply their credentials
    Traffic tunneled/routed from HGW/AP to WLAN-GW (optionally with IPSEC)
    Central WLAN-GW for WiFi subscriber management
    IP@ management on WLAN-GW to allow for IP@ mobility between WAPs
    DHCP, LI, accounting + optionally NAT and DPI on the WLAN-GW
    WLAN-GW has local breakout to the internet

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    STEP 2 : WiFi OFFLOAD


    M(V)NO OFFLOADING THE MOBILE NETWORK
    Customers
    Wi-Fi

    Wi-Fi Access Wholesale Provider


    portal

    AP
    Enterprise

    Seamless
    Mobility

    Wi-Fi

    WLAN
    GW

    HotSpot

    7750 SR

    AP
    HomeSpot

    AAA
    8950 AAA

    M(V)NO
    HLR
    (e)NB

    UMTS/LTE

    GTP Tunnel

    Wi-Fi

    AP

    Advantages
    Unlicensed Spectrum
    Low Cost per Bit
    Better Coverage
    IP@ Mobility

    8650 SDM
    SGW/
    PGW/GGSN

    (e)NB

    7750 SR

    UMTS/LTE

    UE tries to switchover to WiFi upon detection of the M(V)NOs SSID


    Transparent IEEE 802.1X/EAP authentication between HGW/AP and UE
    Optionally GTP tunnel between WLAN GW and GGSN/PGW for IP@ Mobility
    GTP interface available in 10.0R4
    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    STEP 3 : WiFi WHOLESALE


    WIRELINE OPERATOR SELLS WI-FI OFFLOAD TO M(V)NO
    Customers
    Wi-Fi

    Wi-Fi Access Wholesale Provider

    Wi-Fi Retailer

    portal

    AP

    Wi-Fi Retailer

    Enterprise

    Seamless
    Mobility

    Wi-Fi

    WLAN
    GW

    HotSpot

    7750 SR

    AP
    HomeSpot

    8950 AAA

    MNO
    HLR
    (e)NB

    UMTS/LTE

    Wi-Fi + MVNO
    Retailer

    8650 SDM
    SGW/
    PGW/GGSN

    (e)NB

    UMTS/LTE

    AAA

    GTP Tunnel

    Wi-Fi

    AP

    MVNO Retailer

    7750 SR

    MVNO Retailer

    Advantages
    Unlicensed Spectrum
    Better Coverage

    IP@ Mobility

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    THREAT: OFFLOADING 2G/3G AND LTE TRAFFIC


    TO UNCONTROLLED FREE Wi-Fi
    Internet

    Broadband ISPs
    not noticing
    the Wi-Fi users

    Mobile
    network
    operators

    2.5G

    3G

    LTE

    Wi-Fi
    hotspot

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Enterprise
    Wi-Fi

    Private
    SSID

    EVERYBODY LOVES HOTSPOTS

    $10.00 per MB
    $10,000.00 per GB !!!
    Source : W eFi

    MUCH CHEAPER THAN ROAMING

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    BUT
    No QoS guarantees
    No strong security
    No implicit trust in operator
    No service bundling
    No unified billing

    COMPLICATED
    AUTHENTICATION

    MANY SSIDs
    TO REMEMBER

    No my content everywhere
    No Wi-Fi cellular mobility

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Trusted Wi-Fi SOLUTION - Functions

    AAA

    ONLINE
    CHARGING

    HSS/HLR
    ENTERPRISE

    PCRF / ANDSF
    HOTSPOT

    TWAG/WLAN-GW

    INTERNET

    RESIDENTIAL
    PACKET CORE
    PGW/GGSN

    END-TO-END NETWORK MANAGEMENT

    TWAG
    PCRF
    ANDSF
    AAA
    HSS/HLR
    PGW
    GGSN
    CDN

    Trusted Wireless Access Gateway (aka WLAN-GW)


    Policy Charging Rules Function
    Automatic Network Discovery and Selection Function
    Authentication, Authorization and Accounting
    Home Subscriber Server / Home Location Register
    Packet Data Network Gateway
    GPRS Gateway Support Node
    Content Distribution Network
    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    CDN

    Alcatel-Lucent lightRadio Wi-Fi


    seamless wireless broadband

    7750 SR
    (WLAN GW)

    TM

    WLAN AP
    (Wi-Fi)

    5780 DSC
    (Wi-Fi Control Module)

    Trusted and secure WLAN (Wi-Fi) gateway functionality on


    the 7750 Service Router, with interfaces towards AAA and
    billing/charging systems, and integration with Wireless
    Packet Core which supports 2G, 3G, 4G/LTE and Wi-Fi
    lightRadio ecosystem program with leading Wi-Fi Access
    Point and Residential Gateway (APs/RGs) vendors to
    ensure quick and easy deployment and interoperable end-toend solution
    Wi-Fi Control Module enhanced implementation of 3GPP
    Access Network Discovery and Selection Function on the 5780
    Dynamic Services Controller, enabling users to be
    automatically connected to the best network
    Integrated Wi-Fi access on small cells part of lightRadio
    portfolio - for seamless carrier-grade capacity and coverage
    across Wi-Fi and cellular networks

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    MVNO core OR Partner MNO core


    AAA

    Internet, Media, VPNs

    GGSN/PGW

    Inter-Provider
    Roaming

    3G/4G Interworking
    WLAN-GW

    WLAN-GW

    HLR/HSS
    AAA
    AAA

    2.5G

    3G

    LTE

    Access/Backhaul

    Captive
    Portal

    WIFI Mobility
    MSO Mobile Broadband

    Mobile Broadband
    Inter Provider WIFI Roaming
    3G/4G Interworking
    Quad Play
    Macro cellular offload
    for partner MNO

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    TRUESTED WIFI PARTNER PROGRAM


    Partner AP and CPEs tested in e2e solution with 7750 WLAN-GW.
    - Portal auth, 802.1x/EAP, soft-GRE, Mobility
    Trusted Wi-Fi / MetroCell Alcatel-Lucent solution
    Trusted Wi-Fi Certified Partner solutions (APs)

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    HOTSPOT 2.0
    Next Gen Hot Spot
    Wi-Fi network selection and log-in carried out automatically by the device and the
    network without the need for user intervention
    Hotspot 2.0 addresses carrier Wi-Fis for easy network discovery, simple
    authentication and robust security
    IEEE 802.11u (Network discovery)
    IEEE 802.11i (Encryption)
    IEEE 802.11x (Authentication)

    A wide variety of user/device credentials supported


    Some devices have SIM cards: smartphones, SIM-equipped tablets
    Some do not: (need web-based authentication, password over SMS to authorized SIM-device)
    Network / Device

    Type of Authentication

    EAP types

    GSM

    SIM

    EAP-SIM (RFC4186)

    UMTS

    USIM

    EAP-AKA (RFC 4187)

    Wi-Fi only devices

    X.509

    EAP-TLS (RFC 5216)

    Non-SIM devices (e.g., CDMA)

    User/PW

    EAP-FAST (RFC 4851)

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Light-Radio WIFI Requirements & Considerations

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    3GPP - WLAN to 3G/4G interworking


    Current 3GPP/2 standard for access to EPC over non trusted access
    (possibly unsecure) WLAN
    AP & Backhaul a priori
    owned by any provider

    WL
    AN

    ePDG/PDIF

    WLAN
    AP

    SWx

    HSS

    AAA

    S2b: GTP

    PGW

    IPSec: 3GPP/2 VPN

    ALU solution (fat-pipe model) that


    overcome standard issues
    WLAN GW solution over trusted or un-trusted access
    SWx

    (secure) WLAN AP &


    Backhaul

    802.11i

    HSS

    AAA

    Radius
    WLAN
    AP

    Single tunnel / AP

    PDG/WLAN GW

    S2a: GTP

    PGW

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Standards Approach
    issues:
    IPSec/IKEv2 required on
    UE
    Battery drain effect on
    UE and intensive CPU
    processing.
    IPSec overhead &
    associated packet
    fragmentation on WLAN
    air interface
    Poor user experience
    with Latency associated
    with tunnel
    establishment for shortsessions (e.g. MMS
    access)
    Multiple tunnels one for
    each service
    Protected tunnel

    Why Bridging & Tunnelling from HGW/WAP ?


    - Support for any access type: DSL, cable, GPON, 3G/LTE
    - No impact on Access-Nodes & Backhaul
    - Full subscriber visibility in the network
    - Minimum operations impact on CPE/AP
    - Separation of public Wi-Fi traffic and private subscriber traffic
    - Flexible wholesale (L2 or L3)
    - IP@ sharing
    - Same architecture across community Wi-Fi from home, outdoor AP(s),
    venues, SMBs
    - Flexible authentication models (open-SSID via portal-auth or secure SSID
    via 802.1x/EAP).
    - 3G/4G Interworking via GTP

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    WI-FI access point options


    L2 SOLUTION

    L3 SOLUTION
    Offload SSID

    Offload SSID

    IP TUNNEL

    Bridge

    L2 Wholesale
    L3 Wholesale with overlapping IP@
    GTP Roaming with overlapping IP@
    Faster mobility triggering
    Simple CPE
    Network portal
    Subscriber visibility in the network with
    NAT
    IP@ Sharing

    No L2 Wholesale
    No L3 Wholesale with overlapping IP@
    No GTP Roaming with overlapping IP@
    L3 mobility which is slower
    Complex CPE
    Portal on CPE/Network
    No Subscriber visibility in the network with
    NAT
    No IP@ Sharing

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Blue-Print Architecture

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Public SSID Bridged/Tunneled


    GRE/L2 tunneling from AP or RG/CM with separate SF for public WIFI
    Bridge into L2VPN
    over GRE

    8950 AAA
    GRE end-point
    loopback address Soft GRE

    GRE end-point WAN


    IP

    Public SSID

    DIAMETER

    S2a
    L2oGRE OR L2VPNoGRE
    Access

    AP/RG/CM

    GTP

    Mobile content

    PGW/GGSN

    IP

    AN / CMTS

    WLAN GW

    L2VPN termination
    (sub-Mgmt on tunnel)

    Access Model
    - Bridge in HGW/AP prevents user-to-user communication
    - GRE tunnel per HGW/AP towards WLAN GW no network requirements
    - No provisioning on CMTS/BNG - Automatic provisioning on WLAN GW
    - Radius Client
    WLAN GW
    - Subscriber Management on GRE tunnel
    - Portal authentication (via http-redirect)
    - OR 802.1x/Radius EAP SIM/AKA authentication
    - DHCP per UE
    - Radius Proxy HWG/AP is client
    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    8950 AAA
    Captive
    Portal

    MAP &
    DIAMETER

    HLR
    HSS
    AuC

    7750 WLAN-GW Why Gateway based


    architecture ?

    WLAN-GW Subscriber Management


    Zero-touch subscriber provisioning & Subscriber Creation
    EAP based & Portal based authentication
    Flexible IP Address Management (DHCP relay, DHCP Server,
    RADIUS)
    Dynamic Service Creation (subscriber policy)

    Per-Subscriber Accounting (RADIUS) & DIAMETER based Credit


    Control (Gy)
    Per-subscriber and per AP Bandwidth Control (classification,
    traffic shaping, policing, queuing)
    Per-subscriber WLAN to 3G/4G Interworking (GTP based S2a)
    SF/CPM3
    Multi-core CPU with SMP

    2008
    Winner

    L2 & L3 wholesale
    Per-Subscriber Security (anti-spoof , control plane protection)
    Per-Subscriber, Per-application assurance, accounting,
    monitoring

    FP2 Silicon
    50G (IOM3/IM)M or
    100G layout (IMM)

    Per-Subscriber Lawful Intercept

    Per-Subscriber Security (anti-spoof , control plane protection)


    Multi-Services
    Integrated Services
    Adaptor

    Integrated Carrier Grade NAT


    Dual-Stack (IPv4/v6) access

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    WIFI TELCO / MSOs

    Partner product
    (e.g. Belair)
    AP

    AAA

    portal

    8950 AAA

    Partner product
    (e.g. Aptilo)

    Access
    DSL/PON

    WiFi

    eBNG/
    WLAN GW

    7750 SR

    When the 7750 is used as BNG, the BNG functionality and WLAN GW functionality can be
    supported on a single box, the eBNG

    Partner product
    (e.g. Belair)
    AP
    WiFi

    AAA

    portal

    8950 AAA

    Partner product
    (e.g. Aptilo)

    Access
    CMTS

    WLAN GW
    7750 SR

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    SOFT-GRE Tunnels to WLAN-GW


    RG/AP Tunnel end-point does not need to be configured on WLAN-GW
    Stateless GRE
    Tunnel context & subscriber context auto-created

    First packet from UE to


    optional
    WLAN GW is DHCP
    discover
    Public SSID

    DHCP

    (Discover)

    VLAN1 Eth

    (AP mac)

    RG/AP to receive GW
    IP and PWE label (opt.)
    via DHCP?

    PWE

    (lbl X)

    GRE

    IP

    (CM IP)

    LLC / MAC / Phy

    IP SA: WAN IP

    IP DA: WLAN GW IP

    GRE per CM/RG

    L2VPN termination:
    (SubMgtOnTunnel)
    IP

    Access

    CM/RG

    AN/CMTS

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    WLAN GW

    Authentication

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Portal Based Authentication


    Use-cases
    - SmartPhone/Tablet without 802.1X support
    - PC with Dongle without EAP supplicant software
    - PC without any mobile subscription

    Complement EAP-SIM/AKA with Portal Access


    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Portal Based Authentication (WISPr concept)

    UE

    WAP

    AAA

    WLAN GW

    Portal

    RADIUS: Access-Request (Uname=UE-MAC)

    DHCP Discover

    RADIUS: Access-Accept (ID, Redirect-Policy)

    DHCP Offer (IP Address)


    DHCP Request / Ack

    RADIUS: Acct-Start (Client-IP)


    Store Unauthorized User
    (Client-IP, AcctSessID)

    HTTP Get (www.google.com)


    HTTP 302 Redirect (Portal IP)
    HTTP Get (www.google.com)
    Portal-Page / HTTP Authentication

    Auth Request (Client-IP)


    Update User as
    authorized
    RADIUS: CoA (AcctSessID , Remove Redirect)
    Authentication Success
    HTTP 302 Redirect (Portal IP)
    HTTP Get (www.google.com)

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Wi-Fi OFFLOAD WITH EAP-SIM/AKA


    Online
    Charging
    System
    DIAMETER

    Offload SSID

    GRE/IPSec
    Mobile content

    UE
    WAP

    7750 SR
    WLAN GW

    MAP

    8950 AAA
    SIM/AKA

    SIM/AKA
    EAP
    802.1x
    802.11

    EAP

    EAP
    802.1x
    802.11

    HLR
    AuC

    RADIUS

    RADIUS

    UDP

    UDP

    IP

    IP

    802.3

    802.3

    EAP-SIM/EAP-AKA for device authentication


    - Leverage existing authentication infrastructure (AAA, HLR/AuC)
    - Authorization allows control of the UE forwarding (VPN, IP pool selection, uplink next-hop)
    - Subscriber DHCP session created in WLAN gateway
    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    EAP-SIM or EAP-AKA Authentication with RADIUS proxy: GRE


    with sub-management

    UE

    WAP

    PDG/WLAN-GW

    AAA Server

    HSS

    802.1X
    Unauthorized State
    EAP: Request (ID)
    EAP: Response (ID)

    RADIUS: Access-Request (EAP ID, Calling-Station-ID=UE-MAC)

    Authenticate
    Request
    Authentication Vectors, UE profile

    EAP: Request (ID, Challenge)

    RADIUS: Access-Challenge (EAP ID, EAP Challenge)

    EAP: Response (ID, Challenge)

    RADIUS: Access-Request (EAP ID, Response, Calling-Station-ID=UE-MAC)

    EAP: Success (ID)

    RADIUS: Access-Accept (EAP ID, Success)


    Cache Authorized
    MAC + NAS-Port + IP
    information + profile
    information

    802.1X
    Authorized State

    DHCP Discover

    DHCP Offer (IP Address)


    DHCP Request / Ack

    DHCP
    Relay

    DHCP Discover

    DHCP Offer (IP Address)

    DHCP proxy in
    routed
    environment
    over secure
    GRE Tunnel

    DHCP Request / Ack

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    SWx

    Inter-AP Mobility

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Seamless Inter-AP Mobility (via WLAN-GW)


    UE MAC relearning on different tunnel

    Wireless AP

    GRE tunnel #1
    UE Anchor point

    GRE tunnel #2
    VLAN 1

    Full Re-Authentication on Re-association can be avoided if


    PMK caching enabled on AP & UE or if WIFI AP/AC implements 802.11r or OKC

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    3G/4G Interworking

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    GTP TUNNEL TO THE PGW/GGSN


    Online
    Charging
    System

    DNS
    Offload SSID

    DIAMETER

    IMSI MCC/MNC
    & APN

    S2
    GRE/IPSec

    GTP

    UE
    Ga

    WAP

    PGW/GGSN

    WLAN GW

    CGF

    STa

    8950 AAA

    Mobile content

    MAP &
    DIAMETER

    WLAN gateway initiates GTP tunnel

    HLR
    HSS
    AuC

    - APN selection based on authorization data received over STa


    - IMSI (MCC/MNC) and APN resolution by DNS
    - IP encapsulation into GTP-based S2 interface to the home PGW/GGSN
    - Retail charging (online/offline) by home network, allowing seamless inbound roaming

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    EAP-SIM or EAP-AKA Authentication with RADIUS proxy: with


    sub-management + GTP (S2a/S2b) to PGW

    UE

    WAP

    PDG/WLAN-GW

    AAA Server

    HSS

    PGW

    802.1X
    Unauthorized State
    EAP: Request (ID)
    EAP: Response (ID)

    RADIUS: Access-Request (EAP ID, Calling-Station-ID=UE-MAC)

    Authenticate
    Request

    Authentication Vectors, UE profile


    EAP: Request (ID, Challenge)

    RADIUS: Access-Challenge (EAP ID, EAP Challenge)

    EAP: Response (ID, Challenge)

    RADIUS: Access-Request (EAP ID, Response, Calling-Station-ID=UE-MAC)

    EAP: Success (ID)

    RADIUS: Access-Accept (EAP ID, Success)

    802.1X
    Authorized State
    DHCP
    Relay
    DHCP Discover

    DHCP Offer (IP Address)


    DHCP Request / Ack

    Cache
    Authorized MAC
    + NAS-Port
    DHCP proxy in routed
    environment over
    secure GRE Tunnel
    DHCP Discover
    Create Session request (IMSI, APN,TEID, RAT Type, etc)

    DHCP Offer (IP Address)

    Create session response (IP address, DNS, Profile, etc)

    DHCP Request / Ack

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    SWx

    Mobility from WIFI to Macro network (LTE) IP@


    preservation

    UE

    WAP

    PDG/WLAN-GW

    MME

    HSS/AAA

    SGW

    PGW

    PCRF

    GTP Tunnel (S2b)


    UE detects 3GPP
    access & initiates
    Handover

    Attach
    Access Authentication

    S6a

    Access Authentication Response

    Create Session Req (IMSI, APN,TEID, RAT Type, Handover bit)


    Create Session Req (IMSI, APN,TEID, RAT Type, Handover bit)
    Create Session Resp(IP@)

    Create Session Response (existing IP@,DNS,profile etc)

    PCEF initiated
    IP CAN session
    modification procedure

    Radio and access bearer establishment

    Modify Bearer Req

    Modify Bearer Resp


    Radio and access bearer

    Modify Bearer Req


    Modify Bearer Resp

    GTP Tunnel (S5/S8)

    GTP tunnel for non-3GPP access delete

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Mobility from Macro network(LTE) to WIFI - IP@


    preservation

    UE

    WAP

    AAA

    PDG/WLAN-GW

    HSS

    802.1X
    Unauthorized State

    PGW

    PCRF

    SWx

    EAP: Request (ID)


    EAP: Response (ID)

    RADIUS: Access-Request (EAP ID, Calling-Station-ID=UE-MAC)

    Authenticate
    Request

    Authentication

    Authentication Vectors,
    UE profile

    EAP: Request (ID, Challenge)


    EAP: Response (ID, Challenge)

    RADIUS: Access-Challenge (EAP ID, EAP Challenge)


    RADIUS: Access-Request (EAP ID, Response, Calling-Station-ID=UE-MAC)
    RADIUS: Access-Accept (EAP ID, Success, GGSN/PGW address)

    EAP: Success (ID)


    Cache
    Authorized MAC
    + NAS-Port
    DHCP proxy in routed
    environment over
    secure GRE Tunnel
    DHCP Discover (option 50)
    Create Session request (IMSI, APN,TEID, RAT Type, Handover-bit etc)

    802.1X
    Authorized State

    DHCP Discover (option 50)

    DHCP

    DHCP Offer (IP Address)


    DHCP Request / Ack

    DHCP Offer (IP@)

    Create session response (existing IP@, DNS, Profile, etc)

    DHCP Request / Ack

    GTP Tunnel

    3GPP old EPS Bearer Release


    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    PCEF initiated
    IP CAN session
    modification
    procedure

    7750-SR based WLAN-GW

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    7750 SR based WLAN-GW


    Base functions
    Per AP Tunnel termination (soft-GRE or IPSEC)
    DHCP session management (on VLAN or Tunnel)
    IPv4/IPv6 address assignment,
    Per UE policing
    Per AP per ISP /MNO bandwidth control , fairness & SLA management

    7750 SR

    Accounting Online & Offline charging


    Lawful Intercept
    Seamless Inter-AP mobility
    CG-NAT

    MS-ISA

    L2 or L3 handoff to MNO/ISP

    GRE /IPSEC tunnel termination

    High Performance Routing and data offload

    WLAN Gateway with GTP instantiation


    GTP for GGSN/PGW anchoring
    Single IP address, mobility, in-bound roaming

    128K Tunnels/Chassis
    128K Subscribers/Chassis
    1M migrant users/chassis

    On-line charging/off-line charging : one-bill


    Enabler for in-bound roaming
    GTP <-> GRE QOS translation/mapping (DSCP based)
    IP @ preservation (WLAN <-> 3G/4G)
    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Access Network Discovery & Selection Function

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Access Network Discovery & Selection


    23.402, 24.312
    H-ANDSF

    S14

    HPLMN
    VPLMN

    3GPP / non3GPP IP Access

    S14

    V-ANDSF

    UE Location
    Policy [via Push/Pull]

    Single
    Radio

    ISMP
    Inter-System mobility allowed?
    Preferred access technology /
    access network Id
    Validity

    Discovery Info
    Access Network List &
    Info
    Validity

    Multi
    Radio

    ISRP
    Preferred access technology /
    access network Id IP flow
    [IFOM] / APN [MAPCON]
    Validity

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    ANDSF+

    Network
    Intelligence
    Abusive users, virus
    behavior, unwanted
    traffic

    Billing Domain
    Account status, credit
    status, recharging
    control

    Decision Engine
    Subscriber
    Preference

    UE
    Location,
    &measurement

    ISMP
    Discovery Information
    ISRP

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.


    ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION

    Potrebbero piacerti anche