Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Sanjay Wadhwa
Solution Elements
Tunneling
Authentication
Subscriber Management
Seamless mobility
3G/4G Interworking
Products & Solution Availability
46
3.7
Billion
129
APPLICATION
DOWNLOADS TO RISE
FROM 18.2b (2011) TO
41.7b (2015)
Wi-Fi
70% 1.3
million
350%
NUMBER OF GLOBAL PUBLIC
HOTSPOTS SET TO GROW FROM
1.3 MILLION (2011) TO 5.8
MILLION (2015)
AP
Enterprise
Wi-Fi
Wi-Fi
AP
WLAN
GW
HotSpot
7750 SR
AP
HomeSpot
Advantages
Reduce Churn
Good Coverage
AAA
8950 AAA
AP
Enterprise
Seamless
Mobility
Wi-Fi
WLAN
GW
HotSpot
7750 SR
AP
HomeSpot
AAA
8950 AAA
M(V)NO
HLR
(e)NB
UMTS/LTE
GTP Tunnel
Wi-Fi
AP
Advantages
Unlicensed Spectrum
Low Cost per Bit
Better Coverage
IP@ Mobility
8650 SDM
SGW/
PGW/GGSN
(e)NB
7750 SR
UMTS/LTE
Wi-Fi Retailer
portal
AP
Wi-Fi Retailer
Enterprise
Seamless
Mobility
Wi-Fi
WLAN
GW
HotSpot
7750 SR
AP
HomeSpot
8950 AAA
MNO
HLR
(e)NB
UMTS/LTE
Wi-Fi + MVNO
Retailer
8650 SDM
SGW/
PGW/GGSN
(e)NB
UMTS/LTE
AAA
GTP Tunnel
Wi-Fi
AP
MVNO Retailer
7750 SR
MVNO Retailer
Advantages
Unlicensed Spectrum
Better Coverage
IP@ Mobility
Broadband ISPs
not noticing
the Wi-Fi users
Mobile
network
operators
2.5G
3G
LTE
Wi-Fi
hotspot
Enterprise
Wi-Fi
Private
SSID
$10.00 per MB
$10,000.00 per GB !!!
Source : W eFi
BUT
No QoS guarantees
No strong security
No implicit trust in operator
No service bundling
No unified billing
COMPLICATED
AUTHENTICATION
MANY SSIDs
TO REMEMBER
No my content everywhere
No Wi-Fi cellular mobility
AAA
ONLINE
CHARGING
HSS/HLR
ENTERPRISE
PCRF / ANDSF
HOTSPOT
TWAG/WLAN-GW
INTERNET
RESIDENTIAL
PACKET CORE
PGW/GGSN
TWAG
PCRF
ANDSF
AAA
HSS/HLR
PGW
GGSN
CDN
CDN
7750 SR
(WLAN GW)
TM
WLAN AP
(Wi-Fi)
5780 DSC
(Wi-Fi Control Module)
GGSN/PGW
Inter-Provider
Roaming
3G/4G Interworking
WLAN-GW
WLAN-GW
HLR/HSS
AAA
AAA
2.5G
3G
LTE
Access/Backhaul
Captive
Portal
WIFI Mobility
MSO Mobile Broadband
Mobile Broadband
Inter Provider WIFI Roaming
3G/4G Interworking
Quad Play
Macro cellular offload
for partner MNO
HOTSPOT 2.0
Next Gen Hot Spot
Wi-Fi network selection and log-in carried out automatically by the device and the
network without the need for user intervention
Hotspot 2.0 addresses carrier Wi-Fis for easy network discovery, simple
authentication and robust security
IEEE 802.11u (Network discovery)
IEEE 802.11i (Encryption)
IEEE 802.11x (Authentication)
Type of Authentication
EAP types
GSM
SIM
EAP-SIM (RFC4186)
UMTS
USIM
X.509
User/PW
WL
AN
ePDG/PDIF
WLAN
AP
SWx
HSS
AAA
S2b: GTP
PGW
802.11i
HSS
AAA
Radius
WLAN
AP
Single tunnel / AP
PDG/WLAN GW
S2a: GTP
PGW
Standards Approach
issues:
IPSec/IKEv2 required on
UE
Battery drain effect on
UE and intensive CPU
processing.
IPSec overhead &
associated packet
fragmentation on WLAN
air interface
Poor user experience
with Latency associated
with tunnel
establishment for shortsessions (e.g. MMS
access)
Multiple tunnels one for
each service
Protected tunnel
L3 SOLUTION
Offload SSID
Offload SSID
IP TUNNEL
Bridge
L2 Wholesale
L3 Wholesale with overlapping IP@
GTP Roaming with overlapping IP@
Faster mobility triggering
Simple CPE
Network portal
Subscriber visibility in the network with
NAT
IP@ Sharing
No L2 Wholesale
No L3 Wholesale with overlapping IP@
No GTP Roaming with overlapping IP@
L3 mobility which is slower
Complex CPE
Portal on CPE/Network
No Subscriber visibility in the network with
NAT
No IP@ Sharing
Blue-Print Architecture
8950 AAA
GRE end-point
loopback address Soft GRE
Public SSID
DIAMETER
S2a
L2oGRE OR L2VPNoGRE
Access
AP/RG/CM
GTP
Mobile content
PGW/GGSN
IP
AN / CMTS
WLAN GW
L2VPN termination
(sub-Mgmt on tunnel)
Access Model
- Bridge in HGW/AP prevents user-to-user communication
- GRE tunnel per HGW/AP towards WLAN GW no network requirements
- No provisioning on CMTS/BNG - Automatic provisioning on WLAN GW
- Radius Client
WLAN GW
- Subscriber Management on GRE tunnel
- Portal authentication (via http-redirect)
- OR 802.1x/Radius EAP SIM/AKA authentication
- DHCP per UE
- Radius Proxy HWG/AP is client
COPYRIGHT 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT INTERNAL PROPRIETARY USE PURSUANT TO COMPANY INSTRUCTION
8950 AAA
Captive
Portal
MAP &
DIAMETER
HLR
HSS
AuC
2008
Winner
L2 & L3 wholesale
Per-Subscriber Security (anti-spoof , control plane protection)
Per-Subscriber, Per-application assurance, accounting,
monitoring
FP2 Silicon
50G (IOM3/IM)M or
100G layout (IMM)
Partner product
(e.g. Belair)
AP
AAA
portal
8950 AAA
Partner product
(e.g. Aptilo)
Access
DSL/PON
WiFi
eBNG/
WLAN GW
7750 SR
When the 7750 is used as BNG, the BNG functionality and WLAN GW functionality can be
supported on a single box, the eBNG
Partner product
(e.g. Belair)
AP
WiFi
AAA
portal
8950 AAA
Partner product
(e.g. Aptilo)
Access
CMTS
WLAN GW
7750 SR
DHCP
(Discover)
VLAN1 Eth
(AP mac)
RG/AP to receive GW
IP and PWE label (opt.)
via DHCP?
PWE
(lbl X)
GRE
IP
(CM IP)
IP SA: WAN IP
IP DA: WLAN GW IP
L2VPN termination:
(SubMgtOnTunnel)
IP
Access
CM/RG
AN/CMTS
WLAN GW
Authentication
UE
WAP
AAA
WLAN GW
Portal
DHCP Discover
Offload SSID
GRE/IPSec
Mobile content
UE
WAP
7750 SR
WLAN GW
MAP
8950 AAA
SIM/AKA
SIM/AKA
EAP
802.1x
802.11
EAP
EAP
802.1x
802.11
HLR
AuC
RADIUS
RADIUS
UDP
UDP
IP
IP
802.3
802.3
UE
WAP
PDG/WLAN-GW
AAA Server
HSS
802.1X
Unauthorized State
EAP: Request (ID)
EAP: Response (ID)
Authenticate
Request
Authentication Vectors, UE profile
802.1X
Authorized State
DHCP Discover
DHCP
Relay
DHCP Discover
DHCP proxy in
routed
environment
over secure
GRE Tunnel
SWx
Inter-AP Mobility
Wireless AP
GRE tunnel #1
UE Anchor point
GRE tunnel #2
VLAN 1
3G/4G Interworking
DNS
Offload SSID
DIAMETER
IMSI MCC/MNC
& APN
S2
GRE/IPSec
GTP
UE
Ga
WAP
PGW/GGSN
WLAN GW
CGF
STa
8950 AAA
Mobile content
MAP &
DIAMETER
HLR
HSS
AuC
UE
WAP
PDG/WLAN-GW
AAA Server
HSS
PGW
802.1X
Unauthorized State
EAP: Request (ID)
EAP: Response (ID)
Authenticate
Request
802.1X
Authorized State
DHCP
Relay
DHCP Discover
Cache
Authorized MAC
+ NAS-Port
DHCP proxy in routed
environment over
secure GRE Tunnel
DHCP Discover
Create Session request (IMSI, APN,TEID, RAT Type, etc)
SWx
UE
WAP
PDG/WLAN-GW
MME
HSS/AAA
SGW
PGW
PCRF
Attach
Access Authentication
S6a
PCEF initiated
IP CAN session
modification procedure
UE
WAP
AAA
PDG/WLAN-GW
HSS
802.1X
Unauthorized State
PGW
PCRF
SWx
Authenticate
Request
Authentication
Authentication Vectors,
UE profile
802.1X
Authorized State
DHCP
GTP Tunnel
PCEF initiated
IP CAN session
modification
procedure
7750 SR
MS-ISA
L2 or L3 handoff to MNO/ISP
128K Tunnels/Chassis
128K Subscribers/Chassis
1M migrant users/chassis
S14
HPLMN
VPLMN
S14
V-ANDSF
UE Location
Policy [via Push/Pull]
Single
Radio
ISMP
Inter-System mobility allowed?
Preferred access technology /
access network Id
Validity
Discovery Info
Access Network List &
Info
Validity
Multi
Radio
ISRP
Preferred access technology /
access network Id IP flow
[IFOM] / APN [MAPCON]
Validity
ANDSF+
Network
Intelligence
Abusive users, virus
behavior, unwanted
traffic
Billing Domain
Account status, credit
status, recharging
control
Decision Engine
Subscriber
Preference
UE
Location,
&measurement
ISMP
Discovery Information
ISRP