Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
lightRadio WI-FI
WLAN GATEWAY
EVOLUTION OF THE ALCATEL-LUCENT
7750 SERVICE ROUTER TO SUPPORT
WLAN GATEWAY FUNCTIONALITY
APPLICATION NOTE
TABLE OF CONTENTS
1. Leveraging Wi-Fi access technology / 1
6. Conclusion / 11
7. References / 11
8. Acronyms / 12
The Alcatel-Lucent lightRadio™ Wi-Fi® solution is a comprehensive solution for wireline
and wireless providers. Service providers, multiple service operators (MSOs), mobile
network operators (MNOs) and mobile virtual network operators (MVNOs) can leverage
both licensed spectrum with metro cells/small cells and unlicensed Wi-Fi spectrum to
expand their service footprints.
This paper describes the Alcatel-Lucent 7750 Service Router (SR) in its role as the
Alcatel-Lucent lightRadio Wi-Fi WLAN Gateway to leverage unlicensed Wi-Fi as an
access technology. The paper emphasizes the solution strategy, service deployment
scenarios and advanced Alcatel-Lucent 7750 SR capabilities that can further enrich
a Wi-Fi service offering.
The increasingly wide availability of Wi-Fi in the home, at work and in restaurants and
other public areas has provided an avenue for end users to gain access to the bandwidth
that they expect on their mobile devices. However, access to Wi-Fi hotspots frequently
requires users to identify the local network, authenticate to it, and in many cases pay
fees to access it. The resulting service may offer varying levels of bandwidth capability,
quality and signal strength. When the user moves to a new location, the whole process
needs to be repeated.
Alcatel-Lucent lightRadio Wi-Fi offers a comprehensive solution for wireline and wireless
providers to leverage Wi-Fi as an access technology, as shown in Figure 1. The Alcatel-Lucent
7750 SR is the WLAN Gateway (GW) or, to use Third Generation Partnership Project
[3GPP™] terminology, the Trusted Wireless Access Gateway (TWAG).
Enterprise
Residential
7750 SR
(SGW/PGW/GGSN)
9363 Metro Cell
Indoor MS
5620 SAM
The following sections describe the Alcatel-Lucent 7750 SR WLAN Gateway, emphasizing
the solution strategy, diverse deployment scenarios, and the advanced Alcatel-Lucent
7750 SR features that can further enrich a Wi-Fi service offering.
For Wi-Fi retail services, the subscriber context exists on the WLAN Gateway. The
WLAN Gateway can optionally coordinate with a mobile provider’s core infrastructure
by interconnecting with a PGW or a GGSN. In all cases, the goal is to provide a seamless
network experience independent of whether the user service is Wi-Fi only or combined
with a wireline or wireless service subscription. For the Wi-Fi service to provide seamless
mobility, mechanisms are required to allow for inter-AP mobility. If the Wi-Fi service
is also tied to a cellular data service, the user should be able to seamlessly move from
Wi-Fi to cellular data service.
The various Wi-Fi service deployment scenarios and the Wi-Fi service requirements
that allow for a superior Quality of Experience (QoE) are explored in more detail in
later sections of this paper.
The ePDG and WLAN Gateway act as aggregators and gateways for Wi-Fi traffic.
Figure 2. 3GPP thin and fat pipe Wi-Fi service models
IPsec (UE-ePDG)
Single tunnel per SSID/AP
802.11i
security
Protected tunnel
THIN PIPE MODEL WITH TUNNELS BETWEEN THE UE AND ePDG FAT PIPE MODEL WITH A TUNNEL BETWEEN THE AP AND THE WLAN GW
In this pipe model, a tunnel is established between WLAN APs and the WLAN Gateway,
with the AP responsible for placing the UE sessions into the tunnel. For thin APs that
use an Access Controller (AC) to control multiple APs in a WLAN zone, the fat pipe is
created between the AC and the WLAN Gateway. The fat pipe model imposes no new
requirements on the UE, so fat pipe tunneling can address the installed base of UEs.
There is an AP requirement to support whatever tunneling mechanism is used for
the fat pipe.
So far, this discussion has referred to generic APs and UEs. However, the AP can actually
reside within a managed home gateway (HGW), and the fat pipe is conceptually the same.
1
3GPP TS 23.402: Architecture enhancements for non-3GPP accesses. Release 11, paragraph 16, March 2012
VLAN 1
Trusted BRIDGE Bridged: VLAN segregating
Wi-Fi SSID trusted Wi-Fi traffic
• Simplified HGW
FIXED ACCESS VLAN 2 • Integrated FMC operator
NAPT IP
SERVICE
Private SSID
Private SSID
Private SSID
Within each of the main tunneling approaches, there are also several alternative
approaches to providing encapsulation and/or encryption.
The differences between the scenarios relate to the available methods and mechanisms
for authentication, IP address assignment, billing and anchoring of the UE.
From a technical perspective, the scenarios are presented from simplest model to most
complex. The QoE goals for Alcatel-Lucent lightRadio Wi-Fi go beyond the free Wi-Fi
model, in which users are forced to terminate all sessions and re-authenticate when on
the move. The Alcatel-Lucent 7750 SR WLAN Gateway supports mechanisms for moving
between APs and between Wi-Fi and cellular networks, making the user experience as
seamless as possible.
2
IEEE 802.1Q: Standard for Local and metropolitan area networks — Virtual Bridged Local Area Networks, May 19, 2006
3
IETF Layer 2-Aware NAT. draft-miles-behave-l2nat-00, March 4, 2009
802.11i
security
Protected tunnel
Retailer Layer 2 VPN
In the Layer 2 wholesale model, the WLAN Gateway provides a Layer 2 connection from
the AP back to the retailer. The WLAN Gateway can perform ingress and egress shaping
on the SSID based on the Service Level Agreement (SLA) with the retailer.
The WLAN Gateway is not involved with issues such as user authentication and IP
address assignment. These aspects are the responsibility of the retailer, and all UE
requests and traffic are passed back to the retail partner as simple Layer 2 traffic.
Inter-AP
mobility
AAA
WLAN AP
Shaping per SSID/AP
RETAILER WI-FI
With policing per UE SERVICE CORE
WLAN AP WLAN GW
Internet
802.11i
security
Protected tunnel
EAP authentication provides a greatly enhanced user experience because it allows for
seamless authentication of UEs based on unique device identifiers without the need for
user intervention.
4
IEEE 802.1X: Standard for local and metropolitan area networks —Port-Based Network Access Control, February 5, 2010
5
IEEE 802.1r: Standard for Information technology — Telecommunications and information exchange between systems — Local and metropolitan
area networks — Specific requirements. Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 2:
Fast Basic Service Set (BSS) Transition, July 15, 2008
Wi-Fi to
Cellular
Mobility
SWx
AAA HSS/HLR
STa
802.11i
security
Protected tunnel
Internet
Cellular – Wi-Fi intermobility retains many of the same characteristics of the previously
discussed deployment scenarios, but additional WLAN Gateway features allow communi-
cation and coordination with the MNO/MVNO mobile core infrastructure.
As with the retail Wi-Fi service scenario, portal-based and EAP authentication are supported
with EAP-based authentication, providing superior user QoE. For each UE in the service,
the WLAN Gateway creates a subscriber instance, so hierarchical policing of UE Wi-Fi
traffic is supported within the shaping per SSID in the AP.
6
3GPP TS 23.402: Architecture enhancements for non-3GPP accesses. Release 11, paragraph 16, March 2012
5. ADVANCED WLAN
GATEWAY FUNCTIONS
Beyond the basic connectivity model, many WLAN Gateway features are similar in
concept to the requirements for a BNG in a residential service context. The Alcatel-Lucent
7750 SR is an industry-leading BNG, and the WLAN Gateway features are newly incorpo-
rated into the Alcatel-Lucent Service Router Operating System (SR OS). The Alcatel-Lucent
7750 SR can simultaneously support a full range of IP service edge features, such as BNG,
along with the WLAN Gateway. Many of the advanced IP service edge features in the
Alcatel-Lucent 7750 SR have applicability to a WLAN Gateway. The following list high-
lights some advanced capabilities that the WLAN Gateway inherits from its Alcatel-Lucent
7750 SR and SR OS lineage:
• Dual-stack IPv4 and IPv6 — Support for IPv6 is becoming more common in both
provider networks and UE. The Alcatel-Lucent 7750 SR WLAN Gateway natively
supports IPv4 and IPv6 for both network infrastructure and high-scale subscriber
support.
• Lawful Intercept — The WLAN Gateway inherits the Alcatel-Lucent 7750 SR
infrastructure used to support Lawful Intercept at high scale and high bandwidth
for BNG subscribers.
• Carrier-grade NAT — The WLAN Gateway has integrated carrier-grade NAT that
supports NAT44, NAT64 and Layer 2-aware NAT, allowing for easy use of private
network addresses.
• Accounting and credit control — The Alcatel-Lucent 7750 SR supports a variety of
methods for subscriber accounting, including XML-based accounting files and RADIUS
accounting. For pre-paid service support, the Alcatel-Lucent 7750 SR supports RADIUS
and Diameter credit control.
• IPsec tunnel termination and public key infrastructure (PKI) — Deployed in leading
mobile networks as a high-scale and high-bandwidth 3GPP Security Gateway (SeGW),
the WLAN Gateway can leverage base IPsec features to secure AP fat pipe tunnels for
untrusted aggregation networks.
• Application Assurance (AA) — AA on the WLAN Gateway extends the service depth
and functionality of the Alcatel-Lucent 7750 SR by enabling visibility and intelligent
control for IP applications. Support for extensive per-application, per-subscriber,
or per-VPN Layer 2 and Layer 3 service policies provides application reporting and
traffic management capabilities. AA enables enhanced and personalized QoS-managed
application performance in highly differentiated consumer, business, and mobile
service offerings with industry-leading scale.
When Alcatel-Lucent needed a WLAN Gateway for the lightRadio Wi-Fi solution architecture,
evolving the Alcatel-Lucent 7750 SR was a natural choice. The Alcatel-Lucent 7750 SR
is a modern service edge router with the industry’s most advanced network processor
technology. Moreover, the Alcatel-Lucent 7750 SR has a proven record of success in
large-scale deployment scenarios with requirements similar to WLAN Gateway require-
ments — in particular, as a BNG that supports both IPv4 and IPv6 and within the mobile
core as a GGSN/PGW.
Using the Alcatel-Lucent 7750 SR as a WLAN Gateway, wireline and wireless providers
can leverage other advanced and proven features — for example, Lawful Intercept,
carrier-grade NAT, IPsec, and AA — when creating Wi-Fi service offerings with the
Alcatel-Lucent lightRadio Wi-Fi solution.
7. REFERENCES
1. 3GPP TS 23.402: Architecture enhancements for non-3GPP accesses. Release 11.
March 2012.
http://www.3gpp.org/ftp/Specs/html-info/23402.htm
2. IEEE 802.1Q: Standard for Local and metropolitan area networks — Virtual Bridged
Local Area Networks. May 19, 2006.
http://standards.ieee.org/getieee802/download/802.1Q-2005.pdf
3. IEEE 802.1r: Standard for Information technology — Telecommunications and
information exchange between systems — Local and metropolitan area networks —
Specific requirements. Part 11: Wireless LAN Medium Access Control (MAC)
and Physical Layer (PHY) Specifications Amendment 2: Fast Basic Service Set
(BSS) Transition. July 15, 2008.
4. IEEE 802.1X: Standard for local and metropolitan area networks — Port-Based
Network Access Control. February 5, 2010.
http://standards.ieee.org/getieee802/download/802.1X-2010.pdf
5. IEEE 802.11 (WPA2): Wireless Local Area Networks.
http://standards.ieee.org/getieee802/download/802.11i-2004.pdf
6. IETF Layer 2-Aware NAT. draft-miles-behave-l2nat-00. March 4, 2009.
http://tools.ietf.org/html/draft-miles-behave-l2nat-00
www.alcatel-lucent.com Alcatel, Lucent, Alcatel-Lucent, the Alcatel-Lucent logo and lightRadio are trademarks
of Alcatel-Lucent. All other trademarks are the property of their respective owners. The information presented
is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein.
Copyright © 2012 Alcatel-Lucent. All rights reserved. M2012011887 (February)