SP WiFi: Deploying Access for 3G and 4G              Mobile Networks              Cisco Plus CanadaBRKSPM-2200           ©...
Session AgendaOutline and Key Takeaways Why SP Wifi? What are the Requirements? Components of an End-to-End Solution M...
Why SP Wifi?
SP WiFi: Addressing Service Provider Challenges                                                                   Growth i...
Double pressure on SP economicsIllustrative Results for large European Mobile Operator                                    ...
Doing nothing is not an optionIllustrative Results for a Large European Operator        Cash Flow From Operations         ...
Drivers For Change: Scaling SupplyDelivering 26 fold increase in Supply Service usage growing unchecked Macrocell capaci...
Why Small Cells?Drivers for Deploying Service Provider WiFi                                                               ...
What are the Requirements?
SP WiFi Vision: End user perspectiveCellular Mobility Experience on Wi-Fi                     Cellular                    ...
SP WiFi Vision: Cisco Perspective   WiFi Service RequirementsUbiquitous Access               Common                       ...
SP WiFiOne Access Technology, Many Deployment Models                                                          No SP involv...
SP WiFiKey Requirements                                                Manageability, Network Reliability and Availability...
Components of an End-to-End Solution
SP WiFi Functional Architecture                                                     WLC                                   ...
End-to-End SP WiFi Integration with Roaming   Enhanced WiFi Access Gateway (EWAG)                                         ...
Core SP WiFi functional componentsKey Considerations in SP WiFi Network Design  Authentication               Address      ...
Address Allocation & ManagementConsiderations When to assign?   ‒ Before authentication for Web-auth users   ‒ Post authe...
Address Allocation & Management   The Challenge                                                                           ...
Address Allocation & ManagementSeparating Roaming Partner Traffic - Single SSID or Multiple SSID?               Subscriber...
Address Allocation and ManagementKey Issues in Roaming Scenarios Roaming Partners are independent administrative domains ...
IP Host Configuration for WiFi AccessUE/Host Configuration Models UEs Require IP Host Configuration; Link model is differ...
IP Host Configuration for WiFi AccessSolutions to Consider1. New Information Element (IE) defined to provide the host conf...
Subscriber Session ManagementInitiation and Termination Session creation (First Sign of Life - FSOL)  ‒ DHCP initiated (L...
Session ManagementService considerations Service Differentiation                                                        ...
Cisco Tools for Session ManagementASR5000 IP Services Gateway (IPSG) Two options for session management                  ...
Cisco Tools for Session ManagementIntelligent Services Gateway on ASR1000                                 Subscriber Polic...
Subscriber Dynamic Sessions                                                                                               ...
Dynamic Session Initiation                                                                                                ...
Authentication OptionsTwo main authentication models EAP/802.1x – WLC or AP Authenticator / ISG - Authorization  ‒ AAA is...
ISG Services for Session Management                                                                                       ...
Defining Services                                                                                                         ...
How Services Are Activated on a Session?                                                                                  ...
Location based servicesSimple VLAN based                    Library                                                       ...
Mobility ManagementEssentials for Mobility Common anchor point for all access technologies A common subscriber identifie...
Mobility ManagementPMIPv6 - Hierarchical mobility                                                                      Sub...
Mobility ManagementDomain Mobility with PMIPv6                                                                            ...
Mobility ManagementDomain Mobility with PMIPv6 cont’d PMIPv6 Entities:  ‒ Local Mobility Anchor (LMA):     topological an...
Local Mobility ManagementIntra Controller roaming Intra-Controller roam happens  when an AP moves  association between AP...
Local Mobility ManagementInter Controller Layer 2 roaming   L2 Inter-Controller roam    happens when an AP    moves assoc...
Local Mobility ManagementInter Controller Layer 3 symmetric roaming   Foreign controllers will    send Layer 3 roaming   ...
Mobile Packet Core Integration
Integrating WiFi into Mobile Packet Core Clientless and Client-based Options Summary                                      ...
Integrating WiFi into Mobile Packet CoreClient-based iWLAN                                                              TT...
Integrating WiFi into Mobile Packet CoreClientless EWAG                                                                   ...
Enhanced WiFi Access GatewayCommon Subscriber Management and Routing Functions Subscriber and Service Aware Aggregation F...
Key EWAG Functions for 4G IntegrationPMIPv6 Packet Core Interface:  ‒ PMIPv6 over S2a is standardized method of integrati...
Key EWAG Functions for 3G IntegrationGTP-based 3G Integration Packet Core Interface:  ‒ GTP over Gn’ Interface as per TS ...
SP WiFi Roaming Architecture Enabling Roaming and Wholesale Service with EWAG                                             ...
Policy and Charging                      50
PCRF Integration Architecture – Mobile Packet CoreInterfaces and Functions                                                ...
AAA Integration Architecture – WiFi Core NetworkInterfaces and Functions         OSS/BSS                                  ...
AAA and MPC InterworkingInterfaces and Functions                                                                          ...
Call flows for typical deployments
PMIPv6 with EAP-SIM Based Authentication   Call Flows (1/2)                           EWAGDevice                AP+WLC    ...
PMIPv6 with EAP-SIM Based Authentication          Call Flow 2/2                                          EWAGDevice       ...
Case Study:Super Bowl XLVI
Case Study This case study was presented at the event only Please contact your Cisco SE for details if needed       BRKS...
Summary & Takeways
Summary SP WiFi access is a business reality today for MNOs and Hotspot providers alike Mobile Packet Core integration i...
Presentation_ID   © 2012 Cisco and/or its affiliates. All rights reserved.   Cisco Public
ISG Subscriber Session                                                                                                    ...
Deploying Access for 3G and 4G Mobile Networks
Deploying Access for 3G and 4G Mobile Networks
Deploying Access for 3G and 4G Mobile Networks
Deploying Access for 3G and 4G Mobile Networks
Deploying Access for 3G and 4G Mobile Networks
Deploying Access for 3G and 4G Mobile Networks
Deploying Access for 3G and 4G Mobile Networks
Deploying Access for 3G and 4G Mobile Networks
Deploying Access for 3G and 4G Mobile Networks
Deploying Access for 3G and 4G Mobile Networks
Upcoming SlideShare
Loading in...5
×

Deploying Access for 3G and 4G Mobile Networks

3,598

Published on

This presentation will discuss SP Wifi requirements, components of an end-to-end solution, mobile packet core integration, call flows for typical deployments

Published in: Technology, Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,598
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
214
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Deploying Access for 3G and 4G Mobile Networks

  1. 1. SP WiFi: Deploying Access for 3G and 4G Mobile Networks Cisco Plus CanadaBRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 1
  2. 2. Session AgendaOutline and Key Takeaways Why SP Wifi? What are the Requirements? Components of an End-to-End Solution Mobile Packet Core Integration Call flows for typical deployments Case Study Summary and Key Takeaways BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
  3. 3. Why SP Wifi?
  4. 4. SP WiFi: Addressing Service Provider Challenges Growth in Mobile Data: 26x over 5 years 180% increase in Lack of spectrum and signalling traffic due to inability to rapidly• Easy Connectivity smartphones increase # cell sites• Seamless • Deployment Authentication Complexity• Session continuity • Consistent user• Application Economics of indoor experience offload and small cell transparency systems A shift from outdoor consumption to indoor WiFi already used to support >30% of US smartphone usage BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  5. 5. Double pressure on SP economicsIllustrative Results for large European Mobile Operator Network implications of exponential data traffic growth Decline in voice revenues and difficulty in monetizing data traffic Source: IBSG Research & Economics Practice, 2011 BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  6. 6. Doing nothing is not an optionIllustrative Results for a Large European Operator Cash Flow From Operations Financial Metrics Source: IBSG Research & Economics Practice, 2011 BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  7. 7. Drivers For Change: Scaling SupplyDelivering 26 fold increase in Supply Service usage growing unchecked Macrocell capacity growth cannot 26x Growth keep up with demand Macrocell 1000 Capacity Licensed spectrum availability not growing to meet demand 100 Average Macrocell Efficiency Growth Smaller Cells are needed to scale Spectrum 10 supply efficiently & economically Source: Agilent Licensed and Unlicensed Spectrum 1 1990 1995 2000 2005 2010 2015 will need to be exploited BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  8. 8. Why Small Cells?Drivers for Deploying Service Provider WiFi Spectrum (5MHz vs 10,20 MHz) Multiple carriers Meet Subscriber Demand ‒ Increased coverage and service ubiquity ‒ Higher Speed enabling richer applications Footprint Efficiency (#cells/m ) (Bits/Hz, backhaul High Volume Low Cost Technology Small Cells BW) 3G to HSPA to LTE ‒ SP WiFi is to Mobile (3G/4G) as Carrier Ethernet is to Wired (SDH/PDH) Macro Licensed Spectrum Availability ‒ Not growing to meet demand Hierarchical Network Approach ‒ Macro cells & small cells Consumer Business Community BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
  9. 9. What are the Requirements?
  10. 10. SP WiFi Vision: End user perspectiveCellular Mobility Experience on Wi-Fi Cellular Wi-Fi Example: GSM Phone Example: iPhone Turn on phone and get secure cellular connectivity Turn on phone and get secure Wi-Fi connectivity • Roaming anywhere – no logins or passwords • Automatic Network Selection • Access anywhere with my profile & services BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  11. 11. SP WiFi Vision: Cisco Perspective WiFi Service RequirementsUbiquitous Access Common Seamless Unified Authentication Services Control• Automatic service • SIM credentials • Monetization • Traffic path selection advertisement • Non-SIM credentials opportunities • Billing• Automatic network • Single AAA • QoS • Consistent services selection infrastructure • Session persistence • Quota mgmt• Roaming• Inter-access mobility • Wholesale/Roaming • “One Subscriber” Carrier Class Solution for MNOs, MSOs and Hotspot Providers BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  12. 12. SP WiFiOne Access Technology, Many Deployment Models No SP involvement. User driven offload via Uncontrolled unmanaged device. Home/Soho Dual SSID SP provides dual SSID home device. (Community) Private and public (community) SSID SP installed and managed hot spots in Malls, Hot Spot / Hot Zone restaurants, Hotels,… SP installed and managed hot spots in high density High Density Wireless user areas (stadiums,..) SP install and manages outdoor Wi-Fi for large Metro / Mesh dense urban areas coverage 1001110100100100010 Enterprise Guest Access Enterprise Guest Access managed by SP BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  13. 13. SP WiFiKey Requirements Manageability, Network Reliability and Availability Carrier Grade 100s of thousands of APs ; Millions (residential); Millions of Clients Radio differentiation, Link Budgets, Beamforming, MIMO Radio Performance Interference Management, Radio Resource Management Seamless authentication and Fast Roaming/Handoff Mobility Wi-Fi to Wi-Fi (inter and intra-vendor), 3G/4G to Wi-Fi Seamless roaming (with little or no user intervention) Roaming Support home and “visited” network scenarios Critical to support Multi-vendor solution Standards Compliant 3GPP compliance important to MNOs1001110100100100010 Common Billing, Policy and Subscriber Management Integration Leverage MPC/EPC for Wi-Fi network Parental Control / Lawful Intercept / Local Breakout BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  14. 14. Components of an End-to-End Solution
  15. 15. SP WiFi Functional Architecture WLC Transparent aggregation IPSG L3 Policy Enforcement AP/ PMIPv6 MAG Subscriber LMA L3 PMIPv6AP= Access Point APMAG=Mobility Access Gateway MAGWLC= Wireless LAN controller GTP Policy EnforcementLMA= Local Mobility Anchor LMAGTP= GPRS Tunneling Protocol WLC/ SubscriberIPSG= IP Services Gateway APEWAG= Enhanced Wireless Access MAG GTP P-GW Gateway L2 GTP Or GGSN L3PMIP= Proxy Mobile IP (v6) 802.1QUE= User Entity (mobile terminal) AP IPSe L3 L3 c 802.1Q AP WLC EWAG IPSec Intelligent Internet UE aggregation Access Aggregation Core BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  16. 16. End-to-End SP WiFi Integration with Roaming Enhanced WiFi Access Gateway (EWAG) MNO Visited Network MNO Home Network Policy Policy HLR OCS PCRF CGF DHCP AAA PortalKey Capabilities: AP GGSN Gy Gx Ga MPC Integration WLC P-GW AP Inter-access Mobility Policy Enforcement LMA PMIP 4G Core MAG Roaming LMA Subscriber Policy Enforcement S2a Wholesale L3 Subscriber AP GTP Aggregation Subscriber-aware L2 GTP GTP Switch AZR 3G Core Gn’ Local Breakout IPSec L3 Flexible Access AP Models AP/CPE Flexible Tunnel (L2TP/PMIPv6/IPsec) Enhanced Internet Authentication WiFi Access LAC/MAG/IPsec Initiator LNS/LMA/IPsec Concentrator Gateway BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  17. 17. Core SP WiFi functional componentsKey Considerations in SP WiFi Network Design Authentication Address Session Transport Redundancy Authorization Allocation Management Backhaul Load balancing AAA / RADIUS Before / After ISG Keep alive CAPWAP HSRP/ GLBP DIAMETER At LMA Idle Timeout Fragmentation 1:1 Redundancy HLR / HSS External DHCP Quota enforcement PMIPv6 (MAG/ LMA) N:1 RedundancyIntegration / Roaming IPv4 / IPv6 Policy enforcement L2TP (AZR) / GTP ACE based Authentication point Pool depletion Session differentiation Autonomous AP Single SSID EAP / Web Auth Location based Session Initiation MPC integration Multiple SSID Accounting Web Portals Mobility Network Subscriber Billing & Policy When to redirect WiFi only mobility Management Management Start and Stop L4 / HTTP 302 Security Records (CDR) Hierarchical mobility Zero touch rollout Provisioning Who redirects Pre-paid / Quotas Who sends them WiFi / Macro Legal Intercept Redirection Portals WiFi only users Integration with Max mobility coverage Parental Control Web Authentication Transparent logon Existing billing Roaming agreements Analytics / planning Self service Portals Service profiles Gx / Gy / Gz Mobility events Asset tracking Whitelisting Self service portals Policy definitions Anchors / tracking Rogue AP’s Location based BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  18. 18. Address Allocation & ManagementConsiderations When to assign? ‒ Before authentication for Web-auth users ‒ Post authentication for EAP / 802.1x Where in the network? ‒ In the access network (eg. EWAG) or in the core (eg. ISG / IPSG Subscriber Service Managers) What to assign? ‒ Location based address assignment with option 82 Subnet size? ‒ Oversubscription ratio ‒ Lease time ‒ Broadcast domain size Overlapping IP address from different administrative domains BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  19. 19. Address Allocation & Management The Challenge Independent Administrative Retailer AP Domains Providers DHCP WLC WLC Address AP DHCP Pool Address Roaming Pool Partner #1 Core APUEs may Aggregation DHCPbe Switch Address L3 Roamingallocated Partner #2 Poolsame IP Coreaddress EWAG AP DHCP Optional NAT Home Address Network Pool Provider Wholesale Provider Challenge: How to Manage UE address Overlap and Routing in Roaming Scenarios BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
  20. 20. Address Allocation & ManagementSeparating Roaming Partner Traffic - Single SSID or Multiple SSID? Subscriber Transport Models in Access Network DHCP Access Network Policy AP DHCP AAA Portal MNO Home Network AP Policy AP HLR OCS PCRF CGF WLC WLC AP Single SSID Single VLAN or QinQ Roaming Partner #1 Core AP AP EWAG L2 Switch AZR Multiple AZR SSID Roaming L3 Partner #2 Single VLAN or QinQ Core Single VLAN or QinQ AP Single VLAN or QinQ AP Optional AP/CPE NAT Tunnel (L2TP/PMIPv6/IPsec) Home Subs from Network different Provider MNOs EWAG= Enhanced Wireless Access Gateway BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
  21. 21. Address Allocation and ManagementKey Issues in Roaming Scenarios Roaming Partners are independent administrative domains ‒ Address pool allocation and overlap will be difficult to coordinate Access network design should handle UE address overlapOptions: VRF separation on interfaces to roaming partners Access network allocates UE IP address with NAT to Home MNO address ‒ Clean solution, but leads to address pool fragmentation in PMIPv6 architectures Augmented L2 switching at WiFi gateway ‒ Use combination of MAC address and GRE-Key or GTP TEID for switching and ARP resolution BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
  22. 22. IP Host Configuration for WiFi AccessUE/Host Configuration Models UEs Require IP Host Configuration; Link model is different for WiFi and UMTS/LTE UMTS model allocated a /32 host address directly to the UE and software stack is built to suit this model WiFi model is standard IP subnet model: Host Address & Mask plus DNS server address LTE with PMIPv6 supports the IP subnet model (PBU along with PCO option) WiFi core network supports the IP subnet model (DHCP/ARP control) UMTS core integration has challenges: ‒ Obtaining subnet mask and default gateway address ‒ Obtaining DNS and DHCP server addresses BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
  23. 23. IP Host Configuration for WiFi AccessSolutions to Consider1. New Information Element (IE) defined to provide the host configuration ‒ Currently applicable only to GTPv2 ‒ TSG Core Network Working Group 4 working on this ‒ Standardization for GTPv1 and then implementation will take time2. Per-APN static configuration ‒ Pragmatic short-term option, but lacks flexibility3. Dynamic Subnet Extraction ‒ EWAG could create a subnet from the allocated IP address (eg. bit 32 flip) ‒ Use GTP Protocol Configuration Options IE for DNS address; Locally configured DHCP server address4. Proprietary IEs BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
  24. 24. Subscriber Session ManagementInitiation and Termination Session creation (First Sign of Life - FSOL) ‒ DHCP initiated (L2 connected) ‒ Unclassified MAC (L2 Connected) ‒ Unclassified IP (L3 routed) ‒ Radius proxy (L3 routed) ‒ RADIUS accounting start (L3 Routed) Session termination options ‒ Idle timeouts? Keep alives? ‒ DHCP lease expiry ‒ Authentication timeout BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
  25. 25. Session ManagementService considerations Service Differentiation  Dynamic service updates ‒ Gold / Silver / Bronze / policy ‒ Policy push enforcement  Service Control and Policy ‒ Parental control / DPI ‒ DPI Quota enforcement  Targeted Push Advertising ‒ Usage based / Time based ‒ Intelligent, Location-aware Location based services  Branding Free services ‒ Open garden ‒ Whitelisting BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
  26. 26. Cisco Tools for Session ManagementASR5000 IP Services Gateway (IPSG) Two options for session management  What is IPSG? on ASR5000:  Standalone or integrated tool for inline Manage WiFi session as mobile session management: session from another RAT Type ‒ DPI, Peer-to-peer control ‒ Gateway does bearer and session ‒ Firewall, NAT management ‒ PCEF functionality for Policy (Gx) and ‒ Leverage charging, billing and inline Charging (Gy) services capabilities  Radius based session creation Manage WiFi session using IPSG ‒ No Diameter/GTP initiators ‒ Gateway does bearer and session management  Sits at edge of packet core between Gi/SGi reference point and Internet ‒ IPSG does subscriber and session inline services ‒ Northbound of GGSN or PGW BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
  27. 27. Cisco Tools for Session ManagementIntelligent Services Gateway on ASR1000 Subscriber Policy Layer Web Cisco Intelligent Services Gateway (ISG) Cisco IOS feature thatAAA Server Policy Server DHCP Server … Portal provides Session Management and Policy Management services to a variety of access networks Addresses IP and PPP protocol sessions over Ethernet used in Open SP WiFi while maintaining all subscriber management functions Northbound Interfaces Is the subscriber management solution for many Cisco hotpsot and SP-WiFi deployments today Subscriber Identity Policy Management Is an integral component of EWAG – Enhanced Wireless Gateway Management ISG and Enforcement on ASR1000 Deployed at the Internet Edge (Standalone) or in Aggregation (EWAG) So focal, that the entire device is often referred as an: ISG Intelligent Services Gateway router or simply “The ISG” BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  28. 28. Subscriber Dynamic Sessions ISG SessionIP-Type Sessions are Most Prevalent in SP WiFi IP Session: Layer2 Connected • All traffic associated with the Access Point Distribution session is IP traffic Eth • Clients are L2 connected Ethernet • Service Manager is L3 Edge and default router • Access may run PMIPv6 for mobility IP Session: Routed Connection • All traffic associated with the Access Point session is IP traffic IP • Clients are L3 connected (UE IP Any access / distribution technology must be routable in Access domain!) • Session Manager may be more than one hop away from Client BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  29. 29. Dynamic Session Initiation ISG SessionISG sessions are initiated at the First Sign of Life (FSOL) IP Sessions - FSOL FSOL depends on the Session Type. There are options ..... Unclassified MAC or IP  IP packet with unknown MAC or IP source address Data Traffic Use MAC for L2-connected IP sessions Use IP for routed IP sessions DHCP  DHCP Discover message DHCP discover ISG must be DHCP Relay or Server RADIUS RADIUS  RADIUS Access/Accounting Start Access Request OR Accounting Start ISG must be a Radius Proxy for Account Start/Stop Typically used in PWLAN and WiMAX environments Wireless Client AP BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  30. 30. Authentication OptionsTwo main authentication models EAP/802.1x – WLC or AP Authenticator / ISG - Authorization ‒ AAA is the authentication server ‒ Seamless authentication but requires client config. (certificates, username/pwd, etc) ‒ EAP-SIM/AKA helps if proper supplicant SW available on terminal device Weblogin – Portal-based Authentication and Authorization ‒ Open SSID ‒ Requires no client configuration, completely Web-based ‒ Subsequent Logins are transparent/automatic using device MAC address ‒ Vulnerable to MAC Spoofing BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
  31. 31. ISG Services for Session Management ISG services Service: A collection of features that are applicable on a subscriber session Service = {feat.1, feat.2,...,feat.n} Portbundle (PBHK) Session Keepalives: ICMP and ARP based Administration Timeouts: Idle, Absolute QoS: Policing, MQC Features Traffic Conditioning Security: Per User ACLs Subscriber Address Assignment Control Traffic Forwarding Redirection: Initial, Permanent, Periodic Control VRF assignment: Initial, Transfer Associated to Primary Services GTP or PMIP tunnel assignment1. PostPaid Prepaid: Time/Volume based Traffic Accounting Tariff Switching Interim Broadcast Primary Service: Contains one “traffic forwarding” feature and optionally other features; only one primary service can be active on a session 1. New feature with EWAG – Q4-2012 BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  32. 32. Defining Services ISG services Location Download 1  Premium HSI service should be AAA Server activated on the session 2 RADIUS Access-request  Services defined in Service Profiles Username: Premium_HSI  No definition yet available Password: <service pwd>  Standard and Vendor Specific RADIUS attributes used  On demand download on a need basis  Service Activated on session 3 RADIUS Access-accept  Service Stored in local cache while in use by at least Features associated w/ service 1 sessions 4 • Definition of all existing Services typically pre- Policy Manager downloaded on Box (supporting the SGI Interface) 1 SGI Request  Services defined in XML Premium, Standard, Basic HSI service definitions 3  Pre-download of all existing services  Services permanently stored in local database 2 SGI Response ISG  Services pre-configured using CLI  Services permanently stored in local  Services defined on Service Policies: policy-map type database service <name> BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  33. 33. How Services Are Activated on a Session? ISG services During Subscriber Via an External Policy Via the On-Box Policy Manager Authentication/ Authorization Manager/Web Portal from external PM Administrator Subscriber Policy Layer Subscriber Policy Layer DHCP Web Portal / AAA DHCP Web Portal / AAA events Control Policy actions plane plane Server Policy Server Server Server Policy Server Server from RADIUS data RADIUS CoA or plane Acc-req SGI RADIUS Acc-accept Request plane DataSubscriber Subscriber Subscriber is successfully authenticated  Service Activation request sent by External  Policy Plane determines what actions to take on Policy Managers via a RADIUS CoA or a SGI session based on events RADIUS Response includes Services and Request message Features to activate on Session (from  actions *include* applying a service UserProfile)  Control Plane ensures actions are taken – i.e. provisions the data plane  Data Plane enforces traffic conditioning policies to the session BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  34. 34. Location based servicesSimple VLAN based Library VLAN 10 Web Portal VLAN 20 (Library) WLC ISG SSID:XYZ VLAN 30 Web Portal VLAN 40 (Stadium) Same SSID from different Separate policies on VLAN’s AP groups mapped to Redirect traffic to different Stadium separate VLAN groups Portals. AP-Groups VLAN-Groups Portals (500 max) (512 max) BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
  35. 35. Mobility ManagementEssentials for Mobility Common anchor point for all access technologies A common subscriber identifier across all access technologies ‒ Eg. MAC address, MSISDN…. key for inter-access mobility Address allocated from a common DHCP pool A common authentication scheme Common session identifier ‒ For common billing and subscriber service across WiFi/3G/4G Ability to track subscriber BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
  36. 36. Mobility ManagementPMIPv6 - Hierarchical mobility Subscriber authentication Tracking 1 Common IP pool Common Anchor WLC Same Subscriber ID 2 MAG Local Same Session ID WiFi Mobility Mobility 3 PGW / LMA 4 WLC Internet Domain IPv6 Mobility 5 6 WLC Local MAG Mobility 7 Location Mobility 8 WLC 802.11(x) CAPWAP L2 PMIPv6 BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
  37. 37. Mobility ManagementDomain Mobility with PMIPv6 PMIP Signalling: Proxy Binding Update (PBU) LMA-Local Mobility Host-based Mobility: Mobile IP - MIPv4, Proxy Binding Acknowledge (PBA) Anchor MIPv6 ‒ Requires client implementation of Mobile IP stacks; client signalling needed ‒ Drawback: requires client support (ubiquity?) MAG-Mobility Network-based Mobility: Proxy Mobile IP – Access Signalling: Access Gateway PMIPv6 (RFC-5213) DHCP, IPv6 Router Solicitation ‒ Only network entities participate in mobility related signaling on behalf of clients ‒ Advantage: transparent to UE; no client required BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
  38. 38. Mobility ManagementDomain Mobility with PMIPv6 cont’d PMIPv6 Entities: ‒ Local Mobility Anchor (LMA): topological anchor point for UE; assigns and manages UE address and access network location Switches UE downstream/upstream data to appropriate MAG via PMIP tunnelling (GRE-based encapsulation) ‒ Mobility Access Gateway (MAG): manages mobility signalling for the UE; tracks UE location subnet-to-subnet; Switches downstream/upstream UE data between correct access subnet and PMIP tunnel to LMA notifies LMA of location changes for MAG handoff BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
  39. 39. Local Mobility ManagementIntra Controller roaming Intra-Controller roam happens when an AP moves association between APs joined to the same controller Client must be re- authenticated and new security session established Controller updates client database entry with new AP and appropriate security context No IP address refresh needed BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
  40. 40. Local Mobility ManagementInter Controller Layer 2 roaming  L2 Inter-Controller roam happens when an AP moves association between APs joined to the different controllers but client traffic bridged onto the same subnet  Client must be re- authenticated and new security session established  Client database entry moved to new controller  No IP address refresh needed BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
  41. 41. Local Mobility ManagementInter Controller Layer 3 symmetric roaming  Foreign controllers will send Layer 3 roaming client’s packet back to its anchor controller through EtherIP tunneling  Source IP address of the packet will be the foreign controller’s management IP address  Upstream routers that have Reverse Path Forwarding (RPF) will forward on packets  No IP address refresh needed BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
  42. 42. Mobile Packet Core Integration
  43. 43. Integrating WiFi into Mobile Packet Core Clientless and Client-based Options Summary Converged, WLAN AAA 3GPP Policy, Charging and AAA Billing Systems Devices Trusted Wi-Fi IP Core Un Tunneled User Data (IP) IPSG or Clientless – IPSG ISG or ISG (IP)EWAG Clientless Per User PMIPv6 or GTP Tunnel EWAG (PMIPv6) EWAG P-GW Clientless Un Tunneled User Data (IP) GGSN eWAG (GTPv1) EWAG Clientless Per User PMIPv6 Tunnel 3GPP2 HSGW Per User GTP Tunnel Clientless Per User GTP Tunnel 3GPP SGSN 3G Cellular Secure Client Per User IPSec Tunnel GTP (Gn) based iWLAN TTG Untrusted Wi-Fi Mobile Packet Core BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  44. 44. Integrating WiFi into Mobile Packet CoreClient-based iWLAN TTG MNO Network Policy “Tunnel Termination AAA HLR OCS PCRF CGF Gateway” Wx IPSec/IKEv2 Gy Gx Ga GTP 3G Core Gn’  Client based integration – iWLAN Internet • Defined in 3GPP 23.234 4G Core • WiFi infrastructure can be trusted or untrusted • No dependencies on WiFi infrastructure other then IPSec needs to get through any firewalls • TTG to terminate IPSec tunnel required in MPC • Existing MPC infrastructure reused – PCRF, OCS, Billing, LI • TTG only interfaces to AAA and GGSN – no other MPC integration is needed • Seamless mobility via Home Agent based on Client Mobile IP or PMIP from GGSN • Device IPSec client needed BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  45. 45. Integrating WiFi into Mobile Packet CoreClientless EWAG MNO Network Policy EWAG AAA HLR OCS PCRF CGF “Enhanced Wireless Wx Access Gateway” Gy Gx Ga 3G: GTP over Gn’ 4G: PMIPv6 over s2a 3G Core  Enhanced Wireless Access Gateway – EWAG Internet 4G Core ‒ Clientless Wifi Integration into the mobile packet core P-GW or GGSN ‒ A mediation device between WiFi access and 3GPP Core ‒ Clean partition of RAT types ‒ Interworking between IP-based Access Network and Mobile Core control planes ‒ Authentication via Mobile AAA infrastructure ‒ PMIPv6 and GTP capability ‒ Existing MPC infrastructure reused – PCRF, Billing, Lawful Intercept… BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  46. 46. Enhanced WiFi Access GatewayCommon Subscriber Management and Routing Functions Subscriber and Service Aware Aggregation Function ‒ Key to support for Local Breakout, Wholesale access ‒ Per-subscriber APN selection and control Policy-controlled subscriber routing, mobility services (PMIP, GTP) ‒ Anchoring to the GGSN, PGW or local-breakout based on subscriber profile ‒ Subscriber service management for home network as well! ‒ Interprovider Roaming with policy control Policy interface options: ‒ Radius-based (WiFi evolution) and/or Gx-based (MNO evolution) Integrated Accounting for Wholesale and Retail Services IP Aggregation support: ‒ DHCP Server and Relay capability ‒ Support for routed and switched access networks ‒ Efficient solution for IP control-plane to Mobile network control plane interworking – i.e. link model mediation ‒ Address Pool overlap management in access network BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
  47. 47. Key EWAG Functions for 4G IntegrationPMIPv6 Packet Core Interface: ‒ PMIPv6 over S2a is standardized method of integrating trusted non-3GPP access networks with a 3GPP Evolved Packet Core ‒ 3GPP 29.275 defines PMIPv6 based S2a interface Session Triggers: DHCP, IPv6 Router Solicitation, Radius Proxy and Unclassified MAC for tunnel initiation Transport: IPv4 and IPv6 as per RFC-5844 and RFC-5213 EAP Methods: Agnostic to generic EAP methods (EAP-SIM/AKA and MSISDN) PMIP Info Elements: Supports all necessary IEs for interface to the MPC Policy: Cisco UE Service VSA for provisioning of differentiated access per subscriber ‒ Phase 1.5 includes 3 different service options “IPv4”, “IPv6” and “dual” BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  48. 48. Key EWAG Functions for 3G IntegrationGTP-based 3G Integration Packet Core Interface: ‒ GTP over Gn’ Interface as per TS 29.060 ‒ GTP control support: PDP context creation, deactivation, PDP echo Session Triggers: DHCP, IPv6 Router Solicitation, Radius Proxy and Unclassified MAC for tunnel initiation Transport: IPv4, IPv6 EAP Methods: Agnostic to EAP method (EAP-SIM/AKA with MSISDN or user@realm subscriber ID) GTP Info Elements: Supports all necessary IEs for interface to the MPC ‒ eg. Protocol Configuration Options, MSISDN, APN BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  49. 49. SP WiFi Roaming Architecture Enabling Roaming and Wholesale Service with EWAG MNO Home Network Policy HLR OCS PCRF CGF AP Portal DHCP AAA WLC WLC AP Roaming Internet Services Partner Core Access Network PolicyHotspot PGW/LMA AP GTP Aggregation Roaming Internet Services Switch Gn’ Partner L2 Core AP EWAG GGSN OptionalPublic/Large NAT RetailerVenue Providers AP/CPE Home Internet Services Network Core Wholesale ProviderCommunityWiFi BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
  50. 50. Policy and Charging 50
  51. 51. PCRF Integration Architecture – Mobile Packet CoreInterfaces and Functions PB – Policy Builder PS – Policy Server CS – Charging Server SM – Unified Subscriber Manager ASR5000 Mobile Gateway BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
  52. 52. AAA Integration Architecture – WiFi Core NetworkInterfaces and Functions OSS/BSS Broadband Access Subscriber Policy Infra Inventory & Radius Server Profiles & Portal HSS Billing Provisioning CRM Polices SOAP/XM Radius Portal API L BroadHop Service Manager PB – Policy Builder PS – Policy Server CS – Charging Server SM – Unified Subscriber Manager WiFi Internet Access EWAG Internet (ASR1000 with ISG) Gateway BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
  53. 53. AAA and MPC InterworkingInterfaces and Functions ITP- IP Transfer Point MAP Gateway for MAP/Radius interworking Broadband Access MPC Authentication Roaming OSS/BSS Subscriber Policy Infra Interworking Partner Inventory & Radius Server Profiles & Portal CAR HSS Billing Provisioning CRM Polices HLR SS7 Network ITP SOAP/XM Radius Portal API L Local HLR BroadHop Interface to Local SME HLR if Applicable Radius Radius WiFi Internet Access EWAG Internet (ASR1000 with ISG) Gateway BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
  54. 54. Call flows for typical deployments
  55. 55. PMIPv6 with EAP-SIM Based Authentication Call Flows (1/2) EWAGDevice AP+WLC DHCP/MAG P-GW PCRF Policy Manager AAA HLR Configure authorized IMSIs on the Sub DB Subscriber database with WiFi Open Association Subscriber Profile. EAP Request/ID WiFi Subscriber Profile: EAP ID Response/ID RADIUS Access Request (username= EAP ID, calling station ID = MAC, called-station-ID Realm, WiFi APN, Charging MAP SEND AUTH Characteristics, IPv4/IPv6 service = SSID) INFO Req EAP-SIM Method, Recover IMSI from Pseudonym or Fast Re-Auth ID MAP SEND AUTH INFO Res IMSI Authenticated, but MSISDN Recover Subscription unknown Profile (IMSI) MAP SRI for LCS Req (IMSI) User Profile VSAs: MAP SRI for LCS CISCO-SERVICE-SELECTION (APN), Res (MSISDN) CISCO-MOBILE-NODE-IDENTIFIER Store MSISDN (IMSI@realm) , CISCO-MSISDN, Cache MAC, IMSI, MSISDN, subscriber 3GPP-CHARGING-CHARS, profile CISCO-MN-SERVICE (IPv4) EAP SUCCESS RADIUS Access Accept (EAP Success, PMIPv6 VLAN override) VLAN Source MAC Address: DHCP Discover RADIUS Access Request (Calling Station ID = Source MAC address) RADIUS Access Accept(User Profile) BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  56. 56. PMIPv6 with EAP-SIM Based Authentication Call Flow 2/2 EWAGDevice DHCP/MAG PCRF SPR/ AAA HLR AP+WLC P-GW Sub DB IPv4 HoA = 0.0.0.0 MN-ID (imsi@realm), SSMO (APN), MSISDN, CHARGING CHARACTERISTICS , ATT = WiFi PBU Gx:CCR-I: IMSI, MSISDN, Gx:CCR-I APN, RAT Type Subscriber ID Type = E.164, Gx:CCA-I RAT=WiFi DHCP Offer (a.b.c.d) PBA DHCP Req/Ack SP: Recover Subscriber Profile (Primary DNS recovered from PBA) Open PGW-CDR With container for WiFi Policy Profile to Apply Service, subscriber ID = MSISDN RF: Diameter ACR PBA: IPv4 Home Address (HoA) RF: Diameter ACA PCO: Primary DNS PMIPv6 BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  57. 57. Case Study:Super Bowl XLVI
  58. 58. Case Study This case study was presented at the event only Please contact your Cisco SE for details if needed BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  59. 59. Summary & Takeways
  60. 60. Summary SP WiFi access is a business reality today for MNOs and Hotspot providers alike Mobile Packet Core integration is a multifaceted problem ‒ attention needed to multiple factors WiFi access and aggregation uses IP control plane mechanisms. ‒ WiFi Access Gateways need proper interworking support Wholesale access and roaming is a key consideration ‒ WiFi Access Gateway need to support multiple roaming partners; 3G, 4G core interfaces Rich service management needed for subscriber differentiation and monetization There is no single solution for all access types, but all types of access should be supported at the service layer The results of a good deployment will deliver outstanding user experience! BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
  61. 61. Presentation_ID © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  62. 62. ISG Subscriber Session TC = Traffic ClassTraffic Forwarding Capabilities (similar to Traffic Flow Template) Subscriber Session permit ACL Feature 3 TC1Service TC1 Session Feature deny Service TC1 1 FeatureFeature Feature 2 1 Feature 3 permit Traffic ACL 2 TC2 Forwarding Data Feature Feature Feature deny Service TC2Service Feature TC2 1 Allow traffic Default- Feature Class drop traffic 2 Session-Features Traffic Classification Flow-Features Forwarding Service Apply to the (using traffic classes: Apply to the Forwarding entire session class-map type classified flow (at L2, e.g. GTP) e.g. per-user ACL, traffic) (a portion of or Routing TC1Service: priority 10 Policing, MQC, entire session (at L3, e.g. PMIP, VRF) TC2Service: priority 20 Accounting traffic) Mutually exclusive BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×