Deploying Access for 3G and 4G Mobile Networks

Session AgendaOutline and Key Takeaways Why SP Wifi? What are the Requirements? Components of an End-to-End Solution Mobile Packet Core Integration Call flows for typical deployments Case Study Summary and Key Takeaways BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 2

Why SP Wifi?

SP WiFi: Addressing Service Provider Challenges Growth in Mobile Data: 26x over 5 years 180% increase in Lack of spectrum and signalling traffic due to inability to rapidly• Easy Connectivity smartphones increase # cell sites• Seamless • Deployment Authentication Complexity• Session continuity • Consistent user• Application Economics of indoor experience offload and small cell transparency systems A shift from outdoor consumption to indoor WiFi already used to support >30% of US smartphone usage BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Double pressure on SP economicsIllustrative Results for large European Mobile Operator Network implications of exponential data traffic growth Decline in voice revenues and difficulty in monetizing data traffic Source: IBSG Research & Economics Practice, 2011 BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Doing nothing is not an optionIllustrative Results for a Large European Operator Cash Flow From Operations Financial Metrics Source: IBSG Research & Economics Practice, 2011 BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Drivers For Change: Scaling SupplyDelivering 26 fold increase in Supply Service usage growing unchecked Macrocell capacity growth cannot 26x Growth keep up with demand Macrocell 1000 Capacity Licensed spectrum availability not growing to meet demand 100 Average Macrocell Efficiency Growth Smaller Cells are needed to scale Spectrum 10 supply efficiently & economically Source: Agilent Licensed and Unlicensed Spectrum 1 1990 1995 2000 2005 2010 2015 will need to be exploited BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Why Small Cells?Drivers for Deploying Service Provider WiFi Spectrum (5MHz vs 10,20 MHz) Multiple carriers Meet Subscriber Demand ‒ Increased coverage and service ubiquity ‒ Higher Speed enabling richer applications Footprint Efficiency (#cells/m ) (Bits/Hz, backhaul High Volume Low Cost Technology Small Cells BW) 3G to HSPA to LTE ‒ SP WiFi is to Mobile (3G/4G) as Carrier Ethernet is to Wired (SDH/PDH) Macro Licensed Spectrum Availability ‒ Not growing to meet demand Hierarchical Network Approach ‒ Macro cells & small cells Consumer Business Community BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8

What are the Requirements?

SP WiFi Vision: End user perspectiveCellular Mobility Experience on Wi-Fi Cellular Wi-Fi Example: GSM Phone Example: iPhone Turn on phone and get secure cellular connectivity Turn on phone and get secure Wi-Fi connectivity • Roaming anywhere – no logins or passwords • Automatic Network Selection • Access anywhere with my profile & services BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

SP WiFi Vision: Cisco Perspective WiFi Service RequirementsUbiquitous Access Common Seamless Unified Authentication Services Control• Automatic service • SIM credentials • Monetization • Traffic path selection advertisement • Non-SIM credentials opportunities • Billing• Automatic network • Single AAA • QoS • Consistent services selection infrastructure • Session persistence • Quota mgmt• Roaming• Inter-access mobility • Wholesale/Roaming • “One Subscriber” Carrier Class Solution for MNOs, MSOs and Hotspot Providers BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

SP WiFiOne Access Technology, Many Deployment Models No SP involvement. User driven offload via Uncontrolled unmanaged device. Home/Soho Dual SSID SP provides dual SSID home device. (Community) Private and public (community) SSID SP installed and managed hot spots in Malls, Hot Spot / Hot Zone restaurants, Hotels,… SP installed and managed hot spots in high density High Density Wireless user areas (stadiums,..) SP install and manages outdoor Wi-Fi for large Metro / Mesh dense urban areas coverage 1001110100100100010 Enterprise Guest Access Enterprise Guest Access managed by SP BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

SP WiFiKey Requirements Manageability, Network Reliability and Availability Carrier Grade 100s of thousands of APs ; Millions (residential); Millions of Clients Radio differentiation, Link Budgets, Beamforming, MIMO Radio Performance Interference Management, Radio Resource Management Seamless authentication and Fast Roaming/Handoff Mobility Wi-Fi to Wi-Fi (inter and intra-vendor), 3G/4G to Wi-Fi Seamless roaming (with little or no user intervention) Roaming Support home and “visited” network scenarios Critical to support Multi-vendor solution Standards Compliant 3GPP compliance important to MNOs1001110100100100010 Common Billing, Policy and Subscriber Management Integration Leverage MPC/EPC for Wi-Fi network Parental Control / Lawful Intercept / Local Breakout BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Components of an End-to-End Solution

SP WiFi Functional Architecture WLC Transparent aggregation IPSG L3 Policy Enforcement AP/ PMIPv6 MAG Subscriber LMA L3 PMIPv6AP= Access Point APMAG=Mobility Access Gateway MAGWLC= Wireless LAN controller GTP Policy EnforcementLMA= Local Mobility Anchor LMAGTP= GPRS Tunneling Protocol WLC/ SubscriberIPSG= IP Services Gateway APEWAG= Enhanced Wireless Access MAG GTP P-GW Gateway L2 GTP Or GGSN L3PMIP= Proxy Mobile IP (v6) 802.1QUE= User Entity (mobile terminal) AP IPSe L3 L3 c 802.1Q AP WLC EWAG IPSec Intelligent Internet UE aggregation Access Aggregation Core BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

End-to-End SP WiFi Integration with Roaming Enhanced WiFi Access Gateway (EWAG) MNO Visited Network MNO Home Network Policy Policy HLR OCS PCRF CGF DHCP AAA PortalKey Capabilities: AP GGSN Gy Gx Ga MPC Integration WLC P-GW AP Inter-access Mobility Policy Enforcement LMA PMIP 4G Core MAG Roaming LMA Subscriber Policy Enforcement S2a Wholesale L3 Subscriber AP GTP Aggregation Subscriber-aware L2 GTP GTP Switch AZR 3G Core Gn’ Local Breakout IPSec L3 Flexible Access AP Models AP/CPE Flexible Tunnel (L2TP/PMIPv6/IPsec) Enhanced Internet Authentication WiFi Access LAC/MAG/IPsec Initiator LNS/LMA/IPsec Concentrator Gateway BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Core SP WiFi functional componentsKey Considerations in SP WiFi Network Design Authentication Address Session Transport Redundancy Authorization Allocation Management Backhaul Load balancing AAA / RADIUS Before / After ISG Keep alive CAPWAP HSRP/ GLBP DIAMETER At LMA Idle Timeout Fragmentation 1:1 Redundancy HLR / HSS External DHCP Quota enforcement PMIPv6 (MAG/ LMA) N:1 RedundancyIntegration / Roaming IPv4 / IPv6 Policy enforcement L2TP (AZR) / GTP ACE based Authentication point Pool depletion Session differentiation Autonomous AP Single SSID EAP / Web Auth Location based Session Initiation MPC integration Multiple SSID Accounting Web Portals Mobility Network Subscriber Billing & Policy When to redirect WiFi only mobility Management Management Start and Stop L4 / HTTP 302 Security Records (CDR) Hierarchical mobility Zero touch rollout Provisioning Who redirects Pre-paid / Quotas Who sends them WiFi / Macro Legal Intercept Redirection Portals WiFi only users Integration with Max mobility coverage Parental Control Web Authentication Transparent logon Existing billing Roaming agreements Analytics / planning Self service Portals Service profiles Gx / Gy / Gz Mobility events Asset tracking Whitelisting Self service portals Policy definitions Anchors / tracking Rogue AP’s Location based BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Address Allocation & ManagementConsiderations When to assign? ‒ Before authentication for Web-auth users ‒ Post authentication for EAP / 802.1x Where in the network? ‒ In the access network (eg. EWAG) or in the core (eg. ISG / IPSG Subscriber Service Managers) What to assign? ‒ Location based address assignment with option 82 Subnet size? ‒ Oversubscription ratio ‒ Lease time ‒ Broadcast domain size Overlapping IP address from different administrative domains BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

Address Allocation & Management The Challenge Independent Administrative Retailer AP Domains Providers DHCP WLC WLC Address AP DHCP Pool Address Roaming Pool Partner #1 Core APUEs may Aggregation DHCPbe Switch Address L3 Roamingallocated Partner #2 Poolsame IP Coreaddress EWAG AP DHCP Optional NAT Home Address Network Pool Provider Wholesale Provider Challenge: How to Manage UE address Overlap and Routing in Roaming Scenarios BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

Address Allocation & ManagementSeparating Roaming Partner Traffic - Single SSID or Multiple SSID? Subscriber Transport Models in Access Network DHCP Access Network Policy AP DHCP AAA Portal MNO Home Network AP Policy AP HLR OCS PCRF CGF WLC WLC AP Single SSID Single VLAN or QinQ Roaming Partner #1 Core AP AP EWAG L2 Switch AZR Multiple AZR SSID Roaming L3 Partner #2 Single VLAN or QinQ Core Single VLAN or QinQ AP Single VLAN or QinQ AP Optional AP/CPE NAT Tunnel (L2TP/PMIPv6/IPsec) Home Subs from Network different Provider MNOs EWAG= Enhanced Wireless Access Gateway BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20

Address Allocation and ManagementKey Issues in Roaming Scenarios Roaming Partners are independent administrative domains ‒ Address pool allocation and overlap will be difficult to coordinate Access network design should handle UE address overlapOptions: VRF separation on interfaces to roaming partners Access network allocates UE IP address with NAT to Home MNO address ‒ Clean solution, but leads to address pool fragmentation in PMIPv6 architectures Augmented L2 switching at WiFi gateway ‒ Use combination of MAC address and GRE-Key or GTP TEID for switching and ARP resolution BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21

IP Host Configuration for WiFi AccessUE/Host Configuration Models UEs Require IP Host Configuration; Link model is different for WiFi and UMTS/LTE UMTS model allocated a /32 host address directly to the UE and software stack is built to suit this model WiFi model is standard IP subnet model: Host Address & Mask plus DNS server address LTE with PMIPv6 supports the IP subnet model (PBU along with PCO option) WiFi core network supports the IP subnet model (DHCP/ARP control) UMTS core integration has challenges: ‒ Obtaining subnet mask and default gateway address ‒ Obtaining DNS and DHCP server addresses BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22

IP Host Configuration for WiFi AccessSolutions to Consider1. New Information Element (IE) defined to provide the host configuration ‒ Currently applicable only to GTPv2 ‒ TSG Core Network Working Group 4 working on this ‒ Standardization for GTPv1 and then implementation will take time2. Per-APN static configuration ‒ Pragmatic short-term option, but lacks flexibility3. Dynamic Subnet Extraction ‒ EWAG could create a subnet from the allocated IP address (eg. bit 32 flip) ‒ Use GTP Protocol Configuration Options IE for DNS address; Locally configured DHCP server address4. Proprietary IEs BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23

Subscriber Session ManagementInitiation and Termination Session creation (First Sign of Life - FSOL) ‒ DHCP initiated (L2 connected) ‒ Unclassified MAC (L2 Connected) ‒ Unclassified IP (L3 routed) ‒ Radius proxy (L3 routed) ‒ RADIUS accounting start (L3 Routed) Session termination options ‒ Idle timeouts? Keep alives? ‒ DHCP lease expiry ‒ Authentication timeout BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 24

Session ManagementService considerations Service Differentiation  Dynamic service updates ‒ Gold / Silver / Bronze / policy ‒ Policy push enforcement  Service Control and Policy ‒ Parental control / DPI ‒ DPI Quota enforcement  Targeted Push Advertising ‒ Usage based / Time based ‒ Intelligent, Location-aware Location based services  Branding Free services ‒ Open garden ‒ Whitelisting BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 25

Cisco Tools for Session ManagementASR5000 IP Services Gateway (IPSG) Two options for session management  What is IPSG? on ASR5000:  Standalone or integrated tool for inline Manage WiFi session as mobile session management: session from another RAT Type ‒ DPI, Peer-to-peer control ‒ Gateway does bearer and session ‒ Firewall, NAT management ‒ PCEF functionality for Policy (Gx) and ‒ Leverage charging, billing and inline Charging (Gy) services capabilities  Radius based session creation Manage WiFi session using IPSG ‒ No Diameter/GTP initiators ‒ Gateway does bearer and session management  Sits at edge of packet core between Gi/SGi reference point and Internet ‒ IPSG does subscriber and session inline services ‒ Northbound of GGSN or PGW BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 26

Cisco Tools for Session ManagementIntelligent Services Gateway on ASR1000 Subscriber Policy Layer Web Cisco Intelligent Services Gateway (ISG) Cisco IOS feature thatAAA Server Policy Server DHCP Server … Portal provides Session Management and Policy Management services to a variety of access networks Addresses IP and PPP protocol sessions over Ethernet used in Open SP WiFi while maintaining all subscriber management functions Northbound Interfaces Is the subscriber management solution for many Cisco hotpsot and SP-WiFi deployments today Subscriber Identity Policy Management Is an integral component of EWAG – Enhanced Wireless Gateway Management ISG and Enforcement on ASR1000 Deployed at the Internet Edge (Standalone) or in Aggregation (EWAG) So focal, that the entire device is often referred as an: ISG Intelligent Services Gateway router or simply “The ISG” BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Subscriber Dynamic Sessions ISG SessionIP-Type Sessions are Most Prevalent in SP WiFi IP Session: Layer2 Connected • All traffic associated with the Access Point Distribution session is IP traffic Eth • Clients are L2 connected Ethernet • Service Manager is L3 Edge and default router • Access may run PMIPv6 for mobility IP Session: Routed Connection • All traffic associated with the Access Point session is IP traffic IP • Clients are L3 connected (UE IP Any access / distribution technology must be routable in Access domain!) • Session Manager may be more than one hop away from Client BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Dynamic Session Initiation ISG SessionISG sessions are initiated at the First Sign of Life (FSOL) IP Sessions - FSOL FSOL depends on the Session Type. There are options ..... Unclassified MAC or IP  IP packet with unknown MAC or IP source address Data Traffic Use MAC for L2-connected IP sessions Use IP for routed IP sessions DHCP  DHCP Discover message DHCP discover ISG must be DHCP Relay or Server RADIUS RADIUS  RADIUS Access/Accounting Start Access Request OR Accounting Start ISG must be a Radius Proxy for Account Start/Stop Typically used in PWLAN and WiMAX environments Wireless Client AP BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Authentication OptionsTwo main authentication models EAP/802.1x – WLC or AP Authenticator / ISG - Authorization ‒ AAA is the authentication server ‒ Seamless authentication but requires client config. (certificates, username/pwd, etc) ‒ EAP-SIM/AKA helps if proper supplicant SW available on terminal device Weblogin – Portal-based Authentication and Authorization ‒ Open SSID ‒ Requires no client configuration, completely Web-based ‒ Subsequent Logins are transparent/automatic using device MAC address ‒ Vulnerable to MAC Spoofing BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30

ISG Services for Session Management ISG services Service: A collection of features that are applicable on a subscriber session Service = {feat.1, feat.2,...,feat.n} Portbundle (PBHK) Session Keepalives: ICMP and ARP based Administration Timeouts: Idle, Absolute QoS: Policing, MQC Features Traffic Conditioning Security: Per User ACLs Subscriber Address Assignment Control Traffic Forwarding Redirection: Initial, Permanent, Periodic Control VRF assignment: Initial, Transfer Associated to Primary Services GTP or PMIP tunnel assignment1. PostPaid Prepaid: Time/Volume based Traffic Accounting Tariff Switching Interim Broadcast Primary Service: Contains one “traffic forwarding” feature and optionally other features; only one primary service can be active on a session 1. New feature with EWAG – Q4-2012 BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Defining Services ISG services Location Download 1  Premium HSI service should be AAA Server activated on the session 2 RADIUS Access-request  Services defined in Service Profiles Username: Premium_HSI  No definition yet available Password: <service pwd>  Standard and Vendor Specific RADIUS attributes used  On demand download on a need basis  Service Activated on session 3 RADIUS Access-accept  Service Stored in local cache while in use by at least Features associated w/ service 1 sessions 4 • Definition of all existing Services typically pre- Policy Manager downloaded on Box (supporting the SGI Interface) 1 SGI Request  Services defined in XML Premium, Standard, Basic HSI service definitions 3  Pre-download of all existing services  Services permanently stored in local database 2 SGI Response ISG  Services pre-configured using CLI  Services permanently stored in local  Services defined on Service Policies: policy-map type database service <name> BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

How Services Are Activated on a Session? ISG services During Subscriber Via an External Policy Via the On-Box Policy Manager Authentication/ Authorization Manager/Web Portal from external PM Administrator Subscriber Policy Layer Subscriber Policy Layer DHCP Web Portal / AAA DHCP Web Portal / AAA events Control Policy actions plane plane Server Policy Server Server Server Policy Server Server from RADIUS data RADIUS CoA or plane Acc-req SGI RADIUS Acc-accept Request plane DataSubscriber Subscriber Subscriber is successfully authenticated  Service Activation request sent by External  Policy Plane determines what actions to take on Policy Managers via a RADIUS CoA or a SGI session based on events RADIUS Response includes Services and Request message Features to activate on Session (from  actions *include* applying a service UserProfile)  Control Plane ensures actions are taken – i.e. provisions the data plane  Data Plane enforces traffic conditioning policies to the session BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Location based servicesSimple VLAN based Library VLAN 10 Web Portal VLAN 20 (Library) WLC ISG SSID:XYZ VLAN 30 Web Portal VLAN 40 (Stadium) Same SSID from different Separate policies on VLAN’s AP groups mapped to Redirect traffic to different Stadium separate VLAN groups Portals. AP-Groups VLAN-Groups Portals (500 max) (512 max) BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 34

Mobility ManagementEssentials for Mobility Common anchor point for all access technologies A common subscriber identifier across all access technologies ‒ Eg. MAC address, MSISDN…. key for inter-access mobility Address allocated from a common DHCP pool A common authentication scheme Common session identifier ‒ For common billing and subscriber service across WiFi/3G/4G Ability to track subscriber BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 35

Mobility ManagementPMIPv6 - Hierarchical mobility Subscriber authentication Tracking 1 Common IP pool Common Anchor WLC Same Subscriber ID 2 MAG Local Same Session ID WiFi Mobility Mobility 3 PGW / LMA 4 WLC Internet Domain IPv6 Mobility 5 6 WLC Local MAG Mobility 7 Location Mobility 8 WLC 802.11(x) CAPWAP L2 PMIPv6 BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 36

Mobility ManagementDomain Mobility with PMIPv6 PMIP Signalling: Proxy Binding Update (PBU) LMA-Local Mobility Host-based Mobility: Mobile IP - MIPv4, Proxy Binding Acknowledge (PBA) Anchor MIPv6 ‒ Requires client implementation of Mobile IP stacks; client signalling needed ‒ Drawback: requires client support (ubiquity?) MAG-Mobility Network-based Mobility: Proxy Mobile IP – Access Signalling: Access Gateway PMIPv6 (RFC-5213) DHCP, IPv6 Router Solicitation ‒ Only network entities participate in mobility related signaling on behalf of clients ‒ Advantage: transparent to UE; no client required BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 37

Mobility ManagementDomain Mobility with PMIPv6 cont’d PMIPv6 Entities: ‒ Local Mobility Anchor (LMA): topological anchor point for UE; assigns and manages UE address and access network location Switches UE downstream/upstream data to appropriate MAG via PMIP tunnelling (GRE-based encapsulation) ‒ Mobility Access Gateway (MAG): manages mobility signalling for the UE; tracks UE location subnet-to-subnet; Switches downstream/upstream UE data between correct access subnet and PMIP tunnel to LMA notifies LMA of location changes for MAG handoff BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 38

Local Mobility ManagementIntra Controller roaming Intra-Controller roam happens when an AP moves association between APs joined to the same controller Client must be re- authenticated and new security session established Controller updates client database entry with new AP and appropriate security context No IP address refresh needed BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 39

Local Mobility ManagementInter Controller Layer 2 roaming  L2 Inter-Controller roam happens when an AP moves association between APs joined to the different controllers but client traffic bridged onto the same subnet  Client must be re- authenticated and new security session established  Client database entry moved to new controller  No IP address refresh needed BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 40

Local Mobility ManagementInter Controller Layer 3 symmetric roaming  Foreign controllers will send Layer 3 roaming client’s packet back to its anchor controller through EtherIP tunneling  Source IP address of the packet will be the foreign controller’s management IP address  Upstream routers that have Reverse Path Forwarding (RPF) will forward on packets  No IP address refresh needed BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 41

Mobile Packet Core Integration

Integrating WiFi into Mobile Packet Core Clientless and Client-based Options Summary Converged, WLAN AAA 3GPP Policy, Charging and AAA Billing Systems Devices Trusted Wi-Fi IP Core Un Tunneled User Data (IP) IPSG or Clientless – IPSG ISG or ISG (IP)EWAG Clientless Per User PMIPv6 or GTP Tunnel EWAG (PMIPv6) EWAG P-GW Clientless Un Tunneled User Data (IP) GGSN eWAG (GTPv1) EWAG Clientless Per User PMIPv6 Tunnel 3GPP2 HSGW Per User GTP Tunnel Clientless Per User GTP Tunnel 3GPP SGSN 3G Cellular Secure Client Per User IPSec Tunnel GTP (Gn) based iWLAN TTG Untrusted Wi-Fi Mobile Packet Core BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Integrating WiFi into Mobile Packet CoreClient-based iWLAN TTG MNO Network Policy “Tunnel Termination AAA HLR OCS PCRF CGF Gateway” Wx IPSec/IKEv2 Gy Gx Ga GTP 3G Core Gn’  Client based integration – iWLAN Internet • Defined in 3GPP 23.234 4G Core • WiFi infrastructure can be trusted or untrusted • No dependencies on WiFi infrastructure other then IPSec needs to get through any firewalls • TTG to terminate IPSec tunnel required in MPC • Existing MPC infrastructure reused – PCRF, OCS, Billing, LI • TTG only interfaces to AAA and GGSN – no other MPC integration is needed • Seamless mobility via Home Agent based on Client Mobile IP or PMIP from GGSN • Device IPSec client needed BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Integrating WiFi into Mobile Packet CoreClientless EWAG MNO Network Policy EWAG AAA HLR OCS PCRF CGF “Enhanced Wireless Wx Access Gateway” Gy Gx Ga 3G: GTP over Gn’ 4G: PMIPv6 over s2a 3G Core  Enhanced Wireless Access Gateway – EWAG Internet 4G Core ‒ Clientless Wifi Integration into the mobile packet core P-GW or GGSN ‒ A mediation device between WiFi access and 3GPP Core ‒ Clean partition of RAT types ‒ Interworking between IP-based Access Network and Mobile Core control planes ‒ Authentication via Mobile AAA infrastructure ‒ PMIPv6 and GTP capability ‒ Existing MPC infrastructure reused – PCRF, Billing, Lawful Intercept… BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Enhanced WiFi Access GatewayCommon Subscriber Management and Routing Functions Subscriber and Service Aware Aggregation Function ‒ Key to support for Local Breakout, Wholesale access ‒ Per-subscriber APN selection and control Policy-controlled subscriber routing, mobility services (PMIP, GTP) ‒ Anchoring to the GGSN, PGW or local-breakout based on subscriber profile ‒ Subscriber service management for home network as well! ‒ Interprovider Roaming with policy control Policy interface options: ‒ Radius-based (WiFi evolution) and/or Gx-based (MNO evolution) Integrated Accounting for Wholesale and Retail Services IP Aggregation support: ‒ DHCP Server and Relay capability ‒ Support for routed and switched access networks ‒ Efficient solution for IP control-plane to Mobile network control plane interworking – i.e. link model mediation ‒ Address Pool overlap management in access network BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 46

Key EWAG Functions for 4G IntegrationPMIPv6 Packet Core Interface: ‒ PMIPv6 over S2a is standardized method of integrating trusted non-3GPP access networks with a 3GPP Evolved Packet Core ‒ 3GPP 29.275 defines PMIPv6 based S2a interface Session Triggers: DHCP, IPv6 Router Solicitation, Radius Proxy and Unclassified MAC for tunnel initiation Transport: IPv4 and IPv6 as per RFC-5844 and RFC-5213 EAP Methods: Agnostic to generic EAP methods (EAP-SIM/AKA and MSISDN) PMIP Info Elements: Supports all necessary IEs for interface to the MPC Policy: Cisco UE Service VSA for provisioning of differentiated access per subscriber ‒ Phase 1.5 includes 3 different service options “IPv4”, “IPv6” and “dual” BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Key EWAG Functions for 3G IntegrationGTP-based 3G Integration Packet Core Interface: ‒ GTP over Gn’ Interface as per TS 29.060 ‒ GTP control support: PDP context creation, deactivation, PDP echo Session Triggers: DHCP, IPv6 Router Solicitation, Radius Proxy and Unclassified MAC for tunnel initiation Transport: IPv4, IPv6 EAP Methods: Agnostic to EAP method (EAP-SIM/AKA with MSISDN or user@realm subscriber ID) GTP Info Elements: Supports all necessary IEs for interface to the MPC ‒ eg. Protocol Configuration Options, MSISDN, APN BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

SP WiFi Roaming Architecture Enabling Roaming and Wholesale Service with EWAG MNO Home Network Policy HLR OCS PCRF CGF AP Portal DHCP AAA WLC WLC AP Roaming Internet Services Partner Core Access Network PolicyHotspot PGW/LMA AP GTP Aggregation Roaming Internet Services Switch Gn’ Partner L2 Core AP EWAG GGSN OptionalPublic/Large NAT RetailerVenue Providers AP/CPE Home Internet Services Network Core Wholesale ProviderCommunityWiFi BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 49

Policy and Charging 50

PCRF Integration Architecture – Mobile Packet CoreInterfaces and Functions PB – Policy Builder PS – Policy Server CS – Charging Server SM – Unified Subscriber Manager ASR5000 Mobile Gateway BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 51

AAA Integration Architecture – WiFi Core NetworkInterfaces and Functions OSS/BSS Broadband Access Subscriber Policy Infra Inventory & Radius Server Profiles & Portal HSS Billing Provisioning CRM Polices SOAP/XM Radius Portal API L BroadHop Service Manager PB – Policy Builder PS – Policy Server CS – Charging Server SM – Unified Subscriber Manager WiFi Internet Access EWAG Internet (ASR1000 with ISG) Gateway BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 52

AAA and MPC InterworkingInterfaces and Functions ITP- IP Transfer Point MAP Gateway for MAP/Radius interworking Broadband Access MPC Authentication Roaming OSS/BSS Subscriber Policy Infra Interworking Partner Inventory & Radius Server Profiles & Portal CAR HSS Billing Provisioning CRM Polices HLR SS7 Network ITP SOAP/XM Radius Portal API L Local HLR BroadHop Interface to Local SME HLR if Applicable Radius Radius WiFi Internet Access EWAG Internet (ASR1000 with ISG) Gateway BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 53

Call flows for typical deployments

PMIPv6 with EAP-SIM Based Authentication Call Flows (1/2) EWAGDevice AP+WLC DHCP/MAG P-GW PCRF Policy Manager AAA HLR Configure authorized IMSIs on the Sub DB Subscriber database with WiFi Open Association Subscriber Profile. EAP Request/ID WiFi Subscriber Profile: EAP ID Response/ID RADIUS Access Request (username= EAP ID, calling station ID = MAC, called-station-ID Realm, WiFi APN, Charging MAP SEND AUTH Characteristics, IPv4/IPv6 service = SSID) INFO Req EAP-SIM Method, Recover IMSI from Pseudonym or Fast Re-Auth ID MAP SEND AUTH INFO Res IMSI Authenticated, but MSISDN Recover Subscription unknown Profile (IMSI) MAP SRI for LCS Req (IMSI) User Profile VSAs: MAP SRI for LCS CISCO-SERVICE-SELECTION (APN), Res (MSISDN) CISCO-MOBILE-NODE-IDENTIFIER Store MSISDN (IMSI@realm) , CISCO-MSISDN, Cache MAC, IMSI, MSISDN, subscriber 3GPP-CHARGING-CHARS, profile CISCO-MN-SERVICE (IPv4) EAP SUCCESS RADIUS Access Accept (EAP Success, PMIPv6 VLAN override) VLAN Source MAC Address: DHCP Discover RADIUS Access Request (Calling Station ID = Source MAC address) RADIUS Access Accept(User Profile) BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

PMIPv6 with EAP-SIM Based Authentication Call Flow 2/2 EWAGDevice DHCP/MAG PCRF SPR/ AAA HLR AP+WLC P-GW Sub DB IPv4 HoA = 0.0.0.0 MN-ID (imsi@realm), SSMO (APN), MSISDN, CHARGING CHARACTERISTICS , ATT = WiFi PBU Gx:CCR-I: IMSI, MSISDN, Gx:CCR-I APN, RAT Type Subscriber ID Type = E.164, Gx:CCA-I RAT=WiFi DHCP Offer (a.b.c.d) PBA DHCP Req/Ack SP: Recover Subscriber Profile (Primary DNS recovered from PBA) Open PGW-CDR With container for WiFi Policy Profile to Apply Service, subscriber ID = MSISDN RF: Diameter ACR PBA: IPv4 Home Address (HoA) RF: Diameter ACA PCO: Primary DNS PMIPv6 BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Case Study:Super Bowl XLVI

Summary & Takeways

Summary SP WiFi access is a business reality today for MNOs and Hotspot providers alike Mobile Packet Core integration is a multifaceted problem ‒ attention needed to multiple factors WiFi access and aggregation uses IP control plane mechanisms. ‒ WiFi Access Gateways need proper interworking support Wholesale access and roaming is a key consideration ‒ WiFi Access Gateway need to support multiple roaming partners; 3G, 4G core interfaces Rich service management needed for subscriber differentiation and monetization There is no single solution for all access types, but all types of access should be supported at the service layer The results of a good deployment will deliver outstanding user experience! BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 60

ISG Subscriber Session TC = Traffic ClassTraffic Forwarding Capabilities (similar to Traffic Flow Template) Subscriber Session permit ACL Feature 3 TC1Service TC1 Session Feature deny Service TC1 1 FeatureFeature Feature 2 1 Feature 3 permit Traffic ACL 2 TC2 Forwarding Data Feature Feature Feature deny Service TC2Service Feature TC2 1 Allow traffic Default- Feature Class drop traffic 2 Session-Features Traffic Classification Flow-Features Forwarding Service Apply to the (using traffic classes: Apply to the Forwarding entire session class-map type classified flow (at L2, e.g. GTP) e.g. per-user ACL, traffic) (a portion of or Routing TC1Service: priority 10 Policing, MQC, entire session (at L3, e.g. PMIP, VRF) TC2Service: priority 20 Accounting traffic) Mutually exclusive BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

For Your Building the Identity and Assigning Service Reference An ExampleSubscriber DHCP Exchange Starts DHCP Exchange Completes(*) Subscriber Authentication(*) Dynamic Service Update T0 T1 T2 TN Brian Brian Subscriber Session Subscriber Session Subscriber Session Subscriber Session ISG MAC Addr: 00:DE:34:F1:C0:28 MAC Addr: 00:DE:34:F1:C0:28 MAC Addr: 00:DE:34:F1:C0:28 MAC Addr: 00:DE:34:F1:C0:28Identities IP Addr: ? IP Addr: 10.1.1.211 IP Addr: 10.1.1.211 IP Addr: 10.1.1.211 Username: ? Username: ? Username: Brian Username: BrianServices Service: DEFAULT_SRV Service: DEFAULT_SRV Service: PPU_SRV Service: PREMIUM_FR_SRV DEFAULT_SRV PREMIUM_FR_SRV Only permits management traffic PPU_SRV Flat Rate Premium Data Service: through the session Pay Per Use Service: - Permits all traffic - Permits all traffic - 1M/8Mbps US/DS - 512K/1Mbps US./DS - Accounting enabled on session (*) Order of operations not representative of a real call flow BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

MAG-to-MAG Mobility BRI = Binding Revocation Call Flow BCE = Binding cache Entry NEW OLD SPR/ Device NEW AP OLD AP PCRF CAR AZR/MAG AZR/MAG P-GW Sub DB Open AssociationIPv4 HoA:a.b.c.d EAP Request/ID Standard EAP-SIM flows and PMIPv6 Tunnel Establishment PMIPv6 Open Association EAP Request/ID Standard EAP-SIM flows EAP SUCCESS RADIUS Access Accept (EAP Success) (Source MAC address) RADIUS Access Request (Calling Station ID = Source MAC address) RADIUS Access Accept(User Profile) PBU: IPv4 HoA: a.b.c.d Gx:CCR-U Gx:CCA-U PBA: IPv4 HoA a.b.c.d Update BCE ARP Response PMIPv6 BRI: trigger = Inter MAG H/O BRA BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

EAP Authentication – ISG on ASR1000Authorization at the ISG Device AP WLC AAA DHCP ISG Internet 802.1x (1) 802.1x (1) User record cached RADIUS (2) EAP Negotiation (3) User Authorized EAP Authentication / Authorization (4) Service profile downloaded DHCP Discover (5) DHCP Discover (6) DHCP Offer (7) DHCP Request / ACK (8) Acct Start (9) User session created IP Traffic (10) Service Applied Policies enforced RADIUS (11) RADIUS (12) IP Traffic (13) IP Traffic (14) 802.11(x) CAPWAP RADIUS DHCP IP BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 65

EAP authentication with PMIPv6Authorization at the MAG EWAG Device AP WLC AAA DHCP/MAG LMA Internet Note: example uses Integrated DHCP Server. External Server also possible. 802.1x (1) 802.1x (1) RADIUS (2) User record cached EAP Negotiation (3) EAP Authentication / Authorization (4) PMIPv6 trigger STOP DHCP Discover (5) DHCP Relay (6) User Authorized LMA / NAI downloaded RADIUS Access Request (7) RADIUS Access Accept (8) Binding created on LMA PBU (9) PBA(10) DHCP Offer (11) (IP Address, Mask, GW, DNS) DNS option added to offer DHCP Request / ACK (12) IP Traffic (13) 802.11(x) CAPWAP RADIUS PMIPv6 IP BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 66

3G/GTP Session Call Flow EAP SIM Authentication and Radius Control Configure authorized IMSIs on the AAA Server and there MSISDN mapping ITPDevice AP+WLC L3 Router GGSN AAA ITP HLR EWAG Open Association Username=EAP ID, Calling Stn ID = MAC, Called Stn ID = SSID EAP Request/ID EAP ID Response/ID RADIUS Access Request RADIUS Access MAP SEND AUTH VSA = MAP: getauthinfo Request INFO Req EAP-SIM Method MAP SEND RADIUS Access AUTH INFO Accept Res VSA = MAP: authtriplet EAP SUCCESS RADIUS Access Accept (EAP Success) Cache mapping between IMSI, DHCP Discover (MAC address) MAC, address and SSID RADIUS Access Request (MAC address) RADIUS Access User Authorized at EWAG Accept User Profile VSAs: Create PDP Ctx Req mn-nai=IMSI@realm, APN, MSISDN Create PDP Ctx Res GGSN Allocated IP address GTP DHCP Offer (IPv4) DHCP Req/Ack Gi Data packet (Src IP=IP) Data packet (Src IP=IP) BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

EAP authentication – IPSG on ASR5000 Authorization at IPSG, Accounting start as session initiator reader SIM Device AP WLC AAA DHCP Home AAA HLR IPSG / GGSNClient startsEAP EAP-SIM/AKA authentication User MAC and IMSI Cached afterUser traffic successful EAPencrypted usingEAP derived WEPkeys AAA looks up user DHCP Req/Resp IMSI / MSISDN based on MAC Radius Acct Start (Framed IP, mac) Radius Acct ResponseWLC forwards all Radius Acct Start (Framed IP, IMSI/MSISDN)traffic to User session onVLAN_EAP. All IPSGVLAN_EAP trafficVPN to mobile core Radius Acct Resp User traffic BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Web Authorization for SP WiFi AccessWhy is it needed? Web portal based access continues to be demanded by MNOs and WiFi Access providers Many mobile devices do not have SIM cards or SIM-based clients apps ‒ WiFi iPAD and iPod touch are two major examples ‒ Will every WiFi connected device get a SIM? When? BYOD will be a major use case for WiFi access going forward Exploit visiting “non-subscribers” – a good “churn” opportunity for you ‒ Need a portal login and splash page to offer your service However there are many integration challenges…. BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 69

Web authentication – ISG on ASR1000 L4 redirection at the ISG Device AP WLC AAA DHCP ISG Portal InternetOpen Association (1)association Association (2) DHCP Discover (3) Unauthenticated DHCP Relay (4) Session DHCP Offer (5) DHCP Request / ACK (6) DNS Query (7) User Profile cached DNS Query (8) DNS Response (9) HTTP Request (10) HTTP Response (11) User Login (12) RADIUS CoA (13) RADIUS Auth (14) CoA Ack (15) Authenticated Session Radius Acct Start (16) BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 70

Broadband Community WiFi – Initial Setup Using Existing Broadband Connectivity to Deliver WiFi Access Residential Gateway BNG LNS ISG “Hotspot” DHCP Policy AAA Portal Internet UE Server Server Association to Hotspot ISP PPP Session SSID triggers Wireless Setup L2TP/PPP connection Association L2TP Tunnel Establishment LNS Assigns IP Address to Residential PPP Session Establishment GW “Hotspot” RG Hotspot registers DHCP: Discovery with the ISG. This clears any previously existing sessions for Radius Accting Start this RG DHCP Discovery Relayed to LNS DHCP Discover Relayed to DHCP Server DHCP DHCP DHCP Offer/Req/Ac Offer/Req/Ac Offer/Req/Ac k k kWiFi Clientnow hasan IP PPPoEaddress PPPoL2TP 802.11 MAC BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Broadband Community WiFi cont’d – Web-Auth FlowUsing Existing Broadband Connectivity to Deliver WiFi Access Residential Gateway BNG LNS ISG AAA Policy AAA Portal Internet UE “hotspot” Accounting Server ISG First Sign of Life. Initial Services Applied – eg. HTTP redirect DHCP Accounting Start Traffic redirect to Portal DHCP Accounting Start for Login TCP/HTTP Subscriber enters credentials Successful Login. Notify ISG via Radius Account Logon CoA CoA Request: Account Logon RadiusAccess-Request ISG queries AAA Server for User service profile Radius Access-Accept which is returned in Radius Access-Accept Message PPPoE PPPoL2TP User service and policy profile applied to user session. Internet access established BRKSPM-2200 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public

Deploying Access for 3G and 4G Mobile Networks

by Cisco Canada

Accessibility

Categories

Upload Details

Usage Rights

Statistics