Network Architecture for LTE and Wi-Fi Interworking

10,902
-1

Published on

Download a PDF file: http://www.netmanias.com/en/?m=view&id=techdocs&no=5920&vm=ppt
You can also find and download more materials from http://www.netmanias.com

Published in: Technology
4 Comments
31 Likes
Statistics
Notes
  • @satnat
    We're sorry for late response. You can download article at below URL after free registration.
    http://www.netmanias.com/en/?m=view&id=techdocs_mbl&no=5920&vm=ppt
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • @Netmanias Thank you
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • @satnat
    Thanks for your interest in this article.
    We'll let you know when our site (www.netmanias.com) is ready to provide English version. You can download all presentation files through our site. Our plan is that English site will be opened at the end of next week!

    Regards,
    Chris Yoo
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • This is a good presentation - Can you share the slides?

    Thanks,
    Sathya
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
10,902
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
0
Comments
4
Likes
31
Embeds 0
No embeds

No notes for slide

Network Architecture for LTE and Wi-Fi Interworking

  1. 1. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking www.netmanias.com www.nmcgroups.com Network Architecture for LTE and Wi-Fi Interworking August 16, 2012 Chris Yoo +82-2-3444-5747, +82-10-3229-1852 cmyoo@netmanias.com www.netmanias.com www.nmcgroups.com About NMC Consulting Group NMC Consulting Group was founded on year 2002 and is advanced, professional network consulting company which is specialized for IP Network area like FTTH, Metro Ethernet and IP/MPLS, Service area like IPTV, IMS and CDN lastly, Wireless network area like Mobile WiMAX, LTE and Wi-Fi. Copyright © 2002-2012 NMC Consulting Group. All rights reserved.
  2. 2. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking Table of Contents  LTE Overview       Wi-Fi Overview      Network Reference Model Authentication and Security EPS Bearer QoS Handover Network Architecture Handover Comparison (LTE vs. Wi-Fi) Tunneling Technology for Mobile Network LTE and Wi-Fi Interworking      Network Reference Model Authentication and Security IP Allocation Traffic Selector Status of KT, SKT & LG U+ and UE Requirements Copyright © 2002-2012 NMC Consulting Group. All rights reserved. 2
  3. 3. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking LTE Overview: Network Reference Model Related Blogs SPR OFCS OCS Diameter (Sp) GTP’ (Gz) Diameter (Gy) HSS PCRF, SPR, OFCS, OCS • EPS = LTE + EPC PCRF Diameter (S6a) S1-AP (S1-MME) • LTE = E-UTRN: eNB • EPC = SAE: MME, S-GW, P-GW, HSS, Diameter (Gx) MME GTP-C (S11) GTP-U (S1-U) LTE-Uu UE eNB S-GW GTP-U/GTP-C (S5) P-GW IP (SGi) PDN • LTE: Long Term Evolution • E-UTRAN: Evolved-UTRAN (Universal Terrestrial Radio Access Network) • EPC: Evolved Packet Core • SAE: System Architecture Evolution • EPS: Evolved Packet System • UE: User Equipment • eNB: Evolved Node B • S-GW: Serving-Gateway • P-GW: PDN-Gateway • MME: Mobility Management Entity • HSS: Home Subscriber Server • PCRF: Policy and Charging Rule Function • SPR: Subscriber Profile Repository • OFCS: Offline Charging System • OCS: Online Charging System • PDN: Packet Data Network UE S-GW MME PCRF OFCS • User device which has LTE chip, antenna and USIM card (ex. Smartphone, USB modem, Router (Egg)) • Local mobility anchor point of the data connections for intereNB handover and inter-3GPP handover • Main control entity for the EUTRAN (brain of EPS) • User authentication • UE mobility management: UE location, UE state (ECM/EMM) • It makes policy decision for UE and provides PCC rules (QoS and charging rules) to P-GW • It manages offline charging data (CDR) per UE/per SDF, which provided by P-GW eNB P-GW HSS SPR OCS • Central DB holding user profile: user ID(IMSI), authentication key, QoS profile, etc • User profile is provisioned by B/OSS when user subscription • Database for PCRF, which maintains policy and charging rule of user • It is provisioned by B/OSS when user subscription • It manages data volume (UL/DL bytes), time (connection time) and event based online charging data per UE/per SDF, which provided by P-GW 3 • Base station which provides • It provides PDN access for UE wireless connection between • Mobility anchor point for inter UE and EPC S-GW handover • Encryption and integrity • IP address assignment to UE protected of control/data • Online/Offline Charging packet between UE and eNB Copyright © 2002-2012 NMC Consulting Group. All • QoS Enforcement rights reserved.
  4. 4. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking LTE Overview: Authentication and Security HSS IMSI, LTE K Mandatory Optional EPS Authentication Vectors (RAND, AUTN, XRES, KASME) KASME KNASint/KNASenc MME 1 ① Mutual Authentication 2 ② NAS Signaling Integrity/ Ciphering Related Blogs User Authentication • User Identification: IMSI (International Mobile Subscriber Identity) - Global Uniqueness - PLMN ID (MCC + MNC) + MSIN - Stored at USIM (UE) and HSS (E-UTRAN) • Authentication Key: LTE K - Stored at USIM (UE) and HSS (E-UTRAN) • User Authentication Protocol: EPS-AKA • User Authentication Process 1. When UE requests to attach LTE network 2. MME obtains authentication vectors (RAND, AUTN, XRES, KASME) from the HSS 3. Mutual authentication between UE and MME - UE authenticates LTE network (MME) - MME authenticates UE Security for Radio Interface KeNB KRRCint/KRRCenc KUPenc eNB 3 RRC Signaling Integrity/ Ciphering 3 User Plane Ciphering • After success of mutual authentication, security for radio interface is provided based on master key (KASME) 1. Control message between UE and MME: Encrypted (optional) and Integrity Protected (mandatory) 2. Control message between UE and eNB: Encrypted (optional) and Integrity Protected (mandatory) 3. User data between UE and eNB: Encrypted (optional) · IMSI Assignment Subscriber gets UE and USIM card which includes IMSI IMSI, LTE K · IMSI Format IMSI is provisioned in HSS and SPR when user subscriptioin PLMN MCC UE KASME KNASint/KNASenc KeNB KRRCint/KRRCenc KUPenc USIM UE MME S-GW MSIN 3 digits HSS Attach Request (IMSI) MNC Max. 3 digits Max. 10 digits SPR P-GW Max. 15 digits PCRF · Example Copyright © 2002-2012 NMC Consulting Group. All rights reserved. 450 05 Korea LTE Network (E-UTRAN) SK Telecom 0123456789 4
  5. 5. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking LTE Overview: EPS Bearer Related Blogs EPS Bearer HSS MME UE SPR PCRF eNB S-GW • Logical transport channel between UE and the PDN for transporting UE IP traffic • EPS Bearer = Data Radio Bearer (between UE and eNB) + S1 Bearer (GTP tunnel between eNB and S-GW) + S5 Bearer (GTP tunnel between S-GW and P-GW) • eNB can distinguish UE by DRB ID in EPS bearer • S-GW can distinguish UE by Tunnel Endpoint ID (TEID) • P-GW can distinguish UE by TEID or UE IP address • At least one EPS bearer per UE, and it may also have multiple EPS bears per UE in order to provide QoS differentiation (ex. Internet bearer and VoLTE bearer) P-GW ECM Connection Control Plane RRC Connection S1 Signaling Connection Data Radio Bearer User Plane S11 GTP-C S5 GTP-C S1 Bearer S5 Bearer Two Types of EPS Bearer EPS Bearer • Default EPS Bearer • Dedicated EPS Bearer Data Radio Bearer eNB S1 S1 Bearer (GTP) DRB ID S1 TEID (DL) (DL) Application IP Payload S-GW S5 TEID (DL) (*,Dst IP=UE,*,*,*) IP UDP GTP-U IP Payload S1 TEID (DL) SIP=www.google.com DIP=UE S5 TEID (DL) SIP=S-GW DIP=eNB SIP=www.go ogle.com DIP=UE SIP=P-GW DIP=S-GW UL TFT (Src IP=UE,*,*,*,*) DRB ID S1 TEID (UL) (UL) Payload IP S1 TEID S5 TEID (UL) (UL) Payload IP GTP-U UDP IP DRB ID (UL) SIP=UE Copyright © 2002-2012 NMC Consulting Group. AllDIP=www.google.com rights reserved. IP Payload S5 TEID ß DL TFT UL TFT à DRB ID DRB ID (UL) PDN (Internet) P-GW S1 TEID S5 TEID (DL) (DL) IP UDP GTP-U IP Payload DRB ID (DL) S5 S5 Bearer (GTP) DL TFT UE S1 TEID (UL) Payload IP GTP-U UDP IP Payload IP S5 TEID (UL) SIP=eNB DIP=S-GW SIP=S-GW DIP=P-GW SIP=UE DIP=www.go ogle.com 5
  6. 6. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking LTE Overview: QoS Related Blogs PDN Connection 1 (EPS Session 1) Resource Type UE QoS Parameters of EPS Bearer Dedicated Bearer for PDN 1 QCI GBR MBR ARP (UL/DL) (UL/DL) Dedicated Bearer for PDN 1 Non-GBR QCI ARP Default Bearer for PDN 1 UE IP addr 1 GBR Non-GBR QCI ARP QoS Parameters of SDF QCI: QoS Class Identifier ARP: Allocation and Retention Priority QCI ARP MBR (UL/DL) GBR (UL/DL) APNUE-AMBR AMBR (UL/DL) (UL/DL) GBR: Guaranteed Bit Rate MBR: Maximum Bit Rate SDF 5 QCI QCI QCI QCI SDF 4 SDF 3 SDF 2 SDF 1 ARP ARP ARP ARP MBR (UL/DL) MBR (UL/DL) MBR (UL/DL) MBR (UL/DL) PDN 1 APN-AMBR: Access Point Name-Aggregate Maximum Bit Rate UE-AMBR: User Equipment-Aggregate Maximum Bit Rate Common QoS Parameter (Resource Type, QCI, ARP) QoS Parameter for GBR Bearer Resource Type ARP GBR (UL/DL) • GBR (Guaranteed Bit Rate): A certain amount of bandwidth is reserved for this bearer • Non-GBR: It does not have a fixed (reserved) bandwidth allocated for this bearer (Best Effort) • Priority for the allocation and retention of bearers, defined by 0 ~ 15 • Bearers with high ARP are assigned low ARP value, and vice versa (ex. VoIP emergency call service has low ARP value) • In resource limitation situation, LTE network use the ARP to prioritize establishment and modification of bearers with a high ARP over bears with a low ARP • It also uses ARP to decide which existed bearers to drop in case of resource limitation • Guaranteed (Reserved) bandwidth (bps) for GBR bearer QCI • The class-based QoS concept (such as IP DSCP) where each EPS bearer is assigned a QCI (1 ~ 9) • It defines packet forwarding treatment • QoS characteristics which defines below parameters: - Resource Type (GBR or Non-GBR) - Packet Delay Budget (30ms ~ 300ms) - Packet Error Loss Rate (10-2 ~ 10-6) Copyright © 2002-2012 NMC Consulting Group. All rights reserved. MBR (UL/DL) • Maximum allowed bandwidth (bps) for GBR bearer • Any traffic in excess of the MBR may be discarded QoS Parameter for Non-GBR Bearer APN-AMBR (UL/DL) • Maximum allowed bandwidth (bps) for all non-GBR bearers associated with a specific APN UE-AMBR (UL/DL) • Maximum allowed bandwidth (bps) for all non-GBR bearers of a UE 6
  7. 7. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking LTE Overview: Handover S-GW MME Source Target eNB eNB eNB eNB S-GW UE UE moving eNB eNB eNB eNB Inter E-UTRAN and S-GW Handover Intra E-UTRAN Handover P-GW Related Blogs Basic Requirement of Handover • UE IP address should not be changed • Packet loss and reordering should be minimized during handover P-GW Handover Decision S-GW MME S-GW Source eNB eNB eNB eNB UE UE Target eNB eNB UE UE moving eNB eNB • Handover decision is performed by serving eNB (In case of Wi-Fi, UE(STA) performs handover decision) • Handover Decision Process 1. UE sends Measurement Report message to serving eNB periodically (or event triggered) 2. Measurement Report message includes • Radio signal strength from serving cell to UE • Radio signal strength from neighbor cells to UE 3. Serving ENB decides handover based on information of Measurement Report message UE UE Type of Handover Inter RAT Handover Inter E-UTRAN, S-GW and MME Handover P-GW S-GW MME MME S-GW • • • • • P-GW S-GW Intra E-UTRAN: eNB relocated, without changing MME and S-GW Inter E-UTRAN and MME: eNB and MME relocated, without changing S-GW Inter E-UTRAN and S-GW: eNB and S-GW relocated, without changing MME Inter E-UTRAN and MME and S-GW: eNB, S-GW and MME relocated Inter RAT (E-UTRAN and GERAN/UTRAN): Handover between 3G and LTE SGSN RNC Source eNB eNB Target eNB eNB eNB eNB UE UE moving Source eNB eNB UE UE Copyright © 2002-2012 NMC Consulting Group. All rights reserved. eNB eNB Target eNB eNB NodeB UE UE moving NodeB UE UE 7
  8. 8. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking Wi-Fi Overview: Network Architecture Related Blogs WLAN/Wi-Fi Standard AP Wi-Fi STA AAA • IEEE 802.11 standards define MAC and PHY layer • “Wireless LAN (WLAN)” term is used by IEEE 802.11 802.11i/WPA2: EAP based Authentication & CCMP based Security Authentication 802.11i/WPA: EAP based Authentication & Security & TKIP based Security 802.1x: EAP based Authentication & WEP based Security IEEE (WLAN): http://www.ieee802.org/11 802.1x: RADIUS* based Authentication * RADIUS is IETF RFC standards (RFC 3580, RFC 4675, RFC 4898, …) 802.11n: 600Mbps / 2.4 & 5GHz 802.11g: 54Mbps / 2.4GHz PHY & MAC 802.11b: 11Mbps / 2.4GHz 802.11a: 54Mbps / 5GHz Wi-Fi Alliance (Wi-Fi): http://www.wi-fi.org • Several AP vendors came together to form a global non-profit organization with the goal of driving adoption of high-speed wireless local area networking • “Wi-Fi” term is used by Wi-Fi Alliance WLAN(Wireless LAN) = Wi-Fi • The term “Wi-Fi” is used in general as a synonym for “WLAN” Wi-Fi Network Element (Entity) STA (Station) Wi-Fi Hotspot Service in Korea : EAP based or Non Standard MAC/Web based Authentication SSID Authentication ollehWiFi (secure) SKT LG U+ EAP-AKA NESPOT, ollehWiFi MAC based authentication, Web (ID/PW) based authentication T wifi zone (secure) KT EAP-AKA T wifi zone MAC based authentication, Web (ID/PW) based authentication U+ zone (secure) MSCHAPv2 over PEAP (Very similar with EAP-TTLS) FREE U+ zone Open Access (1 hour free access after Ad. watch) Copyright © 2002-2012 NMC Consulting Group. All rights reserved. • Device which has Wi-Fi chip & antenna AP (Access Point) • It has IEEE 802.11 Wireless LAN interface for use-facing and IEEE 802.3 Ethernet interface for network-facing port • It provides connection between STA and IP network AAA (Authentication, Authorization, Accounting) • User authentication server Authentication & Security for Radio Interface • EAP based authentication • User data encryption and integrity protected based on AES(CCMP)/TKIP/WEP 8
  9. 9. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking Wi-Fi Overview: Handover (Vendor Specific Solution) Wi-Fi Handover • AP Controller (APC, or Wireless LAN Controller(WLC)) will be required to support Inter-AP handover • Major AP/APC providers such as Aruba, Avaya, Meru support vendor specific protocol between AP and APC (CAPWAP[RFC 5415, 5416] driven by Cisco, but other vendors still support their own methods http://community.arubanetworks.com/aruba/attachments/aruba/115/422/1/CAPWAP+Position.pdf)  Example: Handover Solution of the Meru Networks Wi-Fi Inter-AP Handover Internet Wi-Fi Inter-APC Handover IMS Internet IMS Wi-Fi Wi-Fi AAA AAA IP Network IP Network Accounting for MS (IP1) Accounting for MS (IP1) APC 1 APC 2 IPinIP Tunnel APC 1 IP Network APC 2 IP Network AP AP AP AP AP AP AP AP AP 1 AP 2 AP 3 AP 4 AP 1 AP 2 AP 3 AP 4 IP1 IP1 IP1 IP1 WiFi WiFi WiFi WiFi WiFi STA STA STA STA STA Traffic Flow: Before Inter-AP Handover Traffic Flow: Before Inter-APC Handover Traffic Flow: After Inter-AP Handover Traffic Flow: After Inter-APC Handover · STA can’t recognize Inter-AP handover, which means that BSSID (AP MAC) is not changed · STA IP address (IP1) is not changed · Accounting Data from APC1 · Handover Time: 3ms Copyright © 2002-2012 NMC Consulting Group. All rights reserved. · · · · STA IP address (IP1) is not changed IPinIP Tunnel between APCs Accounting Data from APC2 Handover Time: 200ms ~ 2s (802.11 HO standard) 9
  10. 10. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking Comparison LTE Wi-Fi Standard • 3GPP • IEEE 802.11/Wi-Fi Alliance Standard Entity • UE • LTE (E-UTRAN): eNB • EPC (SAE): S-GW, P-GW, MME, HSS, PCRF, SPR, OCS, OFCS • STA, AP, AP Controller(optional), AAA User Authentication • EPS-AKA EAP based Authentication (Standard) • EAP-AKA/SIM • EAP-TLS • EAP-TTLS, etc Web based Authentication (WBA) • ID/PW MAC based Authentication (Non Standard) • STA MAC EAP based Authentication • Encryption/Integrity Protected Security for User Data • Encryption QoS Support • Supported • Supported (WMM), but not guaranteed Handover (User Mobility) Support • Supported • Supported, but vendor specific methods • AP Controller required • Packet Loss during handover Tunneling Protocol • GTP • Vendor Specific Frequency Interference • None • Big issue (ISM band) Frequency Band • KT: 1.8GHz • SKT: 800MHz, 1.8GHz • LG U+: 800MHz, 2.1GHz • 2.4GHz/5GHz Copyright © 2002-2012 NMC Consulting Group. All rights reserved. Web/MAC based Authentication • None 10
  11. 11. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking Tunneling Technology for Mobile Network Related Blogs  Wired Access Network (FTTH, DSL, Ethernet, HFC, etc) User Mobility in Wired Network SIP=YouTube DIP=10.1.1.5 IP Payload 10.1.1.5 10.1.1.0/24 PC 1 20.1.1.5 20.1.1.0/24 ge3 PC 2 30.1.1.5 30.1.1.0/24 PC 3 Switch YouTube ge1 ge2 IP Network • If user moves to another location without changing IP address in wired access network, communication will be broken because IP routing network can not recognize user mobility Internet Router User Mobility in Wireless/Mobile Network  Wireless/Mobile Access Network (3G, LTE, WiMAX, Wi-Fi, etc) c 1.1.1.8 Mobile Network move 1.1.1.8 SmartPhone Tunnel 1 10.1.1.5 c IP Anchor Tunnel 2 20.1.1.5 SIP=YouTube DIP=1.1.1.8 30.1.1.5 a 10.1.1.0/24 b IP Payload ge1 ge2 20.1.1.0/24 ge3 30.1.1.0/24 YouTube IP Network Internet Router Switch a IP Tunnel header IP Payload SIP=IP Anchor DIP=10.1.1.5 SIP=YouTube DIP=1.1.1.8 b IP Tunnel header IP Payload SIP=IP Anchor DIP=20.1.1.5 Copyright © 2002-2012 NMC Consulting Group. All rights reserved. SIP=YouTube DIP=1.1.1.8 c • The key requirement of user mobility is “User IP address should not be changed” • IP Anchor should be existed in wireless/mobile network for supporting user mobility (3G: GGSN, LTE: P-GW, WiMAX: ASN-GW, Wi-Fi: AP Controller) • Downstream traffic delivered process 1. IP Anchor advertises user IP address prefix to IP routing network via OSPF, IS-IS or BGP 2. IP Anchor receives IP packet destined to user over the Internet 3. IP Anchor encapsulates the user IP packet with ‘Tunnel header’ and forwards the resulting outer IP packet to the Base Station(BS) 4. So, IP routing network between BS and IP Anchor has no chance to see user IP address, which means that IP routing network does not require to concern about user mobility Tunneling Protocol in Wireless/Mobile Network IP Payload SIP=YouTube DIP=1.1.1.8 • 3G/LTE (standardized by 3GPP) - eNB ~ S-GW: GTP Tunnel (3GPP) - S-GW ~ P-GW: GTP Tunnel (3GPP) • WiMAX (standardized by WiMAX Forum) - BS ~ ASN-GW: GRE Tunnel (RFC 1702) - ASN-GW ~ HA: IPinIP Tunnel (RFC 2003) • Wi-Fi (standardized by IEEE/Wi-Fi Alliance) - AP ~ AP Controller: Vendor Specific Tunnel 11
  12. 12. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking LTE and Wi-Fi Interworking: (1) Network Reference Model Internet Mobile Data Offloading • Data offloading is the use of complementary network technologies for delivering data originally targeted for cellular networks. The main complementary network technologies used for the mobile data offloading are Wi-Fi, Femtocell • “Let’s use cheaper Wi-Fi access instead of expensive cellular (LTE) network!” Diameter (SWx) HSS Diameter Diameter PCRF P-GW Trust & Untrust Access Network 3GPP • Simply put, this is really an indicator on if the 3GPP operator trust the security of the non-3GPP access network • If non-3GPP access network supports trust security level from the 3GPP core (EPC) viewpoint, it is interworked with S2a interface, otherwise S2b interface is used - Example of Trust network: WiMAX - Example of Untrust network: WLAN(Wi-Fi) in a public café Diameter (S6b) MME GTP-U GTP-C AAA PMIPv6 (S2b) GTP Tunnel Related Blogs GRE Tunnel Diameter S-GW ePDG (SWm) Diameter (SWa) S1-AP GTP Tunnel GTP-U IPSec Tunnel HSS IKEv2 EPC SWx DHCP (SWu) S6a PCRF Gxc DHCP SGi AP eNB AP/APC RRC E-UTRAN Rx Gx 3GPP Access Serving Gateway PDN Gateway 802.11 EPS-AKA Wi-Fi S5 S6b S2b Gxb EAP-AKA Wi-Fi UE EPS Entity LTE Handover EPS Entity for Wi-Fi Interworking Wi-Fi Entity Wi-Fi Non-3GPP Networks Dual-Radio UE UE Traffic Path 3GPP AAA Server SWn HPLMN UE SWm ePDG S2a LTE Operator's IP Services (e.g. IMS, PSS etc.) Gxa Trusted Non-3GPP IP Access SWu Untrusted Non-3GPP IP Access SWa STa UE 3GPP TS 23.402 Figure 4.2.2-1: Non-Roaming Architecture within EPS using S5, S2a, S2b Copyright © 2002-2012 NMC Consulting Group. All rights reserved. 12
  13. 13. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking LTE and Wi-Fi Interworking: (2) Authentication and Security Related Blogs Internet HSS delivers AVs to MME & 3GPP AAA HSS AVs AVs · RAND, AUTN, XRES · RAND, AUTN, XRES P-GW MME EPS-AKA MME authenticates UE by verifying if RES = XRES 3GPP AAA authenticates UE by verifying if RES = XRES 3GPP AAA S-GW ePDG authenticates UE by verifying AUTH EAP-AKA over IKEv2 ePDG · AUTN, AUTN, RES · AUTN, AUTN, RES 1 2 IKEv2 AP eNB LTE AP/APC Wi-Fi UE · AUTH LTE Handover UE authenticates MME by verifying AUTN Copyright © 2002-2012 NMC Consulting Group. All rights reserved. Wi-Fi UE UE authenticates 3GPP AAA by verifying AUTN User Authentication for LTE access 1 • Authentication Protocol: EPS-AKA (USIM based) • Mutual authentication between UE and MME User Authentication for ePDG access 2 • Authentication Protocol: EAP-AKA ove IKEv2 (USIM based) • It is very similar with EPS-AKA in LTE network • User Authentication Process 1. When UE requests to connect with ePDG 2. 3GPP AAA obtains authentication vectors (RAND, AUTN, XRES) from the HSS 3. Mutual authentication between UE and 3GPP AAA - UE authenticates 3GPP AAA - 3GPP AAA authenticates UE 13
  14. 14. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking LTE and Wi-Fi Interworking: (2) Authentication and Security (cont) Related Blogs Security for LTE Radio Interface 1 • User data is encrypted between UE and eNB • LTE chip(HW) of UE supports data encryption/decryption Internet Security for Wi-Fi Radio Interface 2 • 3GPP assumes that Wi-Fi security is not enabled (supported) Security between UE and ePDG P-GW 3 • User data is encrypted and integrity protected between UE and ePDG • IPSec driver(SW) of UE supports data encryption/decryption and integrity protection (Performance issue?) S-GW ePDG Encryption & Integrity Protected AP eNB Encryption AP/APC 1 2 LTE Wi-Fi UE LTE Handover Copyright © 2002-2012 NMC Consulting Group. All rights reserved. 3 IPSec ESP Packet between UE and ePDG 20B 8B 20B IP ESP IP Header Header Header Variable Variable Application ESP Trailer ESP ICV Wi-Fi Encrypted UE Integrity Protected 14
  15. 15. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking LTE and Wi-Fi Interworking: (3) IP Allocation Related Blogs Internet Which entity allocates UE IP address? • P-GW allocates UE IP address in both case that UE attaches to LTE and Wi-Fi network • User packet is routing with this address in the Internet • UE IP address is not changed even if access network is changed (LTE to Wi-Fi, and Wi-Fi to LTE) P-GW IP Allocation by P-GW · For Internet Connection via LTE Network UE IP(PDN Address) = 1.1.1.1 1 3 IP Allocation by P-GW S-GW ePDG 1 3 · For Internet Connection via Wi-Fi Network UE IP(WLAN UE’s Remote IP) = 1.1.1.1 DHCP IP Allocation by DHCP AP eNB LTE Wi-Fi UE 1.1.1.1 LTE · For ePDG Connection via Wi-Fi Nework UE IP(WLAN UE’s Local IP) = 10.1.1.1 Wi-Fi Another IP address for accessing Wi-Fi network Handover Application TCP/IP OS (Kernal) IPSec LTE Driver Wi-Fi UE Protocol Stack Copyright © 2002-2012 NMC Consulting Group. All rights reserved. 2 AP/APC UE Application TCP/IP IPSec LTE Driver Wi-Fi UE Protocol Stack OS (Kernal) 1.1.1.1 10.1.1.1 2 • Wi-Fi AP or External DHCP server allocates Outer IP address in Wi-Fi access network for IPSec Tunneling between UE and ePDG • This outer IP address can be changed during Wi-Fi handover. So, MOBIKE should be supported in UE and ePDG • So, Two IP addresses are required when UE accesses to Wi-Fi network - WLAN UE’s Local IP: Outer IP address which allocated by AP/DHCP server - WLAN UE’s Remote IP: Inner IP address which allocated by PGW 15
  16. 16. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking LTE and Wi-Fi Interworking: (3) IP Allocation (cont)  Example of IP address usage LTE attach UE IP(PDN Address) = 1.1.1.1 LTE Wi-Fi UE Application IP LTE IPSec eNB DRB Payload IP DRB Payload GTP Tunnel S-GW Payload IP GTP-U UDP IP SIP=UE(1.1.1.1) DIP=google IP Payload SIP=UE(1.1.1.1) DIP=google P-GW GTP Tunnel Internet Payload IP GTP-U UDP IP SIP=eNB DIP=S-GW SIP=UE(1.1.1.1) DIP=google Payload IP SIP=S-GW DIP=P-GW SIP=UE(1.1.1.1) DIP=google Wi-Fi DRB IP Payload UE IP UDP GTP-U IP Payload SIP=google DIP=UE(1.1.1.1) SIP=S-GW DIP=eNB UE IP(WLAN UE’s Local IP) = 10.1.1.1 LTE Wi-Fi IP IPSec Wi-Fi UE IPSec SIP=UE(1.1.1.1) DIP=google IP Payload IPSec ePDG IP SIP=UE(10.1.1.1) DIP=ePDG SIP=google DIP=UE(1.1.1.1) SIP=google DIP=UE(1.1.1.1) P-GW GRE Tunnel Payload IP GRE SIP=UE(1.1.1.1) DIP=google Internet IP SIP=ePDG DIP=P-GW Payload IP SIP=UE(1.1.1.1) DIP=google IP Payload IP IPSec IP Payload SIP=ePDG SIP=google DIP=UE(10.1.1.1) DIP=UE(1.1.1.1) Copyright © 2002-2012 NMC Consulting Group. All rights reserved. SIP=P-GW DIP=S-GW DHCP IPSec Tunnel Payload IP Payload IP SIP=google DIP=UE(1.1.1.1) IP Payload Wi-Fi Access Network UE Application IP UDP GTP-U IP Payload UE IP(WLAN UE’s Remote IP) = 1.1.1.1 ePDG connection LTE Related Blogs IP GRE SIP=P-GW DIP=ePDG IP Payload SIP=google DIP=UE(1.1.1.1) IP Payload SIP=google DIP=UE(1.1.1.1) 16
  17. 17. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking LTE and Wi-Fi Interworking: (4) Traffic Selector Related Blogs WLAN 3GPP IP Access 1 • User Traffic Path: UE – Wi-Fi AP – ePDG – P-GW – Internet • Traffic is passed through the 3GPP core, which means that it can support handover between LTE and Wi-Fi • Use Case: Operator Service (example: KT olleh TV now). Operator can provide differentiated service (e.g., heterogeneous handover) to their subscriber 20.20.1.1 P-GW WLAN Direct IP Access 2 • User Traffic Path: UE – Wi-Fi AP – Internet • Traffic is not passed through the 3GPP core, which means that it can not support handover between LTE and Wi-Fi • Use Case: OTT service (example: YouTube) S-GW ePDG 1 TS (Traffic Selector) · TSi = SIP, Protocol, SP · TSr = DIP, Protocol, DP TSi + TSr = 5-tuple AP/APC WLAN 3GPP IP Access Wi-Fi UE 2 AP eNB LTE Traffic Selector WLAN Direct IP Access LTE Handover Wi-Fi UE Copyright © 2002-2012 NMC Consulting Group. All rights reserved. SIP = Source IP (IP header) DIP = Destination IP (IP header) SP = Source Port # (TCP/UDP header) DP = Destination Port # (TCP/UDP header) • Traffic Selector can be used to distinguish between WLAN 3GPP IP Access and WLAN Direct IP Access • UE gets Traffic Selector from the ePDG during the IKEv2 procedure • Traffic Selector consists of TSi and TSr: - TSi = Source IP Address(SIP) range, Protocol range, Source Port Number(SP) range - TSr = Destination IP Address(DIP) range, à Server Identification Protocol range (same as TSi, à TCP or UDP Destination Port Number(DP) range à Service Identification • Tsi + TSr = 5-tuple • Based on 5-tuple, UE (IPSec driver) can determine whether application traffic (IP flow) is served by WLAN 3GPP IP Access or WLAN Direct IP Access 17
  18. 18. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking LTE and Wi-Fi Interworking: (4) Traffic Selector (cont) Related Blogs UE YouTube App DIP=YouTube Protocol=TCP DP=80 TCP/IP 2 ollehTV DIP=20.20.1.1(ollehTV) Protocol=6(TCP) DP=80(HTTP) 5 1 Traffic Selector no match Traffic Selector Source IP Destination IP Protocol Source Port # Destination Port # 0.0.0.0 ~ 255.255.255.255 20.20.1.1 6 (TCP) 0 ~ 65535 80 (HTTP) match IPSec Insert IPSec header AP LTE AP/APC Wi-Fi 6 Payload IP IPSec ePDG 20.20.1.1 P-GW IP 7 4 SIP=UE(1.1.1.1) SIP=UE(10.1.1.1) DIP=20.20.1.1 DIP=ePDG a 3 c b d Payload IP IP Network SIP=UE(10.1.1.1) DIP=YouTube WLAN 3GPP IP Access WLAN Direct IP Access 10.1.1.1 · WLAN UE’s Local IP Address · Allocated by AP/DHCP Server in Wi-Fi Network · IPSec Tunnel Outer Source IP in case of WLAN 3GPP IP Access · Source IP in case of WLAN Direct IP Access 1.1.1.1 · WLAN UE’s Remote IP Address · Allocated by P-GW · IPSec Tunnel Inner Source IP in case of WLAN 3GPP IP Access Copyright © 2002-2012 NMC Consulting Group. All rights reserved. a Payload IP IPSec IP b Payload IP SIP=UE(1.1.1.1) SIP=UE(10.1.1.1) DIP=20.20.1.1 DIP=ePDG GRE IP SIP=UE(1.1.1.1) SIP=ePDG DIP=20.20.1.1 DIP=P-GW c Payload IP SIP=UE(1.1.1.1) DIP=20.20.1.1 d Payload IP SIP=UE(10.1.1.1) DIP=YouTube 18
  19. 19. Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking Status of KT, SKT & LG U+ and UE Requirements  KT, SKT: No plan  LG U+: Deploy ePDG from Insprit (http://www.in-sprit.com/kr/content/main/index.php), but do not service yet LG U+: The Purpose of ePDG Deployment Internet • Provides security when subscriber accesses LG U+ service via Wi-Fi network • At this moment, there’s no interworking (no PMIPv6/GTE tunnel) between P-GW and ePDG which means that it does not support handover between LTE and Wi-Fi LG U+ Service Internet P-GW S-GW ePDG eNB AP/APC UE Software Requirement for LTE/Wi-Fi Interworking • IPSec(MOBIKE) driver (Kernel Layer) is required • Handover Manager (Kernel Layer) is required: Handover decision by monitoring LTE and Wi-Fi signal strength • Big Issue: Apple willing to support “IPSec and Handover Manager” in iPhone/iPad??? Copyright © 2002-2012 NMC Consulting Group. All rights reserved. AP LTE Wi-Fi UE LTE Wi-Fi UE 19

×