iWAG – Intelligent Wireless Access Gateway

6,684 views
6,442 views

Published on

Slides provide insight into the iWAG (Intelligent Wireless Access Gateway) solution and details how it reduces network congestion, provides wi-fi security and subscriber control, and enables new revenue-sharing business models for Service Providers. Configuration examples, standards, and helpful references are also provided.

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,684
On SlideShare
0
From Embeds
0
Number of Embeds
26
Actions
Shares
0
Downloads
299
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

iWAG – Intelligent Wireless Access Gateway

  1. 1. iWAG – Intelligent Wireless Access Gateway (Integrating Wi-Fi Traffic into 3G / 4G Core)pmipv6-­‐support@cisco.com  ©  2012  Cisco  and/or  its  affiliates.  All  rights  reserved.   Cisco  Public   1  
  2. 2.   ISG  Features   GPRS  Tunneling  Protocol  (GTP)  for  •  IPoE  Sessions:  DHCP  ini=ated,  unclassified  IP   integraCng  Wi-­‐Fi  traffic   or  MAC-­‐address  ini=ator,  Radius-­‐Proxy   into  Gateway  GPRS  Support  Node   ini=ator  •  Layer-­‐4  Redirect   (GGSN)    •  Traffic  Classes  •  Postpaid  &  Prepaid  Accoun=ng  •  Dynamic  Rate  Limi=ng  •  Lawful  Intercept   iWAG  =  Intelligent  •  Radius  based  authen=ca=on  and  accoun=ng   Wireless  Access  Gateway  •  Radius  CoA  Interface  •  Per-­‐subscriber  QoS  •  IP  Session  keep-­‐alives,  =meouts  •  VRF  Transfer  •  Port  Bundle  Host  Key  (PBHK)   Mobile  Access  Gateway  (MAG)  •  Walk-by session handling/optimization using  Proxy  Mobile  IPv6  (PMIPv6)    Local  Breakout  of  subscriber  traffic  for   for  integraCng  Wi-­‐Fi  traffic  into   Simple  IP  subscribers   Packet  Data  Network  Gateway    …..and more http://www.cisco.com/go/isg   (PGW)     Cisco  Public  
  3. 3. ASR 1000 iWAG – IOS XE 3.8S HLR OCS PCRF CGF DHCP AAA Portal AP Gy Gx Ga AP Mobile Home Network Policy WLC Access Network PolicyL2 Connected 4G Core PGW/LMAFeatures: •  L2 Access & AAA Policy 1.  EAP-SIM/AKA (via WLC) / FSOL – DHCP GTP 2.  EAP-SIM/AKA (via ISG) / FSOL – Radius Proxy 3.  Web Logon /TAL. FSOL – Unclassified MAC ASR1K Gn’ 3G Core GGSN •  GGSN selection via DNS iWAG •  Overlapping MNO address support with multiple SSID Internet © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
  4. 4.   Service Providers   Reduce network congestion: Reduce OpEx and increase network efficiency by offloading 3G/4G traffic   Provide Wi-Fi security and subscriber control: Deliver scalable, manageable, and secure wireless connectivity with a low TCO   Deliver a Wi-Fi platform that offers new, location-based services and enables new revenue-sharing business models  Users   Provide access to 3G/4G core inspite of lack of / weak cell signal   Provide a good QoE to subscribers on Wi-Fi networks similar to that provided on 3G/4G networks   QoS based on subscriber profile and traffic classification   Provide access to mobile backhaul which could have better bandwidth and thus provide better service   Deliver a Wi-Fi platform that enables location-based services © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
  5. 5. Deployment Access Authentication FSOL Service IP Model # Type EAP-SIM/AKA (out-of- DHCP 1 Layer 2 PGW/LMA 4G – PMIPv6 band) Discover 2 Layer 2 EAP-SIM/AKA (in-band) Radius Proxy PGW/LMA Unclassified 3 Layer 2 Web Logon PGW/LMA MAC EAP-SIM/AKA (out-of- DHCP 4 Layer 2 GGSN 3G – GTPv1 band) Discover 5 Layer 2 EAP-SIM/AKA (in-band) Radius Proxy GGSN Unclassified 6 Layer 2 Web Logon GGSN MAC© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
  6. 6. HLR OCS PCRF CGF AAA DHCP Access Network Policy Gy Gx Ga Mobile Home Network Policy EAP-SIM/AKA Authentication (out-of-band) 4G Core PGW/LMA AP AP WLC FSOL: DHCP Discover Service IP ASR1K L2 Connected iWAG Access Internet Model # Authentication FSOL Service IP Type EAP-SIM/AKA (out- DHCP 1 Layer 2 PGW/LMA of- band) Discover© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
  7. 7. ITPDevice   802.1x   AP+WLC   iWAG   P-­‐GW   PCRF   Policy  Manager   AAA   HLR   Sub  DB   CAR+ITP   Configure authorized IMSIs on the Subscriber database with EAP  Request/ID   RADIUS  Access  Request     WiFi Subscriber Profile. EAP  ID  Response/ID   (username=  EAP  ID,  calling  staCon  ID  =  MAC,  called-­‐staCon-­‐ID  =  AP:SSID)   WiFi Subscriber Profile: MAP  SEND   Realm, WiFi APN, Charging AUTH  INFO   Characteristics, IPv4/IPv6 Req   service MAP  SEND   EAP-SIM Method, Recover IMSI from Pseudonym or Fast Re-Auth ID AUTH  INFO   Res   IMSI Authenticated, but Recover  SubscripCon   MSISDN unknown Profile  (IMSI)   MAP  SRI  for   LCS  Req   (IMSI)   MAP  SRI  for  LCS   Res  (MSISDN)   Store  MSISDN   Cache  MAC,  IMSI,   MSISDN,   subscriber  profile   RADIUS  Access  Accept       EAP  SUCCESS   VLAN© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  8. 8. iWAG   ITP User Profile VSAs: SPR/   AAA   HLR   CISCO-SERVICE-SELECTION (APN),Device   AP+WLC   DHCP/MAG   P-­‐GW/LMA   PCRF   Sub  DB   CAR+ITP   CISCO-MOBILE-NODE-IDENTIFIER (IMSI@realm) , LMA, RADIUS  Access  Request  (Calling  StaCon  ID  =  Source  MAC  address)   Source  MAC  Address:  DHCP  Discover     CISCO-MSISDN, 3GPP-CHARGING-CHARS, RADIUS  Access  Accept(User  Profile)   CISCO-MN-SERVICE (IPv4) PBU IPv4  HoA  =  0.0.0.0   MN-­‐ID  (imsi@realm),  SSMO  (APN),     Gx:CCR-­‐I   MSISDN,  CHARGING   CHARACTERISTICS  ,  ATT  =  Wi-­‐Fi   Gx:CCA-­‐I   PBA   DHCP  Offer  (a.b.c.d)   Gx:CCR-I: IMSI, MSISDN, DHCP  Req/Ack     APN, RAT Type (Primary  DNS  recovered  from   Subscriber ID Type = E.164, PBA)   RAT=WiFi Open PGW-CDR With container for WiFi SP: Recover Subscriber Service, subscriber ID Profile = MSISDN RF:  Diameter  ACR     Policy Profile to Apply RF:  Diameter  ACA     PBA: IPv4 Home Address PMIPv6 (HoA) PCO: Primary DNS © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
  9. 9. HLR OCS PCRF CGF AAA DHCP Access Network Policy Gy Gx Ga Mobile Home Network Policy EAP-SIM/AKA Authentication (out-of-band) AP AP WLC FSOL: DHCP Discover GTP ASR1K Gn’ 3G Core EWAG GGSN Service IPL2 Connected Access Internet Model # Authentication FSOL Service IP Type EAP-SIM/AKA (out- DHCP 4 Layer 2 GGSN of- band) Discover © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
  10. 10. ITPDevice   802.1x   AP+WLC   iWAG   P-­‐GW   PCRF   Policy  Manager   AAA   HLR   Sub  DB   CAR+ITP   Configure authorized IMSIs on the Subscriber database with EAP  Request/ID   RADIUS  Access  Request     WiFi Subscriber Profile. EAP  ID  Response/ID   (username=  EAP  ID,  calling  staCon  ID  =  MAC,  called-­‐staCon-­‐ID  =  AP:SSID)   WiFi Subscriber Profile: MAP  SEND   Realm, WiFi APN, Charging AUTH  INFO   Characteristics, IPv4/IPv6 Req   service MAP  SEND   EAP-SIM Method, Recover IMSI from Pseudonym or Fast Re-Auth ID AUTH  INFO   Res   IMSI Authenticated, but Recover  SubscripCon   MSISDN unknown Profile  (IMSI)   MAP  SRI  for   LCS  Req   (IMSI)   MAP  SRI  for  LCS   Res  (MSISDN)   Store  MSISDN   Cache  MAC,  IMSI,   MSISDN,   subscriber  profile   RADIUS  Access  Accept       EAP  SUCCESS   VLAN© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
  11. 11. WiFi client iWAG GGSN AAA AP+WLC @g.g.g.g Vlan connectivity Out of band EAP authentication DHCP Discover [MAC=client- MAC] Access Req [client-MAC] Access Accept [IMSI, MSISDN, APN, ssg-service=GTP-svc, etc] Create PDP Req [IP addr=0.0.0.0] Access Req Create PDP Resp Access [IP addr=c.c.c.c] Accept Regenerate a DHCP offer DHCP Offer to send back to the client [client IP =c.c.c.c; server=e.e.e.e] DHCP Req [client requested IP=c.c.c.c; server=e.e.e.e] Activate session on DP fully DHCP ACK after finding it having a valid [client IP=c.c.c.c; server=e.e.e.e; renewal IP addr time…] client’s traffic client’s traffic tunneled© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
  12. 12. ©  2012  Cisco  and/or  its  affiliates.  All  rights  reserved.   Cisco  Public   12  
  13. 13. Cisco-AVPair = mn-nai=user1@serviceprovider.com Cisco-AVPair = mn-service=IPv4 Cisco-AVPair = cisco-service-selection=service1.com 3G mobile user Cisco-AVPair = cisco-msisdn=919448927815 Cisco-AVPair = cisco-imsi = 262020000000642 RADIUS profile Cisco-AVPair = mn-apn=serviceprovider.com Cisco-AVPair = cisco-mpc-protocol-interface=gtpv1 GTP based Cisco-AVPair = mn-nai=user1@serviceprovider.com Cisco-AVPair = mn-service=IPv4 4G mobile user Cisco-AVPair Cisco-AVPair = = home-lma-ipv6-address=2001:db8:cafe:1024::101 home-lma-ipv4-address=5.8.24.101 RADIUS profile Cisco-AVPair Cisco-AVPair = = home-lma=lma1 mn-apn=serviceprovider.com PMIPv6 based Cisco-AVPair = cisco-mpc-protocol-interface=pmipv6© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
  14. 14. interface GigabitEthernet0/1/0.3074 description “4G Mobile users access interface” Access interface encapsulation dot1Q 3074 ip address 5.8.22.15 255.255.255.0 definition for 4G ipv6 address FE80::200:5EFF:FE00:5213 link-local user service-policy type control PMIP_PROFILE ip subscriber l2-connected initiator dhcpIntegration to ISG interface GigabitEthernet0/3/6.1 description “”3G Mobile users access interface” Access interface encapsulation dot1Q 1 native ip address 192.168.10.1 255.255.255.0 definition for 3G ipv6 address FE80::300:5EFF:FE00:5213 link-local service-policy type control GTP_PROFILE user ip subscriber l2-connected initiator dhcp mcsa enable sessionmgr© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
  15. 15. PMIPv6 domain definition ! PMIPv6 ipv6 mobile pmipv6-domain D1 MAG mn-profile-load-aaa definition lma lma1PMIPv6 LMA ipv6-address 2001:DB8:CAFE:1024::101 to which ! iWAG as ipv6 mobile pmipv6-mag M1 domain D1MAG sends role 3GPP traffic to address ipv6 2001:DB8:CAFE:1025::15 interface GigabitEthernet0/1/0.3074 ! iWAG access interface(s)© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  16. 16. AAA definition for iWAG to know where to get authorization from Policy-map to aaa authorization network ISG_LIST group iWAG-MOBILE-USERS! control policy-map type control PMIP_PROFILEautorization of 4G class type control always event session-start user going to 5 service-policy type service name INTERNET_SERVICE PMIPv6 tunnel 30 authorize aaa list ISG_LIST password cisco identifier mac-address ! ! policy-map type control GTP_PROFILE Policy-map to class type control always event session-start control 5 service-policy type service name INTERNET_SERVICE 30 authorize aaa list ISG_LIST password cisco identifier mac-addressautorization of 3Guser going to GTP tunnel© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
  17. 17. RAT: Radio Access GTP Technology definition gtp n3-request 3 interval t3-response 10 interval echo-request 60 information-element rat-type wlan interface local GigabitEthernet0/3/0 apn 1 apn-name cisco1.com ip address ggsn 192.170.10.2 default-gw 192.168.10.1 prefix-len 16 Details for dns-server 192.165.1.1 dhcp-server 192.168.10.1 iWAG to dhcp-lease 30000 reach the iWAG GGSN access interface(s)© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
  18. 18. For Your Reference Command Remarks mcsa enable sessionmgr Enable subsciber session manager on iWAG ip dhcp pool pmipv6_dummy_pool Enable DHCP on the MAG ipv6 mobile pmipv6-domain <Domain_Name D1> Create the PMIPv6 domain e.g. D1. mn-profile-load-aaa Loads the profile configuration from AAA to the MN within the PMIPv6 domain lma lma1 Configure LMA name and address ipv6-address 2001:DB8:CAFE:1024::101 ipv4-address 5.8.24.101 ipv6 mobile pmipv6-mag <MAG M1> domain D1 Enable the MAG service on a router, for the above configured PMIPv6 domain e.g. MAG M1 sessionmgr Enable subscriber session manager under MAG address ipv4 5.8.25.15 Configure IPv4 (required only when transport is address ipv6 2001:DB8:CAFE:1025::15 IPv4 only)& IPv6 address acting as the MAG. LMA would keep track of MAG using this IP address. interface GigabitEthernet0/0/0.3074 Enable MAG services on the access interface towards the MN/WLAN© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
  19. 19. Platform RP/Memory ESP ASR1001 16GB integrated ASR1002-X 16GB integrated ASR1004 RP2 16GB ESP40 ASR1006/13 RP2 16GB ESP40/100 Existing broadband licenses support iWAG http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_c07-448862.html IOS XE 3.8S Releasing in mid Nov’2012© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
  20. 20.   SP Wi-Fi becomes an access solution to the MPC  iWAG enables Wi-Fi integration into 3G via GTP  iWAG enables Wi-Fi integration into 4G via PMIPv6  iWAGprovides service providers with new revenue-sharing business models  Enables SP to use common subscriber Billing and Policy [Gx, Gy, Gi] across 3G,4G and Wi-Fi network  Enable residential Wi-Fi with EoGRE tunneling solution  Building block of an integrated solution providing:   Seamless experience to customers (clientless)   Support for evolution of mobile operator services © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
  21. 21. PMIPv6 http://www.cisco.com/web/about/ac123/ac147/archived_issues/ ipj_13-3/133_pmipv6.html RADIUS Interface Document http://www.cisco.com/en/US/docs/ios/ios_xe/isg/coa/guide/3s/isg-coa.html Interface Components Standard RADIUS AAA Server/ Policy RFC 2865 Server and NAS RADIUS Change of Portal Server and NAS RFC 3576, RFC 5176 Authorization Proxy Mobile IPv6 MAG and LMA RFC 5213, RFC 5844, RFC 5845, RFC 5846, RFC 6543© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
  22. 22.   ISG: Cisco ASR 1000 http://www.cisco.com/en/US/docs/ios-xml/ios/isg/configuration/xe-3s/isg-xe-3s- book.html  MAG : Cisco ASR 1000  http://www.cisco.com/en/US/docs/ios-xml/ios/mob_pmipv6/configuration/xe-3s/ asr1000/mob-pmipv6-xe-3s-asr1000-book.html  MAG: Cisco ISR http://www.cisco.com/en/US/docs/ios-xml/ios/mob_pmipv6/configuration/15-2mt/ imo-pmipv6-mag-support.html  MAG: Cisco WLC http://www.cisco.com/en/US/products/ps10315/ products_tech_note09186a0080bd4100.shtml  PMIPv6 CEC Page: http://wwwin.cisco.com/ios/tech/mobile/proxyipv6/  ISG CEC Page: http://wwwin.cisco.com/ios/tech/broadband/isg/  Whitepapers on SP Wi-Fi http://www.cisco.com/go/spwifi © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
  23. 23.   SP Wi-Fi NOSTG Product manager Amrit Hanspal – ahanspal@cisco.com  SP Wi-Fi ASR1000 Product manager Greg Cote – grcote@cisco.com  SP Wi-Fi Technical Marketing Engineers Akshaya Kumar – sakskuma@cisco.com Boris Mimeur – bomimeur@cisco.com Prashant Jhingran – pjhingra@cisco.com  Or simply write to us: pmipv6-support@cisco.com © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
  24. 24. Thank  you.  

×