3. Thank you for attending Cisco Connect Toronto 2015, here are a few
housekeeping notes to ensure we all enjoy the session today.
§ Please ensure your cellphones / laptops are set on silent to ensure no
one is disturbed during the session
§ Ask Questions…!
House Keeping Notes
4. § Give us your feedback and you could win
a Plantronics headset. Complete the
session survey on your Cisco Connect
Toronto Mobile app at the end of your
session for a chance to win
§ Winners will be announced and posted at
the Information desk and on Twitter at the
end of the day (You must be present to win!)
Complete your session evaluation – May 14th
5. § Cisco dCloud is a self-service platform that can be accessed via a browser, a high-speed
Internet connection, and a cisco.com account
§ Customers will have direct access to a subset of dCloud demos and labs
§ Restricted content must be brokered by an authorized user (Cisco or Partner) and then shared
with the customers (cisco.com user).
§ Go to dcloud.cisco.com, select the location closest to you, and log in with your cisco.com
credentials
§ Review the getting started videos and try Cisco dCloud today: https://dcloud-cms.cisco.com/help
dCloud
Customers now get full dCloud experience!
7. Wi-Fi Massive Usage Growth Relative to LTE
LTE has lost the indoor/residential game à So has VoLTE…
Source: mgrayson & aslemper
Source: Mobidia
8. But Apple Pushed VoWiFi in the Spotlight
Why Should a Service Provider Care?
• Complement Indoor Macro Radio VoLTE Coverage for residential and enterprise à Ongoing CapEx reduction.
• Enable Carrier-Class International VoIP Roaming – Example: Sprint à Out-of-Market Coverage Enhancements
• Voice on non-SIM companion device à Capture 80% of the WiFi devices that happen to have no SIMs
• Carrier class service to compete with OTT VoIP (Skype etc) à Differentiate using ISM/VoLTE with WiFi against OTT Players
9. VoWiFi set to solve SP Business Challenge
It’s About Coverage In building
“Cost effective & scalable (for the
mass market) solution for delivering
in building coverage (when the macro
network isn't available) for both
Residential and Business
Customers”
A way to displace other in-building
solutions such as Licensed Small
Cells, DAS or LTE microcells?
10. § Works on any WiFi (trusted/untrusted) but focus on indoor & poor
LTE coverage areas à reclaim the indoor/residential space
§ Handling of Emergency Calls based on User Settings à Greater
device coverage possible.
§ Possible to implement Restriction based on certain markets:
Residential, SP owned WiFi, in-country versus international.
§ Single-number reach for SIM/non-SIM based devices à multi-
device ringing…
§ Integrated Services (SMS, MMS, FaceTime …)
§ Simplified Billing & capture of non-SIM based devices
VoWiFi Unique Advantages for MNO’s…
What Service Providers want…
12. International Roaming
Existing
MSCForeign
PLMN
Home PLMN
OTT MSC
OTT
Client
Foreign
IP/Wifi
VoWiFi
MSCForeign
Wifi
ePDG
/PGW
Home MSISDN
OTT MSISDN
Home MSISDN
Home PLMN
Home PLMN
Same home mobile number for MO/MT
No need to pay expensive roaming charge
Same phone dialer for mobile and wifi call
Capture revenue long lost to OTT
No need to pay roaming partners
13. Voice call on non-SIM device
Significantly increase the number of voice capable devices
14. VoWiFi – Apple iOS 8 WiFi Calling
Voice/Text over Wifi
Standard based:
ePDG/IPSec 3GPP
23.402
Same Phone dialer
for 3G/4G/wifi voice
Voice Handover
between Wifi/LTE
VoWiFi traffic goes
to Mobile Core;
Others goes local
Use VoLTE IMS
15. VoWiFi Handset support
• WiFi Calling support in iPhone 5s/5c and iPhone 6/6+
• Interworking completed
Apple
Android
• No native Android OS support yet
• Samsung Note 4 wifi calling in selected markets
• Samsung interworking completed.
• Qualcomm Snapdragon 800 chipset interworking
completed
16. Our WiFi Calling User Experience
Always choose wifi over cellular
to make or receive call
Calls start in cellular stay in
cellular
Enterprise needs to un-block
IPSec
iPhone relies on minimal QoS
support from the network
18. Voice over Wi-Fi Architecture
§ VoWi-Fi is an E2E architecture that requires:
§ UE clients: iWLAN and VoLTE
§ Wi-Fi access
§ ePDG
§ PGW with s2b support
§ VoLTE service infrastructure
§ Enhanced features required
§ Location awareness – Wi-Fi
§ Support for non-UICC devices – Wi-Fi/VoLTE
§ Mobility support
§ Optionally enterprise integration (ISC) – VoLTE
§ QoS guidelines for Wi-Fi
Internet/Untrusted
network
(e.g. home/ent)
Interne
t
PGW
AAA
DHCP
HSS/HLR
Wi-Fi
access
ePDG
SWu
S2b
PMIPv6
GTPv2
SWm
SWn
IPSec
eNodeB NodeB
MME/
SGW
3GPP
access
S5/S8
MSC
Gi
RNC
IMS Core
SGSN
TAS CUCM
IMS/VoLTE
19. ePDG Basics – Main Functions
§ User Authentication and Authorization
§ IKEv2 based on EAP-AKA
§ De-capsulation/Encapsulation of packets for IPSec
§ Tunnel authentication and authorization
§ APN authorization and PWG selection
§ Provide PWG identity if static address
§ Local Mobility Anchor
§ PGW address from AAA in inter system handovers
§ Tunnel and QoS mapping between S2b bearers and access network
§ Mapping of S2b bearer(s) to SWu (IPSec) sessions
§ Mapping of dedicated bearers on S2b using TFT packet filters
§ DSCP marking and/or 802.1p tagging for QoS
§ Routing of downlink packets towards the SWu instance associated to the PDN connection;
§ Transport level packet marking in the uplink;
§ Enforcement of QoS policies based on information received over S2b control plane
Seamless Wifi/LTE handover supported
MAPCON: Only IMS-APN traffic goes to SWu/ePDG other
goes to local internet
20. ePDG selection processes
§ UE selects ePDG: UE constructs an FQDN and performs a DNS query to resolve it.
Response contains 1 or more IP addresses in IPv4/v6 format. UE select an address in the
same format.
§ ePDG select AAA: ePDG is provisioned with a pair of 3GPP AAA IP Addresses (Primary/
Secondary). DIAMETER watchdog process monitors primary/secondary link for failover.
§ ePDG selects PGW: For a given APN, the ePDG will construct an APN FQDN based on
the format of:
§ <APN-NI>.apn.epc.mnc<MNC>.mcc<MCC>.3gppnetwork.org. The ePDG will perform DNS S-NAPTR query to get
PG
§ The NAPTR response will contain three Records with “a” flag but different “Service Parameters”: “x-3gpp-pgw:x-s2a-
pmip”, “x-3gpp-pgw:x-s5-gtp” and “x-3gpp-pgw:x-s2b-gtp”. The ePDG will then perform a DNS AAAA query with
replacement string matching “Service Parameters” of “x-3gpp-pgw:x-s2b-gtp”. This will result in the IP address of S2b
interface of the provided PGW.
21. Call Flows – ePDG Select ePDG
ePDG
UE AP DNSePDG DNS X
0. Associate Request / Response
UE creates a
FQDN for ePDG
query
1. DHCP
DNS X
D1. Recursive DNS Query
epdg.epc.mnc480.mcc311.pub.3gppnetwork.org
D2. DNS Query
D3. DNS Response
D4. DNS Response
IP address #1
IP address #2
IP address #3
IP address #4...
2. IKEv2 SA_INIT
3. IKEv2 SA_INIT RSP
WiSPr
Authentication
22. Call Flows – UE initial attach
UE AP PGW
3GPP
-AAA
PCRF
2. IKEv2 SA_INIT
15a. CCR
ePDG
13. Create Session Request
16. Create Session Response
3. IKEv2 SA_INIT RSP
4. IKEv2 AUTH_REQ
5. DER
6. DEA
7. IKEv2 AUTH_RESP
8. IKEv2 AUTH_REQ
9. DER
10. DEA
11. IKEv2 AUTH_RESP
12. IKEv2 AUTH_REQ
17. IKEv2 AUTH_RESP
14a. AAR
HSS
SW1. MAR
SW2. MAA
SW3. SAR
SW4. SAA
SW3. SAR
SW4. SAA
15b. CCA
18. Router Advertisement
1. UE authentication and ePDG selection / attach
14b. AAA
19. AAR
20. AAA
OCSOFCS
15c. CCR
15d. CCA
B1. ACR-Start
B2. ACA
S1. UDR/UDA
S2. SNR/SNA
Not used for
emergency attach
EAP-AKA used for
User authentication
23. VoWiFi Calling UE Architecture
VoIP
SWu/IPsec
Client
LTE interface
EPDG
Untrusted Wifi LTE
IMS-APN
SMS http,Other Apps
UE
PGW
SGW
VoLTE
IMS
IPSec tunnel
Virtual IP
IPSec
Connection
Manager
Wifi interface
MAPCON
Policy
PGW Internet
PGWVoIP
S2b
Internet
Non IMS-APN traffic
goes to internet from
local wifi
S5
24. VoWiFi/LTE Mobility - Handover
PSTN
PGW
MGCF
MGWEPDG
Wifi
IMS-APN
SWu
Client
Smartphone
S2bIPSec
VoIP – User plane
IMS
LTE RAN
SGW
MME
S5VoLTE/VoWiFi Handover
Voice call/IMS-APN is maintained(continuous) when user moves between WiFi and
LTE coverage
25. VoWiFi Call setup
UE PGW PCRF
9. RAA
ePDG
14. Create Bearer response
13. Create Bearer Request
8. AAA
7. RAR
OCSOFCS
P-
CSCF
6. AAR
11. CCR
12. CCA
TAS
1. SIP RE-INVITE
2. SIP RE-INVITE
3. Ro Call Control
5. 200 OK
4. Peer UE
procedures
10. 200 OK
LVC (Voice/Video) call ongoing on LTE (Dedicated Bearer)
LVC (Voice) call ongoing on LTE (Dedicated Bearer)
26. UE eNB ePDG MME SGW PGW PCRF
3GPP
-AAA
2. IKEv2 SA_INIT
3. IKEv2 SA_INIT RSP
4. IKEv2 AUTH_REQ
5. DER
6. DEA
7. IKEv2 AUTH_RESP
8. IKEv2 AUTH_REQ
9. DER
10. DEA
11. IKEv2 AUTH_RESP
12. IKEv2 AUTH_REQ
23. Delete Bearer Response
21. Delete Bearer Request
20. Delete Bearer Request
16a. Create Session Response
13. Create Session Request
22. Delete Bearer Response
14a. AAR
14b. AAA
15a. CCR-U
15b. CCA-u
MME triggers release of radio resources
16b. Create Bearer Request
16c. Create Bearer Response
19 SIP Re-Register (RAT change)
OCS
SW1. MAR
SW5. SAR/SAA
SW2. MAA
SW3. SAR
SW4. SAA
HSS OFCS
15c. CCR-I
15d. CCA-I
R1 ACR
R2 ACA
LVC (Voice/Video) call ongoing on LTE
LVC (Voice/Video) call ongoing on WLAN (Default Bearer)
1: UE attaches
to AP
LVC (Voice/Video) call ongoing on WLAN (Dedicated Bearer)
18. Router Advertisement
17. IKEv2 AUTH_RESP
15e. CCR-T
15f. CCA-T
Downlink Packets dropped / buffered / Sent on
Dedicated at PGW based on config
4G VoLTE/LVC call established
IKEv2/IPSec Session request and
authentication via ePDG
PGW: updates existing session for
RAT Type=WLAN, Obtains PCC
Policy Rules from PCRF, PGW
releases LTE call leg.
Dedicated bearer created on ePDG
call leg
UE updates RAT Type with IMS/SIP Core
VoLTE to VoWiFi HO
27. Packet Core Combo’s: ePDG and 4G Femtocell
Prime Mobility
Prime
Network
Prime Performance
Cisco StarOS
ePDG
Operator
NMS
Packet Gateway
Operator S/
PGW
Alarms
& KPIs
Alarms
& KPIs
Operator
AAA
Operator
HSS
Operator
DRA
Operator
IMS TAS
S2b GTPv2
SWm
Internet
ePDG
Client SWu
IPSecVoWiFi
IMS
Client
HeNB-GW Operator
MME
SecGW
S1/X2
IPSec
S1
4G Small Cell
HMS
Mgmt
28. Cisco Telco Cloud Solution
PGW
Mobile core
IMS Control plane
IMS
MGCF
MGWEPDGWifi/
Internet
VoIP SIP
Client
SWu
Client
Smartphone
S2b
IPSec
SIP – Control plane
VoIP – User plane
HCS
Enterprise collaboration
and PABX
ISC
3GPP
AAA
SWm
HSS
SWx
Cisco VoWiFi Solutions
ePDG: Base on proven StarOS multi-service
platform (ASR5K/55500/QvPC)
3GPP AAA: Cisco Prime Access Register
VoLTE TAS/IMS: Cisco Telco Cloud and UC/
HCS Solutions
Wifi Access: Field proven Voice over Wifi
solutions
VOLTE
CORE
PSTN
31. 3GPP SaMOG Definition
§ SaMOG (S2a Mobility Over GTPv2) provides EPC
Access over Trusted WLAN.
§ SaMOG Components:
ü WLAN Access Network à Trusted (Operator owned)
ü WLAN AAA Proxy à TWAP
ü WLAN Access Gateway à TWAG
§ Why SaMOG?
ü Efficient use of Spectrum
ü Network based Mobility
ü Seamless mobility between 3GPP and WLAN for EPC
services with IP address preservation
ü Non-seamless WLAN offload.
32. Trusted WLAN AAA Proxy (TWAP)
§ Provides a Radius Interface towards
WLAN AN for UE authentication and
accounting.
§ Uses Diameter-based Interface towards
the 3GPP AAA server
§ Supports EAP based UE Authentication
(EAP-SIM, EAP-AKA, EAP-AKA')
§ Binds the UE’s WLAN identity to UE’s
subscription data (APN Profile, IMSI,
MSISDN)
§ Provides the UE Attach and Detach
triggers to the TWAG
PGW
GTP
TWAP
(MRME)
TWAG
(CGW)
AAA/HSS
STa
(Diameter)
WiFi C/U termination
WiFi APWiFi AP
IP-GRE
CAPWAP - C/U
WiFi RRM
CAPWAP - C/U
WiFi RRM
AAA
(Radius)
33. Trusted WLAN Access Gateway (TWAG)
§ Gateway to connect the Trusted
WLAN to the EPC
§ Terminates the S2a interface, carrying
the UE packets from the WLAN in the
S2a tunnel based on GTPv2.
§ Packet forwarding in the TWAN is
based on PMIPv6 tunnel between
WLC and TWAG, GTPv2 Tunnel
between TWAG and EPC.
§ Receives and responds to triggers
from the TWAP for UE Attach, Detach
Internet
PGW
TWAP
(MRME)
TWAG
(CGW)
WiFi C/U termination
WiFi AP
CAPWAP - C/U
WiFi RRM
GTP
IP-GRE
34. Cisco StarOS WAG: VoWiFi Optimization
NSWO + Wi-
Fi Calling
Client
WLAN
Acces
s &
TWAG
Default APN
P-GW
S2a
DHCP
allocated
173.38.0.1
Default APN
Configuration
UE Pool:
173.38.0.0/24
802.11
Host:
10.10.1.1
IP
IPv4
Internet
S2b
IKEv2
allocated
2610:8dba:
82e1:ffff::/64
ePDG
IMS APN
P-GW
IMS APN
UE Pool:
2610.8dba:
82e1:ffff::/48
SWu
IPv6 IMS
based Wi-Fi
Calling
Service
SAMOG/Trusted WiFi
NSWO + Wi-Fi
Calling Client
Default APN
P-GW
S2a
IKEv2 allocated
2610:8dba:
82e1:ffff::/64
DHCP allocated
173.38.0.1
Default APN
Configuration
UE Pool:
173.38.0.0/24
802.11
ePDG
Including
SWu NAT
traversal
functionality
IP
IPv4
Internet
DNS Resolves
ePDG to
173.38.2.1
SIPTO
Enabled
TWAG
NAT
Outside Pool:
173.38.1.0/24
SIPTO
Match IP
173.38.2.1
SWu
SWu
NSWO
173.38.2.1
• Standard approach is ePDG and SaMOG as 2 ships in the night.
• Forces MNO’s to make a WiFi deployment decision based on VoWiFi application & readines
• Optimized approach uses SaMOG SIPTO to “break-out” untrused WiFi sessions to ePDG context
• Allows complete transparency between TELUS owned versus 3rd party WiFi Access.
• Allow for QoE based approach for VoWiFi and other apps.
36. Network Virtualization
§ Virtualization is becoming the main
“Marketing” discussion
§ 99% of CAPEX still being spent on
conventional solutions
§ Not all customers are ready for
virtualization
§ Customer demand for an appliance-
based platform scaling both higher and
lower than ASR5000/5500
Services
Subscribers
Sessions
Throughput ePDG
SaMOG
Any
Computing
38. Finding the right middle ground
Network Appliances
on dedicated
hardware
Network Appliances
on COTS hardware
Network Function
Virtualization
Data center hardware
Virtualization and orchestration layer
Network
function
A
Network
function
B
Network
function
C
Network
function
A
Hardware
A
Network
function
B
Hardware
B
Network
function
C
Hardware
C
Network
function
A
Network
function
B
Network
function
C
COTS HW COTS HW COTS HW
• Specialized and optimized hardware
• Same SW now using standard Cisco
COTS HW
• Vendor fully responsible for software
and hardware of the product
• Independent data center hardware
layer
• New layer for orchestration
39. Virtual Packet Core Architecture
§ VPC
• Mapping the different software
process onto specific VMs
• Flexibility to run VM across
different hardware platforms
(servers)
§ Benefits
• High performance
• Scaling in all directions
§ VNF Orchestration
• All scaling use case
• Instantiation of multiple VMs
• Possible integration with
underlay SDN
StarOS VPC-DI
VM 1
CF
HYPERVISOR
Controller Tasks:
VPN, Port, Session
High Availability
Tasks
Resource
Manager
VM 3
SF
HYPERVISOR
DeMux Manager
VM 4
SF
HYPERVISOR
SF
SF
SM + AAA Manager
VM 5…
SF
HYPERVISOR
SF
SF
SM + AAA Manager
CTCM
OpenStack
NSO
Switch or Router
UCS Hardware
(Service Orchestration - NfVO)
VNFM
VIM
SF
SM + AAA Manager
40. OpenStack
Cisco Virtualized ePDG and EPC
Networking
Hardware: x86 server
VMware ESXi
(OS + Hypervisor)
ePDG
Cisco StarOS
Linux Kernel
Networking
Hardware: x86 server
Ubuntu / RedHat (OS)
ePDG
Cisco StarOS
Linux Kernel
KVM (Hypervisor)
vSphere/vCloud
• Integrated OS + Hypervisor
• Benefits of Hardware/Network Acceleration
• Single Vendor OS/Hypervisor (VMware)
• KVM as Hypervisor
• Full OS Implementation (Ubuntu / RedHat)
• Multi-Vendor “Open Source” Environment
• Complex Monitoring and Management
VMware Ecosystem OpenStack Ecosystem
• Base on COT x86 server
hardware
• Highly scalable: Capacity can
be added by adding CPU/
memory resource
• Elasticity: Capacity-on-demand
• Field Proven: Same StarOS
software as physical ePDG and
EPC
43. S2b
VoWiFi Deployment
Is it just a simple addition to VoLTE IMS?
Internet PGWEPDG
S2b
Internet
PGWEPDG
DNS AAA AAA
Home AP
Modem
Residential
Enterprise
Home SSID
Enterprise
AP/WLC
Ent SSID
Guest
SSID
FW
SWu
Requirements:
Home AP/Modem to support
• 802.11ac
• 802.11e WMM include DSCP to WMM
• IPSec Port enabled
• DNS to resolve ePDG FQDN
• VPN from ePDG to home modem
• VoWiFi and generic non-IMS traffic use the same wifi SSID
• UE has access to home wifi network
• VoWiFi and generic non-IMS traffic use the same wifi SSID
• UE may or may not has access to home ent wifi network
Requirements:
UE has access to Ent SSID
• AP supports 802.11ac
• AP supports 802.11e WMM include DSCP to WMM
• Ent FW IPSec Port enabled for ePDG IP
• Ent DNS to resolve ePDG FQDN
• VPN from ePDG to AP/WLC
Requirements:
UE has no access to Ent SSID. Use Guest SSID
• AP supports 802.11ac
• AP supports 802.11e WMM include DSCP to WMM
• Guest SSID has separate VLAN to FW
• Ent FW IPSec Port enabled
• Ent DNS to resolve ePDG FQDN for Guest SSID
• VPN from ePDG to AP/WLC
• Ent AAA connection to SP AAA or 3rd party AAA for wifi
authentication