Er Wi Fi Integration Ericsson Info Tech Middle East
1. Easing hotspot issues
Wi-Fi integration
People want to be able to use their smartphones, laptops, tablets and
other devices everywhere, and so they need access to 3G, 4G and Wi-Fi.
A N DE R S LU N D S T RÖM A N D GÖR A N H A L L task of sending extra password informa-
tion to their customers.
Now that mobile broadband and drivers of this tenfold increase in mobile Numerous devices already support
mobile multimedia services are so data-traffic over a five-year period. EAP-SIM over Wi-Fi, including RIM’s
popular, subscribers are beginning The strong growth in Wi-Fi-enabled BlackBerry phones, Nokia handsets
to expect broadband access to be handsets with SIM-based authentica- running Symbian, several SonyEricsson
available wherever they go – not tion provides additional opportunities models, as well as Apple’s iPhone (mod-
just at home or in the office. People to capture residential and hotspot ser- els 3 and 4) and iPad (models 1 and 2).
want to be able to connect from vices – such as those often available at General support for Android devices is
their cars, on the train, in aircraft, airports that use web-login techniques. currently expected in 2012.
from remote locations, in the urban As with most types of growth, this devel-
jungle and even from areas where opment represents both opportunities Vision
it is difficult to provide access, and challenges for operators to inte- Ericsson’s vision for Wi-Fi integration
such as in mines, tough terrain or grate Wi-Fi – allowing them to increase in 4th-generation IP networks, illustrat-
subway tunnels. mobile-broadband reach while main- ed in Figure 2, is based on the ongoing
taining convenience for subscribers. cooperation between Broadband Forum
Market situation and 3GPP EPC architectures, which uses
The Ericsson Traffic and Market Data Support for terminals a simple, functional architecture that is
Report (November 2011)1 indicates that To provide subscribers with conve- scalable, flexible and easily tuned.
mobile broadband subscriptions will nient access to operator hotspots and Wi-Fi solutions need to implement
reach almost 5 billion in 2016 – a dramat- open access to residential Wi-Fi, new both packet-core integration and local
ic increase from the 900 million expect- mechanisms beyond today’s web-l gino breakout of services, using a BNG func-
ed by the end of 2011. Irrespective of the and portal-based authentication are tion as shown in Figure 2. Traffic can
type of device used, internet access will required. If embedded SIM-security over be EPC-routed using the mobile service-
continue to drive mobile-traffic develop- Wi-Fi is the chosen solution, the SIM of delivery cluster – PGWs, GGSNs and oth-
ment; and mobile data-traffic is expect- the connecting device can provide an er value-added services – as part of the Gi
ed to grow by nearly 60 percent a year access key using EAP-SIM or EAP-AKA network. Anchoring with mobile edge
between 2011 and 2016. Subscribers authentication. In this way, a subscriber enables mobile service logic to apply for
downloading and watching video con- can connect to a mobile-broadband net- subscribers using Wi-Fi. This approach
tent, and using ideo-communication
v work without having to enter a key man- reuses the northbound integration usu-
services are expected to be the primary ually and operators avoid the additional ally implemented as part of the mobile
BOX A Terms and abbreviations
3GPP 3rd Generation Partnership Project EAP-AKA EAP for UMTS Authentication and HSS Home Subscriber Server
4G 4th-generation mobile Key Agreement HTTP Hypertext Transfer Protocol
wireless standards EAP-SIM EAP-Subscriber Identity Module IMS IP Multimedia Subsystem
AAA authentication, authorization EPC Evolved Packet Core IMSI International Mobile Subscriber
and accounting ePDG Evolved Packet Data Gateway Identity
AVP attribute value pair GBA Generic Bootstrapping Architecture IP Internet Protocol
BPCF Broadband Policy Control Function GGSN Gateway GPRS Support Node IP-CAN IP connectivity access network
BNG Broadband Network Gateway Gi GGSN external interface IPsec IP Security
CLIPS call line identification presentation – GGSN to PDN IPTV IP Television
CMIPv4 Client-based mobile IPv4 GPRS general packet radio service IPv4 IP version 4
DHCP Dynamic Host Configuration GSM Global System for Mobile IPv6 IP version 6
Protocol Communications IKEv2 Internet Key Exchange version 2
DSMIPv6 Dual-stack Mobile IPv6 GTP GPRS Tunneling Protocol iWLAN interworking wireless local
EAP Extensible Authentication Protocol GTPv1 GTP version 1 area network
EAPoL EAP over LAN HLR home location register LAN local area network
HSPA High-Speed Packet Access LTE Long Term Evolution
E R I C S S O N R E V I E W • 2 2011
2. service edge. Solutions for converged
policy control and common user man- FIGURE 1 Mobile broadband subscriptions by device type,
agement are essential tools for operators 2008–2016 (Source: Ericsson1)
that want to offer Wi-Fi as an extension
of mobile broadband. Subscriptions
(millions)
User experience and services 5,000
Wherever they are, and whatever access 4,500 Mobile PCs and tablets
network they use, subscribers should be Handheld devices
able to enjoy seamless Wi-Fi and mobile- 4,000
broadband connections, with consis- 3,500
tent QoE for operator-provided as well
3,000
as OTT content and services. New ser-
vices, such as prepaid WLAN hotspot 2,500
access, can be offered, reusing GGSN/
2,000
PGW prepaid integration, by validating
users in fixed access using SIM-based 1,500
authentication. Value-added services 1,000
traditionally offered over mobile net-
works could also be offered to subscrib- 500
ers using fixed access. 0
Functions that support enhanced 2008 2009 2010 2011 2012 2013 2014 2015 2016
user experience – such as HTTP enrich-
ment, content-caching and parental
control – can be deployed for both Wi-Fi
and mobile broadband. In this way, An IPsec- and IKEv2-based client toward EPC standardization – without any
s
ubscribers get a consistent service and a TTG or ePDG, and connection with market uptake however. They place no
operators can reduce transport costs PMIPv6 or GTPv1 toward the GGSN/ demands on Wi-Fi access and treat fixed
at the same time. The parental control PGW from the TTG/ePDG; access as a simple transport pipe with no
function can be provided seamlessly A DSMIPv6-based client connecting to ability to set policies.
and consistently for mobile and Wi-Fi PGW with or without ePDG; Before connecting to the network
networks without the need to install A CMIPv4-based client with a stand- with a mobile-IP-based or iWLAN solu-
new clients on a device. alone home agent; or tion, terminals must first set up a Wi-Fi
GBA-based authentication for HTTP- access connection to get an IP address.
Other solutions based services. As a result, terminals may be required
Under current 3GPP standards, mobile All of these options have been stan- to first handle authentication with the
devices switch from a fixed network dardized as pure overlay solutions in Wi-Fi network and then later perform
to a mobile network using one of the 3GPP and 3GPP2, and have existed for SIM-based authentication. In addition,
f
ollowing solutions: many years as part of the iWLAN and these options impact on terminal
MAP Mobile Application Part Services UM User Management
MME Mobility Management Entity Rx radio receiver UMTS Universal Mobile
MPG mobile packet gateway SGi PGW external interface, PGW to Telecommunications System
MSP multi-sequence positioning Packet Data Network (PDN) VLAN virtual LAN
OTT over-the-top SGW service gateway Wi-Fi trademark of the Wi-Fi Alliance
PCC policy and charging control SIGTRAN Signaling Transport over IP Wi-Fi AC Wi-Fi access controller
PCRF policy and charging rules function SIM subscriber identity module WLAN wireless LAN
PDIF packet data interworking function SoftGRE Tunneling with dynamic use of GRE
PDN Packet Data Network as encapsulation protocol
PGW PDN gateway SS7 signaling system 7
PEAP Protected Extensible SSID Service Set Identifier
Authentication Protocol STa Diameter interface to 3GPP AAA
PMIPv6 Proxy Mobile IPv6 from trusted non-3GPP access
QoE quality of experience SWm ePDG to 3GPP AAA interface
QoS quality of service SWx 3GPP AAA to HSS interface
RADIUS Remote Authentication Dial-In User TTG tunnel termination gateway
E R I C S S O N R E V I E W • 2 2011
3. Easing hotspot issues
design. Solutions based on iWLAN
FIGURE 2 Wi-Fi integration in 4G networks – vision require terminals that support the IPsec
and IKEv2 security protocols, in part by
creating the cryptographic keys that are
used during each session. Furthermore,
PRCF UM these protocols need to be made avail-
able to the client software handling the
connectivity through different access
Mobile network forms.
PGW Access to local content using overlay
solutions can be problematic via fixed
access or a local breakout point, as user
traffic is tunneled using IPsec or mobile
IP to the anchor point in the mobile
access network, making it difficult to
isolate traffic between the terminal and
the anchor point.
YouTube The main benefit of overlay
Virgin Media solutions is that they do not demand
BNG Apple TV support from the Wi-Fi or fixed-access
Fixed network
network. Instead, all requirements
are transferred to the terminal, with
the mobile network providing the
necessary support.
Many operators and vendors have
reported problems with overlay solu-
tions and unmanaged Wi-Fi, and these
FIGURE 3 Broadband Forum and 3GPP integrated architecture solutions have enjoyed only limit-
ed success as a result. Joint 3GPP and
SWx Broadband Forum studies have iden-
EPC
HSS tified the need for better models for
Wi-Fi integration with mobile services
S6a – models that take managed Wi-Fi into
S10
account. This research has resulted in a
PCRF Rx
common architectural model, which is
MME Gx Operator’s IP illustrated in Figure 3.
S1-MME S11
services The target architecture supports both
SGi
S1-U S5 (e.g. IMS) local breakout and EPC-routed traffic.
Serving PDN
E-UTRAN gateway gateway Operators can decide whether they
UTRAN
S6b want to break out traffic locally in the
S2b S9a BNG, or route it over the PGW. Based on
S2c
GERAN SWm
ePDG 3GPP AAA
server
S2a
EPC/LTE STa TABLE 1 Additional acronyms
in Figure 3
BPCF
Operator’s IP Fixed access AP access point
services and local BNG
AAA BBF Broadband Forum
breakout BBF-defined access
EDGE Enhanced Data rates for
RG and network
GSM Evolution
E-UTRAN Enhanced UTRAN
Broadband GERAN GSM EDGE Radio
STB home network Access Network
RG residential gateway
STB set-top box
WiFi TV PC Media
AP center UE user equipment
UTRAN Universal Terrestrial
UE Radio Access Network
E R I C S S O N R E V I E W • 2 2011
4. scalable and proven roaming principles,
a GTP option is currently being added to FIGURE 4 Overview of current Ericsson solution functionality
the 3GPP specification (S2a in Figure 3).
This architecture supports common
authentication using EAP methods over
fixed access, enabling seamless login to MAP/SS7
SIGTRAN
Wi-Fi networks by 3GPP terminals and
Wi-Fi-only devices. HLR PCRF
With this architecture, both fixed Mobile
and mobile operators can use their net- optimization
Authentication
work assets and capabilities to retain IP allocation AAA
value and benefit financially from the User data flow
increase in highly sophisticated Wi-Fi-
capable terminals. SSID2 operator
802.1x Radius
For fixed access, the architecture
includes the following additional DHCP IP Apps multimedia
IP BNG
functionality: Mobile content app
VLAN operator
SIM-based authentication via
communication with the HSS; IP fixed access
converged policy control, where a policy SSID1 private
controller can provide both fixed and VLAN private
mobile policy control, as well as enabling
fixed-access roaming with the QoS
Internet
provided by the visited network;
nomadicity with anchoring in either the
BNG or PGW. The anchor is selected by
the policy controllers;
mobility enabled by anchoring in PGW,
providing IP-session continuity between
fixed WLAN access and mobile access
networks; and
full mobile-service availability, FIGURE 5 Overview of current Ericsson solution functionality
regardless of access network, by
anchoring calls in the PGW.
This architecture provides support
for traditional use cases, such as peo- Mobile
access
ple using laptops to access web-login
Wi-Fi services, as well as EAP-SIM/EAP- Mobile Mobile internet
AKA authentication for residential and optimization
hotspot deployments. PCRF MME HSS PGW
SGW
The BNG can use the S2a interface
to tunnel a specific user’s traffic into
the EPC network for a complete mobile EPC
Broadband everywhere
feature set with full reuse of all north- Apps multimedia
bound systems. This approach maxi- S2a Mobile content, app
mizes an operator’s existing investment AAA GTP
in packet core and enables authenti- IP fixed access
cated subscriber access over the fixed SSID1
network. private VLAN private
Overlay solutions are primarily Apps multimedia
intended for deployment with unman- VLAN operator IPTV, content, apps
BNG
aged and unsecured Wi-Fi access points,
but they continue to be part of the S2b
SSID2
and S2c standards shown in Figure 3. operator
The Wi-Fi solutions in use today are
built on an authentication model for Internet
fixed access, using local credentials
and port-based authentication for
E R I C S S O N R E V I E W • 2 2011
5. Easing hotspot issues
residential services, or portal-based terminals, a mobile service-logic for while BNG is the most natural option for
authentication for hotspot-style ser- Wi-Fi terminals, as shown in Figure 5, residential deployments.
vices. These existing solutions do not is currently under discussion for 3GPP In this tunnel setup, an IP address is
provide the required level of security Rel-11. allocated by the PGW (from a local IP
and user convenience, and as users are As with the existing solution, the pool or a connected AAA server). With
hidden behind network-address trans- operator’s SSID will be broadcast on the this IP address, the client can access
lation, they cannot provide individual- residential gateway or the Wi-Fi hotspot the operator’s network and the inter-
ized services. access point, which requires 802.1× net according to the subscriber’s service
EAPoL to be enabled. The SSID traffic offerings. Figure 6 describes in more in
An in-depth pragmatic approach will be encapsulated into a dedicated detail how integration is implemented
The Ericsson Wi-Fi Integrated Network VLAN or a SoftGRE tunnel and termi- in the call flow.
solution incorporates a number of nated in the BNG.
recent developments, with support for When a device attempts to connect to 0- 802.11 association setup – the client
802.1x and EAP-SIM in the latest gen- the operator SSID, either an EAP-SIM or device sets up the 802.11 association with
eration of handsets, laptops and oth- EAP-AKA authentication procedure exe- the Wi-Fi access point;
er devices. The solution provides local cutes – depending on whether the card 1- 802.1x EAPoL – the client device is
breakout of all traffic, with the option used is a SIM or a USIM. The device uses authenticated using EAP-SIM/EAP-AKA
of using policy routing to direct certain EAPoL to communicate with the access over 802.1x and RADIUS to an AAA in the
users to mobile service-nodes, providing point, which in turn packages the infor- network. The RADIUS message is routed to
advanced mobile broadband functional- mation into a RADIUS message AVP car- the AAA, possibly transparently, through
ity such as deep packet-inspection and rying either an EAP-SIM or EAP-AKA the BNG or a Wi-Fi access controller (Wi-Fi
proxy functions optimized for mobile container. The RADIUS is routed to the AC);
devices. AAA, which translates messages sent to 2- DHCP discover – the client device starts
The Ericsson solution uses the SIM the HLR using a MAP gateway. a DHCP procedure to get an IP address. The
card to authenticate an existing hand- Upon successful authentication, DHCP discovery is forwarded to the BNG or
set seamlessly. Operators can provide a the client device starts a DHCP proce- a Wi-Fi AC;
customized service offering with a large dure to obtain an IP address. A success- 3- RADIUS access request – the BNG
feature set and the solution supports ful authentication or DHCP request (Wi-Fi AC) triggers a radius access request
hotspots and residential deployments of triggers the initiation of a GTP tunnel for authorization of the IP (CLIPS) session
operator-managed Wi-Fi. Figure 4 pro- from the BNG (as shown in Figure 5 ) or and to make a connection between IMSI and
vides an overview of the current solu- a Wi-Fi access controller, to the PGW in MAC addresses;
tion functionality. the mobile network. The direct connec- 4- RADIUS accounting – a radius
To enable further integration with tion from a Wi-Fi access controller pro- accounting procedure informs the AAA that
the mobile network for SIM-based vides an alternative to BNG for hotspots, the IP (CLIPS) session is established;
FIGURE 6 Call flow for Wi-Fi terminals connecting through mobile service logic
HSS
802.1x SSID
BNG AAA BPCF PGW PCRF Apps multimedia
Mobile content, app.
0- 802.11
association setup
1- 802.1x EAPoL 1- RADIUS/ EAP authentication
2- DHCP discover
3- RADIUSaccess request
4- RADIUS accounting
5- GTP Create session request/response 6- IP-CAN establishment
8- DHCP offer
9- DHCP request
10- DHCP ack 7’- Optional authorization 7- Optional S9a establishment
11- RADIUS accounting
E R I C S S O N R E V I E W • 2 2011
6. 5- GTP Create session request/response be in place by the time 3GPP Release 11
Anders Lundström
– the DHCP discover (or successful introduces S2a GTP. Ericsson also plans
authentication) will also trigger a GTP to offer pre-standard solutions for oper- joined Ericsson in 1999
create session request to the PGW to get an ators who want rapid deployment of working in 3G packet-core
IP address from the PGW and to set up a converged fixed-mobile services and a system-management.
tunnel for the client device’s user data or a seamless user experience. He currently works in the
subset thereof; product line Packet Networks as a
6- IP-CAN establishment – on GTP Conclusion strategic product manager for EPC.
session establishment, a Gx session is In Ericsson’s vision for Wi-Fi integration In this role he is responsible for
typically also set up between the PGW and in fourth-generation IP networks, traffic convergence strategies for Wi-Fi
integration as part of Ericsson’s overall
the PCRF. This allows policies for the from SIM-based terminals can be routed
EPC offering. Previously, he was key
session to be downloaded to the PGW; through the mobile servicedelivery clus-
-
lead for Ericsson in the development
7- Optional S9a establishment/7’- ter – PGWs, GGSNs and other alue-added
v
of a 3GPP2 migration path LTE/EPC
Optional authorization – policies for the services – to enable mobile ervice-logic
s
and has spent several years working
BNG (Wi-Fi AC) from the PCRF in the mobile to apply for subscribers using Wi-Fi.
in the US in various product
network may be included in signaling for the This approach maximizes an operator’s
management positions.
GTP tunnel setup, or sent via the S9a existing investment in packet core and
interface. Policies for the BNG (Wi-Fi AC) enables authenticated subscriber access
may then be pushed from the PCRF to the over the fixed etwork.
n
BPCF and further on to the BNG (Wi-Fi AC);
Göran Hall
the standardization of this process is still is an expert in Packet
under discussion and several alternatives Core Network
exist, including policy download for traffic Architecture at Product
that is broken out at the BNG (Wi-Fi AC); Unit Packet Core, System
8,9,10- DHCP offer, request and ack – Technology. He joined Ericsson in
when the GTP session is established, the 1991 to work on development and
client device receives a DHCP offer with the standardization, primarily within
IP address assigned by the PGW and the the area of packet core network
DCHP request/ack procedures will confirm architecture for GPRS, WCDMA, PDC
the IP address for the client; and and later also EPC, serving as a key
11- RADIUS accounting – if accounting is lead for the development of initial EPC
performed in the fixed AAA in addition to standards and nodes. He is currently
responsible for technical strategies
the PGW, a RADIUS accounting can also be
and forward-looking activities at PDU
sent to the BPCF from the BNG to trigger
PC System and Technology.
the policy download to BPCF from the PCRF.
The initial solution will support nomad-
ic mobility between mobile access and
Wi-Fi, but mobility support between
cellular and Wi-Fi access to enable IP
session continuity is currently being
researched. Existing terminals can
support the nomadic solution, where-
as the solution for session continuity
will probably require terminal updates.
Currently, mobility between Wi-Fi and
3GPP access is not supported, howev-
er, there are already many applications
implemented to handle a change of IP
address allowing the user session to con-
tinue after just a short interrupt.
As existing S2a interface specifica-
tions support only PMIPv6 for S2a, the
development of a solution based on stan-
eferences
R
dards will require an evolution of the
S2a interface specifications to include 1. Traffic and Market Data Report on
GTP usage. Ericsson is currently seek- the Pulse of the Networked Society,
ing an alignment between S2b and S2a November 2011, http://hugin.
GTP interfaces. This alignment should info/1061/R/1561267/483187.pdf
E R I C S S O N R E V I E W • 2 2011