Enviar pesquisa
Carregar
WiFi-integration into EPC
âą
10 gostaram
âą
5,199 visualizaçÔes
Franz Edler
Seguir
Integration of trusted and untrusted WiFi into EPC - overview
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 28
Baixar agora
Baixar para ler offline
Recomendados
Calling VoWiFi... The Next Mobile Operator Service is here...
Calling VoWiFi... The Next Mobile Operator Service is here...
Cisco Canada
Â
volte ims network architecture
volte ims network architecture
Vikas Shokeen
Â
Huawei ipran solution
Huawei ipran solution
Ahmed Sufi Kamal Ibne Ahsan
Â
VoWiFi testing challenges
VoWiFi testing challenges
Dave Crossley
Â
5g introduction_NR
5g introduction_NR
Nitin George Thomas
Â
5gc call flow
5gc call flow
Koorosh Hoveyda
Â
NFV evolution towards 5G
NFV evolution towards 5G
Marie-Paule Odini
Â
Lte Presentation.Ppt
Lte Presentation.Ppt
vaimalik
Â
Recomendados
Calling VoWiFi... The Next Mobile Operator Service is here...
Calling VoWiFi... The Next Mobile Operator Service is here...
Cisco Canada
Â
volte ims network architecture
volte ims network architecture
Vikas Shokeen
Â
Huawei ipran solution
Huawei ipran solution
Ahmed Sufi Kamal Ibne Ahsan
Â
VoWiFi testing challenges
VoWiFi testing challenges
Dave Crossley
Â
5g introduction_NR
5g introduction_NR
Nitin George Thomas
Â
5gc call flow
5gc call flow
Koorosh Hoveyda
Â
NFV evolution towards 5G
NFV evolution towards 5G
Marie-Paule Odini
Â
Lte Presentation.Ppt
Lte Presentation.Ppt
vaimalik
Â
Deep Dive 5G NR-RAN Release 2018 Q4.pptx
Deep Dive 5G NR-RAN Release 2018 Q4.pptx
Daniel Estrada
Â
5G Shared Spectrum
5G Shared Spectrum
Qualcomm Research
Â
Vpc notes
Vpc notes
Krunal Shah
Â
Lte default and dedicated bearer / VoLTE
Lte default and dedicated bearer / VoLTE
manish_sapra
Â
5G Network Architecture, Design and Optimisation
5G Network Architecture, Design and Optimisation
3G4G
Â
Lte ue initial attach & detach from networkx
Lte ue initial attach & detach from networkx
tharinduwije
Â
5G Network Architecture Options
5G Network Architecture Options
3G4G
Â
Packet core network basics
Packet core network basics
Mustafa Golam
Â
Beginners: 5G Spectrum - Long Version
Beginners: 5G Spectrum - Long Version
3G4G
Â
Voice in 4G: CSFB, VoIP & VoLTE
Voice in 4G: CSFB, VoIP & VoLTE
3G4G
Â
VoLTE flows - basics
VoLTE flows - basics
Karel Berkovec
Â
Presentation on Vowifi
Presentation on Vowifi
srishti jain
Â
5G network architecture progress
5G network architecture progress
Mohammad Anwarul Islam
Â
LTE-U/LAA, MuLTEfireâą and Wi-Fi; making best use of unlicensed spectrum
LTE-U/LAA, MuLTEfireâą and Wi-Fi; making best use of unlicensed spectrum
Qualcomm Research
Â
Access Network Evolution
Access Network Evolution
Cisco Canada
Â
VoLTE KPI Performance Explained
VoLTE KPI Performance Explained
Vikas Shokeen
Â
4G technology
4G technology
Atul Kumar
Â
5G NR: Key features and enhancements
5G NR: Key features and enhancements
3G4G
Â
LTE network: How it all comes together architecture technical poster
LTE network: How it all comes together architecture technical poster
David Swift
Â
5G Network Overview
5G Network Overview
Hamidreza Bolhasani
Â
Ruckus wp wifi-into-core
Ruckus wp wifi-into-core
warchitect
Â
Ip tunnelling and_vpn
Ip tunnelling and_vpn
Rajesh Porwal
Â
Mais conteĂșdo relacionado
Mais procurados
Deep Dive 5G NR-RAN Release 2018 Q4.pptx
Deep Dive 5G NR-RAN Release 2018 Q4.pptx
Daniel Estrada
Â
5G Shared Spectrum
5G Shared Spectrum
Qualcomm Research
Â
Vpc notes
Vpc notes
Krunal Shah
Â
Lte default and dedicated bearer / VoLTE
Lte default and dedicated bearer / VoLTE
manish_sapra
Â
5G Network Architecture, Design and Optimisation
5G Network Architecture, Design and Optimisation
3G4G
Â
Lte ue initial attach & detach from networkx
Lte ue initial attach & detach from networkx
tharinduwije
Â
5G Network Architecture Options
5G Network Architecture Options
3G4G
Â
Packet core network basics
Packet core network basics
Mustafa Golam
Â
Beginners: 5G Spectrum - Long Version
Beginners: 5G Spectrum - Long Version
3G4G
Â
Voice in 4G: CSFB, VoIP & VoLTE
Voice in 4G: CSFB, VoIP & VoLTE
3G4G
Â
VoLTE flows - basics
VoLTE flows - basics
Karel Berkovec
Â
Presentation on Vowifi
Presentation on Vowifi
srishti jain
Â
5G network architecture progress
5G network architecture progress
Mohammad Anwarul Islam
Â
LTE-U/LAA, MuLTEfireâą and Wi-Fi; making best use of unlicensed spectrum
LTE-U/LAA, MuLTEfireâą and Wi-Fi; making best use of unlicensed spectrum
Qualcomm Research
Â
Access Network Evolution
Access Network Evolution
Cisco Canada
Â
VoLTE KPI Performance Explained
VoLTE KPI Performance Explained
Vikas Shokeen
Â
4G technology
4G technology
Atul Kumar
Â
5G NR: Key features and enhancements
5G NR: Key features and enhancements
3G4G
Â
LTE network: How it all comes together architecture technical poster
LTE network: How it all comes together architecture technical poster
David Swift
Â
5G Network Overview
5G Network Overview
Hamidreza Bolhasani
Â
Mais procurados
(20)
Deep Dive 5G NR-RAN Release 2018 Q4.pptx
Deep Dive 5G NR-RAN Release 2018 Q4.pptx
Â
5G Shared Spectrum
5G Shared Spectrum
Â
Vpc notes
Vpc notes
Â
Lte default and dedicated bearer / VoLTE
Lte default and dedicated bearer / VoLTE
Â
5G Network Architecture, Design and Optimisation
5G Network Architecture, Design and Optimisation
Â
Lte ue initial attach & detach from networkx
Lte ue initial attach & detach from networkx
Â
5G Network Architecture Options
5G Network Architecture Options
Â
Packet core network basics
Packet core network basics
Â
Beginners: 5G Spectrum - Long Version
Beginners: 5G Spectrum - Long Version
Â
Voice in 4G: CSFB, VoIP & VoLTE
Voice in 4G: CSFB, VoIP & VoLTE
Â
VoLTE flows - basics
VoLTE flows - basics
Â
Presentation on Vowifi
Presentation on Vowifi
Â
5G network architecture progress
5G network architecture progress
Â
LTE-U/LAA, MuLTEfireâą and Wi-Fi; making best use of unlicensed spectrum
LTE-U/LAA, MuLTEfireâą and Wi-Fi; making best use of unlicensed spectrum
Â
Access Network Evolution
Access Network Evolution
Â
VoLTE KPI Performance Explained
VoLTE KPI Performance Explained
Â
4G technology
4G technology
Â
5G NR: Key features and enhancements
5G NR: Key features and enhancements
Â
LTE network: How it all comes together architecture technical poster
LTE network: How it all comes together architecture technical poster
Â
5G Network Overview
5G Network Overview
Â
Semelhante a WiFi-integration into EPC
Ruckus wp wifi-into-core
Ruckus wp wifi-into-core
warchitect
Â
Ip tunnelling and_vpn
Ip tunnelling and_vpn
Rajesh Porwal
Â
Ip tunneling and vpns
Ip tunneling and vpns
DAVID RAUDALES
Â
ENSA_Module_8.pptx
ENSA_Module_8.pptx
SkyBlue659156
Â
B03504008012
B03504008012
theijes
Â
fiware-lab-dev-3.pdf
fiware-lab-dev-3.pdf
ssuser8c74ba
Â
Wireless application protocol
Wireless application protocol
Prachi Sasankar
Â
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
Fab Fusaro
Â
[CLASS 2014] Palestra TĂ©cnica - Ilan Barda
[CLASS 2014] Palestra TĂ©cnica - Ilan Barda
TI Safe
Â
Firdous Hussain-Cv Network
Firdous Hussain-Cv Network
Engr. Firdous Hussain
Â
WiFi â Mobile BNG Offload Deployments
WiFi â Mobile BNG Offload Deployments
Cisco Canada
Â
AR Series Routers V600R021C00.pptx
AR Series Routers V600R021C00.pptx
Kipsindo Kibet
Â
Series Routers V600R021C00.pptx
Series Routers V600R021C00.pptx
Kipsindo Kibet
Â
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
Saikiran Panjala
Â
Wireless security camera
Wireless security camera
Aasheesh Tandon
Â
Consideration of fixed mobile convergence in 5G
Consideration of fixed mobile convergence in 5G
ITU
Â
Ap8200 datasheet
Ap8200 datasheet
Advantec Distribution
Â
Altai
Altai
Kyle Anwar Kamarudin
Â
Managing and Implementing Network Function Virtualization with Intelligent OSS
Managing and Implementing Network Function Virtualization with Intelligent OSS
Comarch
Â
Wireless Networks
Wireless Networks
Panimalar Engineering College
Â
Semelhante a WiFi-integration into EPC
(20)
Ruckus wp wifi-into-core
Ruckus wp wifi-into-core
Â
Ip tunnelling and_vpn
Ip tunnelling and_vpn
Â
Ip tunneling and vpns
Ip tunneling and vpns
Â
ENSA_Module_8.pptx
ENSA_Module_8.pptx
Â
B03504008012
B03504008012
Â
fiware-lab-dev-3.pdf
fiware-lab-dev-3.pdf
Â
Wireless application protocol
Wireless application protocol
Â
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
Â
[CLASS 2014] Palestra TĂ©cnica - Ilan Barda
[CLASS 2014] Palestra TĂ©cnica - Ilan Barda
Â
Firdous Hussain-Cv Network
Firdous Hussain-Cv Network
Â
WiFi â Mobile BNG Offload Deployments
WiFi â Mobile BNG Offload Deployments
Â
AR Series Routers V600R021C00.pptx
AR Series Routers V600R021C00.pptx
Â
Series Routers V600R021C00.pptx
Series Routers V600R021C00.pptx
Â
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
VIRTUAL PRIVATE NETWORKS BY SAIKIRAN PANJALA
Â
Wireless security camera
Wireless security camera
Â
Consideration of fixed mobile convergence in 5G
Consideration of fixed mobile convergence in 5G
Â
Ap8200 datasheet
Ap8200 datasheet
Â
Altai
Altai
Â
Managing and Implementing Network Function Virtualization with Intelligent OSS
Managing and Implementing Network Function Virtualization with Intelligent OSS
Â
Wireless Networks
Wireless Networks
Â
Ăltimo
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Â
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Â
đŹ The future of MySQL is Postgres đ
đŹ The future of MySQL is Postgres đ
RTylerCroy
Â
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
Â
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Â
Scaling API-first â The story of a global engineering organization
Scaling API-first â The story of a global engineering organization
Radu Cotescu
Â
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
Â
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Â
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Â
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
Â
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Â
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
Â
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Â
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
Â
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
Â
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Â
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
Â
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Â
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Â
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Â
Ăltimo
(20)
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Â
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Â
đŹ The future of MySQL is Postgres đ
đŹ The future of MySQL is Postgres đ
Â
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Â
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Â
Scaling API-first â The story of a global engineering organization
Scaling API-first â The story of a global engineering organization
Â
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Â
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Â
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Â
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Â
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Â
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Â
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Â
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Â
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Â
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Â
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Â
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Â
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Â
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Â
WiFi-integration into EPC
1.
Integration of Wi-Fi
access networks into EPC Franz Edler, WS 2015/16
2.
Wi-Fi offloading ï§ Explosion
of data consumption in mobile networks! ï§ 3GPP access networks UMTS, LTE and LTE-A suffer from limited availability of licensed spectrum. ï§ Wi-Fi is ideally positioned to extend the cellular coverage. It uses unlicensed spectrum in ISM bands (2,4 GHz 5 GHz). ï§ First step (today) is manual selection of a Wi-Fi hotspot and login. 2 © FH Technikum Wien
3.
3GPP Wi-Fi offload
goals ï§ Goal of 3GPP standardisation is to create a converged network solution with seamless coverage including Wi-Fi. ï§ Additional network elements will be added to handle network selection, authentication, security, flow control and handovers. ï§ Data streams shall even be able to use both connections (cellular and Wi-Fi) at the same time depending on QoS requirements. 3 © FH Technikum Wien
4.
Wi-Fi networks: trusted
or untrusted? ï§ The EPC architecture defines two access path for non- 3GPP access networks towards EPC: trusted / untrusted. ï§ Trusted non 3GPP access path: â Security level (from operator perspective) is sufficiently safe. â Example: carrierâs own installed Wi-Fi â Authentication similar to 3GPP access - via USIM credentials ï§ Untrusted non 3GPP access path: â No secure safety level â Example: access using public hotspots â IPsec tunnels are used 4 © FH Technikum Wien
5.
Integration of Trusted
Wi-Fi into EPC ï§ The trusted Wi-Fi access network is integrated into the EPC by a trusted WLAN access gateway (TWAG). ï§ The TWAG simulates an S-GW. ï§ The S2a interface is based on PMIPv6 or GTPv2. ï§ Requirements on devices: Wi-Fi clients need only be Wi-Fi certified. No additional functions are required. ï§ Secure connections based on smart-card credential. 5 © FH Technikum Wien Trusted Wi-Fi access network Wi-Fi client TWAG P-GW S2a Internet
6.
Limitations of trusted
Wi-Fi access ï§ Because no additional device functionality is required the client behaves as a simple Wi-Fi client: â P-GW provides IP addresses to the TWAG. â TWAG uses DHCP to provide than IP-address to the client. ï§ But licensed radio access networks support multiple IP- addresses based on separate PDN connections associated with dedicated APNs (access point names). ï§ Trusted Wi-Fi access (up to Rel. 11) only supports a single IP-address which is associated with the default APN. ï§ This is appropriate for carrier Wi-Fi to offload Internet traffic from licensed radio network, but not to selectively provide access to IMS which is usually based on a 2nd APN. 6 © FH Technikum Wien
7.
Integration of untrusted
Wi-Fi into EPC ï§ Untrusted Wi-Fi access requires a new functionality in the device: an IPsec client. ï§ New network element ePDG (evolved Packet Data Gateway) â separates trusted and untrusted areas and â authenticates the users ï§ The device uses an IPsec tunnel to connect to the ePDG. 7 © FH Technikum Wien Untrusted Wi-Fi access network IPsec client ePDG P-GW S2b Internet SWu
8.
Trusted/Untrusted Wi-Fi: Comparison 8 ©
FH Technikum Wien Internet Traffic Default APN Carrier Wi-Fi Default client Trusted Wi-Fi IMS Traffic APN Signalling PDN Connectivity Tunnel Client Unmanaged Wi-Fi IMS client Untrusted Wi-Fi Main differences: Focus: ï§ Internet access ï§ Wi-Fi calling APN awareness Ownership Device functionality
9.
Trusted/Untrusted Wi-Fi: Device
perspective ï§ How can a device decide about trusted/untrusted access? â Based on preconfigured policy â Based on dynamic policy: requires ANDSF* â Based on signalling during authentication (EAP-AKA) ï§ For Wi-Fi calling the access network must be regarded as untrusted â as of today (enhancements of trusted access defined in Rel. 12) ï§ ANDSF: Access Network Discovery and Selection Function â Based on an operator owned policy server which tells the device how it should connect considering geographic area, time and congestion situation. ï§ EAP-AKA: Extensible Authentication Protocol - Authentication and Key Agreement 9 © FH Technikum Wien
10.
Support of Non-IMS
traffic in untrusted Wi-Fi ï§ 3GPP defines Non-Seamless WLAN Offload (NSWO) ï§ Non-seamless means: IP address is not kept when moving ï§ NSWO allows a device in untrusted Wi-Fi â to send Internet traffic directly to the Wi-Fi access network â and to simultaneously use a tunnel to ePDG for voice calls. ï§ IMS traffic goes to the tunnel ï§ Non-IMS traffic goes directly to the Wi-Fi network 10 © FH Technikum Wien
11.
Architecture for NSWO
and IMS traffic 11 © FH Technikum Wien Trusted/Untrust ed policy NSOW policy IPsec client Native Wi-Fi client WLAN access ePDG IPsec tunnel IEEE 802.11 NSWO-traffic SWu IMS- APN P-GW Internet
12.
Wi-Fi calling in
a trusted Wi-Fi access ï§ Due to the limitations of trusted Wi-Fi access (no APN awareness) Wi-Fi call can be supported as shown on next slide. ï§ The architectural drawback is: â Traffic to IMS-APN must pass two P-GWs: - the P-GW of the default APN - the P-GW for IMS traffic 12 © FH Technikum Wien
13.
Wi-Fi calling in
a trusted Wi-Fi access 13 © FH Technikum Wien Trusted/ Untrusted policy IPsec client Native Wi-Fi client TWAG ePDG IPsec tunnel IEEE 802.11 SWu Default APN P-GW Internet traffic Internet IMS- APN P-GW
14.
Optimized architecture with
SIPTO ï§ The double transition of IMS-traffic to P-GWs can be avoided with âSelective IP Traffic Offloadâ (SIPTO). ï§ This feature â if supported by TWAG â allows to directly route IMS traffic to the IMS-APN without traversing the Internet P-GW (default APN). ï§ This is done with packet filter and packet inspection. ï§ Note: the TWAG also includes NAT functions. 14 © FH Technikum Wien
15.
Optimized architecture with
SIPTO 15 © FH Technikum Wien Trusted/ Untrusted policy IPsec client Native Wi-Fi client SIPTO enabled TWAG ePDG IPsec tunnel IEEE 802.11 SWu Default APN P-GW Internet traffic Internet IMS- APN P-GW
16.
Enhancements for trusted
Wi-Fi access ï§ Up to 3GPP Release 11: â Trusted Wi-Fi access does not support APN signalling and multiple PDN connections as provided in cellular access. â Therefore device policies are required to split IMS traffic from non-IMS traffic. ï§ 3GPP Release 12 addresses this deficiency with new network and client functionalities: â Multiple PDN connections will be supported by TWAG and the devices based on virtual interfaces and MAC addresses. â NSWO will also be supported in parallel. â Clients must support dynamic indication of trust to determine which mode to activate: - tunnel to ePDG or - virtual MAC connection to TWAG 16 © FH Technikum Wien
17.
Multi-PDN capability in
trusted WLAN 17 © FH Technikum Wien Release 12 device Virtual interface Release 12 TWAG Trusted WiFi IEEE 802.11 Default APN P-GW IMS- APN P-GW Virtual interface Virtual MAC #1 Virtual MAC #2 S2a S2a Internet IMS network
18.
Setup of an
encrypted connection 18 © FH Technikum Wien
19.
Further related topics âą
Multi-Access PDN Connectivity (MAPCON) ⹠IP Flow Mobility (IFOM) ⹠Mobility between hotspots (MOBIKE) 19 © FH Technikum Wien
20.
Multi-Access PDN Connectivity
(MAPCON) 20 © FH Technikum Wien
21.
Multi-Access PDN Connectivity
(MAPCON) ï§ MAPCON allows management of multiple PDN connections with a UE that has multiple IP addresses. ï§ It supports simultaneous connections via 3GPP access and non 3GPP access networks. ï§ MAPCON uses common network based mobility procedures. Application example: ï§ Download of large files using FTP via Wi-Fi and simultaneous voice & video calls via 3GPP network. 21 © FH Technikum Wien
22.
IP Flow Mobility
(IFOM) 22 © FH Technikum Wien
23.
IP Flow Mobility
(IFOM) ï§ IFOM allows simultaneous connection via 3GPP and non- 3GPP networks to the same PDN. ï§ It maintains the connection while managing the mobility data in flow units. ï§ Mobile data is distributed in flow units for each network. Application example: ï§ Download of large files using FTP via Wi-Fi and simultaneous voice & video calls via 3GPP network. 23 © FH Technikum Wien
24.
Mobility between hotspots
(MOBIKE) ï§ A WLAN area may comprise several access points. ï§ The security associations (SA) of IPsec are setup when the IKE SA is established. ï§ It is not possible to keep the IPsec SA when the user moves and receives a new IP address (e.g. in a WLAN consisting of several access points). ï§ Tear down and recreate the IPsec SA requires the whole IKE procedure again and leads to a service interruption. ï§ The MOBIKE protocol extends IKEv2 with possibilities to dynamically update the IP address of the IKE SAs and IPsec SAs. 24 © FH Technikum Wien
25.
25 © FH Technikum
Wien Conditional Messages UE ePDG 3GPP AAA-Serv HSS / HLR 1. IKE_SA_INIT 4. AVs retrieval if needed (i.e. if not available in the AAA) 14. Calculate AUTH 8a. 3GPP AAA Server verifies If AT_RES = XRES [Headers, Sec. associations, D-H values, Nonces] 2. IKE_AUTH Request [Header, User ID, Configuration Pyload, Sec. associations, Traffic selectors, APN info] 3. Authentication & Authorization Req [EAP- Payload(EAP-Resp/Identity), User ID, APN info] 5. A&A-Answer [EAP-Request/AKA-Challenge] 6. IKE_AUTH Response [Header, ePDG ID, Certificate, AUTH, EAP-Request/AKA-Challenge] 7. IKE_AUTH Request [Header, EAP-Request/AKA-Challenge] 8. A&A-Request [EAP-Response/AKA-Challenge] 9. AA-Answer [EAP-Success, key material, IMSI] 11. IKE_AUTH Response [Header, EAP-Success] 12. IKE_AUTH Request [AUTH] 13. Check AUTH correctness 15. IKE_AUTH Response [Header, AUTH, Configuration Payload, Sec. Associations, Traffic Selectors] 6.a UE runs AKA algorithms, verifies AUTN, generates RES and MSK 8b. A&AA-Answer [EAP-Req/AKA-Notification] 8c. IKE_AUTH Response [Header, EAP-Req/AKA-Notification] 8d. IKE_AUTH Request [Header, EAP-Resp/AKA-Notification] 8e. A&A-Request [EAP-Resp/AKA-Notification] 10. AUTH payload is computed using the keying material (MSK) 8A. Profile Retrieval and Registration Untrusted Wi-Fi ⹠Setup of IPsec connection (Diffie-Hellman exchange) ⹠Identification and retrieval of authentication data ⹠Calculate and send response ⹠Verify result ⹠Optional step (dynamic selection of mobility mode) ⹠Retrieval of user-profile (3GPP TS 33.403 § 8.2)
26.
Backup slides showing some
details of attachment in non-3GPP networks. ⹠Attachment in trusted non-3GPP network ⹠Attachment in untrusted non-3GPP network 26 © FH Technikum Wien
27.
27 © FH Technikum
Wien Trusted access: authentication & authorization
28.
28 © FH Technikum
Wien Untrusted access: authentication & authorization, tunnel setup
Baixar agora