This is a placeholder image only. Please select an image
to reflect the content of your PPT presentation. Visit our
approved corporate photography collection on the MarCom
Store at: https://all.alcatel-lucent.com/marcomstore/
Building L2 & L3 service with ALU Service Router
Gatot Susilo
October 7, 2013
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
This is a placeholder image only. Please select an image
to reflect the content of your PPT presentation. Visit our
approved corporate photography collection on the MarCom
Store at: https://all.alcatel-lucent.com/marcomstore/
Service Router
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
Pt-to-Pt L2-VPN: Virtual Lease Line (PWE-3 RFC3985)
Pseudo Wire Emulation Edge-to-Edge
Point-to-point service emulation (i.e., ATM, Frame Relay, Ethernet, TDM) over IP/MPLS (i.e., Packet
Switched Networks)
Require bidirectional tunnel between two PEs
Inner connection is identified by MPLS label
Uses T-LDP for inner label exchange
PWE-3
PE2
PE1
CE2
CE1
AC1
T-LDP
3 | Presentation Title | Month 2006
AC2
IP/MPLS
Network
Bidirectional Tunnel
IP (GRE) or MPLS
All Rights Reserved © Alcatel-Lucent 2006, #####
Service Entities (Point to Point)
End to End Service (PWE3)
Customer
Customer
VC
Label
SAP
Service
VC
Label
Demux
SDP
Service
SAP
VC
Label
IP/MPLS
VC
Label
Demux
SDP
PE-2
PE-1
T-LDP
Pseudowire Emulation Edge to Edge - RFC3985
PWE-3
Customer
 is also referred as subscriber
PE2
PE1
CE1
AC1
 Identified by customer ID
CE2
IP/MPLS
Network
T-LDP
All Rights Reserved © Alcatel-Lucent 2007.
AC2
Bidirectional Tunnel
IP (GRE) or MPLS
End to End Service (PWE3)
Service Entity (Continue)
Customer
Customer
VC
Label
SAP
Service
VC
Label
Demux
SDP
IP/MPLS
VC
Label
Demux
SDP
PE-2
T-LDP
 Support GRE (IP tunneling) or MPLS as service tunnel
 Provide a better control for (LSP) tunnel selection
 Multiple services can share the same SDP
 Support forwarding class based (LSP) tunnel selection
All Rights Reserved © Alcatel-Lucent 2007.
SAP
VC
Label
SDP
PE-1
 A logical way to direct uni-directional service tunnel
Service
End to End Service (PWE3)
Service Entity (Continue)
Customer
Customer
VC
Label
SAP
Service
VC
Label
Demux
SDP
Service
SDP
PE-2
PE-1
 Internet Enhanced Service (IES)
T-LDP
 L2-VPN: EPIPE, VPLS (Multipoint), APIPE, FPIPE, CPIPE (Pt-to-Pt)
 L3-VPN: IPIPE (Pt-to-Pt), VPRN (Multipoint)
 Mirroring
SAP
 A local entity and is uniquely identified by
 The physical Ethernet port or SONET/SDH port or TDM channel
 The encapsulation type (e.g., Null, Dot1q, QinQ, IPCP, BCP-null, BCP-dot1q, ATM, Frame Relay, Cisco-HDCLC)
 The encapsulation identifier
 Applicable to access port only
SAP
VC
Label
IP/MPLS
VC
Label
Demux
Service
PPP
 A single port can contain multiple SAPs
All Rights Reserved © Alcatel-Lucent 2007.
Multi-Service Edge
Alcatel-Lucent Suite of Point-to-Point Pseudowire Services
Ethernet UNI
FR UNI
Ethernet UNI
IP/MPLS Network
FR UNI
ATM UNI
IP PW
IP PW
FR PW
ATM UNI
ATM PW
FR UNI
Ethernet PW
7750 SR
ATM UNI
LSP
7750 SR
ATM
Ethernet UNI
Frame/
ATM UNI
Note: The termination of routed or routed-bridged encapsulation of ATM traffic into an
IES or IP-VPN is supported
Leverage PWE3 for frame relay-ATM-Ethernet Service and Network Interworking
7 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####
Multipoint L2-VPN: Virtual Private LAN Service (RFC4762)
Purpose
 To provide connectivity between geographically dispersed customer site across MANs and WANs, as
if they are connected using LAN
Two Categories of Applications
 Connectivity between customer routers: LAN routing application
 Connectivity between customer Ethernet switches: LAN switching application
Use MPLS (Ethernet Pseudowire) in the core network (i.e., PEs interconnection)
Multiple VPLS instances can be created on the same PE
8 | Presentation Title | Month 2006
All Rights Reserved © Alcatel-Lucent 2006, #####
VPLS – Attributes
Flooding for unknown unicast DA or broadcast/multicast frames
Forwarding known DA to designated port
Address Learning to build forwarding database (FDB)
Perform standard learning, filtering, and forwarding actions as per IEEE802.1D-ORIG, IEEE802.1D-REV,
and IEE802.1Q
MAC Address Withdrawal using LDP Message to trigger address re-learning
Use H-VPLS (Hub and Spoke) to reduce number of mesh PWs
CE2
PE2
VPLS
PE1
PE3
VPLS
CE1
VPLS
IP/MPLS Network
VPLS
PE4
9 | Presentation Title | Month 2006
CE4
All Rights Reserved © Alcatel-Lucent 2006, #####
CE3
Alcatel-Lucent Premium VPN Services
QoS policy runtime instantiation provides the ability to dynamically
change bandwidth and QoS parameters for value-added services
Internet
Enable service interworking
of VPWS using IP PW
Support for OSPF allows VPN customer running
OSPF to migrate to an IP-VPN backbone without
changing their IGP, introduce BGP as the
CE-PE protocol and stop relying on static routes
for access to an IP-VPN service
IP-VPN
VPLS
Frame
Relay
FR UNI
IP-VPN
ATM
ATM UNI
Ethernet
7750 SR
Ethernet UNI
Transparent Layer 2 protocol
tunneling (L2PT) to transparently
transport Layer 2 PDUs between CPEs,
including translation between
different STP types
IP-VPN
VPLS
7750 SR
Ethernet
Frame
Relay
IP-VPN
Ethernet
Ethernet UNI
10 | Presentation Title | Month 2006
VPLS
7750 SR
IP/MPLS
Backbone
VPLS
Ethernet UNI
FR UNI
ATM
7750 SR
Multiple Spanning Tree Protocol
(IEEE 802.1s) to interoperate
with traditional L2 switches and
operate along with Managed
VPLS to provide an
effective dual homing solution
All Rights Reserved © Alcatel-Lucent 2006, #####
ATM UNI
Terminate RFC 2684 routed bridged
encapsulation of ATM traffic onto
IES and IP-VPN services
This is a placeholder image only. Please select an image
to reflect the content of your PPT presentation. Visit our
approved corporate photography collection on the MarCom
Store at: https://all.alcatel-lucent.com/marcomstore/
QoS
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
Basic QoS on 7x50/7710 SR Product Family
Use differentiated service (DiffServ) model
8 Forwarding Classes (NC, H1, EF, H2, L1, AF, L2, and BE)
Profile State (in profile  rate <= CIR; out of profile  rate > CIR)
Separate queues for unicast and multicast traffic
Allow one queue per forwarding class or one queue for multiple forwarding classes
By default, remarking for EXP, DSCP, Dot1p iff:
i) L2 traffic or a non-trusted IP interface
ii) The first network egress
iii) Not remarked explicitly by SAP ingress
Pre-classification
(Dot1p, IP Prec, DSCP, IP criteria, MAC criteria)
Allow Remarking for DSCP or IP Prec
(applicable for L3 service only)
SAP Ingress
12 | Alestra | March 1st, 2010
No explicit Dot1p to FC in default mapping
EXP – MPLS
DSCP – IP
Dot1p – Ethernet
Dot1p – Ethernet
FC + PS
FC + PS
Network
Egress
Network
Ingress
All Rights Reserved © Alcatel-Lucent 2007.
SAP Egress
This is a placeholder image only. Please select an image
to reflect the content of your PPT presentation. Visit our
approved corporate photography collection on the MarCom
Store at: https://all.alcatel-lucent.com/marcomstore/
OAM
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
OAM
IP
- ICMP Ping/Trace
MPLS - LSP Ping/Trace
PW
- VCCV Ping/Trace
SDP
- SDP Ping
SVC
- SVC Ping
VPLS - MAC Ping/Purge/Populate/
Ethernet – 802.1ag/Y1731
14 | TiMOS-5.0 workshop | May 2007
All Rights Reserved © Alcatel-Lucent 2007.
This is a placeholder image only. Please select an image
to reflect the content of your PPT presentation. Visit our
approved corporate photography collection on the MarCom
Store at: https://all.alcatel-lucent.com/marcomstore/
Next Gen Hotspot 2.0 – Why Wi-Fi?
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
Wi-Fi Opportunity and Strategy to Success
WiFi Opportunity
- By 2015 there will be 8B mobile devices; global mobile traffic will grow 26x to 6.6m TB/month where
video will be 66% of all mobile traffic;1.2 million hotspot venues from 421K in 2010 worldwide (In-Stat
Research Report)
- Mobile operators need more cost effective radio technologies to handle increasing data traffic
- Wi-Fi is global – same frequency band worldwide (2.4GHz and 5GHz)
- Wi-Fi is built into smart phones and devices
- Wi-Fi provides ~5x bandwidth (MHz) of Cellular (5GHz vs ~1GHz)
- Carrier grade Wi-Fi offers platform for delivering a host of new location-based services
Strategy To Success
-
Should complement operator’s spectrum
Should be easy/transparent for the user
Should be viable resource to meet users’ expectations
Should be easily and cost-effectively integrate into existing 3G/4G architectures
16
Hotspot 2.0 Technology Enablers
Authentication and Roaming
Hotspot Today
Next Gen Hotspot 2.0
Network Discovery and Selection
SSID
802.11u
L2 Authentication
None
802.1x
L2 Air Encryption
None
802.11i
L3 Authentication
WebAuth, WISPr
EAP SIM, AKA, TLS, TTLS
Hotspot Network
Untrusted
Trusted
Intellectual Property Right
No
Yes
Interoperability
No
Yes
VISION:
Mobile Network: Turn on phone and secured Cellular connectivity
Automatic,
Secured, EAP Based
WiFi Network: Turn on phone and get secured WiFi connectivity
17
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
This is a placeholder image only. Please select an image
to reflect the content of your PPT presentation. Visit our
approved corporate photography collection on the MarCom
Store at: https://all.alcatel-lucent.com/marcomstore/
ALU Light Radio WiFi Solutions
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
LIGHTRADIO WI-FI: 7750 WLAN G/W
Option to Breakout to
Solution Strengths
Internet where costL2 transparency
DIAMETER
Internet
& Media
Unified
authentication,
authorization and
accounting
effective
RADIUS
Proxy
GRE per HGW/AP
PGW/GGSN
HGW/AP
GRE per HGW/AP
HGW/AP
7750 SR
WLAN GW
Auto-provisioned
tunnels for operational
simplicity
Anchoring subscriber through
PGW/GGSN is independent of WLAN-GW
location using standard interfaces
AAA
SS7 MAP or
Diameter
HLR
HSS
AuC
• Flexible choice of transport: L2/IP/MPLS or IPSec
• Full flexibility for local breakout or GTP mobility
• Rapid inter-AP mobility (due to L2 transparency)
• Mobility between WiFi and Macro with address
preservation
• No per-AP provisioning: SoftGRE tunnels auto-created
• WLAN GW N:1 redundancy with IP address preservation
• Tunnel Scalability: tunnel state only if active subs
• WLAN GW mobility with IP address preservation
• Subscriber Scale: IP address sharing with L2-aware NAT
• No IPSec required on UE
• Conservation of resources for migrant users
• No mobility functions required on AP (Simpler APs)
19
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
WLAN GW: Deployment Models
Edge 7x50 or 7705 SAR can
encapsulate VLAN-only APs
into GRE tunnels for a
common model to GREcapable APs
WLAN
GW
7x50
7750
Regular ESM with 1 VLAN per
Sub or 1 VLAN per service
WLAN
GW
7x50
7750
WLAN
GW
7x50
VLANs
GRE Tunnel
7750
• Soft GRE benefits of scale and auto-provisioning on the WLAN GW
• Achievable with GRE-capable APs or
• For non GRE-capable APs, L2 aggregator device such as 7x50, 7705 SAR families can be used to
provide GRE transport over IP toward WLAN GW
20
LIGHTRADIO WI-FI ARCHITECTURE
ACCESS POINT OPTIONS
L3 Solution
L2 Solution
Offload SSID
Offload SSID
IP TUNNEL
Bridge
•
•
•
•
•
•
•
•
•
Flexible for L2 Wholesale
L3 Wholesale with support for overlapping IP@
GTP IP@ Mobility with overlapping IP@
Faster Inter-AP mobility triggering
Simpler, less CPU-intensive CPE
Network portal
IP@ Sharing
Subscriber visibility in the network with NAT
MAC@ visibility in the network  authentication
•
•
•
•
•
•
•
•
•
No L2 Wholesale
No L3 Wholesale with overlapping IP@
No GTP IP@ Mobility with overlapping IP@
L3 mobility which is slower
Complex CPE
Portal on CPE
No IP@ Sharing
No Subscriber visibility in the network with NAT
No MAC@ visibility in the network
ALU Recommendation
21
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
Architecture Options
HGW/AP - Public SSID –
NAT’ed
(IP + NAT on AP)
L3 Solution
HGW/AP – Public
SSID Bridged – Non
tunneled
L2 Solution
HGW/AP – Public
SSID Bridged –
Tunneled
(L2oGRE OR
L2VPNoGRE)
L2 Solution
HGW/AP
complexity
Subscriber Visibility
in network
Traffic separation
L2 Wholesale
L3 Wholesale
IPv4@ sharing
Fast L2 WIFI interAP mobility
Time & volume
accounting
22
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
HGW/AP – PMIPv6
MAG (public SSID
traffic L3 tunneled to
LMA.
L3 Solution
3GPP - WLAN TO 3G/4G INTERWORKING
• Current 3GPP/2 standard for access to EPC over non trusted access
(possibly unsecure) WLAN AP &
Backhaul a priori owned by any
provider
WLA
N
ePDG/PDIF
WLAN
AP
SWx
AAA
IPSec
ISSUES:
HSS
• Battery drain effect on UE and
intensive CPU processing.
S2b: GTP
PGW
IPSec: 3GPP/2 VPN
• IPSec overhead & associated
packet fragmentation on
WLAN air interface
• Poor user experience with
Latency associated with tunnel
establishment for shortsessions (e.g. MMS access)
ALU solution (fat-pipe model) that overcomes standard issues
• Multiple tunnels one for each
service
• WLAN GW solution over trusted or un-trusted access
SWx
(secure) WLAN AP & Backhaul
802.11i
• IPSec/IKEv2 required on UE
AAA
HSS
Radius
WLAN
AP
Single tunnel / AP
PDG/WLAN GW
S2a: GTP
PGW
23
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
Protected tunnel
SLA and QoS Management
• SLA-profiles created on WLAN-GW
• SLA-profile is a template with parameters
(e.g. rates i.e. PIR/CIR)
• Association of subscriber to an SLA-profile
is dynamic via RADIUS VSAs
Bandwidth control
• Per AP
• Per AP, per wholesale partner
• Per IP@ Mobility public WIFI user
• QOS mapping - 3G/4G <-> WIFI
FC to queue
mapping
Per Tunnel (or per tunnel per wholesale
partner) aggregate rate
DSCP to FC
mapping
Per user policing
GRE
WLAN GW
Access
CM/RG/AP
GTP
GRE
DSCP to FC mapping
FC to DSCP mapping in
outer header OR
Copying DSCP in inner IP to
outer IP
24
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
2. WLAN GW; BNG functionality
enhance sub-mgt (ESM)
Legacy BRAS
subscriber tunnel
HSI
Best effort
• Single-service (HSI)
Typical BNG
Voice
multi-service
IPTV
• Per-subscriber
• Per-service
Per subscriber
personalization
RG/AP
Hierarchical QoS
Per
Sub
IPTV
multi-application
Managed Video
• Per-subscriber
• Per-service
• Per-application
Online Services
Managed VoIP
Managed Gaming
HSI
multi-device
TV
GigE
Voice
7750 SR as BNG
7750 SR as WLAN GW
PC
Per
Sub
HSI
Per device
Tab
Per Sub
Sub
Per
Voice
IPTV
Hierarchical QoS with
Application Assurance
Per
Device
Online Services
• Per access point
• Per-device
• Per-service
• Per-application
Voice
IPTV
Online Services
25
COPYRIGHT © 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — INTERNAL PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
Per
Device
Per
Access
Point
10GE
Inter-AP Mobility
7750 SR
WLAN GW
HGW/AP
MSISA
PBB
Bridge
MSISA
UE Anchored on
MS-ISA
MSISA
HGW/AP
• When UE moves between AP, WLAN GW re-learns UE MAC on new GRE tunnel:
• Learning from re-authentication
• Learning from normal data packets
• Learning based on a “mobility trigger” packet from AP
• Subscriber is not deleted/recreated on WLAN GW
• Full re-authentication after re-association with new AP can be avoided if PMK-caching enabled on
AP & UE, or if Wi-Fi AP implements 802.11r
26
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
INTER WLAN-GW REDUNDANCY & MOBILITY
• IP@ preserved when subscriber moves or switches to new WLAN-GW.
- L2-aware NAT on old and new WLAN-GW.
• “Data-triggered” authentication and subscriber creation on new WLAN-GW.
- First data packet on new WLAN-GW to trigger RADIUS authentication based on <IP@,MAC@>.
Subscriber created after authentication.
Inter-WLAN-GW Redundancy
Inter-WLAN-GW Mobility
WLAN-GW1
WLAN-GW1
1. Health-check
for WLAN-GW
1. UE Moves
(based on IP Pings)
AAA
AAA
2. Data switched
WLAN-GW
2. Access-Request
3. Access-Request
to wards backup
4. Data-triggered
<IP, MAC>
Subscriber
creation
<IP, MAC>
3. Data-triggered
Subscriber
creation
WLAN-GW2
27
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
WLAN-GW2
SOFT-GRE ESM USER – OPEN SSID Call Flow
UE
WLAN-GW
WAP
AAA
Captive Portal
802.11 PHY Attachment
DHCP Discover
GRE( DHCP Discover )
SR OS 10 PORTAL-BASED AUTHENTIC ATION
RADIUS Access-Request
RADIUS Access-Accept
DHCP Offer
GRE( DHCP Offer)
DHCP Request
GRE( DHCP Request)
DHCP Ack
GRE( DHCP Ack)
ARP Request
ARP Reply
 If no previous session for this UE-MAC is found, it will create a new
user entry; a redirect policy will be returned in the RADIUS AccessAccept
 If already an authenticated session for this UE-MAC is found, no
redirect policy will be returned in the RADIUS Access-Accept
 A new regular ESM subscriber context is created with
HTTP redirect filter
RADIUS Accounting-Start
GRE( ARP Request )
GRE( ARP Reply )
HTTP GET( URL )
GRE( HTTP GET( URL ) )
HTTP Redirect/302( Portal )
GRE( HTTP Redirect/302( Portal ) )
HTTP Web-Based Authentication to the Captive Portal
Authentication Request
RADIUS CoA • Change of Authorization
Authentication Success
Internet Access OK!
28
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
Internet
SOFT GRE ESM USER – SECURED SSID – Call Flow
Local Breakout
UE
Start authentication
802.1X EAPoL-Start
802.1X EAP-Request(Id)
The WLAN-GW’s RADIUS proxy server will
send the RADIUS message to one (or
more) AAA server(s).
RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port,
RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port,
Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID)
Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID)
802.1X EAP-Request(Challenge)
RADIUS Access-Challenge(EAP-Challenge)
RADIUS Access-Challenge(EAP-Challenge)
RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port,
RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port,
Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID)
Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID)
RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof,
...
...
...
802.1X EAP-Response(Id)
RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof,
802.1X EAP-Success()
4-WAY
MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout)
MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout)
802.1X EAPoL-Key(ANonce)
802.1X EAPoL-Key(SNonce, MIC)
IEEE 802.11i Four-Way Handshake
802.1X EAPoL-Key(Encrypted GTK, MIC)
802.1X EAPoL-Key(MIC)
RADIUS Accounting-Start(User-Name, NAS-IP, NAS-Port,
ACCT
Calling-Station-ID=UE-MAC, Called-Station-Id = AP-MAC:SSID)
RADIUS Accounting-Response()
DHCP Discover(chaddr=UE-MAC)
DHCP
AAA
802.1X EAP-Response(Id)
...
AUTHENTICATION
WLAN-GW
WAP
GRE( DHCP Discover(chaddr=UE-MAC) )
DHCP Offer(chaddr=UE-MAC, yip=UE-IP,
GRE( DHCP Offer(chaddr=UE-MAC, your-ip=UE-IP,
Subnet-Mask, Router, Lease-Time)
DHCP Request(chaddr=UE-MAC,
Subnet-Mask, Router=WLAN-GW-IP, Lease-Time)
GRE( DHCP Request(chaddr=UE-MAC,
Requested-IP-Address=UE-IP)
DHCP Ack(chaddr=UE-MAC, yip=UE-IP,
Requested-IP-Address=UE-IP)
GRE( DHCP Ack(chaddr=UE-MAC, your-ip=UE-IP,
Subnet-Mask, Router, Lease-Time)
Subnet-Mask, Router=WLAN-GW-IP, Lease-Time)
LUDB in the cache of the RADIUS proxy server
RADIUS Accounting-Start(User-Name, NAS-ID, NAS-Port,
Calling-Station-ID=UE-MAC, Called-Station-Id = AP-MAC:SSID)
RADIUS Accounting-Response()
29
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
WLAN-GW 3G INTERWORKING – GN Interface
Wi-Fi Offload ► Call Flow
UE
WLAN-GW
WAP
P-GW
RADIUS Server
RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof, Alc-Wlan-APN-Name,
802.1X EAP-Success()
Wi-Fi OFFLOAD CONNECT SCENARIO
DHCP Request(Requested-IP)
3GPP-GGSN-Address, MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout)
GRE( DHCP Request(IP) )
The WLAN-GW detects that RADIUS attributes have been received in the Access-Accept to setup a GTP tunnel. It
will initiate GTP-C tunnel setup with:
• Handover Indication set to TRUE (since it is DHCP Request)
• PDN Address Allocation set to the IP address, requested in the DHCP Request
GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=TRUE,
PAA=DHCP-Requested-IP)
GTP Create-Session-Response(Cause= “Context Not
Found”)
The GGSN doesn’t find a previous context and refuses the bearer setup.
GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=FALSE,
The WLAN-GW sees that the bearer setup was not successful
and tries again with:
• Handover Indication set to FALSE
• PDN Address Allocation set to 0.0.0.0
PAA=0.0.0.0)
GTP Create-Session-Response(Cause= “Request
Accepted”, PAA=New-IP)
DHCP NAK()
DHCP Discover()
GRE( DHCP NAK() )
GRE( DHCP Discover() )
DHCP Offer(New-IP)
GRE( DHCP Offer(New-IP) )
DHCP Request(New-IP)
GRE( DHCP Request(New-IP) )
DHCP Ack(New-IP)
Since the P-GW assigned a different IP address then what was requested by the UE, the WLAN-GW
will cache this IP address for 30s and force the UE restart DHCP from scratch by sending a DHCP
NAK.
GRE( DHCP Ack(New-IP) )
30
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
WLAN-GW 4G/LTE INTERWORKING – S2B Interface
Wi-Fi Offload ► Call Flow
UE
WLAN-GW
WAP
P-GW
Rel 11.0.R2
RADIUS Server
Diameter Server
RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof, Alc-Wlan-APN-Name,
802.1X EAP-Success()
Wi-Fi OFFLOAD CONNECT SCENARIO
DHCP Request(Requested-IP)
3GPP-GGSN-Address, MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout)
GRE( DHCP Request(IP) )
The WLAN-GW detects that RADIUS attributes have been received in the Access-Accept to setup a GTP tunnel. It
will initiate GTP-C tunnel setup with:
• Handover Indication set to TRUE (since it is DHCP Request)
• PDN Address Allocation set to the IP address, requested in the DHCP Request
GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=TRUE,
PAA=DHCP-Requested-IP)
GTP Create-Session-Response(Cause= “Context Not
Found”)
The PGW doesn’t find a previous context and refuses the bearer setup.
GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=FALSE,
The WLAN-GW sees that the bearer setup was not successful
and tries again with:
• Handover Indication set to FALSE
• PDN Address Allocation set to 0.0.0.0
PAA=0.0.0.0)
DIAMETER AA-Request(Application=S6b, User-Name,
RAT-Type=WLAN)
DIAMETER AA-Answer(Application=S6b, Result-Code =
GTP Create-Session-Response(Cause= “Request
DIAMETER-SUCCESS)
Accepted”, PAA=New-IP)
DHCP NAK()
DHCP Discover()
GRE( DHCP NAK() )
GRE( DHCP Discover() )
DHCP Offer(New-IP)
GRE( DHCP Offer(New-IP) )
DHCP Request(New-IP)
GRE( DHCP Request(New-IP) )
DHCP Ack(New-IP)
Since the P-GW assigned a different IP address then what was requested by the UE, the WLAN-GW
will cache this IP address for 30s and force the UE restart DHCP from scratch by sending a DHCP
NAK.
GRE( DHCP Ack(New-IP) )
31
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
This is a placeholder image only. Please select an image
to reflect the content of your PPT presentation. Visit our
approved corporate photography collection on the MarCom
Store at: https://all.alcatel-lucent.com/marcomstore/
Research Recommendation
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
Research Recommendation
• WiFi Access Point
- Wireless Mesh Network
- Radio
• Location Based Services
• HTTP Redirect/Inline advertisements
33