3G Data Network
advertisement
IPv6 in the 3G network
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
1
IPv6 for mobile - why??
Address space problem
• Projected over 1 billion mobiles by 2005
• Not enough IPv4 addresses especially in Asia
• Eg-. In China, there 100+ million handsets and far less IP
addresses…
• IPv6 addresses – unique address / addresses
• Eliminate the use of NAT
• Overcome addressing / compatibility problems
Operational advantages – eg stateless autoconfiguration
Mobile IPv6 more efficient, can be used in future
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
2
IPv6 Recap:
New header format
Ver.
Traffic
Class
Flow Label
Payload Length
Next
Header
Ver.
Hop
Limit
Hdr
Len
Type of
Service
Identification
Time to
Live
Total Length
Fragment
Offset
Flg
Protocol
Header
Checksum
Source Address
Source Address
(128 bits)
Destination Address
Options...
IPv4Header
Destination Address
(128 bits)
IPv6 Header
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
3
IPv6 Recap:
Key changes in IPv6 header
Addresses increased 32 bits -> 128 bits
Flow Label field added
Time to Live -> Hop Limit
Protocol -> Next Header
Type of Service -> Traffic Class
Fragmentation fields moved out of base header
IP options moved out of base header
Header Checksum eliminated
Header Length field eliminated
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
4
Text Representation of Addresses
“preferred” form:
1080:0:FF:0:8:800:200C:417A
compressed form:
FF01:0:0:0:0:0:0:43
becomes
IPv4-embedded:
0:0:0:0:0:FFFF:13.1.68.3
or
Copyright © 2003 Juniper Networks, Inc.
FF01::43
::FFFF:13.1.68.3
CONFIDENTIAL
www.juniper.net
5
General Format of Unicast Addresses
global routing prefix subnet ID
n bits
m bits
interface ID
128-n-m bits
Hierarchical structure in global routing prefix and interface ID (ala CIDR)
the interface ID is equivalent to the “host field" in an IPv4 address
if leading bits of address = 000, interface ID may be any width
if leading bits of address ≠ 000, interface ID is 64 bits wide
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
6
Configuring Interface IDs
There are several options for configuring the interface ID
of an address:
• DHCPv6 (configures whole address)
• Manual configuration (of interface ID or whole address)
• automatic derivation from 48-bit IEEE 802 address
or 64-bit IEEE EUI-64 address
• pseudo-random generation
“Stateless” autoconfiguration, when combined with high-order part of the
address learned via Router Advertisements
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
7
IPv6 for 3G – How?
Extend GPRS / GTP to handle IPv6 addresses
during PDP setup
Methods to obtain IPv6 address
• Static
• Dynamic
•Stateless
•Stateful – using DHCPv6 (for increased control)
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
8
Dynamic Stateless Autoconfiguration
MT
BSS / UTRAN
GGSN
SGSN
1. Activate PDP Context Request (PDP type = IPv6, PDP Address = empty, …)
2. Create PDP Context request
MT extracts
Interface-ID
from the link
local address
3. Create PDP context response (PDP
address = link local address, ..)
4. Activate PDP context accept
GGSN configured to
advertise only one
network prefix
5. Router Solicitation
6. Router Advertisement (M flag = 0, Network Prefix…)
7. Neighbor Solicitation
8. GGSN initiated PDP context modification procedure
GGSN updates the SGSN and MT
with the full IPv6 address
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
9
Recommendations from the IETF
IPv6 WG to 3GPP
Uniqueness: Each prefix must not be assigned to
more than one primary PDP context
Allow 3GPP nodes to use multiple identifiers within
those prefixes, including randomly generated
identifiers
Multiple prefixes may be assigned to each primary
context
Work in progress…
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
10
Types of Transition Mechanisms
Dual Stacks
• IPv4/IPv6 coexistence on one device
Tunnels
• For tunneling IPv6 across IPv4 clouds
• Later, for tunneling IPv4 across IPv6 clouds
• IPv6 <-> IPv6 and IPv4 <-> IPv4
Translators
• IPv6 <-> IPv4
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
11
Transition Scenario –
Dual IPv4/IPv6 Stack
Native IPv4
Network
GGSN
IPv4 Host
Native IPv6
Network
IPv6 Host
Dual Stack
v4/v6 host
Dual Stack Router
IPv4 / IPv6 PDP
Context
Copyright © 2003 Juniper Networks, Inc.
Separated approach – simple and efficient
Possible as mobile usually closed system environment
GGSN is a dual stack device
Could be native IP interconnects, and also IPv4 PE and IPv6 PE (6PE))
CONFIDENTIAL
www.juniper.net
12
Tunnel and Transition Types (many!)
Configured tunnels - Router to router
Automatic tunnels
• Tunnel Brokers (RFC 3053)
• Server-based automatic tunneling
• 6to4 (RFC 3056)
• Router to router
• ISATAP (Intra-Site Automatic Tunnel Addressing Protocol)
• Host to router, router to host, Maybe host to host
• 6over4 (RFC 2529)
• Host to router, router to host
• IPv64
• For mixed IPv4/IPv6 environments
• DSTM (Dual Stack Transition Mechanism)
• IPv4 in IPv6 tunnels etc….
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
13
Transition Scenario –
Tunneling Options
IPv4
Network
IPv6
Network
RBS
IPv6
Network
GGSN
IPv6
host
IPv6
Network
IPv4
Network
RBS
IPv6
host
v6/v4
Routers
IPv6 PDP
Context
IPv4
Network
GGSN
IPv4
host
IPv4 PDP
Context
Copyright © 2003 Juniper Networks, Inc.
Diagrams - Gopinath Rao Sinniah, AIMST
IPv4
host
v4/v6
Routers
Practical transition; within backbone constraints
CONFIDENTIAL
www.juniper.net
14
Network Address Translation - Protocol
Translation (NAT-PT)
IPv4 Pool: 120.130.26/24
IPv6 prefix: 3ffe:3700:1100:2/64
IPv6
Network
IPv4
Network
Mapping Table
Inside
3ffe:3700:1100:1:210:a4ff:fea0:bc97
DNS
Outside
120.130.26.10
Source = 3ffe:3700:1100:1:210:a4ff:fea0:bc97
Dest = 3ffe:3700:1100:2::204.127.202.4
NAT-PT
Source = 120.130.26.10
Dest = 204.127.202.4
Source = 204.127.202.4
Dest = 120.130.26.10
v4host.4net.org
204.127.202.4
Source = 3ffe:3700:1100:2::204.127.202.4
Dest = 3ffe:3700:1100:1:210:a4ff:fea0:bc97
v6host.6net.com
3ffe:3700:1100:1:210:a4ff:fea0:bc97
Copyright © 2003 Juniper Networks, Inc.
Greater complexity
Limited NAT/FW ALG support today
Must be an interim step only
CONFIDENTIAL
www.juniper.net
15
QoS in the Mobile – 3G Network
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
16
3GPP Release 5
End-End QoS Framework
T3.207 – End-end QoS
architecture:
Complements 23.107 describes
Quality of Service for the "GPRS
Bearer Service“ (main
developments in Rel4)
Introduces a PDF – Policy
Decision Function (policy Server)
to interwork between
applications and IP bearer
service (GGSN = Policy
Enforcement Point). Also
possible mapping between
GPRS and IP bearer services.
Allows use of either Diffserv or
Intserv (or both!)
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
17
QoS requirements in UE and GGSN
UE
GGSN
DiffServ Edge Function
Optional
Required
RSVP/IntServ
Optional
Optional
IP Policy Enforcement
Point
Optional
Required (*)
Capability
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
18
23.107
4 QoS classes are defined in UMTS
refer TS 23.107
Traffic class
Conversational
class
conversational RT
Fundamental
characteristics
-Preserve time
relation (variation)
between
information
entities of the
stream
Conversational
pattern (stringent
and low delay )
- Voice
- VoIP, video calls
Example of the
application
Copyright © 2003 Juniper Networks, Inc.
Streaming class
streaming RT
Interactive class
Interactive best
effort
Background
Background
best effort
-Preserve time
relation
(variation)
between
information
entities of the
stream
-Request response
pattern
-Destination is
not expecting
the data within
a certain time
-Preserve
payload
content
- Streaming video
- Web browsing
- Machine polling
-Preserve payload
content
CONFIDENTIAL
- Background
download of
emails, non
realtime video
downloads
www.juniper.net
19
UMTS bearer attributes defined for each
bearer traffic class
Conversational
class
Streaming class
Interactive class
Background class
Maximum bitrate
X
X
X
X
Delivery order
X
X
X
X
Maximum SDU size
X
X
X
X
SDU format
information
X
X
SDU error ratio
X
X
X
X
Residual bit error
ratio
X
X
X
X
Delivery of
erroneous SDUs
X
X
X
X
Transfer delay
X
X
Guaranteed bit rate
X
X
Traffic class
Traffic handling
priority
X
Allocation/Retention
priority
X
X
Source statistics
descriptor
X
X
Signalling indication
Copyright © 2003 Juniper Networks, Inc.
Note – these
map down into
Radio Bearer
QoS
capabilities,
which are
similar in
makeup
X
X
X
CONFIDENTIAL
www.juniper.net
20
Value ranges for UMTS Bearer Service
Attributes
Conversational
class
Streaming class
Interactive class
Background class
<= 16 000 (2)
<= 16 000 (2)
<= 16 000 overhead (2) (3)
<= 16 000 overhead (2) (3)
Yes/No
Yes/No
Yes/No
Yes/No
<=1 500 or 1 502 (4)
<=1 500 or 1 502 (4)
<=1 500 or 1 502 (4)
<=1 500 or 1 502 (4)
(5)
(5)
Yes/No/- (6)
Yes/No/- (6)
Yes/No/- (6)
Yes/No/- (6)
Residual BER
5*10-2, 10-2, 5*10-3,
10-3, 10-4, 10-5, 10-6
5*10-2, 10-2, 5*10-3,
10-3, 10-4, 10-5, 10-6
4*10-3, 10-5, 6*10-8
(7)
4*10-3, 10-5, 6*10-8
(7)
SDU error ratio
10-2, 7*10-3, 10-3, 104, 10-5
10-1, 10-2, 7*10-3, 103, 10-4, 10-5
10-3, 10-4, 10-6
10-3, 10-4, 10-6
Transfer delay (ms)
100 – maximum
value
280 (8) – maximum
value
Guaranteed bit rate
(kbps)
<= 16 000 (2)
<= 16 000 (2)
Traffic class
Maximum bitrate
(kbps)
Delivery order
Maximum SDU size
(octets)
SDU format
information
Delivery of
erroneous SDUs
Traffic handling
priority
Allocation/Retention
priority
Source statistic
descriptor
Signalling Indication
Copyright © 2003 Juniper Networks, Inc.
1,2,3 (9)
1,2,3
1,2,3
Speech/unknown
Speech/unknown
1,2,3
1,2,3
Yes/No (9)
CONFIDENTIAL
www.juniper.net
21
Mapping from R97/98 GPRS QoS attributes to
Release 99 onwards
Resulting R99 Attribute
Name
Traffic class
Traffic handling priority
SDU error ratio
Residual bit error ratio
Delivery of erroneous SDUs
Maximum bitrate [kbps]
Allocation/Retention priority
Delivery order
Maximum SDU size
Copyright © 2003 Juniper Networks, Inc.
Derived from R97/98 Attribute
Value
Value
Interactive
1, 2, 3
Background
4
1
1
2
2
3
3
10-6
1, 2
10-4
3
10-3
4, 5
10-5
1, 2, 3, 4
4*10-3
5
'no'
1, 2, 3, 4
'yes'
5
8
1
16
2
32
3
64
4
128
5
256
6
512
7
1024
8
2048
9
1
1
2
2
3
3
yes'
yes'
'no'
'no'
1 500 octets
(Fixed value)
Name
Delay class
Delay class
Reliability class
Reliability class
Reliability class
Peak throughput class
Precedence class
Reordering
Required
in the
SGSN and the
GGSN(Information
PDP Contexts)
CONFIDENTIAL
www.juniper.net
22
IP CoS Basics
Key Functions
Per-flow Rate
Policing
Traffic
Classification
&
Marking
Priority
Queuing
Congestion
Avoidance
SP
W
R
R
• IP Flow
RED
• IP Precedence bits, DSCP Byte
• MPLS CoS bits
100%
• Incoming Physical Interface
Stream
• Incoming Logical Interface
• Destination IP address
• Application (stateful) etc…
Copyright © 2003 Juniper Networks, Inc.
100%
100%
PLP=1
CONFIDENTIAL
PLP=0
www.juniper.net
23
Converged Network CoS Design
In a voice / best effort network, three classes (at least) of service are
necessary:
•
IP network control traffic
• Low bandwidth requirements, not sensitive to latency, jitter
• Must not be starved
•
Voice signaling and bearer traffic
• Highest latency and jitter requirements
•
Best effort data traffic
• Whatever capacity is left
More complex configurations may or may not be needed in other
network designs (e.g. with VPN service)
More classes = more complexity, no way around this.
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
24
Real World Case Study –
Customer QoS allocations
MPLS
EXP
Bits
Forwarding Behaviour
000
Best Effort
001
Assured Forwarding 12
010
Assured Forwarding 11
011
Expedited Forwarding 1
100
Expedited Forwarding
101
Network Control 3 /
Assured Forwarding 41
110
Network Control 1 /
Assured Forwarding 21
111
Network Control 2 /
Assured Forwarding 31
Copyright © 2003 Juniper Networks, Inc.
Traffic Type
Hardware
Queue
Drop
Probability
IP Traffic
(UMTS Best Effort Class)
Queue 0
-
Queue 2
High
3G Signalling traffic
UMTS Streaming Class
Unified Messaging client
Low
Queue 1
3G AAL2 traffic
(UMTS Conversational Class)
Low
Queue 3
Network Control
UMTS Interactive Class
High
High
Low
High
CONFIDENTIAL
www.juniper.net
25
Real World Case Study –
Customer QoS allocations
Queue implementation on network routers
Copyright © 2003 Juniper Networks, Inc.
Hardware
Queue
Traffic Type
WRR
weighting
Queue depth
Queue 0
IP traffic
60%
60 %
Queue 1
3G AAL2 traffic
25 %
10%
Queue 2
3G Signalling
traffic
10 %
10%
Queue 3
Network Control
5%
20%
CONFIDENTIAL
Expedited
Forwarding
(strict
priority for
voice)
www.juniper.net
26
What is Diff-Serv TE ?
Diff-Serv: scheduling/queuing behavior at each node depends on traffic type
(indicated by DSCP/EXP setting ) - hop by hop QoS
MPLS TE: use of constraints to control placement of LSPs. Typically, various traffic
classes share the same LSP. Bandwidth reservations do not take account of the
classes of traffic involved.
MPLS Diff-Serv TE:
• Traffic divided into up to eight Class-Types.
• CSPF and RSVP take the Class-Type into account when computing path of LSP.
• Results in More granular bandwidth reservation.
On each link in network, can have separate bandwidth constraints for each type of
traffic
• E.g. limit the bandwidth taken by voice LSPs on a link to a maximum of 40%,
data LSPs take the rest.
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
27
CoS / QoS & Forwarding
Diff-Serv-aware MPLS Traffic Engineering
Guaranteed bandwidth for MPLS
• Combines MPLS DiffServ and DiffServ TE
• Provides strict point to point QoS guarantees
Aggregated State (DS)
Aggregate Admission Control (DS-TE)
Aggregate Constraint-based Routing (DS-TE)
No state
Aggregated state
Per-Flow state
MPLS Diff-Serv + MPLS
DS-TE
Best effort
RSVP v1
& Int-Serv
Diff-Serv
MPLS
Guaranteed
Bandwidth
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
28
Components of DS-TE
Three components:
• Per-class admission control – RSVP extensions, IGP
extensions
• Per-class input policing at the edge – LSP Policing
• Per-class scheduling (one queue for all traffic of a given
class) – DiffServ
• Aggregated scheduling: a class queue carries many LSPs
THE RESULT:
• Admission control + policing at the edge + dedicated
queue = guaranteed bandwidth
Copyright
2003Juniper
JuniperNetworks,
Networks,
Inc.
Copyright ©©2003
Inc.
Proprietary
and Confidential
CONFIDENTIAL
www.juniper.net
www.juniper.net
29
Layer 2 Migration
VC to MPLS QoS Mapping
VPs
ATM Control Traffic
Queues
PE to PE E-LSPs
(PSN Tunnel)
QoS Flows Based
on EXP Bits
CBR
VBR rt
(CLP0, CLP1)
VBR nrt
(CLP0, CLP1)
ABR/UBR
(CLP0, CLP1)
CBR (10% bw)
->CT3
VBR rt (20% bw)
->CT2
VBR nrt (20% bw)
->CT1
ABR/UBR (50% bw)
CT0
ATM Interface
Copyright © 2003 Juniper Networks, Inc.
Trunk VPN Label
(Pseudo Wire)
POS Interface
CONFIDENTIAL
www.juniper.net
30
Looking into the future
3G Release 6
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
31
3G Release 6
TS 23.221
Circuit switched
call control server
BICC
RTP
or
AAL2
UDP/IP or AAL2
NodeB
Iu cs
Iu b
H.248
TDM
ATM
IP
PSTN
Iu ps
USIM
IP/AAL5
IMS enhancements for conversational
Internet
Corporate
Multimedia Broadcast/Multicast Service
(MBMS) – conferencing etc
UMTS/GPRS - WLAN Interworking
Definition in R6, implementation sooner
Copyright © 2003 Juniper Networks, Inc.
Service charging
enhancements
SIP IP Multimedia
CSCF
CONFIDENTIAL
www.juniper.net
32
Service based charging and control
Convergence of service differentiation, service specific policies and charging policies
• IP flow-based charging
• Enable differentiated online and offline charging for the traffic flows belonging to
different services (a.k.a. different service data flows) even if they use the same PDP
Context.
• Dynamic policy control enhancements (also ties in with QoS)
• Enable service based local policy control over IP bearer resources to evolve separately
from SIP services.
Requirements:
• Ability to classify IP traffic into services based on content (stateful. Eg- URI)
• Ability to apply flexible charging rules and service based local policy control based
on service classification
• Ability to enforce IP bearer policies for multiple services
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
33
Service based charging and control
Online Charging System*
CAMEL
SCP
Service Data
Flow Based
Credit Control
Service Data Flow
Based Charging
Rules Function
Gy
Traffic Plane
Function
Gx
AF
Rx
Gq
Go
Policy Decision
Function
Timescale:
• 3GPP Release 6
• Early realization by some vendors at the GGSN
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
34
3G complimentary access technologies
Access technologies that compliment a 3G FDD network by providing high-speed data services
in hot-spot areas
• 802.11 based WLAN, HSDPA, TDD / portable broadband
Requirements:
• Existing core networks to support connectivity to WLAN, TDD access networks
• Allow access to PS services (e.g. IMS) from WLAN access networks
• Ability to handle additional transport capacity as a result of higher bandwidth
Timescale:
• 3GPP Release 6 for basic WLAN inter-working scenarios
• Realization of basic scenarios by many vendors
• HSDPA in 3GPP Release 5
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
35
3G complimentary access technologies
Intranet / Internet
3GPP Visited Network
3GPP AAA
Proxy
WLAN Access Network
CGw/CCF
Wn
Ws/Wc
Wn Wireless Access
Gateway
3GPP AAA
Server
HSS
HLR
OCS
CGw/
CCF
Wi
Packet Data
Gateway
Wx
Wo
Scenario 3
WLAN
UE
Wf
3GPP Home Network
PS Service Network
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
36
Agenda
Mobile overview and the transition to 3G
2.5G data networks
3G - phases of deployment. Focus areas:
• Layer 2/MPLS migration
• IP RAN and transition techniques
• IP Multimedia subsystem and QoS
• ‘Push to Talk’ example
• IPv6
WLAN integration options
Case studies
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
37
High level Scenarios
VPN / Network level integration
Authentication / billing integration
• Web logon: SMS delivered password
• SIM integration
3GPP work – ongoing (GRPS/WCDMA)
Real time handover
• Mobile IP
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
38
VPN / Network Level integration
eg- Leading Asian Wireless Operator
Integration of VPN access for mobile corporate users regardless of access type
Outsource remote access management from corporates, and aggregate users in a layer
3 VPN – common point of subscriber management
Network diagram:
Mobile users mapped
into corporate VPNs
IPSEC / L2TP
(RFC 3193)
MPLS
Backbone
MPLS
WiFi User with native
Windows Client
Native
L2TP
LAC
GGSN
3G and PHS users
Copyright © 2003 Juniper Networks, Inc.
E Series (PE)
& Tunnel
Gateway
M Series (P)
CONFIDENTIAL
www.juniper.net
39
Authentication / Billing integration
First approach: web login approach for WLAN
• Username and password login or/
• One time password delivered by SMS/text message
Billing integration – WLAN charges appear on normal
mobile bill – backend integration.
• Flat rate or time / usage based
Examples of this approach: Verizon Wireless, Telstra
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
40
GPRS/CDMA Example
Telstra Corp. Australia
Mobile centric service, launched in August 2003
Public WLAN access to the Internet and corporate VPNs
Available in hotspot locations throughout Australia
• Target of 600 hotspot locations in 2004
• International roaming through the Wireless Broadband Alliance
Use of centralised control functions (E Series + SDX)
The "Wireless Hotspot" service is expected to become our "workhorse" mobile data
network, especially for corporate users, providing greater bandwidth in high traffic
locations than our cellular GPRS and 1xRTT mobile networks.
- Ted Pretty, Telstra Mobile Group Managing Director
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
41
Mobile Operator focus –
Simple billing for Telstra mobile customers
Time based billing; hourly rate
Login via a password delivered by SMS to a Telstra mobile
• Usage appears on customers normal mobile Bill
Lowered barriers to uptake
• No special WLAN subscription needed – casual pay-per-user
• Captive portal logon using DHCP – no client software required
Credit card payment option for non-Telstra post-paid mobile customers
Inbound roaming also supported (eg with Wireless Broadband Alliance partners),
can enable wholesale offering also
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
42
How it works - Step One
•
User opens up web
browser and tries
to go to Google
•
Session directed
to captive portal
software (SDX)
•
Choice to enter
mobile phone
number or
username and
password
•
Mobile phone
number entered
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
43
Step Two
•
One-time password
sent via SMS to
user’s mobile
phone
•
Received password
entered into
portal page
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
44
Step Three
•
Upon successful
authentication,
captive portal is
released and
original web
destination is
loaded.
•
Mini-logout
window to
facilitate signoff.
•
Usage billed to
user’s mobile
phone bill once finished
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
45
Authentication on WLAN using
802.1X and EAP on 802.11 - overview
Access Point
Association
RADIUS
Server
Ethernet
Access blocked
802.11 Associate-Request
802.11
RADIUS
802.11 Associate-Response
EAPOW-Start
EAPOW
EAP-Request/Identity
EAP-Response/Identity
EAP-Request
EAP-Response (credentials)
EAP-Success
EAPOW-Key (WEP)
Source: Microsoft
Copyright © 2003 Juniper Networks, Inc.
Radius-Access-Request
Radius-Access-Challenge
Radius-Access-Request
Radius-Access-Accept
Access allowed
CONFIDENTIAL
www.juniper.net
46
Maintaining subscriber control when using
802.1x/EAP environment
“Transparent RADIUS relay” concept
802.1x access points have Radius client, EAP messages encapsulated in Radius messages
Host MAC address in the calling-station-attribute
Radius relay (BRAS) uses @domain name to forward Radius request to an external EAP capable
Radius proxy or server
BRAS relay stores Host MAC address and awaits authorization data (VR to use, IP pool/address
to use, filters, etc)
DHCP request, based on the host MAC address, creates subscriber interface in proper context
allocates IP address, assign default policies. SDX with no Web login
Access point creates Radius authentication and accounting (stop)
Policy Control
802.1x AP
IDAS
GRE, routed, DSL, FR,ATM, LL, MetroE
Radius
Relay
IDAS = Integrated
DHCP Access Server
Premium Content
Internet
MPLS VPN
802.1x AP
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
47
PWLAN and Mobile
3GPP standards org defined five scenarios for PWLAN integration with 3G
• From common authentication to seamless handover of voice service
• Specified 802.1x based authentication
• Part of 3GPP Release 6, specified in TS 23.234
But, real deployments are occurring well in advance of 3GPP R6……so:
GSM Association WLAN Task Force issued guidelines for pre Release 6
• Wed based login initially transitioning to 3GPP release 6 spec
A SIM located in WLAN cards will use authentication based on EAP/SIM
• Eg- Use of SIM dongle
EAP to SS7 gateways will allow mobile HLR / HSSs to authenticate the WLAN card
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
48
Authenticating against the GSM HLR
Existing database with all mobile subscriber information
Existing provisioning and customer care systems are used
EAP/SIM can offer GSM equivalent authentication and
encryption
Gateway between RADIUS/IP and MAP/SS7 is required
• Eg Funk Software Steel Belted Radius/SS7 Gateway
• Ulticom Signalware SS7 software
• Sun server E1/T1 interface card
• An overview of the product is in this attachment:
• Major vendors Ericsson, Siemens, Nokia all have or are
developing their own offer
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
49
802.1x EAP/SIM authentication from HLR
Transparent RADIUS relay
MAP
SS7
GW
Authenticator
Client
EAPoL
BRAS AC,
RADIUS/SS-7
(RADIUS Relay)
GW
HLR
HLR
RADIUS
RADIUS
Client Authentication
Gr Interface
DHCP Discover
Client –
IP Address
Assignment
DHCP Offer
DHCP Request
DHCP Ack {address = End
User address from GGSN}
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
50
Tight integration proposed by 3GPP
HLR
GPRS Tunneling Protocol
Client
Authenticator
EAPoL
Access Controller, RADIUS/SS-7
RADIUS Relay
GW
HLR
GGSN
GGSN
RADIUS
RADIUS
Client Authentication
Gr Interface
Create PDP Context {IP, transparent mode APN,
IMSI/NSAPI, MSISDN, dynamic address requested}
Create PDP Context Response {End User Address}
DHCP Discover
Client –
IP Address
Assignment
DHCP Offer
DHCP Request
DHCP Ack {address = End User
address from GGSN}
Lease
expiration
Delete PDP Context Request
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
51
Real time handover…
Many access types – WLAN, 3G, GPRS…
Mobile IP could provide reasonable real-time macro roaming between
cellular and WLAN access types (also alternates such as
802.16/WiMax)
Supported for dual mode CPE/handsets
• Eg- Dual Mode NEC cellphone with WLAN as trialed in DoCoMo
• PDAs with WLAN and CDMA 1x/EVDO or GPRS/WCDMA
• Notebooks with cellular data or dual mode cards
Off the shelf client software available today – IPUnplugged, Birdstep
Challenges- VoIP, WLAN automated logon (eg- 802.1x could solve this),
applications/OS can handle address changes
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
52
Overview of Mobile IPv4 (RFC2002)
CN
5.
4.
FA
1. and 2.
HA
3.
Internet
MN
1. MN discovers Foreign Agent (FA)
2. MN obtains COA (FA - Care Of Address)
3. MN registers with FA which relays registration to HA
4. HA tunnels packets from CN to MN through FA
5. FA forwards packets from MN to CN or reverse tunnels through HA (RFC3024)
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
53
Mobile IP Interworking with UMTS/GPRS
Recommends use of FA Care Of Addresses (CoA), not collocated, to conserve IPv4 addresses
Source:
3GPP
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
54
Registration Process to GGSN FA
IPv4 - Registration UMTS/GPRS + MIP , FA care-of address
TE
SGSN
MT
1. AT Command (APN)
2. Activate PDP
Context Request
( APN=MIPv4FA )
A. Select suitable GGSN
5. Activate PDP
Context Accept
(no PDP address)
GGSN/FA
Home
Network
3. Create PDP
Context Request
( APN=MIPv4FA )
4. Create PDP
Context Response
(no PDP address)
6. Agent Advertisement
7. MIP Registration Request
8. MIP Registration Request
9. MIP Registration Reply
10. MIP Registration Reply
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
55
Overview of Mobile IPv6
Removes need for external FA in future 3GPP systems
CN
4.
3.
HA
1.
MN
2.
Internet
1. MN obtains IP address using stateless or stateful autoconfiguration
2. MN registers with HA
3. HA tunnels packets from CN to MN
4. MN sends packets directly to CN or via tunnel to HA
• Binding Update from MN to CN removes HA from path.
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
56
3G- Mobile Data Networks
To Summarise…
Interworking different wireless access types is possible in many ways –
benefits to the end users
Short term migration of FR and ATM over MPLS infrastructure can help cut
network and operations costs
Mobile networks are moving to IP both at network transport and
application layer…
• IP UTRAN option – IP out to the base station site
• IP Multimedia subsystem – native IP clients in devices
• Push To Talk is a wildcard; could accelerate IP requirements in the mobile
network before 3G becomes widescale
MPLS, QoS / DiffServ TE, IPv6 and transition techniques are key
requirements in the new mobile carrier network!
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
57
Thank you…!
My contact details:
Email snewstead@juniper.net
Mobile +852 6277 1812
Copyright © 2003 Juniper Networks, Inc.
CONFIDENTIAL
www.juniper.net
58
