COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
Building L2 & L3 service with ALU Service RouterGatot SusiloOctober 7, 2013
This is a placeholder image only. Please select an image
to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
Service Router
This is a placeholder image only. Please select an image
to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/
All Rights Reserved © Alcatel-Lucent 2006, #####3 | Presentation Title | Month 2006
Pt-to-Pt L2-VPN: Virtual Lease Line (PWE-3 RFC3985)
Pseudo Wire Emulation Edge-to-Edge Point-to-point service emulation (i.e., ATM, Frame Relay, Ethernet, TDM) over IP/MPLS (i.e.,
Packet Switched Networks) Require bidirectional tunnel between two PEs Inner connection is identified by MPLS label Uses T-LDP for inner label exchange
PE1 PE2
IP/MPLSNetwork
PWE-3
AC1 AC2
CE1 CE2
T-LDP Bidirectional TunnelIP (GRE) or MPLS
All Rights Reserved © Alcatel-Lucent 2007.
Service Entities (Point to Point)
Customer is also referred as subscriber Identified by customer ID
PE1 PE2
IP/MPLSNetwork
PWE-3
AC1 AC2
CE1 CE2
T-LDP Bidirectional TunnelIP (GRE) or MPLS
Pseudowire Emulation Edge to Edge - RFC3985
IP/MPLS
SAP
Customer
VC Label
DemuxSDP
Customer
VC Label
Demux
VC Label
PE-1 PE-2
SDP
VC Label
End to End Service (PWE3)
T-LDP
Service Service SAP
All Rights Reserved © Alcatel-Lucent 2007.
Service Entity (Continue)
SDP A logical way to direct uni-directional service tunnel Support GRE (IP tunneling) or MPLS as service tunnel Provide a better control for (LSP) tunnel selection Multiple services can share the same SDP Support forwarding class based (LSP) tunnel selection
IP/MPLS
SAP
Customer
VC Label
DemuxSDP
Customer
VC Label
Demux
VC Label
PE-1 PE-2
SDP
VC Label
End to End Service (PWE3)
T-LDP
Service Service SAP
All Rights Reserved © Alcatel-Lucent 2007.
Service Entity (Continue)
Service Internet Enhanced Service (IES) L2-VPN: EPIPE, VPLS (Multipoint), APIPE, FPIPE, CPIPE (Pt-to-Pt) L3-VPN: IPIPE (Pt-to-Pt), VPRN (Multipoint) Mirroring
SAP A local entity and is uniquely identified by
The physical Ethernet port or SONET/SDH port or TDM channel The encapsulation type (e.g., Null, Dot1q, QinQ, IPCP, BCP-null, BCP-dot1q, ATM, Frame Relay,
Cisco-HDCLC) The encapsulation identifier Applicable to access port only A single port can contain multiple SAPs
PPP
IP/MPLS
SAP
Customer
VC Label
DemuxSDP
Customer
VC Label
Demux
VC Label
PE-1 PE-2
SDP
VC Label
End to End Service (PWE3)
T-LDP
Service Service SAP
All Rights Reserved © Alcatel-Lucent 2006, #####7 | Presentation Title | Month 2006
FR UNI
IP/MPLS Network
7750 SR
FR UNI
7750 SRATM
ATM UNI
Frame/ATM UNI
Ethernet UNI
Alcatel-Lucent Suite of Point-to-Point Pseudowire Services
ATM UNIFR PWATM PW
Ethernet PW
Leverage PWE3 for frame relay-ATM-Ethernet Service and Network Interworking
ATM UNI
Ethernet UNI
IP PW
Ethernet UNI
FR UNI
IP PW
Note: The termination of routed or routed-bridged encapsulation of ATM traffic into an IES or IP-VPN is supported
LSP
Multi-Service Edge
All Rights Reserved © Alcatel-Lucent 2006, #####8 | Presentation Title | Month 2006
Multipoint L2-VPN: Virtual Private LAN Service (RFC4762)
Purpose To provide connectivity between geographically dispersed customer site across MANs
and WANs, as if they are connected using LAN Two Categories of Applications
Connectivity between customer routers: LAN routing application Connectivity between customer Ethernet switches: LAN switching application
Use MPLS (Ethernet Pseudowire) in the core network (i.e., PEs interconnection) Multiple VPLS instances can be created on the same PE
All Rights Reserved © Alcatel-Lucent 2006, #####9 | Presentation Title | Month 2006
VPLS – Attributes
Flooding for unknown unicast DA or broadcast/multicast frames Forwarding known DA to designated port Address Learning to build forwarding database (FDB) Perform standard learning, filtering, and forwarding actions as per IEEE802.1D-ORIG,
IEEE802.1D-REV, and IEE802.1Q MAC Address Withdrawal using LDP Message to trigger address re-learning Use H-VPLS (Hub and Spoke) to reduce number of mesh PWs
IP/MPLS NetworkVPLS
VPLS
VPLS
VPLS
PE1
PE2
PE3
PE4
CE1
CE2
CE3
CE4
All Rights Reserved © Alcatel-Lucent 2006, #####10 | Presentation Title | Month 2006
FR UNI
ATMATM UNI
FrameRelay
Ethernet UNIATM UNIEthernet UNI
Ethernet UNI
FR UNIFrameRelay
Ethernet
ATMEthernet
Ethernet
VPLSIP-VPNIP/MPLS
Backbone7750 SR 7750 SR
7750 SR
7750 SRVPLS
IP-VPN
VPLSIP-VPN
VPLSIP-VPN
Internet
QoS policy runtime instantiation provides the ability to dynamically change bandwidth and QoS parameters for value-added services
Transparent Layer 2 protocol tunneling (L2PT) to transparently transport Layer 2 PDUs between CPEs, including translation betweendifferent STP types
Enable service interworkingof VPWS using IP PW
Support for OSPF allows VPN customer runningOSPF to migrate to an IP-VPN backbone withoutchanging their IGP, introduce BGP as theCE-PE protocol and stop relying on static routesfor access to an IP-VPN service
Terminate RFC 2684 routed bridged encapsulation of ATM traffic onto IES and IP-VPN services
Multiple Spanning Tree Protocol (IEEE 802.1s) to interoperate with traditional L2 switches andoperate along with Managed VPLS to provide aneffective dual homing solution
Alcatel-Lucent Premium VPN Services
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
QoS
This is a placeholder image only. Please select an image
to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/
All Rights Reserved © Alcatel-Lucent 2007.12 | Alestra | March 1st, 2010
Basic QoS on 7x50/7710 SR Product Family
Use differentiated service (DiffServ) model 8 Forwarding Classes (NC, H1, EF, H2, L1, AF, L2, and BE) Profile State (in profile rate <= CIR; out of profile rate > CIR) Separate queues for unicast and multicast traffic Allow one queue per forwarding class or one queue for multiple forwarding classes
Pre-classification (Dot1p, IP Prec, DSCP, IP criteria, MAC criteria)
SAP EgressSAP Ingress
FC + PS FC + PS
Network Egress
Network Ingress
Allow Remarking for DSCP or IP Prec(applicable for L3 service only)
EXP – MPLSDSCP – IPDot1p – Ethernet Dot1p – Ethernet
By default, remarking for EXP, DSCP, Dot1p iff:i) L2 traffic or a non-trusted IP interfaceii) The first network egressiii)Not remarked explicitly by SAP ingress
No explicit Dot1p to FC in default mapping
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
OAM
This is a placeholder image only. Please select an image
to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/
All Rights Reserved © Alcatel-Lucent 2007.
OAM
IP - ICMP Ping/Trace MPLS - LSP Ping/Trace PW - VCCV Ping/Trace SDP - SDP Ping SVC - SVC Ping VPLS - MAC Ping/Purge/Populate/ Ethernet – 802.1ag/Y1731
14 | TiMOS-5.0 workshop | May 2007
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
Next Gen Hotspot 2.0 – Why Wi-Fi?
This is a placeholder image only. Please select an image
to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/
16
Wi-Fi Opportunity and Strategy to SuccessWiFi Opportunity By 2015 there will be 8B mobile devices; global mobile traffic will grow 26x to 6.6m TB/month
where video will be 66% of all mobile traffic;1.2 million hotspot venues from 421K in 2010 worldwide (In-Stat Research Report)
Mobile operators need more cost effective radio technologies to handle increasing data traffic Wi-Fi is global – same frequency band worldwide (2.4GHz and 5GHz) Wi-Fi is built into smart phones and devices Wi-Fi provides ~5x bandwidth (MHz) of Cellular (5GHz vs ~1GHz) Carrier grade Wi-Fi offers platform for delivering a host of new location-based services
Strategy To Success Should complement operator’s spectrum Should be easy/transparent for the user Should be viable resource to meet users’ expectations Should be easily and cost-effectively integrate into existing 3G/4G architectures
17COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
Hotspot 2.0 Technology EnablersAuthentication and Roaming
Hotspot Today
Next Gen Hotspot 2.0
Network Discovery and Selection
SSID 802.11u
L2 Authentication None 802.1xL2 Air Encryption None 802.11iL3 Authentication WebAuth,
WISPrEAP SIM, AKA, TLS, TTLS
Hotspot Network Untrusted TrustedIntellectual Property Right No YesInteroperability No YesVISION: Mobile Network: Turn on phone and secured Cellular connectivityWiFi Network: Turn on phone and get secured WiFi connectivity
Automatic, Secured, EAP Based
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
ALU Light Radio WiFi Solutions
This is a placeholder image only. Please select an image
to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/
19COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
Unified authentication, authorization and accounting
Anchoring subscriber through PGW/GGSN is independent of WLAN-GW location using standard interfaces
Option to Breakout to Internet where cost-effective
LIGHTRADIO WI-FI: 7750 WLAN G/WSolution Strengths
• Flexible choice of transport: L2/IP/MPLS or IPSec• Rapid inter-AP mobility (due to L2 transparency)• No per-AP provisioning: SoftGRE tunnels auto-
created• Tunnel Scalability: tunnel state only if active subs• Subscriber Scale: IP address sharing with L2-aware
NAT• Conservation of resources for migrant users
• Full flexibility for local breakout or GTP mobility• Mobility between WiFi and Macro with address
preservation• WLAN GW N:1 redundancy with IP address
preservation• WLAN GW mobility with IP address preservation• No IPSec required on UE• No mobility functions required on AP (Simpler APs)
PGW/GGSN
7750 SRWLAN GW
HGW/APGRE per HGW/AP
AAA
DIAMETER
S2a/S2b/Gn GTP
HLRHSSAuC
SS7 MAP or Diameter
Internet& Media
HGW/APGRE per HGW/AP
RADIUSProxy
L2 transparency
Auto-provisioned tunnels for operational simplicity
20
WLAN GW: Deployment Models
• Soft GRE benefits of scale and auto-provisioning on the WLAN GW• Achievable with GRE-capable APs or• For non GRE-capable APs, L2 aggregator device such as 7x50, 7705 SAR families can
be used to provide GRE transport over IP toward WLAN GW
Edge 7x50 or 7705 SAR can encapsulate VLAN-
only APs into GRE tunnels for a common model to
GRE-capable APs
VLANsGRE Tunnel
7x50 7750
WLANGW
7x50 7750
WLANGW
7x50 7750
WLANGW
Regular ESM with 1 VLAN per Sub or 1 VLAN per
service
21COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
Offload SSID
Bridge
Offload SSID
TUNNELIP
L2 Solution
• Flexible for L2 Wholesale• L3 Wholesale with support for overlapping IP@• GTP IP@ Mobility with overlapping IP@• Faster Inter-AP mobility triggering • Simpler, less CPU-intensive CPE• Network portal• IP@ Sharing• Subscriber visibility in the network with NAT• MAC@ visibility in the network
authentication
• No L2 Wholesale• No L3 Wholesale with overlapping IP@• No GTP IP@ Mobility with overlapping IP@• L3 mobility which is slower• Complex CPE• Portal on CPE• No IP@ Sharing• No Subscriber visibility in the network with NAT• No MAC@ visibility in the network
L3 Solution
LIGHTRADIO WI-FI ARCHITECTUREACCESS POINT OPTIONS
ALU Recommendation
22COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
Architecture Options
HGW/AP - Public SSID – NAT’ed(IP + NAT on AP)L3 Solution
HGW/AP – Public SSID Bridged – Non tunneledL2 Solution
HGW/AP – Public SSID Bridged – Tunneled (L2oGRE OR L2VPNoGRE)L2 Solution
HGW/AP – PMIPv6 MAG (public SSID traffic L3 tunneled to LMA.L3 Solution
HGW/AP complexity
Subscriber Visibility in network
Traffic separation
L2 Wholesale
L3 Wholesale
IPv4@ sharing
Fast L2 WIFI inter-AP mobilityTime & volume accounting
23COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
3GPP - WLAN TO 3G/4G INTERWORKING • Current 3GPP/2 standard for access to EPC over non trusted access
• WLAN GW solution over trusted or un-trusted access
WLAN AP
WLAN PGW
(possibly unsecure) WLAN AP & Backhaul a priori owned by any
provider
ePDG/PDIF
AAASWx
S2b: GTP
HSS
PGW
(secure) WLAN AP & BackhaulAAA
SWx
S2a: GTP
HSS
PDG/WLAN GW
Radius
WLAN AP Protected tunnel
IPSec: 3GPP/2 VPN
802.11i
ALU solution (fat-pipe model) that overcomes standard issues
Single tunnel / AP
IPSecISSUES:• IPSec/IKEv2 required on UE• Battery drain effect on UE
and intensive CPU processing.
• IPSec overhead & associated packet fragmentation on WLAN air interface
• Poor user experience with Latency associated with tunnel establishment for short-sessions (e.g. MMS access)
• Multiple tunnels one for each service
24COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
GRE
Per user policingPer Tunnel (or per tunnel per wholesale
partner) aggregate rate
WLAN GW
DSCP to FC mapping
FC to queue mapping
GREGTP
FC to DSCP mapping in outer header OR
Copying DSCP in inner IP to outer IP
CM/RG/AP
Access
DSCP to FC mapping
Bandwidth control• Per AP• Per AP, per wholesale partner• Per IP@ Mobility public WIFI user
• QOS mapping - 3G/4G <-> WIFI
• SLA-profiles created on WLAN-GW• SLA-profile is a template with parameters (e.g. rates i.e. PIR/CIR)• Association of subscriber to an SLA-profile is dynamic via RADIUS VSAs
SLA and QoS Management
COPYRIGHT © 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — INTERNAL PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION
25
2. WLAN GW; BNG functionalityenhance sub-mgt (ESM)
GigE
10GE
Per Sub
PerSub
Legacy BRASsubscriber tunnel
VoiceIPTVHSI
Typical BNGmulti-service
PerSub
IPTVVoice
Online Services
Managed Gaming
Managed VideoManaged VoIP
HSI
Per subscriber personalization
• Per-subscriber• Per-service• Per-application
• Per-subscriber• Per-service
• Single-service (HSI)
7750 SR as BNGmulti-application
Hierarchical QoS
HSI
Hierarchical QoS with Application Assurance
Best effort
Per device
• Per access point• Per-device• Per-service• Per-application
PerAccessPoint
Per Sub
IPTVVoice
Online Services
PerDevice
IPTVVoice
Online Services
PerDevice
RG/AP
TVPC
Tab
7750 SR as WLAN GWmulti-device
26COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
Inter-AP Mobility7750 SR
WLAN GW
HGW/AP
HGW/AP MS-ISA
MS-ISA
MS-ISA
GRE per HGW/AP
GRE per HGW/AP
UE Anchored on MS-ISA
PBBBridge
• When UE moves between AP, WLAN GW re-learns UE MAC on new GRE tunnel:• Learning from re-authentication• Learning from normal data packets• Learning based on a “mobility trigger” packet from AP
• Subscriber is not deleted/recreated on WLAN GW• Full re-authentication after re-association with new AP can be avoided if PMK-caching
enabled on AP & UE, or if Wi-Fi AP implements 802.11r
27COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
• IP@ preserved when subscriber moves or switches to new WLAN-GW. L2-aware NAT on old and new WLAN-GW.
• “Data-triggered” authentication and subscriber creation on new WLAN-GW. First data packet on new WLAN-GW to trigger RADIUS authentication based on
<IP@,MAC@>. Subscriber created after authentication.
INTER WLAN-GW REDUNDANCY & MOBILITY
AAA
3. Access-Request <IP, MAC>
1. Health-check for WLAN-GW (based on IP Pings)
4. Data-triggered Subscriber creation
WLAN-GW1
WLAN-GW2
2. Access-Request <IP, MAC>
3. Data-triggered Subscriber creation
WLAN-GW1
WLAN-GW2
1. UE Moves
Inter-WLAN-GW Redundancy Inter-WLAN-GW Mobility
AAA
2. Data switched to wards backup
WLAN-GW
28COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
SOFT-GRE ESM USER – OPEN SSID Call Flow
UE WAP WLAN-GW AAA Captive Portal Internet802.11 PHY Attachment
DHCP Discover GRE( DHCP Discover )
GRE( DHCP Offer)DHCP Offer
DHCP Request GRE( DHCP Request)
GRE( DHCP Ack)DHCP AckARP Request GRE( ARP Request )
GRE( ARP Reply )ARP Reply
HTTP GET( URL ) GRE( HTTP GET( URL ) )
RADIUS Access-Request
RADIUS Access-Accept
If no previous session for this UE-MAC is found, it will create a new user entry; a redirect policy will be returned in the RADIUS Access-Accept
If already an authenticated session for this UE-MAC is found, no redirect policy will be returned in the RADIUS Access-Accept
HTTP Redirect/302( Portal ) GRE( HTTP Redirect/302( Portal ) )
HTTP Web-Based Authentication to the Captive Portal
A new regular ESM subscriber context is created with HTTP redirect filter
RADIUS CoA • Change of Authorization
Internet Access OK!
Authentication Request
Authentication Success
RADIUS Accounting-Start
SR O
S 10
POR
TAL-
BASE
D AU
THEN
TIC
ATIO
N
29COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
SOFT GRE ESM USER – SECURED SSID – Call FlowLocal Breakout
UE WAP WLAN-GW AAA
802.1X EAPoL-Start
The WLAN-GW’s RADIUS proxy server will send the RADIUS message to one (or more) AAA server(s).
802.1X EAP-Request(Id)RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port,
Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID)
RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port,
Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID)RADIUS Access-Challenge(EAP-Challenge)
RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port,
Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID)
RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port,
Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID)
... ... ...
RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof,
MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout)
RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof,
MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout)802.1X EAPoL-Key(ANonce)
RADIUS Accounting-Start(User-Name, NAS-IP, NAS-Port,
Calling-Station-ID=UE-MAC, Called-Station-Id = AP-MAC:SSID)RADIUS Accounting-Response()
DHCP Discover(chaddr=UE-MAC)
802.1X EAP-Response(Id)
802.1X EAP-Request(Challenge) RADIUS Access-Challenge(EAP-Challenge)
802.1X EAP-Response(Id)
...
802.1X EAP-Success()
802.1X EAPoL-Key(SNonce, MIC)802.1X EAPoL-Key(Encrypted GTK, MIC)
802.1X EAPoL-Key(MIC)
GRE( DHCP Discover(chaddr=UE-MAC) )
GRE( DHCP Offer(chaddr=UE-MAC, your-ip=UE-IP,
Subnet-Mask, Router=WLAN-GW-IP, Lease-Time)
DHCP Offer(chaddr=UE-MAC, yip=UE-IP,
Subnet-Mask, Router, Lease-Time)GRE( DHCP Request(chaddr=UE-MAC,
Requested-IP-Address=UE-IP)
DHCP Request(chaddr=UE-MAC,
Requested-IP-Address=UE-IP)GRE( DHCP Ack(chaddr=UE-MAC, your-ip=UE-IP,
Subnet-Mask, Router=WLAN-GW-IP, Lease-Time)
DHCP Ack(chaddr=UE-MAC, yip=UE-IP,
Subnet-Mask, Router, Lease-Time)
RADIUS Accounting-Start(User-Name, NAS-ID, NAS-Port,
Calling-Station-ID=UE-MAC, Called-Station-Id = AP-MAC:SSID)
RADIUS Accounting-Response()
Start authentication
IEEE 802.11i Four-Way Handshake
AUTH
ENTI
CATI
ON4-
WAY
DH
CPAC
C T
LUDB in the cache of the RADIUS proxy server
30COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
WLAN-GW 3G INTERWORKING – GN Interface Wi-Fi Offload ► Call Flow
UE WAP WLAN-GW RADIUS ServerP-GW
802.1X EAP-Success()
GRE( DHCP Request(IP) )DHCP Request(Requested-IP)
GRE( DHCP NAK() )DHCP NAK()
The WLAN-GW detects that RADIUS attributes have been received in the Access-Accept to setup a GTP tunnel. It will initiate GTP-C tunnel setup with:
• Handover Indication set to TRUE (since it is DHCP Request)• PDN Address Allocation set to the IP address, requested in the DHCP Request
Wi-F
i OF
FLOA
D C
ONNE
CT S
CENA
RIO
RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof, Alc-Wlan-APN-Name,
3GPP-GGSN-Address, MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout)
GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=TRUE, PAA=DHCP-Requested-IP)
GTP Create-Session-Response(Cause= “Context Not Found”)
GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=FALSE, PAA=0.0.0.0)
GTP Create-Session-Response(Cause= “Request Accepted”, PAA=New-IP)
GRE( DHCP Discover() )DHCP Discover()
GRE( DHCP Offer(New-IP) )DHCP Offer(New-IP)
The GGSN doesn’t find a previous context and refuses the bearer setup.
The WLAN-GW sees that the bearer setup was not successful and tries again with:
• Handover Indication set to FALSE• PDN Address Allocation set to 0.0.0.0
Since the P-GW assigned a different IP address then what was requested by the UE, the WLAN-GW will cache this IP address for 30s and force the UE restart DHCP from scratch by sending a DHCP NAK.
GRE( DHCP Request(New-IP) )DHCP Request(New-IP)
GRE( DHCP Ack(New-IP) )DHCP Ack(New-IP)
31COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
WLAN-GW 4G/LTE INTERWORKING – S2B Interface Wi-Fi Offload ► Call Flow
UE WAP WLAN-GW RADIUS ServerP-GW Diameter Server
802.1X EAP-Success()
GRE( DHCP Request(IP) )DHCP Request(Requested-IP)
GRE( DHCP NAK() )DHCP NAK()
The WLAN-GW detects that RADIUS attributes have been received in the Access-Accept to setup a GTP tunnel. It will initiate GTP-C tunnel setup with:
• Handover Indication set to TRUE (since it is DHCP Request)• PDN Address Allocation set to the IP address, requested in the DHCP Request
Wi-F
i OF
FLOA
D C
ONNE
CT S
CENA
RIO
RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof, Alc-Wlan-APN-Name,
3GPP-GGSN-Address, MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout)
GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=TRUE, PAA=DHCP-Requested-IP)
GTP Create-Session-Response(Cause= “Context Not Found”)
GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=FALSE, PAA=0.0.0.0) DIAMETER AA-Request(Application=S6b, User-
Name, RAT-Type=WLAN) DIAMETER AA-Answer(Application=S6b, Result-
Code = DIAMETER-SUCCESS) GTP Create-Session-Response(Cause= “Request Accepted”, PAA=New-IP)
GRE( DHCP Discover() )DHCP Discover()
GRE( DHCP Offer(New-IP) )DHCP Offer(New-IP)
The PGW doesn’t find a previous context and refuses the bearer setup.
The WLAN-GW sees that the bearer setup was not successful and tries again with:
• Handover Indication set to FALSE• PDN Address Allocation set to 0.0.0.0
Since the P-GW assigned a different IP address then what was requested by the UE, the WLAN-GW will cache this IP address for 30s and force the UE restart DHCP from scratch by sending a DHCP NAK.
GRE( DHCP Request(New-IP) )DHCP Request(New-IP)
GRE( DHCP Ack(New-IP) )DHCP Ack(New-IP)
Rel 11.0.R2
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY
INSTRUCTION
Research Recommendation
This is a placeholder image only. Please select an image
to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/
33
Research Recommendation
• WiFi Access Point Wireless Mesh Network Radio
• Location Based Services• HTTP Redirect/Inline advertisements