Presentation is loading. Please wait.

Presentation is loading. Please wait.

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY.

Similar presentations


Presentation on theme: "COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY."— Presentation transcript:

1 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION Building L2 & L3 service with ALU Service Router Gatot Susilo October 7, 2013 This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/

2 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION Service Router This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/

3 All Rights Reserved © Alcatel-Lucent 2006, ##### 3 | Presentation Title | Month 2006 Pt-to-Pt L2-VPN: Virtual Lease Line (PWE-3 RFC3985) Pseudo Wire Emulation Edge-to-Edge Point-to-point service emulation (i.e., ATM, Frame Relay, Ethernet, TDM) over IP/MPLS (i.e., Packet Switched Networks) Require bidirectional tunnel between two PEs Inner connection is identified by MPLS label Uses T-LDP for inner label exchange PE1 PE2 IP/MPLS Network PWE-3 AC1 AC2 CE1 CE2 T-LDP Bidirectional Tunnel IP (GRE) or MPLS

4 All Rights Reserved © Alcatel-Lucent Service Entities (Point to Point) Customer  is also referred as subscriber  Identified by customer ID PE1 PE2 IP/MPLS Network PWE-3 AC1 AC2 CE1 CE2 T-LDP Bidirectional Tunnel IP (GRE) or MPLS Pseudowire Emulation Edge to Edge - RFC3985

5 All Rights Reserved © Alcatel-Lucent Service Entity (Continue) SDP  A logical way to direct uni-directional service tunnel  Support GRE (IP tunneling) or MPLS as service tunnel  Provide a better control for (LSP) tunnel selection  Multiple services can share the same SDP  Support forwarding class based (LSP) tunnel selection

6 All Rights Reserved © Alcatel-Lucent Service Entity (Continue) Service  Internet Enhanced Service (IES)  L2-VPN: EPIPE, VPLS (Multipoint), APIPE, FPIPE, CPIPE (Pt-to-Pt)  L3-VPN: IPIPE (Pt-to-Pt), VPRN (Multipoint)  Mirroring SAP  A local entity and is uniquely identified by  The physical Ethernet port or SONET/SDH port or TDM channel  The encapsulation type (e.g., Null, Dot1q, QinQ, IPCP, BCP-null, BCP-dot1q, ATM, Frame Relay, Cisco-HDCLC)  The encapsulation identifier  Applicable to access port only  A single port can contain multiple SAPs PPP

7 All Rights Reserved © Alcatel-Lucent 2006, ##### 7 | Presentation Title | Month 2006 FR UNI IP/MPLS Network 7750 SR FR UNI 7750 SR ATM ATM UNI Frame/ ATM UNI Ethernet UNI Alcatel-Lucent Suite of Point-to-Point Pseudowire Services ATM UNIFR PW ATM PW Ethernet PW Leverage PWE3 for frame relay-ATM-Ethernet Service and Network Interworking ATM UNI Ethernet UNI IP PW Ethernet UNI FR UNI IP PW Note: The termination of routed or routed-bridged encapsulation of ATM traffic into an IES or IP-VPN is supported LSP Multi-Service Edge

8 All Rights Reserved © Alcatel-Lucent 2006, ##### 8 | Presentation Title | Month 2006 Multipoint L2-VPN: Virtual Private LAN Service (RFC4762) Purpose  To provide connectivity between geographically dispersed customer site across MANs and WANs, as if they are connected using LAN Two Categories of Applications  Connectivity between customer routers: LAN routing application  Connectivity between customer Ethernet switches: LAN switching application Use MPLS (Ethernet Pseudowire) in the core network (i.e., PEs interconnection) Multiple VPLS instances can be created on the same PE

9 All Rights Reserved © Alcatel-Lucent 2006, ##### 9 | Presentation Title | Month 2006 VPLS – Attributes Flooding for unknown unicast DA or broadcast/multicast frames Forwarding known DA to designated port Address Learning to build forwarding database (FDB) Perform standard learning, filtering, and forwarding actions as per IEEE802.1D-ORIG, IEEE802.1D-REV, and IEE802.1Q MAC Address Withdrawal using LDP Message to trigger address re-learning Use H-VPLS (Hub and Spoke) to reduce number of mesh PWs IP/MPLS Network VPLS PE1 PE2 PE3 PE4 CE1 CE2 CE3 CE4

10 All Rights Reserved © Alcatel-Lucent 2006, ##### 10 | Presentation Title | Month 2006 FR UNI ATM ATM UNI Frame Relay Ethernet UNI ATM UNI Ethernet UNI FR UNI Frame Relay Ethernet ATM Ethernet VPLS IP-VPN IP/MPLS Backbone 7750 SR VPLS IP-VPN VPLS IP-VPN VPLS IP-VPN Internet QoS policy runtime instantiation provides the ability to dynamically change bandwidth and QoS parameters for value-added services Transparent Layer 2 protocol tunneling (L2PT) to transparently transport Layer 2 PDUs between CPEs, including translation between different STP types Enable service interworking of VPWS using IP PW Support for OSPF allows VPN customer running OSPF to migrate to an IP-VPN backbone without changing their IGP, introduce BGP as the CE-PE protocol and stop relying on static routes for access to an IP-VPN service Terminate RFC 2684 routed bridged encapsulation of ATM traffic onto IES and IP-VPN services Multiple Spanning Tree Protocol (IEEE 802.1s) to interoperate with traditional L2 switches and operate along with Managed VPLS to provide an effective dual homing solution Alcatel-Lucent Premium VPN Services

11 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION QoS This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/

12 All Rights Reserved © Alcatel-Lucent | Alestra | March 1 st, 2010 Basic QoS on 7x50/7710 SR Product Family Use differentiated service (DiffServ) model 8 Forwarding Classes (NC, H1, EF, H2, L1, AF, L2, and BE) Profile State (in profile  rate CIR) Separate queues for unicast and multicast traffic Allow one queue per forwarding class or one queue for multiple forwarding classes Pre-classification (Dot1p, IP Prec, DSCP, IP criteria, MAC criteria) SAP Egress SAP Ingress FC + PS Network Egress Network Ingress Allow Remarking for DSCP or IP Prec (applicable for L3 service only) EXP – MPLS DSCP – IP Dot1p – Ethernet By default, remarking for EXP, DSCP, Dot1p iff: i)L2 traffic or a non-trusted IP interface ii)The first network egress iii)Not remarked explicitly by SAP ingress No explicit Dot1p to FC in default mapping

13 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION OAM This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/

14 All Rights Reserved © Alcatel-Lucent OAM IP - ICMP Ping/Trace MPLS - LSP Ping/Trace PW - VCCV Ping/Trace SDP - SDP Ping SVC - SVC Ping VPLS - MAC Ping/Purge/Populate/ Ethernet – 802.1ag/Y | TiMOS-5.0 workshop | May 2007

15 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION Next Gen Hotspot 2.0 – Why Wi-Fi? This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/

16 16 Wi-Fi Opportunity and Strategy to Success WiFi Opportunity ­ By 2015 there will be 8B mobile devices; global mobile traffic will grow 26x to 6.6m TB/month where video will be 66% of all mobile traffic;1.2 million hotspot venues from 421K in 2010 worldwide (In-Stat Research Report) ­ Mobile operators need more cost effective radio technologies to handle increasing data traffic ­ Wi-Fi is global – same frequency band worldwide (2.4GHz and 5GHz) ­ Wi-Fi is built into smart phones and devices ­ Wi-Fi provides ~5x bandwidth (MHz) of Cellular (5GHz vs ~1GHz) ­ Carrier grade Wi-Fi offers platform for delivering a host of new location-based services Strategy To Success ­ Should complement operator’s spectrum ­ Should be easy/transparent for the user ­ Should be viable resource to meet users’ expectations ­ Should be easily and cost-effectively integrate into existing 3G/4G architectures

17 17 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION Hotspot 2.0 Technology Enablers Authentication and RoamingHotspot TodayNext Gen Hotspot 2.0 Network Discovery and SelectionSSID802.11u L2 AuthenticationNone802.1x L2 Air EncryptionNone802.11i L3 AuthenticationWebAuth, WISPrEAP SIM, AKA, TLS, TTLS Hotspot NetworkUntrustedTrusted Intellectual Property RightNoYes InteroperabilityNoYes VISION: Mobile Network: Turn on phone and secured Cellular connectivity WiFi Network: Turn on phone and get secured WiFi connectivity VISION: Mobile Network: Turn on phone and secured Cellular connectivity WiFi Network: Turn on phone and get secured WiFi connectivity Automatic, Secured, EAP Based

18 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION ALU Light Radio WiFi Solutions This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/

19 19 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION Unified authentication, authorization and accounting Anchoring subscriber through PGW/GGSN is independent of WLAN-GW location using standard interfaces Option to Breakout to Internet where cost- effective LIGHTRADIO WI-FI: 7750 WLAN G/W Solution Strengths Flexible choice of transport: L2/IP/MPLS or IPSec Rapid inter-AP mobility (due to L2 transparency) No per-AP provisioning: SoftGRE tunnels auto-created Tunnel Scalability: tunnel state only if active subs Subscriber Scale: IP address sharing with L2-aware NAT Conservation of resources for migrant users Full flexibility for local breakout or GTP mobility Mobility between WiFi and Macro with address preservation WLAN GW N:1 redundancy with IP address preservation WLAN GW mobility with IP address preservation No IPSec required on UE No mobility functions required on AP (Simpler APs) PGW/GGSN 7750 SR WLAN GW HGW/AP GRE per HGW/AP AAA DIAMETER S2a/S2b/Gn GTP HLR HSS AuC SS7 MAP or Diameter Internet & Media HGW/AP GRE per HGW/AP RADIUS Proxy L2 transparency Auto-provisioned tunnels for operational simplicity

20 20 WLAN GW: Deployment Models Soft GRE benefits of scale and auto-provisioning on the WLAN GW Achievable with GRE-capable APs or For non GRE-capable APs, L2 aggregator device such as 7x50, 7705 SAR families can be used to provide GRE transport over IP toward WLAN GW Edge 7x50 or 7705 SAR can encapsulate VLAN-only APs into GRE tunnels for a common model to GRE- capable APs VLANs GRE Tunnel 7x WLAN GW 7x WLAN GW 7x WLAN GW Regular ESM with 1 VLAN per Sub or 1 VLAN per service

21 21 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION Offload SSID Bridge Offload SSID TUNNEL IP L2 Solution Flexible for L2 Wholesale L3 Wholesale with support for overlapping GTP Mobility with overlapping Faster Inter-AP mobility triggering Simpler, less CPU-intensive CPE Network portal Sharing Subscriber visibility in the network with NAT visibility in the network  authentication No L2 Wholesale No L3 Wholesale with overlapping No GTP Mobility with overlapping L3 mobility which is slower Complex CPE Portal on CPE No Sharing No Subscriber visibility in the network with NAT No visibility in the network L3 Solution LIGHTRADIO WI-FI ARCHITECTURE ACCESS POINT OPTIONS ALU Recommendation

22 22 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION Architecture Options HGW/AP - Public SSID – NAT’ed (IP + NAT on AP) L3 Solution HGW/AP – Public SSID Bridged – Non tunneled L2 Solution HGW/AP – Public SSID Bridged – Tunneled (L2oGRE OR L2VPNoGRE) L2 Solution HGW/AP – PMIPv6 MAG (public SSID traffic L3 tunneled to LMA. L3 Solution HGW/AP complexity Subscriber Visibility in network Traffic separation L2 Wholesale L3 Wholesale sharing Fast L2 WIFI inter- AP mobility Time & volume accounting

23 23 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION 3GPP - WLAN TO 3G/4G INTERWORKING Current 3GPP/2 standard for access to EPC over non trusted access WLAN GW solution over trusted or un-trusted access WLAN AP WLA N PGW (possibly unsecure) WLAN AP & Backhaul a priori owned by any provider ePDG/PDIFAAA SWx S2b: GTP HSSPGW (secure) WLAN AP & Backhaul AAA SWx S2a: GTP HSS PDG/WLAN GW Radius WLAN AP Protected tunnel IPSec: 3GPP/2 VPN i ALU solution (fat-pipe model) that overcomes standard issues Single tunnel / AP IPSec ISSUES: IPSec/IKEv2 required on UE Battery drain effect on UE and intensive CPU processing. IPSec overhead & associated packet fragmentation on WLAN air interface Poor user experience with Latency associated with tunnel establishment for short- sessions (e.g. MMS access) Multiple tunnels one for each service

24 24 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION GRE Per user policing Per Tunnel (or per tunnel per wholesale partner) aggregate rate WLAN GW DSCP to FC mapping FC to queue mapping GRE GTP FC to DSCP mapping in outer header OR Copying DSCP in inner IP to outer IP CM/RG/AP Access DSCP to FC mapping Bandwidth control Per AP Per AP, per wholesale partner Per Mobility public WIFI user QOS mapping - 3G/4G WIFI SLA-profiles created on WLAN-GW SLA-profile is a template with parameters (e.g. rates i.e. PIR/CIR) Association of subscriber to an SLA-profile is dynamic via RADIUS VSAs SLA and QoS Management

25 COPYRIGHT © 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — INTERNAL PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION WLAN GW; BNG functionality enhance sub-mgt (ESM) GigE 10GE Per Sub Per Sub Legacy BRAS subscriber tunnel Voice IPTV HSI Typical BNG multi-service Per Sub IPTV Voice Online Services Managed Gaming Managed Video Managed VoIP HSI Per subscriber personalization Per-subscriber Per-service Per-application Per-subscriber Per-service Single-service (HSI) 7750 SR as BNG multi-application Hierarchical QoS HSI Hierarchical QoS with Application Assurance Best effort Per device Per access point Per-device Per-service Per-application Per Access Point Per Sub IPTV Voice Online Services Per Device IPTV Voice Online Services Per Device RG/AP TV PC Tab 7750 SR as WLAN GW multi-device

26 26 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION Inter-AP Mobility 7750 SR WLAN GW HGW/AP MS- ISA GRE per HGW/AP UE Anchored on MS-ISA PBB Bridge When UE moves between AP, WLAN GW re-learns UE MAC on new GRE tunnel: Learning from re-authentication Learning from normal data packets Learning based on a “mobility trigger” packet from AP Subscriber is not deleted/recreated on WLAN GW Full re-authentication after re-association with new AP can be avoided if PMK-caching enabled on AP & UE, or if Wi-Fi AP implements r

27 27 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION preserved when subscriber moves or switches to new WLAN-GW. ­ L2-aware NAT on old and new WLAN-GW. “Data-triggered” authentication and subscriber creation on new WLAN-GW. ­ First data packet on new WLAN-GW to trigger RADIUS authentication based on. Subscriber created after authentication. INTER WLAN-GW REDUNDANCY & MOBILITY AAA 3. Access-Request 1. Health-check for WLAN-GW (based on IP Pings) 4. Data-triggered Subscriber creation WLAN-GW1 WLAN-GW2 2. Access-Request 3. Data-triggered Subscriber creation WLAN-GW1 WLAN-GW2 1. UE Moves Inter-WLAN-GW Redundancy Inter-WLAN-GW Mobility AAA 2. Data switched to wards backup WLAN-GW

28 28 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION SOFT-GRE ESM USER – OPEN SSID Call Flow UEWAP WLAN-GWAAACaptive PortalInternet PHY Attachment DHCP Discover GRE( DHCP Discover ) GRE( DHCP Offer)DHCP Offer DHCP Request GRE( DHCP Request) GRE( DHCP Ack)DHCP Ack ARP Request GRE( ARP Request ) GRE( ARP Reply ) ARP Reply HTTP GET( URL ) GRE( HTTP GET( URL ) ) RADIUS Access-Request RADIUS Access-Accept  If no previous session for this UE-MAC is found, it will create a new user entry; a redirect policy will be returned in the RADIUS Access- Accept  If already an authenticated session for this UE-MAC is found, no redirect policy will be returned in the RADIUS Access-Accept HTTP Redirect/302( Portal ) GRE( HTTP Redirect/302( Portal ) ) HTTP Web-Based Authentication to the Captive Portal  A new regular ESM subscriber context is created with HTTP redirect filter RADIUS CoA Change of Authorization Internet Access OK! Authentication Request Authentication Success RADIUS Accounting-Start SR OS 10 PORTAL-BASED AUTHENTIC ATION

29 29 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION SOFT GRE ESM USER – SECURED SSID – Call Flow Local Breakout UEWAP WLAN-GWAAA 802.1X EAPoL-Start The WLAN-GW’s RADIUS proxy server will send the RADIUS message to one (or more) AAA server(s) X EAP-Request(Id) RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port, Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID) RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port, Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID) RADIUS Access-Challenge(EAP-Challenge) RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port, Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID) RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port, Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID)... RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof, MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout) RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof, MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout) 802.1X EAPoL-Key(ANonce) RADIUS Accounting-Start(User-Name, NAS-IP, NAS-Port, Calling-Station-ID=UE-MAC, Called-Station-Id = AP-MAC:SSID) RADIUS Accounting-Response() DHCP Discover(chaddr=UE-MAC) 802.1X EAP-Response(Id) 802.1X EAP-Request(Challenge) RADIUS Access-Challenge(EAP-Challenge) 802.1X EAP-Response(Id) X EAP-Success() 802.1X EAPoL-Key(SNonce, MIC) 802.1X EAPoL-Key(Encrypted GTK, MIC) 802.1X EAPoL-Key(MIC) GRE( DHCP Discover(chaddr=UE-MAC) ) GRE( DHCP Offer(chaddr=UE-MAC, your-ip=UE-IP, Subnet-Mask, Router=WLAN-GW-IP, Lease-Time ) DHCP Offer(chaddr=UE-MAC, yip=UE-IP, Subnet-Mask, Router, Lease-Time) GRE( DHCP Request(chaddr=UE-MAC, Requested-IP-Address=UE-IP ) DHCP Request(chaddr=UE-MAC, Requested-IP-Address=UE-IP) GRE( DHCP Ack(chaddr=UE-MAC, your-ip=UE-IP, Subnet-Mask, Router=WLAN-GW-IP, Lease-Time ) DHCP Ack(chaddr=UE-MAC, yip=UE-IP, Subnet-Mask, Router, Lease-Time) RADIUS Accounting-Start(User-Name, NAS-ID, NAS-Port, Calling-Station-ID=UE-MAC, Called-Station-Id = AP-MAC:SSID) RADIUS Accounting-Response() Start authentication IEEE i Four-Way Handshake AUTHENTICATION 4-WAY DHCP ACCT LUDB in the cache of the RADIUS proxy server

30 30 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION WLAN-GW 3G INTERWORKING – GN Interface Wi-Fi Offload ► Call Flow UEWAP WLAN-GWRADIUS Server P-GW 802.1X EAP-Success() GRE( DHCP Request(IP) ) DHCP Request(Requested-IP) GRE( DHCP NAK() ) DHCP NAK() The WLAN-GW detects that RADIUS attributes have been received in the Access-Accept to setup a GTP tunnel. It will initiate GTP-C tunnel setup with: Handover Indication set to TRUE (since it is DHCP Request) PDN Address Allocation set to the IP address, requested in the DHCP Request Wi-Fi OFFLOAD CONNECT SCENARIO RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof, Alc-Wlan-APN-Name, 3GPP-GGSN-Address, MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout) GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=TRUE, PAA=DHCP-Requested-IP) GTP Create-Session-Response(Cause= “Context Not Found”) GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=FALSE, PAA= ) GTP Create-Session-Response(Cause= “Request Accepted”, PAA=New-IP) GRE( DHCP Discover() ) DHCP Discover() GRE( DHCP Offer(New-IP) ) DHCP Offer(New-IP) The GGSN doesn’t find a previous context and refuses the bearer setup. The WLAN-GW sees that the bearer setup was not successful and tries again with: Handover Indication set to FALSE PDN Address Allocation set to Since the P-GW assigned a different IP address then what was requested by the UE, the WLAN-GW will cache this IP address for 30s and force the UE restart DHCP from scratch by sending a DHCP NAK. GRE( DHCP Request(New-IP) ) DHCP Request(New-IP) GRE( DHCP Ack(New-IP) ) DHCP Ack(New-IP)

31 31 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION WLAN-GW 4G/LTE INTERWORKING – S2B Interface Wi-Fi Offload ► Call Flow UEWAP WLAN-GWRADIUS Server P-GW Diameter Server 802.1X EAP-Success() GRE( DHCP Request(IP) ) DHCP Request(Requested-IP) GRE( DHCP NAK() ) DHCP NAK() The WLAN-GW detects that RADIUS attributes have been received in the Access-Accept to setup a GTP tunnel. It will initiate GTP-C tunnel setup with: Handover Indication set to TRUE (since it is DHCP Request) PDN Address Allocation set to the IP address, requested in the DHCP Request Wi-Fi OFFLOAD CONNECT SCENARIO RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof, Alc-Wlan-APN-Name, 3GPP-GGSN-Address, MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout) GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=TRUE, PAA=DHCP-Requested-IP) GTP Create-Session-Response(Cause= “Context Not Found”) GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=FALSE, PAA= ) DIAMETER AA-Request(Application=S6b, User-Name, RAT-Type=WLAN) DIAMETER AA-Answer(Application=S6b, Result-Code = DIAMETER-SUCCESS) GTP Create-Session-Response(Cause= “Request Accepted”, PAA=New-IP) GRE( DHCP Discover() ) DHCP Discover() GRE( DHCP Offer(New-IP) ) DHCP Offer(New-IP) The PGW doesn’t find a previous context and refuses the bearer setup. The WLAN-GW sees that the bearer setup was not successful and tries again with: Handover Indication set to FALSE PDN Address Allocation set to Since the P-GW assigned a different IP address then what was requested by the UE, the WLAN-GW will cache this IP address for 30s and force the UE restart DHCP from scratch by sending a DHCP NAK. GRE( DHCP Request(New-IP) ) DHCP Request(New-IP) GRE( DHCP Ack(New-IP) ) DHCP Ack(New-IP) Rel 11.0.R2

32 COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY — USE PURSUANT TO COMPANY INSTRUCTION Research Recommendation This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/

33 33 Research Recommendation WiFi Access Point ­ Wireless Mesh Network ­ Radio Location Based Services HTTP Redirect/Inline advertisements

34

35


Download ppt "COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY."

Similar presentations


Ads by Google