1. PDSN 課程講議 課程內容 : 1.EV-DO overview 2.PDSN/FA & HA overview 3.Understanding Simple IP & Mobile IP 4.Mobility 5.Understanding the service operation of Starent System SHAQ 2010/3/19

2. 1. EV-DO overview

3. 1xEV-DO IOS Architecture Reference Model 1. EV-DO overview

4. EV-DO R0, RA, RB : Air-link is the bottle neck for wireless data transmission. 1. EV-DO overview EV-DO Rev 0 (one carrier) 1.25Mhz2.5Mbps153.6kbps

5. EV-DO R 0, R A, R B 1. EV-DO overview

6. 2. PDSN/FA & HA overview PCF

7. 2. PDSN/FA & HA overview PDSN

8. 2. PDSN/FA & HA overview AAA server

9. 2. PDSN/FA & HA overview Home Agent

10. Standalone PDSN/FA and HA Deployments Interface Description R-P Interface – PCF PDSN Pi Interfaces – PDSN/FA HA PDN Interfaces – HA PDN/internet AAA Interfaces – PDSN/HA AAA Server 2. PDSN/FA & HA overview

11. Co-Located Deployments 2. PDSN/FA & HA overview

12. PDSN-FA and HA functionality : Logical interface R-P interface : Functionality : - R-P connection setup - R-P connection tear-down - Transport of PPP packets - Transport of cdma2000 accounting information from PCF to PDSN - R-P mobility Types: - Closed R-P interface : L2TP - Open R-P interface : GRE (A10/A11) 2. PDSN/FA & HA overview

13. PDSN-FA and HA functionality : Protocols PPP : Point-to-Point Protocol, MN PDSN 1. LCP 2. Authentication - PAP - CHAP 3. NCP (IPCP) RADIUS : PDSN/FA or HA AAA Server IP in IP : FA HA IP : MN PDN(Internet, VPN, CN) 2. PDSN/FA & HA overview

14. 3. Understanding Simple IP and Mobile IP -Access methods for packet data services : - Local and public network access - Private network access -Access application for two access methods : - Simple IP : Dynamically assigned IP addresses Mobility in a defined geographical area - Mobile IP : Static or Dynamically assigned IP addresses Seamless mobility - Proxy Mobile IP : PDSN supports MIP for MN which don’t support MIP.

15. Simple IP How Simple IP Works 3. Understanding Simple IP and Mobile IP

16. Simple IP Simple IP protocol stacks 3. Understanding Simple IP and Mobile IP

17. Simple IP Simple IP Call Flow 3. Understanding Simple IP and Mobile IP PPP : LCP(3) Authentication(4,5,6,7; attributes) IPCP(8, IP assignment)

18. Mobile IP - network-layer solution - maintain ongoing communications while changing links - Home address - Care of Address (collocated / FA) - IP Tunnels 3. Understanding Simple IP and Mobile IP Key of mobility

19. Mobile IP Mobile IP Tunneling Methods : IP in IP tunnels : Outer IP header / Inner IP header GRE tunnels : any transport protocol can be encapsulated in GRE Three Tunneling of Mobile IP : Forward Tunneling : PDN -> MN 3. Understanding Simple IP and Mobile IP

20. Mobile IP Reverse Tunneling : MN -> PDN - Direct Delivery Style : MN -> FA directly - Encapsulating Delivery Style : MN -> FA encapsulates (reference MIPv4_4) 3. Understanding Simple IP and Mobile IP

21. Mobile IP Triangular Routing : - advantage : reverse tunneling is not required - disadvantage : - HA is unaware of all user traffic for billing purposes - FA would have to be connected to each private network 3. Understanding Simple IP and Mobile IP

22. Mobile IP Mobile IP protocol stacks—data plane 3. Understanding Simple IP and Mobile IP

23. Mobile IP Mobile IP protocol stacks—control plane 3. Understanding Simple IP and Mobile IP

24. Mobile IP How Mobile IP Works 3. Understanding Simple IP and Mobile IP

25. Mobile IP How Mobile IP Works 3. Understanding Simple IP and Mobile IP MIP setup : MIP Registration Request message(6, 11) Access Request message(7,8,12) Access Acept message(9,10,13) MIP Registration Reply(14 (MN’s home address,16) PPP MIP close : Registration Request with a request lifetime of 0.(17, 18) Registration Reply (19, 20)

26. Mobile IP Proxy Mobile IP An Overview of Proxy Mobile IP : - Provides mobility for subscribers with MNs that do not support the Mobile IP protocol stack. - R-P and PPP sessions get established as they would for a Simple IP session - Mobile Binding Record (MBR) is created on HA How Proxy Mobile IP Works : - Scenario 1: The AAA server specifies an IP address that the PDSN allocates to the MN from one of its locally configured static pools. - Scenario 2: The HA assigns an IP address to the MN from one of its locally configured dynamic pools. 3. Understanding Simple IP and Mobile IP

27. Proxy MIP (8,9,11) IPCP (8,10,12)

28. Mobile Packet data service states MSBSSPCFPDSN TCHA8A10 MSBSSPCFPDSN TCHA8A10 MSBSSPCFPDSN TCHA8A10 NULL :There are not any connections between the MS and Network. ACTIVE:In this state, Traffic channel exists between MS and PDSN, and both sides may transmit data. Dormant:No traffic channel exists between MS and PCF. But PPP connection and traffic channel on A10 are maintained. 3. Understanding Simple IP and Mobile IP

29. 4. Mobility - Micro-mobility : intra-PCF mobility - R-P mobility : intra-PDSN mobility - Macro-mobility : inter-PDSN mobility

30. 4. Mobility -R-P mobility : - R-P interface is moved from the source PCF to the target PCF - PPP session remains on the same PDSN-FA -Macro-mobility : - PDSN-FA/HA - a new PPP session must be initiated - New PDSN-FA issues an Agent Advertisement on that session - MM’s Home IP address(assigned when Mobile IP service was initiated) is still using => Layer 3 mobility - The session is anchored at the HA

31. 4. Mobility Dormant mobility : - “stale” PPP session - PANID / CANID - the PPP session will be restarted / the MIP renegotiation

32. 5. Understanding the service operation of Starent System

33. Contexts : - a logical grouping or mapping of configuration parameters that pertain to various physical ports, logical IP interfaces, and services. - The system supports the configuration of multiple contexts. - Each contexts is configured and operates independently from the others. - Contexts can also be assigned domain aliases. - Categorization : Source/Destination/AAA context - Source context: - “ingress” context - subscriber’s point-of-entry in the system - R-P interfaces

34. 5. Understanding the service operation of Starent System - Categorization : - Destination context: - “egress” context - where a subscriber is provided services - configured with the interfaces facilitating subscriber data traffic to/from the Internet, a VPN, or other PDN - AAA context : - provides authorization, authentication, and accounting (AAA) functionality for subscriber and/or administrative user sessions - the logical interfaces for communicating with AAA servers - records for locally configured subscribers and/or administrative users Note : AAA context 可與 source 或 destination context configured 一起. 一般規則為 AAA server 為 carrier 管控, 則可與 source context configure 在一起, 反之則可與 destination source configured 在一起.

35. 5. Understanding the service operation of Starent System - AAA context - AAA Realms : - provides AAA attributes (when access-accept message from RADIUS failed to contain certain attributes) - subscriber-specific templates < subscriber’s RADIUS user profile - A AAA realm is considered part of the AAA context(or configuration) - the AAA context itself is also considered to be a realm - There may be many different AAA realms defined within a single AAA context Source context/ AAA configuration nova.com bigco.com ingress RADIUS AAA access-accept message from RADIUS failed to contain certain attributes AAA interface AAA realms

36. 5. Understanding the service operation of Starent System Logical interface : - assigned to IP addresses and are bound to a specific port - associated with services through bindings - takes on the characteristics of the functions enabled by the service Logical interface category : - Management interface : - provides the system’s point of attachment to the management network - defined in the local context - R-P interface : - A10/A11 -> communications path between the PCF and the PDSN - Pi interface : - communications path between the PDSN/FA and HA for Mobile IP applications

37. 5. Understanding the service operation of Starent System Logical interface category : - PDN interface: - The interface to the packet data network (PDN) - AAA interface : - the connection between the PDSN and/or HA and the network servers that perform AAA functions - Remote Authentication Dial-In User Service(RADIUS) - ICC interface : (inter-context communication) - only required when multiple services are configured in the same context Xxx context FAHA ICC

38. 5. Understanding the service operation of Starent System Binding : - an association between “elements” within the system - static and dynamic - static : - dynamic : - associates a subscriber to a specific egress context based on the configuration of their profile or system parameters. Context Physical port Logical interface IP address Service

39. 5. Understanding the service operation of Starent System Services : - Services are configured within a context and enable certain functionality. - PDSN services : - The PDSN service must be bound to a logical interface within the same context. - logical interface takes on the characteristics of an R-P interface - a single physical port can facilitate multiple R-P interfaces. - R-P sessions are identified using the PCF address, the PDSN interface address, and the R-P Session ID. - FA/HA services : - configured to support Mobile IP and define FA/HA functionality on the system.

40. 5. Understanding the service operation of Starent System - FA/HA services combination & individual configuring : System PDSN service Source context FA/HA service Dest. context PDN interface 1. 2. System PDSN/FA service Source context System HA service Source context Pi

41. 5. Understanding the service operation of Starent System AAA Servers : - store profiles / perform authentication / maintain accounting records - Mobile IP : there can be foreign AAA (FAAA) and home AAA (HAAA) servers - The AAA servers communicate with the system over the AAA interface. Subscribers : Three primary types of subscribers/users - RADIUS-based Subscribers : - The most common type of subscriber. - identified by IMSI/ESN/Domain name/User name - user profile configured on and authenticated by a RADIUS AAA server Attributes : - parameter settings(protocol settings; IP assignment method, etc.) - privileges (Simple IP, Mobile IP, etc.) User profile

42. Subscribers : Three primary types of subscribers/users - Local Subscribers : - testing purposes - configured and authenticated within a specific context where they are created. - first created subscriber profiles are set to the system’s default setting. - configuring profile attributes are made on a subscriber-by-subscriber basis. - Management Subscribers : - an authorized user who can monitor, control, and configure the system - configured as a local subscriber within the local context - management subscribers may also be authenticated remotely via RADIUS (if a AAA configuration exists within the local context) 5. Understanding the service operation of Starent System

43. Default Subscribers and Realm-based Subscriber Templates : - Used for RADIUS-based subscribers when needed. - Default Subscriber : - per context basis - the system automatically creates a subscriber named default (When each context is created) - Realm-based Subscriber Templates : (AAA realms) - per realm basis - a context can have numerous domain aliases - each realm is used for a specific group of subscribers

44. 5. Understanding the service operation of Starent System

45. RADIUS Remote Authentication Dial-In User Service

46. RADIUS Authentication Flow

47. Point-to-Point Tunneling Protocol (PPTP) PPTP was developed by Microsoft and the IETF. Layer 2 tunnel supports IP, IPX, NetBEUI Authentication is relied on PPP –PAP, SPAP, CHAP, MS-CHAP V1, V2, and EAP PPTP server Internet PPTP Client PPP GRE IP, IPX NetBEUI

48. PPTP Packet Generic Routing Encapsulation (GRE) –a mechanism for encapsulating any network layer protocol over any other network layer protocol. Encryption protocol –Microsoft Point to Point Encryption (MPPE) IP Header GRE Header PPP IP TCP Data GRE Payload (encrypted)

49. Layer 2 Tunneling Protocol (L2TP) Based upon the best features of PPTP and L2F. Layer 2 tunnel supports IP, IPX, NetBEUI. PC + LAC PC with L2TP Client PPP IP IP L2TP IP Internet L2TP Tunnel new IP header L2TP message header PPP header original IP header payload message payload payload Corporate LAN LNS L2TP Network Server

50. L2TP Packet Allows tunnels to support more than one connection. Encryption is relied on IPsec. IP Header IPSec ESP Header PPP Header UDP Header L2TP Header IP Header TCP Header DATA

51. Internet Protocol Security (IPSec) Layer 3 protocol for remote access, intranet, and extranet VPN –Internet standard for IP layer VPN –Provides flexible encryption and message authentication/integrity –Includes key management Two security protocols –Authentication Header (AH) –Encapsulating Security Payload (ESP)

52. IPSec Operating Modes Transport mode Tunnel mode

53. IPSec - Authentication Header (AH) Authentication Integrity Anti-replay

54. IPSec - Encapsulating Security Payload (ESP) Confidentiality Authentication Integrity Anti-replay