Transcript
본 기술 문서는 HFR(www.hfrnet.com)에서 발표한 자료입니다.
LTE와 Wi-Fi 네트워크 연동 구조
Network Architecture for LTE and Wi-Fi Interworking
2012년 6월 15일
유 창 모
02-3444-5747, 010-3229-1852
cmyoo@netmanias.com
www.netmanias.com
www.nmcgroups.com
목차
LTE Overview
-Network Reference Model
-Authentication and Security
-EPS Bearer
-QoS
-Handover
Wi-Fi Overview
-Network Architecture
-Handover
Comparison (LTE vs. Wi-Fi)
Tunneling Technology for Mobile Network
LTE and Wi-Fi Interworking
-Network Reference Model
-Authentication and Security
-IP Allocation
-Traffic Selector
-LTE/Wi-Fi 연동 관련 국내 사업자 현황 및 단말 요구 사항
LTE Overview: Network Reference Model
UE
- LTE 안테나/USIM을 내장하고 있는 사용자 단말 (예. Smartphone, USB modem, Router(Egg))
S-GW
- UE의 eNB간 핸드오버 시에 Anchoring 역할 수행
MME
- EPC망의 “두뇌”
- UE 인증(Authentication)
- Mobility 관리: UE 위치, UE의 상태 관리(ECM/EMM)
PCRF
- 정책(Policy-QoS 등급/ Access Rule)과 과금 (Charging-Online/Offline) 룰을 P-GW로 전달
OFCS
- P-GW가 전달해 준 Charging Data(Accounting Data(CDR))를 관리
eNB
- 기지국이라 불리며, UE와 EPC간에 무선 인터페이스를통한 연결을 제공함
- 무선구간은 Encryption & Integrity Protected 됨
P-GW
- UE의 S-GW간 핸드오버 시에 Anchoring 역할
- UE에 IP 주소 할당
- Charging (Online/Offline)
- QoS Enforcement
HSS
- 가입자 프로파일 저장: 가입자 ID(IMSI), 인증 Key, QoS Profile 등
- 서비스 가입 시 가입자 정보가 Provisioning 됨
SPR
- PCRF를 위해 가입자 별 Policy 및 Charging을 저장함
- 서비스 가입 시 가입자 정보가 Provisioning 됨
OCS
- 사용자 별 실시간 사용내역(UL/DL bytes) - Quota/Balance라 함을 관리
LTE Overview: Authentication and Security
인증 (Authentication)
사용자 식별자: IMSI(International Mobile Subscriber Identity)
- Global Uniqueness
- PLMN ID(MCC + MNC)와 MSIN으로 구성됨
- USIM과 HSS에 저장
인증 Key: LTE K
- USIM과 HSS에 저장
인증 프로토콜: EPS-AKA
UE가 LTE 망 접속 과정에서
- MME는 HSS로부터 인증 벡터(RAND, AUTN, XRES, KASME)를 가져와서
- 상호인증(Mutual Authentication) 수행
- UE는 LTE망(MME)을 인증하고
- LTE망(MME)은 UE를 인증
무선 구간 보안 (Security)
인증 완료 후, 보안을 위한 Master Key(KASME)를 이용하여
(1) UE와 MME간 메시지에 대해 암호화(optional) 및 무결성 보호(mandatory)
(2) UE와 eNB간 메시지에 대해 암호화(optional) 및 무결성 보호(mandatory)
(3) UE의 사용자 데이터에 대해 암호화(optional) - 보통 암호화 함!
LTE Overview: EPS Bearer
EPS Bearer
-Unidirectional한 EPS Bearer를 통해 사용자 데이터가 흐름
-EPS Bearer =
Data Radio Bearer (between UE and eNB) +
S1 Bearer (GTP tunnel between eNB and S-GW) + S5
Bearer (GTP tunnel between S-GW and P-GW)
-eNB는 DRB ID로 사용자를 구분하고,
-S-GW는 TEID(Tunnel Endpoint ID)로 사용자를 구분하며,
-P-GW는 TEID 혹은 가입자 IP 주소로 사용자를 구분함
-EPS Bearer는 UE(사용자)별로 생성되고, 소 1개 혹은 여러 개가 생성될 수 있음
Two Types of EPS Bearer
-Default EPS Bearer
-Dedicated EPS Bearer
LTE Overview: QoS
Resource Type
- GBR(Guaranteed Bit Rate): 대역폭을 보장 받는 EPS Bearer
- Non-GBR: 대역폭을 보장 받을 수 없는 Best Effort 형 EPS Bearer
QCI
- QoS 우선 순위를 1~9 으로 정의함 (3GPP 규격)
- 그 에 따라 3가지 파라미터의 을 내포하고 있음
- Resource Type (GBR or Non-GBR)
- Packet Delay Budget (30ms ~ 300ms)
- Packet Error Loss Rate (10-2 ~ 10-6)
- eNB가 무선구간에서 패킷 전송 우선 순위를 제어하는데 사용
ARP
- 0 ~ 15 중에 하나의 으로 정의
- LTE 무선 자원이 부족한 상황에서, 새로운 EPS Bearer 생성 요청이 왔을 때(새로운 UE 접속 요청이 왔을 때)
1) 기존 ESP Bearer를 삭제하고 새로운 EPS Bearer를 생성할 것이냐-
2) 아니면 새로운 EPS Bearer 생성 요청을 거절 할 것이냐- (UE의 접속 요청을 거절) 를 판단하는 기준임
- 예: Emergency VoIP Call
GBR (UL/DL)
- Resource Type = GBR인 경우, 망에서 보장해야 하는 UL/DL 대역폭(bps)을 정의
MBR (UL/DL)
- Resource Type = GBR인 경우, 망에서 허용하는 UL/DL 대 대역폭(bps)을 정의
APN-AMBR (UL/DL)
- Resource Type = Non-GBR인 경우, APN별로 망에서 허용하는 UL/DL 대 대역폭(bps)을 정의
UE-AMBR (UL/DL)
- Resource Type = Non-GBR인 경우, UE별로 망에서 허용하는 UL/DL 대 대역폭(bps)을 정의
LTE Overview: Handover
Handover의 기본
-UE의 IP 주소가 변경되면 안됨
-핸드오버 과정에서 Packet Loss, Reordering 발생을 최소화
Handover Decision
-Handover 결정은 현재 UE가 접속되어 있는 eNB에서 함
-UE는 자신이 붙어 있는 eNB1에게 Measurement Report 메시지를 보내어(Event triggered 혹은 Periodic하게 보냄)
1) \"Serving Cell로부터 수신되는 Radio Signal Strength와
2) Neighbor Cell(쉽게 말해 바로 근처에 있는 eNB 즉, eNB2의 Cell)로부터 수신되는 Radio Signal Strength\"를 보고하고,
3) 그 값을 참조하여 eNB(eNB1)이 Handover 결정을 함
Handover 종류
-Intra-LTE Handover: 핸드오버 전후에 MME와 S-GW가 변하지 않는 경우 (eNB만 변경)
- X2 handover
- S1 handover
-Inter-LTE Handover: 핸드오버 전후에 MME 또는 MME/S-GW가 변하는 경우
-Inter-RAT Handover: LTE와 다른 radio access 기술간의 핸드오버 (예. E-UTRAN(LTE) and UTRAN(3G))
Wi-Fi Overview: Network Architecture
현재 국내 통신사업자 Wi-Fi 현황: EAP 기반 인증 또는 비표준의 MAC/웹 인증
SSID
KT
ollehWiFi (secure, 자물쇠 모양 있는거)
NESPOT, ollehWiFi (자물쇠 모양 없는거)
SK TELECOM
T wifi zone(secure, 자물쇠 모양 있는거)
T wifi zone(자물쇠 모양 없는거)
LG U+
U+ zone(secure, 자물쇠 모양 있는거)
FREE U+ zone(자물쇠 모양 없는거)
Authentication
KT
EAP-AKA
MAC 인증, CM(Connection Manager) 기반의 ID/PW 인증, 웹인증
SK TELECOM
EAP-AKA
MAC 인증, CM기반 ID/PW 인증, 웹인증
LG U+
MSCHAPv2 over PEAP (EAP-TTLS와 유사)
무인증 (광고 시청 후 무료 사용)
IEEE (WLAN)
- IEEE 802.11 Working Group에서 \"Wireless LAN\"이란 용어를 사용하였고, 이 표준에서는 주로 무선랜(무선 구간)에 대한 MAC과 PHY 계층을 정의 (http://www.ieee802.org/11/)
Wi-Fi Alliance (Wi-Fi)
- 벤더(무선랜 제조사 및 통신사업자)를 중심으로 한 비영리 단체이며 여기서 \"Wi-Fi\"란 용어를 사용하였고, 본 단체에서는 IEEE 802.11 무선 기술을 이용하여 사용자에게 Wi-Fi 서비스를 제공키 위한 전체적인 네트워크 구조 정의와 장비 인증(장비가 시장에 나오기 전에 받는 인증 딱지) 발급 (http://www.wifi.org) WLAN(Wireless LAN) = Wi-Fi
STA (Station)
- IEEE 802.11 용어이며, Wi-Fi 단말(Wi-Fi interface를 가진 단말)을 지칭
AP (Access Point)
- 802.11 Wireless LAN 인터페이스와 802.3 Ethernet
인터페이스를 가지는 장비로, STA가 보낸 데이터를 무선으로 받아 Ethernet Port를 통해 유선망으로 보내 주는 장비
AAA (Authentication, Authorization, Accounting)
- STA(단말)를 인증해 주는 서버
인증과 무선 구간 암호화
- EAP 기반의 인증과 AES(CCMP)/TKIP/WEP 기반의 무선 구간 암호화가 표준화됨
Wi-Fi Overview: Handover (Vendor Specific Solution)
Wi-Fi Handover
- Inter-AP Handover를 위해서는 AP 외에 AP Controller(APC 혹은 WLC; Wireless LAN Controller)가 필요하며, AP와 AP Controller간에 프로토콜은 Vendor Specific 함
(CAPWAP[RFC 5415, 5416] driven by Cisco a Aruba, Avaya, Meru 등에서 따를 것인가- http://community.arubanetworks.com/aruba/attachments/aruba/115/422/1/CAPWAP+Position.pdf)
Comparison
LTE
표준 (Standard)
-3GPP
표준 Entity
-UE
LTE (E-UTRAN)
-eNB
EPC (SAE)
-S-GW, P-GW, MME, HSS, PCRF, SPR, OCS, OFCS
인증 (Authentication)
-EPS-AKA
무선 구간 사용자 데이터 보안 (Security for User Data)
-Encryption
QoS 지원
-Supported
이동성 (Mobility) 지원 (Handover)
-Supported
Tunneling Protocol
-GTP
주파수 간섭
-None
주파수 대역
-KT: 1.8GHz
-SK TELECOM: 800MHz, 1.8GHz
-LG U+: 800MHz, 2.1GHz
Wi-Fi
표준 (Standard)
-IEEE/Wi-Fi Alliance
표준 Entity
-STA(단말), AP, AAA(인증서버)
인증 (Authentication)
EAP based Authentication
-EAP-AKA/SIM
-EAP-TLS
-EAP-TTLS 등
Web based Authentication
-ID/PW
무선 구간 사용자 데이터 보안 (Security for User Data)
EAP based Authentication
-Encryption/Integrity Protected
Web based Authentication
-None
QoS 지원
-Supported (WMM), but not guaranteed
이동성 (Mobility) 지원 (Handover)
-Supported, but vendor specific methods
-AP Controller required
-Packet Loss during handover
Tunneling Protocol
-Vendor Specific
주파수 간섭
-Big issue (ISM band)
주파수 대역
-2.4GHz/5GHz
Tunneling Technology for Mobile Network
사용자 Mobility
- 유선 액세스 망에서 사용자가 IP 주소를 변경하지 않고 이동한다면?
- IP 라우팅 망의 경로(라우팅 테이블)는 OSPF와 같은 라우팅 프로토콜에 의해서 정해지고 사용자의 이동성을 인식하지 못하므로 통신 두절!
사용자 Mobility
- 이동성(Mobility)의 기본은 “가입자 단말의 IP 주소가 변경되면 안됨!”
- 무선 액세스 망에서 사용자 이동성을 위해서는 IP Anchor 존재 (3G: GGSN, LTE: P-GW, WiBro: ACR, Wi-Fi: AP Controller)
- IP 라우팅 망은 가입자 IP로 전달되는 패킷을 IP Anchor로 전달하고, IP Anchor는 가입자 단말과 터널링을 하여(터널링 된 패킷의 Outer IP는 기지국 주소) IP 라우팅 망은 사용자의 이동성을 신경 쓰지 않음
Tunneling Protocol
3G/LTE (standardized by 3GPP)
- eNB ~ S-GW: GTP Tunnel (3GPP)
- S-GW ~ P-GW: GTP Tunnel (3GPP)
WiBro (standardized by WiMAX Forum)
- RAS ~ ACR: GRE Tunnel (RFC 1702)
- ACR ~ HA: IPinIP Tunnel (RFC 2003)
Wi-Fi (standardized by IEEE/Wi-Fi Alliance)
- AP ~ AP Controller: Vendor Specific Tunnel
LTE and Wi-Fi Interworking: (1) Network Reference Model
Mobile Data Offloading
- Also called data offloading is the use of complementary network technologies for delivering data originally targeted for cellular networks. The main complementary network technologies used for the mobile data offloading are Wi-Fi, Femtocell
- 즉, 비싼 Cellular 망(LTE) 대신 싼 Wi-Fi 망을 이용하여 무선 자원을 절약하자!
Trust & Untrust Access Network
- Simply put, this is really an indicator on if the 3GPP operator trust the security of the non-3GPP access network
- 즉, Trust와 Untrust의 기준은 보안(Security) 수준. 3GPP Core(EPC)망과 연동할 Non-3GPP 액세스망의 보안 수준이 믿을만 하면 \"Trust\"이고, 그렇지 않으면 \"Untrust\"로 분류하고 이에 따라 연동 규격도 다름
Trust의 예: WiBro (연동: S2a)
Untrust의 예: WLAN(Wi-Fi) in a public cafe (연동: S2b)
LTE and Wi-Fi Interworking: (2) Authentication and Security
LTE 망 접속을 위한 인증 (EPS-AKA)
- UE와 MME간에 상호 인증
ePDG 접속을 위한 인증 (EAP-AKA over IKEv2)
LTE의 EPS-AKA 인증과 매우 유사함
인증 프로토콜: EAP-AKA (USIM 인증)
UE가 Wi-Fi 망 접속 과정에서
- 3GPP AAA는 HSS로부터 인증 벡터(RAND, AUTN, XRES)를 가져와서
- 상호인증(Mutual Authentication) 수행
- UE는 Wi-Fi망(3GPP AAA)을 인증하고
- Wi-Fi망(3GPP AAA)은 UE를 인증
LTE and Wi-Fi Interworking: (2) Authentication and Security (cont)
LTE 무선 구간 보안 (Security)
- UE의 사용자 데이터에 대한 암호화
- UE: LTE chip(하드웨어)에서 처리
Wi-Fi 무선 구간 보안 (Security)
- 3GPP에서는 Wi-Fi 무선 구간 보안이 안되어 있다고 가정함
UE ~ ePDG 구간 IPSec 보안 (Security)
- UE의 사용자 데이터에 대한 암호화 및 무결성 보호
- UE: IPSec 드라이버(소프트웨어)에서 처리
LTE and Wi-Fi Interworking: (3) IP Allocation
UE의 IP 는 누가 ?
- LTE 망에 붙던, Wi-Fi 망에 붙던 IP 주소는 P-GW가 할당함
- 이 주소를 사용해서 인터넷으로 나감
- UE의 IP 주소는 액세스망이 변경되어도 변하지 않음
Wi-Fi 액세스망을 위한 또 다른 IP
- UE와 ePDG 간에 IPSec 터널을 위한 Outer IP 주소는 Wi-Fi 액세스 망에서 할당함 (DHCP 서버 혹은 AP에서 할당)
- 이 Outer IP 주소는 변경될 수 있음. 따라서 UE와 ePDG는 MOBIKE 지원 필요
- 결국 UE가 Wi-Fi망/ePDG에 접속되면 2개의 IP 주소를 할당 받음(WLAN UE’s Remote IP & Local IP)
LTE and Wi-Fi Interworking: (3) IP Allocation (cont)
LTE and Wi-Fi Interworking: (4) Traffic Selector
WLAN 3GPP IP Access
- Wi-Fi망에 접속한 UE가 3GPP 엔터티인 ePDG/P-GW를 통해 인터넷과 통신
- 통신 사업자 제공 서비스(예. olleh TV now)에 대해서 제공 (차별화서비스)
WLAN Direct IP Access
- Wi-Fi망에 접속한 UE가 Wi-Fi AP에서 바로 인터넷과 통신
- 일반 서비스(예. YouTube)
Traffic Selector
- 이와 같이 Wi-Fi 망에 접속한 UE가 사용 서비스에 따라 ePDG/PGW를 거칠 수도 아닐 수도 있으며 이를 위해
- IKEv2 과정에서 ePDG는 UE로 Traffic Selector(TSi, TSr)를 전달하고, 이는 다음과 같은 파라미터로 구성됨
- TSi = Source IP Address(SIP) range,
Protocol range, Source Port Number(SP) range
- TSr = Destination IP Address(DIP) range,
Protocol range(TSi와 동일),
Destination Port Number(DP) range
- Tsi + TSr = 5-tuple임
- 이 5-tuple에 의해서 \"어떤 UE가(SIP) 어떤 서버로(DIP) 어떤 프로토콜(Protocol=6이면 TCP)을 이용하여 어떤 서비스(DP=80이면 HTTP)를 요청하는지\" 정의될 수 있어 UE는 Wi-Fi 망으로 패킷 송신시 olleh TV now 서비스인지 YouTube 서비스인지 구분할 수 있음
LTE and Wi-Fi Interworking: (4) Traffic Selector (cont)
LTE/Wi-Fi 연동 관련 국내 사업자 현황 및 단말 요구 사항
- KT, SK TELECOM: ePDG 미도입
- LG U+: 인스프릿(http://www.in-sprit.com/kr/content/main/index.php)의 ePDG 도입 (아직 서비스 오픈 안 함)
LG U+의 ePDG 도입 목적
- Wi-Fi 망을 통한 LG U+ 서비스 접근 시에 Wi-Fi 액세스에 대한 보안(Security) 제공
- P-GW와 ePDG간에 연동(PMIPv6/GRE 터널)이 없음. 즉, LTE/Wi-Fi 핸드오버를 지원하지 않음
- 자사 서비스 이용 시 보안을 위해 사용? a 굳이 ePDG를 도입해야만 하나?
LTE/Wi-Fi 연동을 위한 단말 요구 사항 (Software 관점)
- IPSec(MOBIKE) driver (Kernel Layer) a 과연 Apple의 iPhone이 지원 할거냐?
- Handover Manager (Kernel Layer): LTE와 Wi-Fi 신호 세기를 모니터링하여 핸드오버 결정/수행하는 모듈 a 역시 iPhone이 이슈…
Network Architecture for LTE and Wi-Fi Interworking
August 16, 2012
Chris Yoo
+82-2-3444-5747, +82-10-3229-1852
cmyoo@netmanias.com
www.netmanias.com
www.nmcgroups.com
Table of Contents
LTE Overview
-Network Reference Model
-Authentication and Security
-EPS Bearer
-QoS
-Handover
Wi-Fi Overview
-Network Architecture
-Handover
Comparison (LTE vs. Wi-Fi)
Tunneling Technology for Mobile Network
LTE and Wi-Fi Interworking
-Network Reference Model
-Authentication and Security
-IP Allocation
-Traffic Selector
-Status of KT, SK TELECOM & LG U+ and UE Requirements
LTE Overview: Network Reference Model
UE
- User device which has LTE chip, antenna and USIM card (ex. Smartphone, USB modem, Router (Egg))
S-GW
- Local mobility anchor point of the data connections for intereNB handover and inter-3GPP handover
MME
- Main control entity for the EUTRAN (brain of EPS)
- User authentication
- UE mobility management: UE location, UE state (ECM/EMM)
PCRF
- It makes policy decision for UE and provides PCC rules (QoS and charging rules) to P-GW
OFCS
- It manages offline charging data (CDR) per UE/per SDF, which provided by P-GW
eNB
- Base station which provides wireless connection between UE and EPC
- Encryption and integrity protected of control/data packet between UE and eNB
P-GW
- It provides PDN access for UE
- Mobility anchor point for inter S-GW handover
- IP address assignment to UE
- Online/Offline Charging
- QoS Enforcement
HSS
- Central DB holding user profile: user ID(IMSI), authentication key, QoS profile, etc
- User profile is provisioned by B/OSS when user subscription
SPR
- Database for PCRF, which maintains policy and charging rule of user
- It is provisioned by B/OSS when user subscription
OCS
- It manages data volume (UL/DL bytes), time (connection time) and event based online charging data per UE/per SDF, which provided by P-GW
LTE Overview: Authentication and Security
User Authentication
User Identification: IMSI (International Mobile Subscriber Identity)
- Global Uniqueness
- PLMN ID (MCC + MNC) + MSIN
- Stored at USIM (UE) and HSS (E-UTRAN)
Authentication Key: LTE K
- Stored at USIM (UE) and HSS (E-UTRAN)
User Authentication Protocol: EPS-AKA
User Authentication Process
1. When UE requests to attach LTE network
2. MME obtains authentication vectors (RAND, AUTN, XRES, KASME) from the HSS
3. Mutual authentication between UE and MME
- UE authenticates LTE network (MME)
- MME authenticates UE
Security for Radio Interface
After success of mutual authentication, security for radio interface is provided based on master key
(KASME)
1. Control message between UE and MME: Encrypted (optional) and Integrity Protected (mandatory)
2. Control message between UE and eNB: Encrypted (optional) and Integrity Protected (mandatory)
3. User data between UE and eNB: Encrypted (optional)
LTE Overview: EPS Bearer
EPS Bearer
- Logical transport channel between UE and the PDN for
transporting UE IP traffic
- EPS Bearer =
Data Radio Bearer (between UE and eNB) +
S1 Bearer (GTP tunnel between eNB and S-GW) +
S5 Bearer (GTP tunnel between S-GW and P-GW)
- eNB can distinguish UE by DRB ID in EPS bearer
- S-GW can distinguish UE by Tunnel Endpoint ID (TEID)
- P-GW can distinguish UE by TEID or UE IP address
- At least one EPS bearer per UE, and it may also have multiple EPS bears per UE in order to provide QoS differentiation (ex. Internet bearer and VoLTE bearer)
Two Types of EPS Bearer
- Default EPS Bearer
- Dedicated EPS Bearer
LTE Overview: QoS
Resource Type
- GBR (Guaranteed Bit Rate): A certain amount of bandwidth is reserved for this bearerr
- Non-GBR: It does not have a fixed (reserved) bandwidth allocated for this bearer (Best Effort)
QCI
The class-based QoS concept (such as IP DSCP) where
each EPS bearer is assigned a QCI (1 ~ 9)
It defines packet forwarding treatment
QoS characteristics which defines below parameters:
- Resource Type (GBR or Non-GBR)
- Packet Delay Budget (30ms ~ 300ms)
- Packet Error Loss Rate (10-2 ~ 10-6)
ARP
- Priority for the allocation and retention of bearers, defined by 0 ~ 15
- Bearers with high ARP are assigned low ARP value, and vice versa (ex. VoIP emergency call service has low ARP value)
- In resource limitation situation, LTE network use the ARP to prioritize establishment and modification of bearers with a high ARP over bears with a low ARP
- It also uses ARP to decide which existed bearers to drop in case of resource limitation
GBR (UL/DL)
- Guaranteed (Reserved) bandwidth (bps) for GBR bearer
MBR (UL/DL)
- Maximum allowed bandwidth (bps) for GBR bearer
- Any traffic in excess of the MBR may be discarded
APN-AMBR (UL/DL)
- Maximum allowed bandwidth (bps) for all non-GBR bearers associated with a specific APN
UE-AMBR (UL/DL)
- Maximum allowed bandwidth (bps) for all non-GBR bearers of a UE
LTE Overview: Handover
Basic Requirement of Handover
-UE IP address should not be changed
-Packet loss and reordering should be minimized during handover Handover Decision
-Handover decision is performed by serving eNB (In case of Wi-Fi, UE(STA) performs handover decision)
-Handover Decision Process
1.UE sends Measurement Report message to serving eNB periodically (or event triggered)
2.Measurement Report message includes
-Radio signal strength from serving cell to UE
-Radio signal strength from neighbor cells to UE
3.Serving ENB decides handover based on information of Measurement Report message Type of Handover
-Intra E-UTRAN: eNB relocated, without changing MME and S-GW
-Inter E-UTRAN and MME: eNB and MME relocated, without changing S-GW
-Inter E-UTRAN and S-GW: eNB and S-GW relocated, without changing MME
-Inter E-UTRAN and MME and S-GW: eNB, S-GW and MME relocated
-Inter RAT (E-UTRAN and GERAN/UTRAN): Handover between 3G and LTE
Wi-Fi Overview: Network Architecture
현재 국내 통신사업자 Wi-Fi 현황: EAP 기반 인증 또는 비표준의 MAC/웹 인증
SSID
KT
ollehWiFi (secure)
NESPOT, ollehWiFi
SK TELECOM
T wifi zone (secure)
T wifi zone
LG U+
U+ zone (secure)
FREE U+ zone
Authentication
KT
EAP-AKA
MAC based authentication, Web (ID/PW) based authentication
SK TELECOM
EAP-AKA
MAC based authentication, Web (ID/PW) based authentication
LG U+
MSCHAPv2 over PEAP (Very similar with EAP-TTLS)
Open Access (1 hour free access after Ad. watch)
IEEE (WLAN): http://www.ieee802.org/11
- IEEE 802.11 standards define MAC and PHY layer
- “Wireless LAN (WLAN)” term is used by IEEE 802.11
Wi-Fi Alliance (Wi-Fi): http://www.wi-fi.org
- Several AP vendors came together to form a global non-profit
organization with the goal of driving adoption of high-speed wireless local area networking
- “Wi-Fi” term is used by Wi-Fi Alliance
WLAN(Wireless LAN) = Wi-Fi
The term “Wi-Fi” is used in general as a synonym for “WLAN”
STA (Station)
- Device which has Wi-Fi chip & antenna
AP (Access Point)
- It has IEEE 802.11 Wireless LAN interface for use-facing and IEEE 802.3 Ethernet interface for network-facing port
- It provides connection between STA and IP network
AAA (Authentication, Authorization, Accounting)
- User authentication server
Authentication & Security for Radio Interface
- EAP based authentication
- User data encryption and integrity protected based on
AES(CCMP)/TKIP/WEP
Wi-Fi Overview: Handover (Vendor Specific Solution)
Wi-Fi Handover
Wi-Fi Handover
-AP Controller (APC, or Wireless LAN Controller(WLC)) will be required to support Inter-AP handover
-Major AP/APC providers such as Aruba, Avaya, Meru support vendor specific protocol between AP and APC (CAPWAP[RFC 5415, 5416] driven by Cisco, but other vendors still support their own methods http://community.arubanetworks.com/aruba/attachments/aruba/115/422/1/CAPWAP+Position.pdf)
Comparison
LTE
Standard
-3GPP
Standard Entity
-UE
LTE (E-UTRAN)
-eNB
EPC (SAE)
-S-GW, P-GW, MME, HSS, PCRF, SPR, OCS, OFCS
User Authentication
-EPS-AKA
Security for User Data
-Encryption
QoS Support
-Supported
Handover (User Mobility) Support
-Supported
Tunneling Protocol
-GTP
Frequency Interference
-None
Frequency Band
-KT: 1.8GHz
-SK TELECOM: 800MHz, 1.8GHz
-LG U+: 800MHz, 2.1GHz
Wi-Fi
Standard
-IEEE 802.11/Wi-Fi Alliance
Standard Entity
-STA, AP, AP Controller(optional), AAA
User Authentication
-EAP based Authentication (Standard)
-EAP-AKA/SIM
-EAP-TLS
-EAP-TTLS, etc
Web based Authentication (WBA)
-ID/PW
MAC based Authentication (Non Standard)
-STA MAC
Security for User Data
-EAP based Authentication
-Encryption/Integrity Protected
Web/MAC based Authentication
-None
QoS Support
-Supported (WMM), but not guaranteed
Handover (User Mobility) Support
-Supported, but vendor specific methods
-AP Controller required
-Packet Loss during handover
Tunneling Protocol
-Vendor Specific
Frequency Interference
-Big issue (ISM band)
Frequency Band
-2.4GHz/5GHz
Tunneling Technology for Mobile Network
User Mobility in Wired Network
- If user moves to another location without changing IP address in wired access network, communication will be broken because IP routing network can not recognize user mobility
User Mobility in Wireless/Mobile Network
- The key requirement of user mobility is “User IP address should not be changed”
- IP Anchor should be existed in wireless/mobile network for supporting user mobility (3G: GGSN, LTE: P-GW, WiMAX: ASN-GW, Wi-Fi: AP Controller)
- Downstream traffic delivered process
1. IP Anchor advertises user IP address prefix to IP routing network via OSPF, IS-IS or BGP
2. IP Anchor receives IP packet destined to user over the Internet
3. IP Anchor encapsulates the user IP packet with ‘Tunnel header’ and forwards the resulting outer IP packet to the Base Station(BS)
4. So, IP routing network between BS and IP Anchor has no chance to see user IP address, which means that IP routing network does not require to concern about user mobility
Tunneling Protocol in Wireless/Mobile Network
3G/LTE (standardized by 3GPP)
- eNB ~ S-GW: GTP Tunnel (3GPP)
- S-GW ~ P-GW: GTP Tunnel (3GPP)
WiMAX (standardized by WiMAX Forum)
- BS ~ ASN-GW: GRE Tunnel (RFC 1702)
- ASN-GW ~ HA: IPinIP Tunnel (RFC 2003)
Wi-Fi (standardized by IEEE/Wi-Fi Alliance)
- AP ~ AP Controller: Vendor Specific Tunnel
LTE and Wi-Fi Interworking: (1) Network Reference Model
Mobile Data Offloading
- Data offloading is the use of complementary network technologies for delivering data originally targeted for cellular networks. The main complementary network technologies used for the mobile data offloading are Wi-Fi, Femtocell
- “Let’s use cheaper Wi-Fi access instead of expensive cellular (LTE) network!”
Trust & Untrust Access Network
- Simply put, this is really an indicator on if the 3GPP operator trust the security of the non-3GPP access network
- If non-3GPP access network supports trust security level from the 3GPP core (EPC) viewpoint, it is interworked with S2a interface, otherwise S2b interface is used
- Example of Trust network: WiMAX
- Example of Untrust network: WLAN(Wi-Fi) in a public cafe
LTE and Wi-Fi Interworking: (2) Authentication and Security
User Authentication for LTE access
- Authentication Protocol: EPS-AKA (USIM based)
- Mutual authentication between UE and MME
User Authentication for ePDG access
- Authentication Protocol: EAP-AKA ove IKEv2 (USIM based)
- It is very similar with EPS-AKA in LTE network
- User Authentication Process
1. When UE requests to connect with ePDG
2. 3GPP AAA obtains authentication vectors (RAND, AUTN, XRES)
from the HSS
3. Mutual authentication between UE and 3GPP AAA
- UE authenticates 3GPP AAA
- 3GPP AAA authenticates UE
LTE and Wi-Fi Interworking: (2) Authentication and Security (cont)
Security for LTE Radio Interface
- User data is encrypted between UE and eNB
- LTE chip(HW) of UE supports data encryption/decryption
Security for Wi-Fi Radio Interface
- 3GPP assumes that Wi-Fi security is not enabled (supported)
Security between UE and ePDG
- User data is encrypted and integrity protected between UE and ePDG
- IPSec driver(SW) of UE supports data encryption/decryption and integrity protection (Performance issue?)
LTE and Wi-Fi Interworking: (3) IP Allocation
Which entity allocates UE IP address?
- P-GW allocates UE IP address in both case that UE attaches to LTE and Wi-Fi network
- User packet is routing with this address in the Internet
- UE IP address is not changed even if access network is changed (LTE to Wi-Fi, and Wi-Fi to LTE) Another IP address for accessing Wi-Fi network
- Wi-Fi AP or External DHCP server allocates Outer IP address in Wi-Fi access network for IPSec Tunneling between UE and ePDG
- This outer IP address can be changed during Wi-Fi handover. So, MOBIKE should be supported in UE and ePDG
- So, Two IP addresses are required when UE accesses to Wi-Fi network
- WLAN UE’s Local IP: Outer IP address which allocated by AP/DHCP server
- WLAN UE’s Remote IP: Inner IP address which allocated by PGW
LTE and Wi-Fi Interworking: (3) IP Allocation (cont)
LTE and Wi-Fi Interworking: (4) Traffic Selector
WLAN 3GPP IP Access
- User Traffic Path: UE - Wi-Fi AP - ePDG - P-GW - Internet
- Traffic is passed through the 3GPP core, which means that it can support handover between LTE and Wi-Fi
- Use Case: Operator Service (example: KT olleh TV now). Operator can provide differentiated service (e.g., heterogeneous handover) to their subscriber
WLAN Direct IP Access
- User Traffic Path: UE - Wi-Fi AP - Internet
- Traffic is not passed through the 3GPP core, which means that it can not support handover between LTE and Wi-Fi
- Use Case: OTT service (example: YouTube)
Traffic Selector
- Traffic Selector can be used to distinguish between WLAN 3GPP IP Access and WLAN Direct IP Access
- UE gets Traffic Selector from the ePDG during the IKEv2 procedure
- Traffic Selector consists of TSi and TSr:
- TSi = Source IP Address(SIP) range,
Protocol range,
Source Port Number(SP) range
- TSr = Destination IP Address(DIP) range, a Server Identification
Protocol range (same as TSi, a TCP or UDP
Destination Port Number(DP) range a Service Identification
- Tsi + TSr = 5-tuple
- Based on 5-tuple, UE (IPSec driver) can determine whether application traffic (IP flow) is served by WLAN 3GPP IP Access or WLAN Direct IP Access
LTE and Wi-Fi Interworking: (4) Traffic Selector (cont)
LTE/Wi-Fi 연동 관련 국내 사업자 현황 및 단말 요구 사항
- KT, SK TELECOM: No plan
- LG U+: Deploy ePDG from Insprit (http://www.in-sprit.com/kr/content/main/index.php), but do not service yet
LG U+: The Purpose of ePDG Deployment
- Provides security when subscriber accesses LG U+ service via Wi-Fi network
- At this moment, there’s no interworking (no PMIPv6/GTE tunnel) between P-GW and ePDG which means that it does not support
handover between LTE and Wi-Fi
UE Software Requirement for LTE/Wi-Fi Interworking
- IPSec(MOBIKE) driver (Kernel Layer) is required
- Handover Manager (Kernel Layer) is required: Handover decision by monitoring LTE and Wi-Fi signal strength
- Big Issue: Apple willing to support “IPSec and Handover Manager” in iPhone/iPad???
무료 WiFi traffic을 처리하기위해 ePDG를 도입할 경우, 고객 needs 대비 투자의 효율성이 너무 떨어지거든요.
무엇이 일어났다고 하는 것인지 조금 더 설명을 해 주실 수 있을까요 ?
We have provided Netmanias English site. Please find the link below:
https://www.netmanias.com/en/?m=view&id=techdocs&lm=simple&page=3&no=5920&vm=ppt
Hello,
Is MOBIKE support needed for wifi-lte interworking?
Is this needed even for handover within the wifi network too, i.e. moving between APs??
UE can use MOBIKE to inform ePDG about change of UE’s IP address (assigned by wifi network, not by PGW)
for existing IKE/IPsec tunnels without IKE re-establishment.
(IP address change can be occurred when UE moves from one AP to another AP in wifi area)
Without MOBIKE, UE have to re-establish IKE/IPsec tunnels with updated IP address after moving to another AP
this procedure just seems as re-attachment of UE (re-attachment is not a handover)
Answer :
- Needed for handover within the wifi network ? required
- Needed for wifi-lte handover ?
Not required if UE moves ”lte -> wifi AP -> lte”
Required if UE moves “lte -> wifi AP #1 -> wifi AP #2 -> lte”
Thanks
Hello, I have one question in the wifi-LTE architecture.
From 23.402 it is not clear whether S6b (diameter)interface (to update the PGW address to the AAA) is needed only when the epdg<->PGW interface is PMIP and is not needed for GTP. Can you please clarify if that is required for both the tunneling protocols?
슬라이드쉐어 프레젠테이션이 날라갔네요
로그인 후 PDF 다운로드 받으시면 됩니다.