Cisco Public © 2012 Cisco and/or its affiliates. All rights reserved. 1
iWAG – Intelligent Wireless Access Gateway
(Integrating Wi-Fi Traffic into 3G / 4G Core)
pmipv6-‐[email protected]
Cisco Public
GPRS Tunneling Protocol (GTP) for integraCng Wi-‐Fi traffic into Gateway GPRS Support Node (GGSN)
ISG Features
• IPoE Sessions: DHCP ini=ated, unclassified IP or MAC-‐address ini=ator, Radius-‐Proxy ini=ator
• Layer-‐4 Redirect • Traffic Classes • Postpaid & Prepaid Accoun=ng • Dynamic Rate Limi=ng • Lawful Intercept • Radius based authen=ca=on and accoun=ng • Radius CoA Interface • Per-‐subscriber QoS • IP Session keep-‐alives, =meouts • VRF Transfer • Port Bundle Host Key (PBHK) • Walk-by session handling/optimization Local Breakout of subscriber traffic for
Simple IP subscribers …..and more http://www.cisco.com/go/isg
Mobile Access Gateway (MAG) using Proxy Mobile IPv6 (PMIPv6) for integraCng Wi-‐Fi traffic into Packet Data Network Gateway (PGW)
iWAG = Intelligent Wireless Access Gateway
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
ASR 1000 iWAG – IOS XE 3.8S
4G Core
Internet
Portal
GGSN
DHCP
GTP
PGW/LMA
3G Core
L2 Connected
AP WLC
AP
AAA
Mobile Home Network Policy
PCRF HLR OCS CGF
Access Network Policy
Gy Gx Ga
Gn’
Features: • L2 Access & AAA Policy
1. EAP-SIM/AKA (via WLC) / FSOL – DHCP 2. EAP-SIM/AKA (via ISG) / FSOL – Radius Proxy 3. Web Logon /TAL. FSOL – Unclassified MAC
• GGSN selection via DNS • Overlapping MNO address support with multiple
SSID
iWAG ASR1K
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Service Providers Reduce network congestion: Reduce OpEx and increase network
efficiency by offloading 3G/4G traffic Provide Wi-Fi security and subscriber control: Deliver scalable,
manageable, and secure wireless connectivity with a low TCO Deliver a Wi-Fi platform that offers new, location-based services and
enables new revenue-sharing business models
Users Provide access to 3G/4G core inspite of lack of / weak cell signal Provide a good QoE to subscribers on Wi-Fi networks similar to that
provided on 3G/4G networks QoS based on subscriber profile and traffic classification Provide access to mobile backhaul which could have better bandwidth and
thus provide better service Deliver a Wi-Fi platform that enables location-based services
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Deployment Model #
Access Type Authentication FSOL Service IP
1 Layer 2 EAP-SIM/AKA (out-of- band)
DHCP Discover PGW/LMA
2 Layer 2 EAP-SIM/AKA (in-band) Radius Proxy PGW/LMA
3 Layer 2 Web Logon Unclassified MAC PGW/LMA
4 Layer 2 EAP-SIM/AKA (out-of- band)
DHCP Discover GGSN
5 Layer 2 EAP-SIM/AKA (in-band) Radius Proxy GGSN
6 Layer 2 Web Logon Unclassified MAC GGSN
4G –
PM
IPv6
3G
– G
TPv1
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
L2 Connected
AP WLC
AP
Internet
iWAG ASR1K
AAA
Mobile Home Network Policy
PCRF HLR OCS CGF
Access Network Policy
EAP-SIM/AKA Authentication (out-of-band)
FSOL: DHCP Discover
Gy Gx Ga
Model # Access Type Authentication FSOL Service IP
1 Layer 2 EAP-SIM/AKA (out-of- band)
DHCP Discover PGW/LMA
DHCP
Service IP
4G Core
PGW/LMA
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Device AP+WLC HLR AAA CAR+ITP
802.1x
EAP Request/ID
EAP ID Response/ID
EAP-SIM Method, Recover IMSI from Pseudonym or Fast Re-Auth ID
RADIUS Access Accept
MAP SEND AUTH INFO
Res
MAP SEND AUTH INFO
Req
iWAG P-‐GW PCRF
MAP SRI for LCS Req (IMSI)
MAP SRI for LCS Res (MSISDN)
Cache MAC, IMSI, MSISDN,
subscriber profile
Policy Manager Sub DB
Recover SubscripCon Profile (IMSI)
Store MSISDN
Configure authorized IMSIs on the Subscriber database with WiFi Subscriber Profile. WiFi Subscriber Profile: Realm, WiFi APN, Charging Characteristics, IPv4/IPv6 service
IMSI Authenticated, but MSISDN unknown
ITPITPITPITP
RADIUS Access Request (username= EAP ID, calling staCon ID = MAC, called-‐staCon-‐ID = AP:SSID)
EAP SUCCESS VLAN
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Device AP+WLC HLR DHCP/MAG
DHCP Offer (a.b.c.d)
DHCP Req/Ack (Primary DNS recovered from
PBA)
P-‐GW/LMA PCRF
PBU Gx:CCR-‐I
Gx:CCA-‐I PBA
PMIPv6 PBA: IPv4 Home Address (HoA) PCO: Primary DNS
SPR/ Sub DB
Open PGW-CDR With container for WiFi Service, subscriber ID
= MSISDN
RF: Diameter ACR
RF: Diameter ACA
Gx:CCR-I: IMSI, MSISDN, APN, RAT Type Subscriber ID Type = E.164, RAT=WiFi
SP: Recover Subscriber Profile
Policy Profile to Apply
IPv4 HoA = 0.0.0.0 MN-‐ID (imsi@realm), SSMO (APN), MSISDN, CHARGING CHARACTERISTICS , ATT = Wi-‐Fi
iWAG
ITPITPITPITP
AAA CAR+ITP
RADIUS Access Request (Calling StaCon ID = Source MAC address)
RADIUS Access Accept(User Profile) Source MAC Address: DHCP Discover
User Profile VSAs: CISCO-SERVICE-SELECTION (APN), CISCO-MOBILE-NODE-IDENTIFIER (IMSI@realm) , LMA, CISCO-MSISDN, 3GPP-CHARGING-CHARS, CISCO-MN-SERVICE (IPv4)
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
L2 Connected
AP WLC
AP
Internet
GGSN Gn’
EWAG ASR1K
GTP 3G Core
AAA
Mobile Home Network Policy
PCRF HLR OCS CGF
Access Network Policy
EAP-SIM/AKA Authentication (out-of-band)
FSOL: DHCP Discover
Service IP
Gy Gx Ga
DHCP
Model # Access Type Authentication FSOL Service IP
4 Layer 2 EAP-SIM/AKA (out-of- band)
DHCP Discover GGSN
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Device AP+WLC HLR AAA CAR+ITP
802.1x
EAP Request/ID
EAP ID Response/ID
EAP-SIM Method, Recover IMSI from Pseudonym or Fast Re-Auth ID
RADIUS Access Accept
MAP SEND AUTH INFO
Res
MAP SEND AUTH INFO
Req
iWAG P-‐GW PCRF
MAP SRI for LCS Req (IMSI)
MAP SRI for LCS Res (MSISDN)
Cache MAC, IMSI, MSISDN,
subscriber profile
Policy Manager Sub DB
Recover SubscripCon Profile (IMSI)
Store MSISDN
Configure authorized IMSIs on the Subscriber database with WiFi Subscriber Profile. WiFi Subscriber Profile: Realm, WiFi APN, Charging Characteristics, IPv4/IPv6 service
IMSI Authenticated, but MSISDN unknown
ITPITPITPITP
RADIUS Access Request (username= EAP ID, calling staCon ID = MAC, called-‐staCon-‐ID = AP:SSID)
EAP SUCCESS VLAN
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
WiFi client AP+WLC AAA GGSN @g.g.g.g
DHCP Req [client requested IP=c.c.c.c; server=e.e.e.e]
Access Req
Access Accept
Create PDP Resp [IP addr=c.c.c.c]
DHCP ACK [client IP=c.c.c.c; server=e.e.e.e; renewal
time…] client’s traffic client’s traffic tunneled
iWAG
Vlan connectivity
Create PDP Req [IP addr=0.0.0.0]
DHCP Offer [client IP =c.c.c.c; server=e.e.e.e]
Access Accept [IMSI, MSISDN, APN, ssg-service=GTP-svc, etc]
Regenerate a DHCP offer to send back to the client
Activate session on DP fully after finding it having a valid
IP addr
DHCP Discover [MAC=client-
MAC] Access Req [client-MAC]
Out of band EAP authentication
Cisco Public © 2012 Cisco and/or its affiliates. All rights reserved. 12
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Cisco-AVPair = [email protected] Cisco-AVPair = mn-service=IPv4 Cisco-AVPair = home-lma-ipv6-address=2001:db8:cafe:1024::101 Cisco-AVPair = home-lma-ipv4-address=5.8.24.101 Cisco-AVPair = home-lma=lma1 Cisco-AVPair = mn-apn=serviceprovider.com Cisco-AVPair = cisco-mpc-protocol-interface=pmipv6
3G mobile user RADIUS profile
GTP based
4G mobile user RADIUS profile PMIPv6 based
Cisco-AVPair = [email protected] Cisco-AVPair = mn-service=IPv4 Cisco-AVPair = cisco-service-selection=service1.com Cisco-AVPair = cisco-msisdn=919448927815 Cisco-AVPair = cisco-imsi = 262020000000642 Cisco-AVPair = mn-apn=serviceprovider.com Cisco-AVPair = cisco-mpc-protocol-interface=gtpv1
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
interface GigabitEthernet0/1/0.3074 description “4G Mobile users access interface” encapsulation dot1Q 3074 ip address 5.8.22.15 255.255.255.0 ipv6 address FE80::200:5EFF:FE00:5213 link-local service-policy type control PMIP_PROFILE ip subscriber l2-connected initiator dhcp
interface GigabitEthernet0/3/6.1 description “”3G Mobile users access interface” encapsulation dot1Q 1 native ip address 192.168.10.1 255.255.255.0 ipv6 address FE80::300:5EFF:FE00:5213 link-local service-policy type control GTP_PROFILE ip subscriber l2-connected initiator dhcp
Access interface definition for 4G
user
Access interface definition for 3G
user
Integration to ISG
mcsa enable sessionmgr
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
! ipv6 mobile pmipv6-domain D1 mn-profile-load-aaa lma lma1 ipv6-address 2001:DB8:CAFE:1024::101 ! ipv6 mobile pmipv6-mag M1 domain D1 role 3GPP address ipv6 2001:DB8:CAFE:1025::15 interface GigabitEthernet0/1/0.3074 !
PMIPv6 domain
definition
PMIPv6 MAG
definition
iWAG access
interface(s)
PMIPv6 LMA to which iWAG as
MAG sends traffic to
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
policy-map type control PMIP_PROFILE class type control always event session-start 5 service-policy type service name INTERNET_SERVICE 30 authorize aaa list ISG_LIST password cisco identifier mac-address ! ! policy-map type control GTP_PROFILE class type control always event session-start 5 service-policy type service name INTERNET_SERVICE 30 authorize aaa list ISG_LIST password cisco identifier mac-address
aaa authorization network ISG_LIST group iWAG-MOBILE-USERS!
AAA definition for iWAG to know where to get
authorization from
Policy-map to control
autorization of 4G user going to
PMIPv6 tunnel
Policy-map to control
autorization of 3G user going to GTP
tunnel
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
gtp n3-request 3 interval t3-response 10 interval echo-request 60 information-element rat-type wlan interface local GigabitEthernet0/3/0 apn 1 apn-name cisco1.com ip address ggsn 192.170.10.2 default-gw 192.168.10.1 prefix-len 16 dns-server 192.165.1.1 dhcp-server 192.168.10.1 dhcp-lease 30000
GTP definition
RAT: Radio Access Technology
iWAG access
interface(s)
Details for iWAG to reach the
GGSN
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Command Remarks mcsa enable sessionmgr Enable subsciber session manager on iWAG
ip dhcp pool pmipv6_dummy_pool Enable DHCP on the MAG ipv6 mobile pmipv6-domain <Domain_Name D1> Create the PMIPv6 domain e.g. D1.
mn-profile-load-aaa Loads the profile configuration from AAA to the MN within the PMIPv6 domain
lma lma1 ipv6-address 2001:DB8:CAFE:1024::101 ipv4-address 5.8.24.101
Configure LMA name and address
ipv6 mobile pmipv6-mag <MAG M1> domain D1 Enable the MAG service on a router, for the above configured PMIPv6 domain e.g. MAG M1
sessionmgr Enable subscriber session manager under MAG
address ipv4 5.8.25.15 address ipv6 2001:DB8:CAFE:1025::15
Configure IPv4 (required only when transport is IPv4 only)& IPv6 address acting as the MAG. LMA would keep track of MAG using this IP address.
interface GigabitEthernet0/0/0.3074 Enable MAG services on the access interface towards the MN/WLAN
For Your Reference
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Platform RP/Memory ESP
ASR1001 16GB integrated
ASR1002-X 16GB integrated
ASR1004 RP2 16GB ESP40
ASR1006/13 RP2 16GB ESP40/100
Existing broadband licenses support iWAG http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_c07-448862.html
IOS XE 3.8S Releasing in mid Nov’2012
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
SP Wi-Fi becomes an access solution to the MPC
iWAG enables Wi-Fi integration into 3G via GTP
iWAG enables Wi-Fi integration into 4G via PMIPv6
iWAG provides service providers with new revenue-sharing business models
Enables SP to use common subscriber Billing and Policy [Gx, Gy, Gi] across 3G,4G and Wi-Fi network
Enable residential Wi-Fi with EoGRE tunneling solution
Building block of an integrated solution providing: Seamless experience to customers (clientless) Support for evolution of mobile operator services
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Interface Components Standard RADIUS AAA Server/ Policy
Server and NAS RFC 2865
RADIUS Change of Authorization
Portal Server and NAS
RFC 3576, RFC 5176
Proxy Mobile IPv6 MAG and LMA RFC 5213, RFC 5844, RFC 5845, RFC 5846, RFC 6543
PMIPv6 http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_13-3/133_pmipv6.html RADIUS Interface Document http://www.cisco.com/en/US/docs/ios/ios_xe/isg/coa/guide/3s/isg-coa.html
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
ISG: Cisco ASR 1000 http://www.cisco.com/en/US/docs/ios-xml/ios/isg/configuration/xe-3s/isg-xe-3s-book.html
MAG : Cisco ASR 1000
http://www.cisco.com/en/US/docs/ios-xml/ios/mob_pmipv6/configuration/xe-3s/asr1000/mob-pmipv6-xe-3s-asr1000-book.html
MAG: Cisco ISR http://www.cisco.com/en/US/docs/ios-xml/ios/mob_pmipv6/configuration/15-2mt/imo-pmipv6-mag-support.html
MAG: Cisco WLC http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bd4100.shtml
PMIPv6 CEC Page: http://wwwin.cisco.com/ios/tech/mobile/proxyipv6/
ISG CEC Page: http://wwwin.cisco.com/ios/tech/broadband/isg/
Whitepapers on SP Wi-Fi http://www.cisco.com/go/spwifi
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
SP Wi-Fi NOSTG Product manager Amrit Hanspal – [email protected]
SP Wi-Fi ASR1000 Product manager Greg Cote – [email protected]
SP Wi-Fi Technical Marketing Engineers Akshaya Kumar – [email protected] Boris Mimeur – [email protected] Prashant Jhingran – [email protected]
Or simply write to us: [email protected]
Thank you.
Top Related