Professional Documents
Culture Documents
www.netmanias.com www.nmcgroups.com
Chris Yoo
+82-2-3444-5747, +82-10-3229-1852
cmyoo@netmanias.com
www.netmanias.com
www.nmcgroups.com
Table of Contents
LTE Overview
Network Reference Model
Authentication and Security
EPS Bearer
QoS
Handover
Wi-Fi Overview
Network Architecture
Handover
Comparison (LTE vs. Wi-Fi)
Tunneling Technology for Mobile Network
LTE and Wi-Fi Interworking
Network Reference Model
Authentication and Security
IP Allocation
Traffic Selector
Status of KT, SKT & LG U+ and UE Requirements
3 User Plane
Ciphering IMSI Assignment IMSI Format
Subscriber gets UE and USIM IMSI is provisioned in HSS and
IMSI, LTE K card which includes IMSI SPR when user subscriptioin PLMN
MCC MNC MSIN
EPS Bearer
HSS SPR
Logical transport channel between UE and the PDN for
transporting UE IP traffic
EPS Bearer =
MME PCRF
Data Radio Bearer (between UE and eNB) +
S1 Bearer (GTP tunnel between eNB and S-GW) +
S5 Bearer (GTP tunnel between S-GW and P-GW)
UE eNB S-GW P-GW
eNB can distinguish UE by DRB ID in EPS bearer
S-GW can distinguish UE by Tunnel Endpoint ID (TEID)
ECM Connection P-GW can distinguish UE by TEID or UE IP address
Control
Plane At least one EPS bearer per UE, and it may also have
RRC Connection S1 Signaling Connection S11 GTP-C S5 GTP-C
multiple EPS bears per UE in order to provide QoS
differentiation (ex. Internet bearer and VoLTE bearer)
User Data Radio Bearer S1 Bearer S5 Bearer
Plane EPS Bearer Two Types of EPS Bearer
Default EPS Bearer
Dedicated EPS Bearer
DL TFT
DRB ID S1 TEID S1 TEID S5 TEID S5 TEID
(DL) (DL) (DL) (DL) (DL)
IP Payload IP UDP GTP-U IP Payload IP UDP GTP-U IP Payload (*,Dst IP=UE,*,*,*) IP Payload
Application
S5 TEID DL TFT
DRB ID (DL) S1 TEID (DL) S5 TEID (DL)
SIP=www.google.com SIP=S-GW SIP=P-GW SIP=www.go
DIP=UE DIP=eNB DIP=S-GW ogle.com
DIP=UE
UL TFT DRB ID
UL TFT
QCI: QoS Class Identifier GBR: Guaranteed Bit Rate APN-AMBR: Access Point Name-Aggregate Maximum Bit Rate
ARP: Allocation and Retention Priority MBR: Maximum Bit Rate UE-AMBR: User Equipment-Aggregate Maximum Bit Rate
Common QoS Parameter (Resource Type, QCI, ARP) QoS Parameter for GBR Bearer
Resource Type ARP GBR (UL/DL)
GBR (Guaranteed Bit Rate): A certain amount of Priority for the allocation and retention of bearers, Guaranteed (Reserved) bandwidth (bps) for GBR
bandwidth is reserved for this bearer defined by 0 ~ 15 bearer
Non-GBR: It does not have a fixed (reserved) bandwidth Bearers with high ARP are assigned low ARP value,
allocated for this bearer (Best Effort) and vice versa (ex. VoIP emergency call service MBR (UL/DL)
has low ARP value)
In resource limitation situation, LTE network use Maximum allowed bandwidth (bps) for GBR bearer
QCI the ARP to prioritize establishment and Any traffic in excess of the MBR may be discarded
modification of bearers with a high ARP over
The class-based QoS concept (such as IP DSCP) where
each EPS bearer is assigned a QCI (1 ~ 9)
bears with a low ARP QoS Parameter for Non-GBR Bearer
It also uses ARP to decide which existed bearers
It defines packet forwarding treatment APN-AMBR (UL/DL)
to drop in case of resource limitation
QoS characteristics which defines below parameters:
Maximum allowed bandwidth (bps) for all non-GBR
- Resource Type (GBR or Non-GBR)
bearers associated with a specific APN
- Packet Delay Budget (30ms ~ 300ms)
- Packet Error Loss Rate (10-2 ~ 10-6)
UE-AMBR (UL/DL)
Maximum allowed bandwidth (bps) for all non-GBR
bearers of a UE
Copyright 2002-2012 NMC Consulting Group. All rights reserved. 6
Netmanias Technical Document: Network Architecture for LTE and Wi-Fi Interworking
Handover Decision
Handover decision is performed by serving eNB (In case of Wi-Fi, UE(STA)
S-GW MME S-GW S-GW MME S-GW performs handover decision)
Handover Decision Process
1. UE sends Measurement Report message to serving eNB periodically (or
event triggered)
Source Target Source Target
2. Measurement Report message includes
Radio signal strength from serving cell to UE
eNB
eNB eNB
eNB eNB
eNB eNB
eNB eNB
eNB eNB
eNB eNB
eNB eNB
eNB Radio signal strength from neighbor cells to UE
3. Serving ENB decides handover based on information of Measurement
Report message
moving moving
UE
UE UE
UE UE
UE UE
UE
Type of Handover
Intra E-UTRAN: eNB relocated, without changing MME and S-GW
Inter E-UTRAN, S-GW and MME Handover
Inter E-UTRAN and MME: eNB and MME relocated, without changing S-GW
Inter E-UTRAN and S-GW: eNB and S-GW relocated, without changing MME
P-GW P-GW Inter E-UTRAN and MME and S-GW: eNB, S-GW and MME relocated
Inter RAT (E-UTRAN and GERAN/UTRAN): Handover between 3G and LTE
RNC
Source Target Source Target
eNB
eNB eNB
eNB eNB
eNB eNB
eNB eNB
eNB eNB
eNB NodeB NodeB
moving moving
UE
UE UE
UE UE
UE UE
UE
WLAN/Wi-Fi Standard
AP
STA Wi-Fi AAA IEEE (WLAN): http://www.ieee802.org/11
IEEE 802.11 standards define MAC and PHY layer
802.11i/WPA2: EAP based Authentication Wireless LAN (WLAN) term is used by IEEE 802.11
& CCMP based Security
802.1x: RADIUS* based Authentication Wi-Fi Alliance (Wi-Fi): http://www.wi-fi.org
Authentication 802.11i/WPA: EAP based Authentication * RADIUS is IETF RFC standards (RFC
& Security & TKIP based Security Several AP vendors came together to form a global non-profit
3580, RFC 4675, RFC 4898, )
802.1x: EAP based Authentication organization with the goal of driving adoption of high-speed wireless
& WEP based Security local area networking
Wi-Fi term is used by Wi-Fi Alliance
AAA AAA
IP Network IP Network
IPinIP Tunnel
APC 1 APC 2 APC 1 APC 2
IP Network IP Network
AP AP AP AP AP AP AP AP
AP 1 AP 2 AP 3 AP 4 AP 1 AP 2 AP 3 AP 4
Traffic Flow: Before Inter-AP Handover Traffic Flow: Before Inter-APC Handover
Traffic Flow: After Inter-AP Handover Traffic Flow: After Inter-APC Handover
Comparison
LTE Wi-Fi
Standard 3GPP IEEE 802.11/Wi-Fi Alliance
UE
Standard Entity LTE (E-UTRAN): eNB STA, AP, AP Controller(optional), AAA
EPC (SAE): S-GW, P-GW, MME, HSS, PCRF, SPR, OCS, OFCS
EAP based Authentication (Standard)
EAP-AKA/SIM
EAP-TLS
EAP-TTLS, etc
User Authentication EPS-AKA
Web based Authentication (WBA)
ID/PW
MAC based Authentication (Non Standard)
STA MAC
EAP based Authentication
Encryption/Integrity Protected
Security for User Data Encryption
Web/MAC based Authentication
None
QoS Support Supported Supported (WMM), but not guaranteed
Supported, but vendor specific methods
Handover (User Mobility) Support Supported AP Controller required
Packet Loss during handover
Tunneling Protocol GTP Vendor Specific
Frequency Interference None Big issue (ISM band)
KT: 1.8GHz
Frequency Band SKT: 800MHz, 1.8GHz 2.4GHz/5GHz
LG U+: 800MHz, 2.1GHz
LTE and Wi-Fi Interworking: (1) Network Reference Model Related Blogs
Internet
Mobile Data Offloading
Data offloading is the use of complementary network technologies for
delivering data originally targeted for cellular networks. The main
Diameter complementary network technologies used for the mobile data
(SWx)
HSS offloading are Wi-Fi, Femtocell
Lets use cheaper Wi-Fi access instead of expensive cellular (LTE)
network!
Diameter
Diameter
PCRF P-GW
3GPP Trust & Untrust Access Network
Diameter
(S6b)
Simply put, this is really an indicator on if the 3GPP operator trust the
MME AAA security of the non-3GPP access network
If non-3GPP access network supports trust security level from the
GTP-U PMIPv6 (S2b)
GTP Tunnel GRE Tunnel
3GPP core (EPC) viewpoint, it is interworked with S2a interface,
otherwise S2b interface is used
Diameter - Example of Trust network: WiMAX
GTP-C (SWm)
S-GW ePDG - Example of Untrust network: WLAN(Wi-Fi) in a public caf
Diameter
(SWa)
S1-AP
GTP Tunnel IPSec Tunnel HSS
GTP-U IKEv2 SWx
EPC (SWu) DHCP
S6a PCRF
Gxc Rx
DHCP Gx
Operator's IP
AP SGi Services
3GPP Serving PDN (e.g. IMS, PSS
eNB AP/APC
E-UTRAN Wi-Fi Access Gateway
S5
Gateway etc.)
Non-3GPP Gxa
UE Handover UE
Networks
Trusted
SWu Untrusted
Non-3GPP IP Non-3GPP IP
Access Access SWa
STa
EPS Entity EPS Entity for Wi-Fi Entity Dual-Radio UE UE Traffic Path
UE
Wi-Fi Interworking
3GPP TS 23.402 Figure 4.2.2-1: Non-Roaming Architecture within EPS using S5, S2a, S2b
LTE and Wi-Fi Interworking: (2) Authentication and Security Related Blogs
Internet
HSS delivers AVs to
MME & 3GPP AAA
HSS
AVs AVs
RAND, AUTN, P-GW RAND, AUTN, XRES
XRES MME authenticates UE 3GPP AAA authenticates UE 3GPP
by verifying if RES = XRES by verifying if RES = XRES
MME
AAA
ePDG authenticates UE
EPS-AKA S-GW by verifying AUTH ePDG EAP-AKA over IKEv2
AUTN, AUTN, RES AUTN, AUTN, RES
1 2
IKEv2
AUTH
User Authentication for LTE access 1
AP
Authentication Protocol: EPS-AKA (USIM based)
eNB AP/APC
Mutual authentication between UE and MME
LTE and Wi-Fi Interworking: (2) Authentication and Security (cont) Related Blogs
S-GW ePDG
DHCP
AP
IP Allocation by DHCP
For ePDG Connection
2
eNB AP/APC
via Wi-Fi Nework
UE IP(WLAN UEs Local
IP) = 10.1.1.1
LTE Wi-Fi LTE Wi-Fi
LTE Wi-Fi
Wi-Fi Access Network
UE ePDG P-GW
IPSec Tunnel GRE Tunnel
Internet
S-GW ePDG
Traffic Selector
TS (Traffic Selector) 1 Traffic Selector can be used to distinguish between WLAN 3GPP IP Access
TSi = SIP, Protocol, SP 2 and WLAN Direct IP Access
UE gets Traffic Selector from the ePDG during the IKEv2 procedure
TSr = DIP, Protocol, DP
Traffic Selector consists of TSi and TSr:
TSi + TSr = 5-tuple
AP - TSi = Source IP Address(SIP) range,
eNB AP/APC Protocol range,
Source Port Number(SP) range
WLAN 3GPP IP Access WLAN Direct IP Access - TSr = Destination IP Address(DIP) range, Server Identification
Protocol range (same as TSi, TCP or UDP
LTE Wi-Fi LTE Wi-Fi
SIP = Source IP (IP header)
Destination Port Number(DP) range Service Identification
Handover DIP = Destination IP (IP header) Tsi + TSr = 5-tuple
UE UE SP = Source Port # (TCP/UDP header) Based on 5-tuple, UE (IPSec driver) can determine whether application
DP = Destination Port # (TCP/UDP header) traffic (IP flow) is served by WLAN 3GPP IP Access or WLAN Direct IP Access
LTE and Wi-Fi Interworking: (4) Traffic Selector (cont) Related Blogs
UE
App YouTube ollehTV
DIP=YouTube DIP=20.20.1.1(ollehTV)
Protocol=TCP Protocol=6(TCP) Traffic Selector
DP=80 2 5 DP=80(HTTP) Source IP Destination IP Protocol Source Port # Destination Port #
0.0.0.0 ~ 255.255.255.255 20.20.1.1 6 (TCP) 0 ~ 65535 80 (HTTP)
TCP/IP
Traffic Selector 1
no match match
6 Payload IP IPSec IP
7 4
SIP=UE(1.1.1.1) SIP=UE(10.1.1.1)
DIP=20.20.1.1 DIP=ePDG
a b c
3 Payload IP d
SIP=UE(10.1.1.1) IP Network
DIP=YouTube WLAN 3GPP IP Access
WLAN Direct IP Access
10.1.1.1
WLAN UEs Local IP Address
a b Payload IP c
Allocated by AP/DHCP Server in Wi-Fi Network Payload IP IPSec IP GRE IP Payload IP
IPSec Tunnel Outer Source IP in case of WLAN 3GPP
IP Access SIP=UE(1.1.1.1) SIP=UE(10.1.1.1) SIP=UE(1.1.1.1) SIP=ePDG SIP=UE(1.1.1.1)
Source IP in case of WLAN Direct IP Access DIP=20.20.1.1 DIP=ePDG DIP=20.20.1.1 DIP=P-GW DIP=20.20.1.1
1.1.1.1 d Payload IP
WLAN UEs Remote IP Address
Allocated by P-GW
IPSec Tunnel Inner Source IP in case of WLAN 3GPP SIP=UE(10.1.1.1)
IP Access DIP=YouTube
S-GW ePDG