Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Steel-Belted Radius Carrier: 3G-to-Wi-Fi Offload Solution Using the SBR MAP Gateway with EAP-SIM or EAP-AKA

This example explains the SIGTRAN Man Machine Language (MML) configurations to support the 3G-to-Wi-Fi offload solution using the SBR MAP Gateway with EAP-SIM or EAP- AKA.

Requirements

This example uses the following hardware and software components:

  • Standalone SBR Carrier server
  • Ulticom Signalware
  • SBR software licenses:
    • SBR-CAR-AAA—Base server license
    • SBR-CAR-SIM—SIM authentication module
    • SBR-HLR-SIG—SBR Carrier HLR Gateway - SIGTRAN stack (includes two SIGTRAN associations)
  • A client with EAP-SIM or EAP-AKA enabled with an HLR
  • 802.1X-capable Wi-Fi infrastructure (applicable to Wi-Fi networks only)

Overview

With the increase in the number of smartphones and other mobile devices in the 3G network, the mobile data traffic volume increases. This can result in network congestion. The 3G-to-Wi-Fi offload solution helps to alleviate the network congestion in a 3G network by offloading the mobile data traffic to a Wi-Fi hotspot. The policy to offload the mobile data traffic to a Wi-Fi hotspot can be configured by the end user or the network operator.

For example, when a smartphone user in a 3G network enters a Wi-Fi hotspot, the user is authenticated by SBR using the IMSI with credentials provided by the HLR. In this example, upon authentication, the user is authorized to access the Wi-Fi hotspot using encryption keys generated by EAP SIM or EAP AKA authentication.

Topology

The following topology (Figure 18) shows the components of a typical Wi-Fi infrastructure:

Figure 18: Wi-Fi Infrastructure Topology

Wi-Fi Infrastructure Topology

Note: The configurations described in this document are based on the information gathered prior to deployment.

You can use the following tables as a template to gather information from the customer prior to deployment:

Table 212: SIGTRAN IP Address Details

Component

IP Address

Subnet Mask

Gateway

SBR Carrier MAP Gateway

10.20.0.2

255.255.255.248

SBR Carrier MAP Gateway

10.21.0.2

255.255.255.248

Table 213: SIGTRAN Connectivity Details

SIGTRAN Parameters

Local IP Address

STP IP Address (active)

STP IP Address (standby)

SCTP Port (local)

SCTP Port (remote)

Routing Context

Network Appearance - NA=0

OPC SSN

DPC SSN

Originating PC (dec)

Destination PC (dec)

SBR Carrier MAP Gateway

10.20.0.2

10.20.0.1

2051

2051

002-040-103

002-010-000

7

6

SBR Carrier MAP Gateway

10.21.0.2

10.21.0.1

2051

2051

002-040-103

002-011-000

7

6

Table 214: Global Title (GT) Details

Component

GT Address

SBR Carrier MAP Gateway

11235551212

STP

Table 215: Numbering Plan (NP)

Mode

NP

Transmit (SBR >>> STP)

E.164 (7)

Receive (STP >>> SBR)

E.164 (7)

Configuration

To configure the communication pathways, you must:

Install Signalware

Step-by-Step Procedure

To install and configure Signalware on a Steel-Belted Radius Carrier server, see the Steel-Belted Radius Carrier Installation Guide.

Create Links, Link Sets, and Route Sets

Step-by-Step Procedure

The following configuration is used to create links, link sets, and route sets:

  1. Define the SBR’s Own Signaling Point Code (OSPC). In this example, NI (Network Indicator) of NATO—National Network 0 is used.
    CREATE-OSPC:PC=002-040-103,NI=NAT0;
  2. Set up the M3UA link sets (LSET1 and LSET2) and use IP Signaling Point to IP Signaling Point configuration (IPSP-IPSP). See Figure 18 for addresses and point codes.
    CREATE-M3UA-LSET:LSET=LSET1,TYPE=IPSP-IPSP,RADDR=10.20.0.1,PC=002-010-000;
    CREATE-M3UA-LSET:LSET=LSET2,TYPE=IPSP-IPSP,RADDR=10.21.0.1.,PC=002-011-000;
  3. After the M3UA link sets are defined, signaling links are created using the link sets defined in Step 2. In this example, the default port 2051 is used.
    CREATE-M3UA-SLK:SLK=QFE20,LSET=LSET1,LADDR=10.20.0.2,RADDR=10.20.0.1,
    MODE=CONNECT,LPORT=2051,RPORT=2051;
    CREATE-M3UA-SLK:SLK=QFE21,LSET=LSET2,LADDR=10.21.0.2,RADDR=10.21.0.1,
    MODE=CONNECT,LPORT=2051,RPORT=2051;
  4. Activate the signaling links using the following command:
    ACTIVATE-M3UA-SLK:SLK=QFE20;
    ACTIVATE-M3UA-SLK:SLK=QFE21;
  5. Define the route set (a route set is simply a collection of routes). You must also specifically allow routes to be used.
    CREATE-RSET:RSET=STP1,PC=002-010-000,RTES=LSET1;
    CREATE-RSET:RSET=STP2,PC=002-011-000,RTES=LSET2;
    ALLOW-RSET:RSET=STP1;
    ALLOW-RSET:RSET=STP2;

Configure authGateway and GWrelay Applications for HLR Communication

Step-by-Step Procedure

The authGateway application manages all communication between SBR Carrier and the HLR. The authGateway application also implements the Mobile Application Port (MAP) protocol and MAP messages that are sent through the Signalware protocol stack and out to the HLR and back. Multiple authGateway instances can be used to process multiple requests for authentication and authorization information simultaneously. The GWrelay application is used to pass authentication requests between SBR Carrier and the authGateway instances in a round-robin method. The GWrelay application establishes an SCTP connection with each authGateway instance through unique source and destination ports.

Configuration of authGateway and GWrelay applications requires you to complete the activities described in the following sections:

Configure the authGateway Routing Location Information

Step-by-Step Procedure

This section describes how to configure the local routing and the remote routing options.

  • For local routing, identify one or more concerned point codes (CPCs) and the local application gateway.
  • For remote routing, identify one or more point codes of the HLR and the remote application.

The following actions take place in this configuration example for local and remote routing:

  1. authGateway is assigned a subsystem number (SSN) of 7 on the local host and the concerned point code on the HLR is identified as 002-010-000. The subsystem number (application) on the remote host is identified as 6.
    CREATE-CPC:PC=002-010-000,SSN=7;
    CREATE-REMSSN:PC=002-010-000,SSN=6;
  2. authGateway is assigned a subsystem number (SSN) of 7 on the local host and the concerned point code on the HLR is identified as 002-011-000. The subsystem number (application) on the remote host is identified as 6.
    CREATE-CPC:PC=002-011-000,SSN=7;
    CREATE-REMSSN:PC=002-011-000,SSN=6;
  3. Create one or more Global Title translations for the remote HLR (if GT routing is used).

    The following commands set up the Global Title routing for both directions (outbound and inbound). Outbound GT routing using any IMSI starting with 123 uses PC 002-010-000. Inbound routing uses the GT of 11235551212 routing to the SBR point code.

    CREATE-GT:TT=10,NP=ISDN-TEL,DIG="11235551212",PC=002-040-103,SSN=7,RI=GT;
    CREATE-GT:TT=9,NP=ISDN-TEL,DIG="123",PC=002-010-000,SSN=6,RI=GT;

Configure the authGateway.conf File

Step-by-Step Procedure

The authGateway.conf file specifies remote routing and authorization options for the authGateway application.

  • Remote routing options control how the remote HLR is addressed based on the incoming IMSI.
  • Authorization options control whether or not a subscriber requesting an account is authorized for WLAN access, and which Steel-Belted Radius Carrier profile or native user is used.

For more information about configuring the authGateway.conf file for remote routing and authorization options, see the Steel-Belted Radius Carrier Installation Guide.

Configure the authGateway Startup Information

Step-by-Step Procedure

The CREATE-PROCESS and START-PROCESS commands start the authGateway process (by calling the authGatway.conf file), using options that you specify. For more information about the syntax and usage of the commands, see the Steel-Belted Radius Carrier Installation Guide.

Use the following configuration example to create and start three authGateway instances:

CREATE-PROCESS:NAME="GMT", CE="sbr-blr-vm5", 
EXEC="/opt/JNPRsbr/radius/authGateway -debug 0xff -trace -name GMT -port 2003 -host sbr-blr-vm5 
-node SBRLX -prot C7 -conf /opt/JNPRsbr/radius/conf/authGateway.conf -lri 1 
-lpc 12501 -lssn 252 -rssn 101 -appctx 3";
debug 0xff -trace -tracefile /opt/signalw/radius/authGateway.out

START-PROCESS:NAME="GMT",CE="sbr-blr-vm5";

CREATE-PROCESS:NAME="GMT1", CE="sbr-blr-vm5", 
EXEC="/opt/JNPRsbr/radius/authGateway -debug 0xff -trace -name GMT1 -port 2005 -host sbr-blr-vm5 
-node SBRLX -prot C7 -conf /opt/JNPRsbr/radius/conf/authGateway.conf -lri 1 
-lpc 12501 -lssn 252 -rssn 101 -appctx 3";
debug 0xff -trace -tracefile /opt/signalw/radius/authGateway1.out

START-PROCESS:NAME="GMT1",CE="sbr-blr-vm5";

CREATE-PROCESS:NAME="GMT2", CE="sbr-blr-vm5", 
EXEC="/opt/JNPRsbr/radius/authGateway -debug 0xff -trace -name GMT2 -port 2007 -host sbr-blr-vm5 
-node SBRLX -prot C7 -conf /opt/JNPRsbr/radius/conf/authGateway.conf -lri 1 
-lpc 12501 -lssn 252 -rssn 101 -appctx 3";
debug 0xff -trace -tracefile /opt/signalw/radius/authGateway2.out

START-PROCESS:NAME="GMT2",CE="sbr-blr-vm5";

Configure the GWrelay.conf File

Step-by-Step Procedure

The GWrelay application is used to pass authentication requests between SBR Carrier and the authGateway instances in a round-robin method. The GWrelay.conf file is used to define the source and destination ports through which an SCTP connection is established between the GWrelay application and the authGateway instance.

You can modify the LOCAL_HOST, REMOTE_HOST, and RELAY_SERVER lines in the GWrelay.conf file to define DNS names and port numbers. When you specify a DNS name for a local or remote host, you can enter the host’s IP address in brackets as a backup. We recommend that you make hostname and IP address entries in the /etc/hosts file because it is more reliable than DNS.

The following example explains how to define source and destination ports for three authGateway instances:

LOCAL_HOST sbr-blr-vm5:2002
REMOTE_HOST sbr-blr-vm5:2003 [10.20.0.2]

LOCAL_HOST sbr-blr-vm5:2004
REMOTE_HOST sbr-blr-vm5:2005 [10.20.0.2]

LOCAL_HOST sbr-blr-vm5:2006
REMOTE_HOST sbr-blr-vm5:2007 [10.20.0.2]

RELAY_SERVER sbr-blr-vm5:2000

Note: The specified host-name and port parameters in the REMOTE_HOST line must match the -host and -port options in the MML CREATE-PROCESS statement, respectively.

For more information, see the Steel-Belted Radius Carrier Installation Guide.

Start the GWrelay Process

Step-by-Step Procedure

You can use the sbrd script to start and stop the GWrelay process. All sbrd commands can be executed only by the root user. To start the GWrelay process, execute ./sbrd start GWrelay. To stop the GWrelay process, execute ./sbrd stop GWrelay. To restart the GWrelay process, execute ./sbrd restart GWrelay.

Configure the ulcmmg.conf File

Step-by-Step Procedure

The ulcmmg.conf file establishes the connection between the GWrelay application and SBR Carrier.

The ulcmmg.conf file shipped with SBR Carrier can be modified so that hostnames of LOCAL_HOST and REMOTE_HOST are same. If you specify a DNS name for a local or remote host, you can enter the host’s IP address in brackets as a backup. Making an entry in the /etc/hosts file is recommended because it is more reliable than DNS.

The following is an example of the LOCAL_HOST and REMOTE_HOST values in the ulcmmg.conf file:

LOCAL_HOST myhost.com:2001
REMOTE_HOST myhost.com:2000 [10.20.0.2]

For more information, see the Steel-Belted Radius Carrier Installation Guide.

Modified: 2018-01-11