3GPP WLAN Interworking
This section provides a high-level overview of the 3GPP WLAN environment and the access services enabled by the IMS AAA Server.
Overview of 3GPP WLAN Environment
Figure 6 shows a simplified 3GPP WLAN network.
A RADIUS or Diameter-based 3GPP WLAN interworking environment typically involves four components:
- WLAN User Equipment (WLAN UE) is equipment used by the subscriber to access the WLAN and initiate a network connection. The WLAN UE uses a SIM or USIM (UMTS Subscriber Identity Module) containing the authentication keys for the mobile subscriber.
- A WLAN Access Network (WLAN AN) recognizes and processes 3GPP WLAN connection requests for the 3GPP network. It provides the wireless IP connectivity to the WLAN UE to be authenticated and authorized by the 3GPP AAA server in the 3GPP network. The WLAN AN is a client from the perspective of the 3GPP AAA Server. When the WLAN AN receives a WLAN UE connection request, it may perform an initial access negotiation with the WLAN UE to obtain identity information and then pass this information to the 3GPP AAA server as part of an authentication/authorization request. The WLAN AN may be RADIUS or Diameter-based.
- The 3GPP AAA Server matches data from the authentication/authorization request with information in a trusted database. For 3GPP networks, this database is called a Home Subscriber Server (HSS). If a match is found, and the subscriber's credentials are correct, the 3GPP AAA server responds with an answer message to the WLAN AN, indicating it accepts the request; if a match is not found or a problem is found with the subscriber's credentials, the 3GPP AAA server returns a rejection message. The WLAN AN then establishes or terminates the WLAN UE connection. The WLAN AN may then forward accounting information to the 3GPP AAA server to document the transaction; the 3GPP AAA server may store or forward this information as needed to support billing for the services provided. The 3GPP AAA server must be able to translate between RADIUS and Diameter (and vice versa), to support connection requests from legacy RADIUS WLAN ANs to the 3GPP network which uses the Diameter protocol.
- A Home Subscriber Server (HSS) database stores the information against which authentication and authorization requests are compared. The HSS is a Diameter function located within the 3GPP subscriber's home network. It contains the primary subscriber and authentication database required to authenticate access requests to the 3GPP network.
Overview of 3GPP WLAN Access Services Supported by IMS AAA Server
Per the 3GPP TS 23.234 specification, the IMS AAA Server implements the following 3GPP WLAN access services:
WLAN Direct IP Access
The WLAN Direct IP Access service allows authorized subscribers to access local IP networks such as the Internet or Intranet directly from the WLAN AN. The IMS AAA Server performs authentication of subscriber requests from RADIUS and Diameter WLAN ANs, using either the EAP-SIM (Extensible Authentication Protocol-Subscriber Identity Module) or EAP-AKA (Extensible Authentication Protocol-Authentication and Key Agreement) protocol. The SIM-authentication is performed against the subscriber information in the HSS. Authentication is initiated directly from the WLAN AN. After successful authentication, authorization is performed, resulting in the return of policy information to the WLAN AN to provision the session. Subscriber access is provided only to the local IP network such as the Internet or Intranet directly from the WLAN AN, and not to any Packet Switched (PS) services in the IMS service plane.
WLAN 3GPP IP Access
The WLAN 3GPP IP Access service allows authorized subscribers to access Packet Switched (PS) services in the 3GPP IMS service plane through a secure tunnel. Since WLAN hotspots are generally not considered secure, the WLAN 3GPP IP Access service specifies how a secure Virtual Private Network (VPN) tunnel can be established between the WLAN UE and a VPN gateway residing in the 3GPP network. In 3GPP specifications, the VPN gateway is known as the Packet Data Gateway (PDG). IP traffic is tunneled to the 3GPP IMS network via a WLAN Access Gateway (WAG) and the PDG. The WAG acts as a dynamically configured firewall, while the PDG is a tunneling end-point. Multiple tunnels can be authorized for previously authenticated subscribers allowing access to any number of services simultaneously.
A PDG requests authorization separately from the authentication request. For example, the WLAN UE might initiate a tunnel towards the PDG, which results in an authentication and tunnel establishment. If the same WLAN UE requests an additional tunnel in the same session, authentication need not be performed. Instead, the additional tunnel will be granted without full authentication being required. The PDG can request authorization of W-APNs in subsequent authorization requests.
Roaming Scenarios
All possible roaming scenarios that place IMS AAA Server in a visited network are supported. In addition, the IMS AAA Server Administrator allows you to configure which roaming scenarios are permitted for a particular subscriber.
Unlicensed Mobile Access (UMA)
Unlicensed Mobile Access or UMA, is one method of providing Fixed Mobile Convergence services. UMA enables GSM/GPRS handsets equipped with Wi-Fi or Bluetooth to access the GSM and GPRS (General Packet Radio Service) core mobile networks through unlicensed public and private wireless networks, including Bluetooth and 802.11 WLANs. Using the UMA technology, subscribers can access such services as picture messaging and video calling through WLAN in the home, office or hotspots. Figure 7 shows a simplified illustration of UMA.
With UMA, subscribers can move between cellular networks and WLANs with seamless voice and data session continuity as transparently as they move between cells within the cellular network. Mobile operators deploying UMA can offer enhanced service plans that expand their portfolio from traditional mobile services to capture fixed-line service revenues.
In standard cellular operation, a mobile handset communicates over the air with a base station, through a base station controller, to the core mobile network. When a subscriber with a UMA-enabled phone moves inside a WLAN network, the phone automatically switches to a VoIP (Voice over IP) call. With UMA, a dual-mode handset, capable of cellular and Wi-Fi or Bluetooth communication, detects the presence of the WLAN and switches to IP mode in order to access the WLAN. Then a secure IP connection is established to a UMA controller in the core mobile network. The UMA Controller translates the signals coming from the dual-mode handset so they appear to be coming from another base station. Thus, when the mobile phone moves from a GSM network to a Wi-Fi network, it appears to the core network as if it is simply on a different base station.
When a subscriber is traveling, normal cellular operation is used. When in an environment where a WLAN is accessible, communication switches automatically to the WLAN, significantly reducing the use of base station access and the need for expensive base stations to be deployed. By using a single, dual-mode device, the subscribers mobile experience is simplified by having a single phone number at home and on the go.
Femtocell
Another technology enabling Fixed Mobile Convergence is Femtocell. The Femtocell technology extends cellular service into residential and small business environments where cellular access is often limited. Figure 8 shows a typical Femtocell application.
Although Figure 8 looks similar to the UMA application shown in Figure 7, it is actually different.
A typical Femtocell application places a Femtocell Access Point, sometimes called a personal (cellular) base station, in the residence or small business. The Femtocell Access Point connects to the Mobile Operator Core Network via a broadband connection such as DSL, Cable or Fiber Optic. The Femtocell Access Point would typically support 2-5 cellular devices.
Unlike the UMA solution which requires a dual-mode, Wi-Fi/Cellular device, Femtocell uses existing cellular handsets so there is no need to upgrade your phone. When you are "on the go" network access is through standard macro cellular base stations. When you are at home or the office, network access is through the Femtocell access point and the broadband connection.
The benefits to subscribers are reduced in-home call charges, improved coverage since the base station is locally accessible, and continued use of their current handset. For mobile operators Femtocell increases capacity and reduces cost, since it reduces cell tower usage, and it addresses the FMC market in a very cost effective manner.