Cellular Wi-Fi IntegrationA comprehensiveanalysisPart IIPrabhakar Chitrapu, Alex Reznik, Juan Carlos Zuniga - July 23, 2012

Editor's Note:

In Part I we looked at the origins of Wi-Fi and efforts to integrate cellular mobiletechnology. Click Here for Part I.

Beginnings: GSM Associations WLAN Interworking Task Force

Taking note of the standardization of Wi-Fi by IEEE and the increasing uptake of Wi-Fi technology bythe market, mobile operators and vendors in GSMA undertook the step of studying the potentialintegration of Wi-Fi as an alternate radio access method to the core network and services of mobileoperators. A task force was created, called the WLAN Interworking Task Force which studied thetopic between 2002 and 2004. The group investigated various use cases and defined six differentlevels of interworking between the Wi-Fi and cellular networks.

The simplest interworking scenario was what may be termed as loose interworking and consistedof common authentication, access control and billing. Such a combined network would allow acellular operator to offer Wi-Fi access services to their subscribers, authenticate them usingstandard cellular methods (i.e. based on SIM cards in the cell phones), verify the service levelsubscriptions and bill them as needed. The main technical contribution here was therecommendation to use the EAP-SIM protocol over the Wi-Fi networks to authenticate cellularsubscribers with SIM-based Wi-Fi enabled handsets.

Progressively tighter levels of interworking were defined in terms of increasingly seamless andintegrated access to cellular networks and services. For example, in the loose interworking scenario,the subscriber can access the cellular operators core network and service network, but someservices may not be accessible over the Wi-Fi radio. This limitation is removed in the second level ofinterworking. The second level of interworking allows Service Continuity, meaning that all theservices that a subscriber has subscribed to must be accessible by the subscriber via the Wi-Finetwork. This would include voice-mail, texting, mobile TV, and any other services offered by thecellular operator.

A limitation of the second level of interworking is that while all services may be accessed via the Wi-Fi network, an ongoing session that a user has established over the cellular radio may not, due touser mobility, seamlessly handover to a Wi-Fi network. In other words, the ongoing cellular radiosession would be torn down and a new Wi-Fi session would have to be established. This wouldseriously impact the quality of the user experience. This limitation is removed in the third level oftighter interworking, which calls for so-called session continuity. This would make the experienceof a user moving between Wi-Fi Networks and Cellular Networks as seamless as if he or she werestill connected to the cellular network.

Shown below is a figure from GSMA PRD (Permanent Reference Document) SE.27, illustratingvarious integration scenarios, as understood at the time.

GSMAs WLAN Task Force completed the study in a comprehensive manner and identified the needfor standardization within 3GPP. This resulted in the development of a number of standards, basedessentially on the loose integration of Wi-Fi networks with the 3GPP core network and can be viewedas an evolution of integration scenario #3 in the above figure. The detailed integration solutionsdepend upon whether the core network is a UMTS Core network or Enhanced Packet Core (EPC)network. The former set of standards is referred to as IWLAN (Integrated/Interworked WLAN)standards and the latter as EPC standards.

Integrated Wireless LAN (IWLAN) Standards

The IWLAN standardization work commenced with an initial feasibility study, which included someof the findings of the GSMAs WLAN Task Force. It resulted in a 3GPP Technical Report, TR 23.234,latest version of which is v10.0.0, produced in 2011. The report essentially identifies a number ofinterworking scenarios, numbered 1 through 6 as follows:

Scenario 1 - Common Billing and Customer Care

Scenario 2 - 3GPP system based Access Control and Charging

Scenario 3: Access to 3GPP system PS based services

Scenario 4: Service Continuity

Scenario 5: Seamless services

Scenario 6: Access to 3GPP CS Services

The last scenario has not been pursued in standardization, but the others led to a number of 3GPPspecifications, listed below:

TS 23.234: Scenarios 1 and 2: Common Billing, Access Control and Charging and Access to PSServices.

TS 23.327: Scenarios 4 and 5: Service Continuity and Seamless Services Single Radio Case andMobility

TS 23.261: Scenarios 4 and 5: Service Continuity and Seamless Services Dual Radio Case and FlowMobility

TS 23.234 provides a solution for Interworking Scenarios 1 and 2. The figure below is a simplifiedversion of a figure from 23.234, wherein the 3GPP AAA server performs the necessary userauthentication and authorization for both WLAN access and 3GPP services. Two different types ofIP-Access Services are provided to the user, namely 3GPP IP access and Direct IP access. Theformer refers to access to 3GPP packet data services, such as MMS, mobile video, etc. as well asinternet services, whereas the latter refers to direct access to internet or intranets.

Cellular Wi-Fi--Part II

One of the main goals of the IWLAN solutions was to achieve authentication without manual userintervention, such as entering a username-password, as is common is many Wi-Fi networks. This ismade possible by developing authentication protocols based on the use of SIM cards, which arealready provisioned in the 3GPP handsets. In addition to providing authentication in a mannertransparent to the user, SIM based authentication methods are also familiar to 3GPP operators andprovide the same level of security as 3GPP devices.

Since the SIM based authentication is now done via WLAN networks, which are essentially IPNetworks, the basic 3GPP authentication protocols are modified and are known as EAP-SIM, EAP-AKA and EAP-AKA protocols, which were standardized by the IETF. IP Networks also usecertificate-based authentication methods, which are also standardized as EAP-TLS and EAP-TTLSprotocols for WLAN based authentication.

Regarding IP access services, the 3GPP-IP-access is provided by two functional entities called WAGand PDG. As the name indicates, the PDG is a gateway to a specific Packet Data Network, such asthe Internet or an operator service network. Clearly, the 3GPP network may support multiple PDNsand hence multiple PDGs, for different types of services. The WAG implements a typical gatewayfunction on the user side, by connecting the user to one of the possibly several PDGs. It also acts asa firewall and implements operator policies, which are downloaded from the 3GPP AAA servers.

Finally, WAG performs charging related functions, as set by the operator, and communicates withthe 3GPP charging systems, of which there are two types, namely offline (for post-paid customers)

and online (for pre-paid customers and for checking spending limits).

While the solutions presented in TS 23.234 allow WLAN UEs to access 3GPP core networks andservices, the radio connection cannot be dynamically switched between Wi-Fi and 3GPP accessnetworks. These solutions are standardized in TS 23.327, which describes mobility betweenInterworking WLAN Networks and 3GPP networks.

The mobility function is essentially based on an IP-level mobility management protocol calledDSMIPv6, which is standardized by IETF. This protocol is implemented in an entity called HA (HomeAgent) in the core network of the home 3GPP network and in a peer entity called DSMIPv6 client inthe UE. The UE has a single IP address (for the purposes of mobility management), which is calledHome Address (HoA) and a Care-of-Address (CoA) which changes as the UE attachment is changedbetween IWLAN and 3GPP radio interfaces. Changes in CoA address are synchronized between theUE and the HA by exchanging the so-called Binding Updates messages. These are sent over thelogical interface H1 shown in the above figure. It is supported over the chain of physical interfacesUu/Um, Iu_ps/Gb, Gn and H3 when connected over the 3GPP access network and over Ww, Wn, Wpand H3 when connected over the WLAN Access Network.

DSMIPv6 mobility protocols allow handover from 3GPP access to WLAN access or vice versa.However, in the current version of the standards, only the UE can initiate such a handoverprocedure. This is based partly on the rationale that the UE has a better knowledge of the WLANradio networks. However, there are some initiatives in the 3GPP standards organization currentlythat are seeking to standardize network-initiated handovers as well, since the network has a more

comprehensive knowledge of the network congestion state. Although the HA function is shown as aseparate function in the above figure, it is often collocated with the GGSN.

Enhanced Packet Core (EPC) Standards

The above solutions have two basic limitations. The first limitation is that the HA is not connected topolicy and QoS management entities in the core network, such as PCRF. This prevents advancedpolicy and QoS based management of the IWLAN-3GPP mobility. These limitations are removed inthe case of integration of WLAN into EPC core networks, which is described in the next section.

The second limitation is that the above solutions restrict the UE to have only a single radioconnection at any given time, namely either to the WLAN or 3GPP radio interface. Modern smartphones allow simultaneous connectivity to both radio interfaces, which raises the possibility ofmanaging 3GPP and WLAN interworking at an individual IP-Flow level. That is, it should be possibleto support certain IP-Flows on the 3GPP radio interface and certain others on the WLAN radiointerface, based on criteria such as QoS requirements, user subscription, type of user equipment,etc. Furthermore, it could also enable dynamic switching of individual IP-Flows from one radiointerface to another. The figures below illustrate the situation.

Cellular Wi-Fi--Part II

The EPC standards for 3GPP and Non-3GPP interworking introduce a new class of non-3GPP accessnetworks, namely Trusted Non-3GPP Networks, with the word trust referring to trust by theoperator (and not necessarily by the user). Accordingly, Trusted Wi-Fi Networks imply that theTrusted Wi-Fi access points are deployed and managed by the Operator, so that UE can connect tothe Wi-Fi Network directly using the radio interface without requiring any additional securitymeasures.

In contrast, un-trusted Wi-Fi Networks do not have any trust relationship to the operators, so thatthe operators require that the UE establish a secure tunnel (i.e. IPSec tunnel) to a trusted node in

the operator core network. Typically, such a node is a PDG in UMTS core networks (as in IWLANarchitectures) and ePDG in EPC core networks. Shown below are two simplified architectures of anEPC core network with 3GPP as well as Trusted and Un-Trusted non-3GPP Access. Otherarchitectures are also possible and are documented comprehensively in TS 23.401 and TS 23.402.

Note that here the PGW includes a HA functionality and that PCRF is connected to various gatewayfunctions, each of which has a PCRF or its functional equivalent to enforce the operator policies.

Shown also is the ANDSF functionality, which is a critical one for Cellular-Wi-Fi interworking froman operator policy point of view. Currently, most smartphones choose and camp on to Wi-Finetworks based on explicit user preferences or preconfigured preferences, already stored in the UE.It was clear that if operators were to offer Wi-Fi access as an integral part of the access offerings,they needed to be able to install operator policies on the UE and also be able to change themdynamically, as the conditions may change. To achieve this, the framework of ANDSF wasstandardized. It essentially consists of an ANDSF server in the operator network, which stores theoperator policies regarding discovery and selection of Wi-Fi access. For example, it containsdiscovery information of Wi-Fi hotspots based on the location of a UE. Regarding selection of Wi-FiHotspots, the policies may specify that certain Wi-Fi hotspots are preferred at certain locationsand/or certain times of day, or for certain types of applications, such as mobile video etc. These

operator policies can be transferred to the UE via the S14 interface using communicationprocedures based on device management procedures, originally developed by the OMA organization.

Interworking between 3GPP and non-3GPP networks essentially consists of mobility of IP-Flowsbetween the 3GPP and non-3GPP networks. A number of cases of such mobility can be distinguisheddepending on the following aspects: (1) mobility is on a per IP-Flow basis or per all IP-Flowsassociated with a PDN connection; (2) mobility is Seamless or Non-Seamless, with Seamlessnessdefined as preservation of the IP-address of the UE during the mobility process. Differentcombinations of these two fundamental aspects result in a number of scenarios, such as Wi-Fioffload, referring to mobility of IP-Flow(s) from 3GPP to Wi-Fi networks, and handovers, referring tomobility of all IP-Flows associated with a PDN connection etc.

The 3GPP standard TS 23.401 describes Seamless and Non-Seamless Handover solutions between3GPP and Non-3GPP access networks, wherein GTP is used as the protocol for the Handover overthe interfaces S2a, S2b and S5. Similarly, TS 23.402 documents similar solutions for the cases wherePMIP and DSMIP are used for mobility.

Finally, TS 23.261 describes the solutions for Seamless IP-Flow Mobility using DSMIP protocols. Asmentioned below, this allows for selective assignment of different IP-Flows to different accessnetworks and includes Seamless Wi-Fi Offload as a special case.

In all cases listed above, the mobility is triggered by the UE and not by the network. Efforts are alsobeing made to standardize network-triggered mobility procedures, since the network is often moreknowledgeable about the overall network usage and congestion state than the UE.

This concludes a review of past efforts towards cellular/Wi-Fi integration. However, with the adventof new device types and applications, the desire for increased integration is more salient now thanever before. In Part III of this series, well be looking at current and future efforts, and how they aresetting the stage for the heterogeneous networks of the future.

About the Authors

Prabhakar Chitrapu is a Senior Principal Engineer at InterDigital Communications in King ofPrussia, PA. He has contributed to various aspects of 3G/4G cellular and WLAN networks and beenan active participant in industry forums, such as GSMA, UMTS Forum and Femto Forum (includingVice-Chair of the WLAN-Interworking Task Force at GSMA, Vice-Chair of the Working Group onNetworks, and Champion of the Integrated Femto-WiFi Networks work item at the Femto Forum).Prior to his 20-year corporate career, Prabhakar was Assistant Professor at Drexel University. Heholds a PhD degree from Delft University, The Netherlands.

Alex Reznik is a Senior Principal Engineer at InterDigital, currently leading the companys researchand system design activities in the area of IP mobility and heterogeneous networks. Since joiningInterDigital in 1999, he has been involved in a wide range of projects, including leadership of 3Gmodem ASIC architecture, design of advanced wireless security systems, and coordination ofstandards strategy in the cognitive networks space. He earned his B.S.E.E. Summa Cum Laude fromThe Cooper Union, S.M. in Electrical Engineering and Computer Science from the MassachusettsInstitute of Technology, and Ph.D. in Electrical Engineering from Princeton University.

Juan Carlos Zuniga is a Member of the Technical Staff at InterDigital, in Montral Canada, wherehas worked in the standardization and development of advanced wireless access technologies since2001. He previously worked at Harris Communications in Canada, Nortel Networks in the UnitedKingdom, and Kb/Tel in Mexico. Throughout his career he has participated and held leadership

positions in several standardisation bodies including IETF, 3GPP, IEEE 802.11, 802.16, and 802.21.He received his engineering degree from the UNAM, Mexico, and his M.Sc. and DIC from theImperial College London, UK.