Design & Deploying Trusted And Un-Trusted VoWiFi
Kasu Venkat Reddy , Sr Solution Intergration Architect ([email protected])
Arun Gunasekaran , Network Consulting Engineer ([email protected])
BRKSPM-2127
• Introduction
• VoWIFI Use cases
• VoWIFI Call-flows
• Architecture Guidelines and Best Practices
• Deployment Challenges and Best Practices
• Conclusion
Agenda
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127 4
What is VoWiFi ?
ePDG PGW IMS
SP Packet Core
IPSec Tunnel
• Apple ios 8 release introduced Wi-Fi calling feature
• WiFi-Calling enables UE’s to securely access IMS services over Wi-Fi similar to LTE access inline with 3GPP standards
• Same native voice dialer used for both VoWiFi and Cellular (VoLTE)
• Same MSISDN used for both VoWiFi and Cellular (VoLTE)
• Seamless Mobility across VoWiFi and VoLTE
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127 5
Cisco VNI Projection ( 2015 – 2020 )
• VoWiFi is going to outperform VoLTE by 2016
and VoIP by 2018 in terms of minutes of use.
• By 2020, VoWiFi will have 53 percent of mobile IP
voice
Bussiness Drivers
• Leverage global WiFi footprint
• Cost-effective solution to complement cellular coverage (mainly Indoor)
• Customer retention
• Competitive edge over OTT players
VoWiFi – Business Drivers
0
1,000
2,000
3,000
4,000
5,000
6,000
7,000
8,000
9,000
10,000
2015 2016 2017 2018 2019 2020
VoWiFi ( 15.7% , 52.9% )
VoLTE ( 18.0% , 26.3% )
VoIP ( 66.3% , 20.8% )53%
41%
Min
ute
s o
f U
se
(B
illio
ns) p
er Y
ea
r
Source: ACG, Cisco VNI Global Mobile Data Traffic Forecast, 2015–2020
6%
18%
16%
66%
• Untrusted Voice over WIFI
• Trusted Voice over WIFI
VoWIFI Usecases
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127 7
VoWiFi Trusted /Untrusted Use CaseUntrusted VoWiFi • Wi-Fi access network is untrusted and un-managed
• IPSec tunnel established between UE (Sw client) and Mobile
Packet Core (ePDG)
• ePDG handles user authentication and establishes packet data
network connection with P-GW using S2b based GTP interface
• UE uses Swu client for IMS APN and native client to local
break out rest of the traffic over Wi-Fi access network
UE
ePDG PGWIMS
NetworkSWuClient
Native Client
WLAN
Internet
VoWIFI Untrusted Network
UE
ePDGIMS
PGW
IMS NetworkSWu
Client
Internet
VoWIFI Trusted Network (Hybrid)
TWAG
Native Client
Internet PGW
UE
ePDG PGWIMS
NetworkSWuClient
DHCP
Allocated 173.38.0.1
Internet
VoWIFI Trusted Network –Optimised Routing using SIPTO (Hybrid)
TWAGSIPTO Enabled
PGWNO IP Match
SIPTO
IP MatchNAT Pool
173.38.1.0/24
Trusted VoWiFi • Wi-Fi access network is trusted and managed
• As per 3GPP Release 11 ,one of the key characteristic of
“Trusted Wi-Fi” architecture is the client-less approach to
support packet core integration
• TWAG lacks the support for multiple APN’s signalling over S2a
for the UE with PGW .With this , all the offloaded Wi-Fi traffic
assumed to be part of Internet APN
• VoWiFi can’t be supported as it requires it’s own IMS APN
• Hybrid architecture recommended ,i.e. combination of Release
11 trusted Wi-Fi and Un-trusted vowifi architecture
• Hybrid model support’s simultaneous offloading of IMS APN
and Internet APN traffic when user moves from cellular to
trusted Wi-Fi access network
• As per 23.402, UE can be connected with only one non-3GPP
access
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127 8
VoWiFi Trusted /Untrusted Use Case Architecture
End to End Solution
Component
ePDG/SaMOG
3GPP AAA
PGW
PCRF, OCS
HSS
IMS
UE
EMS/NMS
AP/WLC
Use Cases
• Un-Trusted / Un-Managed VoWiFi for
sim-based subscribers
• Trusted/Managed VoWiFi for sim-based
subscribers
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
VoWIFI Initial Attach – Untrusted Network
BRKSPM-2127 9
UE AP / WLC EPDG 3GPP AAA HSS
Diameter EAP Request
Diameter EAP Answer
User-name: Root NAI
EAP Identity : EAP-AKA RAT Type : WLAN
User-name: Root NAI,
EAP-AKA Challenge Req
Diameter Mul-Auth Req
Diameter Mul-Auth Ans
User-Name : IMSI,
Rat Type : WLAN
User-name: IMSI,
Auth Vector Attributes
Diameter EAP Request
Diameter EAP Answer
Diam Server Assign Req
Diam Server Assign Answer
User-Name : IMSI,
Rat Type : WLANSA Type : Registration
User-name: IMSI,
Subscriber profile (APN, QoS, MIP6-Agent-Info, etc..)
User-name: Root NAI,
EAP-AKA Challenge Resp
User-name: Root NAI,
Subscriber profile (APN, QoS, MIP6-Agent-Info, etc..)
SWM SWX
UE performed EPDG Selection
IKEv2 SA INIT Request
IKEv2 SA INIT Response
IKEv2 Auth Request
IKEv2 Auth Response
IKEv2 Auth Request
User-name : Root NAI, EAP Request : AKA Challenge
User-name : Root NAI
APN : IMS APNIP : 0.0.0.0
UE runs AKA algorithm and
verifies the auth vectors
SWU
User-name : Root NAI, EAP Response : AKA Challenge Resp
IKEv2 Auth Response
EAP Success
3GPP AAA Verifies the challenge response
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
VoWIFI Initial Attach – Untrusted Network
BRKSPM-2127 10
AP EPDG PGW 3GPP AAA
SWXS6BSWU
HSS PCRF OCS
EPDG performs PGW Selection
DNS / Local resolution or HSS Provided
IKEv2 Auth Request
Create Session Request
Create Session Response
Update Location Request
User Profile Request
User Profile Response
Gy CCR - I
- IGy CCA - I
Gx CCR - I
Gx CCA - I
Update Location Response
IKEv2 Auth Response
IMSI , MSISDN, RAT : WLAN, APN : IMS APN
Serv NW : MCC & MNC , Handover Ind flag : 0 APCO : P-CSCF Address request
User-name: Root NAI , RAT Type : WLAN
Serv Selection : APN Name, MIP Home Agent : PGW Address
User-name: IMSI , RAT Type : WLAN
Serv Selection : APN Name, MIP Home Agent : PGW Address
User-name: IMSI , RAT Type : WLAN
Serv Selection : APN Name, MIP Home Agent : PGW Address
Result Code : Diameter Success
UE IP Address , P-CSCF IP AddressIMSI, MSISDN, PGW S2B TEID
PAA : UE IP Address, APCO IE: P-CSCF Address
UE
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
VoWIFI : LTE to WiFi Handover
BRKSPM-2127 11
UE AP EPDG PGW 3GPP AAA
SWXS6BSWU
HSS PCRF OCS
UE Authenticated with EPDG. EPDG selects
the PGW IP address provided by HSS
IKEv2 Auth Request
Create Session Request
Create Session Response
Update Location Request
User Profile Request
User Profile Response
Gy CCR - I
- IGy CCA - I
Gx CCR - I
Gx CCA - I
Update Location Response
IKEv2 Auth Response
IMSI , MSISDN, RAT : WLAN, APN : IMS APN
Serv NW : MCC & MNC , Handover Ind flag : 1 PAA : A.B.C.D, APCO : P-CSCF Address request
User-name: Root NAI , RAT Type : WLAN
Serv Selection : APN Name, MIP Home Agent : PGW Address
User-name: IMSI , RAT Type : WLAN
Serv Selection : APN Name, MIP Home Agent : PGW Address
User-name: IMSI , RAT Type : WLAN
Serv Selection : APN Name, MIP Home Agent : PGW Address
Result Code : Diameter Success
IMSI, MSISDN, PGW S2B TEID
PAA : A.B.C.D, APCO IE: P-CSCF AddressUE IP Address : A.B.C.D , P-CSCF IP Address
UE IP Address : A.B.C.D
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
VoWIFI Initial Attach – Trusted Network
BRKSPM-2127 12
UE AP EPDG IMS PGW 3GPP AAA HSS IMSSAMOG INT. PGW
SaMOG - Authentication & Authorization
UE IP Address Assignment ( Internet APN )
EPDG - Authentication & Authorization
UE Select EPDG using DNS procedure.
DNS traffic can be routed internally
SaMOG selectively offloads
EPDG traffic (SIPTO)
UE IP Address Assignment ( IMS APN )
INETERNET
E P D G C O N T R O L PA C K E T F L O W
CONTROL PACKETS CONTROL PACKETS CNTL PKTS
I M S A P N T R A F F I C F L O W ( V O I C E A N D V I D E O )
VOICE & VIDEO VOICE & VIDEO VOI & VID VOICE & VIDEO
• ePDG Discovery
• PGW Selection
• Seamless Mobility
• UE Dependancies
• Location Information
• Emergency Calling
• Quality of Service
• Security Framework
Architecture Guidelines and Best Practices
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127
EPDG DiscoveryEPDG Selection Options
UE can dynamically derive ePDGFQDN as per the 3GPP standards
EPDG FQDN format :
epdg.epc.mnc<MNC>.mcc<MCC>.pub.3gppnetwork.org
Following possible option available for UE to derive PLMN
• SIM card ( Home location )
• Last known cell id from LTE
• WIFI Hotspot 2.0
UEs configured with static ePDGFQDN / Domain name / IP address
14
UELocal Caching
DNS ServerRoot DNS Server
Authoritative
DNS ServerEPDG
Internet Service Provider GSMA Operator Network
Recursive DNS Query
FQDN :epdg.epc.mnc<MNC>.mcc<MCC>.pub.3gppnetwork.org
Iterative DNS Query
DNS Response
Authoritative DNS Server Details ( IP Address )
Iterative DNS Query
FQDN :epdg.epc.mnc<MNC>.mcc<MCC>.pub.3gppnetwork.org
DNS Response
EPDG IP Address
Operator Authoritative DNS
selects the EPDG based on the MCC and MNC value
EPDG IP Address
IPSec Session Establishment
Based on the MCC and MNC value, Root DNS
selects the Operator authoritative DNS Server
FQDN :epdg.epc.mnc<MNC>.mcc<MCC>.pub.3gppnetwork.org
DNS Response
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127
Regulatory Aspects
• International Roaming
• National Roaming
• Country specific regulatory aspects
Best Practice
• Understand regulatory aspects
• EPDG selection option• DNS capabilities
• Optimisted EPDG FQDN Resolution ( Trusted N/W )
Trusted VoWIFI Usecase
• Locally optimised ePDG FQDN resolution
DNS Capabilities
• Redundancy
• Load Balancing
• Primary and secondary EPDG address to UE
• Heartbeat exchange with EPDG
EPDG Discovery
UELocal Caching
DNS ServerRoot DNS Server
Authoritative
DNS ServerEPDG
Internet Service Provider GSMA Operator Network
Recursive DNS Query
FQDN :epdg.epc.mnc<MNC>.mcc<MCC>.pub.3gppnetwork.org
Iterative DNS Query
DNS Response
Authoritative DNS Server Details ( IP Address )
Iterative DNS Query
FQDN :epdg.epc.mnc<MNC>.mcc<MCC>.pub.3gppnetwork.org
DNS Response
EPDG IP Address
Operator Authoritative DNS
selects the EPDG based on the MCC and MNC value
EPDG IP Address
IPSec Session Establishment
Based on the MCC and MNC value, Root DNS
selects the Operator authoritative DNS Server
FQDN :epdg.epc.mnc<MNC>.mcc<MCC>.pub.3gppnetwork.org
DNS Response
15
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127
Seamless Mobility - PGW Selection
VoWIFI Initial Attach
• All Zero IP-address from UE
• EPDG decides the method from subscription
• Dynamic ip address allocation using APN
FQDN
• Static IP address allocation from HSS
• PGW IP address allocation from Local
policy configuration
16
LTE to WIFI Handover
• PGW IP address updated in HSS via S6A
interface in LTE Network
• UE sends Non-Zero IP address to EPDG
• EPDG selects HSS provided mandatory Static
PGW IP address
• EPDG sends handover indicator to PGW
• PGW preserves the same IP address for WIFI
Network
EPDG AAA HSS DNS PGW
EAP Request
EAP Answer
MIP6 Agent Info : PGW IP Address
SA Request
SA Answer
Create Session Request
SNAPTR Query ( APN FQDN )
Create Session Request
SNAPTR Response
AAAA Query
AAAA Response
PGW 1 IP Address , PGW 2, …..
UE Authenticated with EPDG
EPDG selects HSS provided PGW IP Address
EPDG preforms dynamic resolution for PGW IP Address
Create Session RequestEPDG selects locally configured PGW IP address
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127
Seamless Mobility
Best Practice
• S6A and S6B interface should update
PGW IP address in HSS
• EPDG / MME should select the HSS
provided PGW IP address
• Locally configured PGW IP address
for fallback
WIFI to LTE Handover
• PGW IP address updated in HSS via S6B
interface in WiFi Network
• UE sends handover indicator to MME
• MME selects HSS provided PGW IP
address
• PGW preserves the same IP address for
UE in LTE network
17
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127
UE Dependancies
UE GAPs
• Most UEs today qualifying WiFi network
based on RSSI strength
• Most UEs today have toggling Issue with
data offload
18
• UE should qualify the WIFI network before
initiating VoWIFI attach / Handover
(RSSI signal strength, latency, delay etc.. )
• UE should have seamless mobility capability
to handover from LTE to WiFi and viceversa
• UE should support WMM to maintain end to
end QOS
• UE should support Hotspot 2.0 for seamless
onboarding
• UE should able to offload both the internet
APN and IMS APN simultaneously (Trusted
Network )
UE
IPSec Client
VOIP SMS Other APPs
WIFI LTE
IMS APN
IPSec Client
Connection Manager
EPDGMME/ SGW
UntrustedNetwork
LTENetwork
EPC CoreIMS
Network Internet
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127
Location Information
Untrusted Network
• Outer IPSec IP address and port no.via
S2B to PGW
• Outer IPSec IP address, port number
and AP mac id via SWm to AAA
• 3rd Party Geo location provider like
Maxmind, Neustar IP Intelligence,etc..
Trusted Network
• WLC accounting ( Trusted Network )
• PGW CDRs ( Trusted Network )
• P-ANI Header in SIP message to IMS
VoWIFI Operator Platform with Details
Check System for details
Platform with Details
Details of Subscriber and Activity against IP Address, date & Time Stamp shared with LEA
LEA WIFI ISP
Post Crime
Request for details
MSISDN
MSISDN Call Details
Details related to call
Since the call Originated from
Untrusted Network, Outer IP Address of the Subscriber
IPSec Tunnel Provided
Details related to call
Since the call Originated from
Untrusted Network, Outer IP Address of the Subscriber
IPSec Tunnel Provided
Request for Subscriber Details
Request for Activity details
against the IP Address provided
Check System for details
Details against IP Address,
date & Time Stamp
Subscriber & Activity details
Subscriber identity and call
log details
19
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127
Emergency CallingCurrent Possible Approaches
• When an emergency call (ex: 911) is made, the phone
will default the call over the cellular network
• Operator mandates subscriber to provide an
emergency address when WiFi service is turned-on,
which can be used during emergency calling.
• Operator assisted re-direction
Emergency call routed to the operator call
centre. Caller provides location information
based on which the operator redirect to
appropriate public-safety answering point
(PSAP).
• Home PSAP assisted re-drection
Emergency call routed to the home PSAP. Caller
provides location information based on which the
home PSAP redirect to appropriate PSAP.
If subscriber not able to convey the location, the
emergency address defined as part of WiFi calling profile
will be used
20
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127
Emergency CallingUE EPDG 3GPP AAA PGW
IKEv2 SA Init / Response
Drop existing IPSec tunnel
Identify EPDG support emergency
calling (or) Normal selection
IKEv2 Auth Request
Diam EAP RequestIDR : Emergency
Emergency
Indication IE
Diam EAP AnswerCall setup parameters
from locally configured emergency profile
Create Session Request
Create Session Reponse
APN : SOS
IKEv2 Auth Response
Defined as part of 3GPP Rel-13
• For UE detected emergency sessions only
• No procedures to detect local emergency
numbers while UE is in roaming
Per 3GPP TS 23.167 clause J.1:
• Emergency sessions are only supported over
WLAN access to EPC in following case:
• UE shall issue an Emergency session over
WLAN to EPC only when it has failed or has
not been able to use 3GPP access to set up
an emergency session
• The UE has sufficient credentials to access
EPC
• ePDG and a PGW in the home PLMN are
used
21
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
UE AP / WLC EPDG PGW
SIPTO
S2B
Local Break OutDSCP Marking
EoGRE TunnelDSCP Marking
RF InterfaceWMM
SaMOG
Default Bearer QCI – 5 SIP Signaling
Dedicated Bearer QCI – 1 Voice Data
Dedicated Bearer QCI – 2 Video Data
SWu
Default Bearer QCI – 5 SIP Signaling
Dedicated Bearer QCI – 1 Voice Data
Dedicated Bearer QCI – 2 Video Data
UE ENODEB SGW PGW
S1U S5
Default Bearer QCI – 5SIP Signaling
Default Bearer QCI – 5 SIP Signaling
Dedicated Bearer QCI – 1Voice Data
Dedicated Bearer QCI – 2Video Data
Dedicated Bearer QCI – 1Voice Data
Dedicated Bearer QCI – 2Video Data
Radio
BRKSPM-2127
Quality of ServiceV
oW
IFI N
etw
ork
Vo
LT
EN
etw
ork
LTE networks
• Dedicated bearer with different QCI/ARP is
honored at UE, eNB, SGW & PGW
Untrusted VoWIFI Network
• All dedicated bearers or QCI values terminates
at ePDG
• WiFi access does not support QCI bearers
• QCI to DSCP marking for right priority
• DSCP marking could likely be altered over the
untrusted network
• “Best effort” QoS treatment for IP packets
Trusted WIFI Network
• The quality of service can be guaranteed in the
trusted WIFI network
• The QCI values can be mapped to appropriate
DSCP and WMM in the air interface
22
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Security Framework
Best Practice
• Secure internet facing interface
• ACL on all context
• Isolate management traffic
23
Co
nte
xt 1
Context 2
Context 3
SWu
SWm
S2B
BRKSPM-2127
EPDG can be configured with Public IP
address
ACL rules on ePDG for allowing only
traffic on port 4500 & 500 (for IKEv2) and
protocol 50 (ESP)
Additionally DOS cookie challenge
feature can be enabled
Use multiple context to isolate the
interface traffic
Enable ACL on all context allow only
interface traffic
Use separate network for management
traffic
• IPSec Profile
• MTU
• Stale Sessions
• DRA Caching
• Timers
Deployment Challenges and Best Practices
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127
IKEv2 and IPSec ProfileProtocol Type Supported Options
Internet Key
Exchange
version 2
IKEv2 Encryption
DES-CBC, 3DES-CBC, AES-CBC-128, AES-CBC-256,
AES-128-GCM-128, AES-128-GCM-64, AES-128-GCM-96,
AES-256-GCM-128, AES-256-GCM-64, AES-256-GCM-96
IKEv2 Pseudo Random Function PRF-HMAC-SHA1, PRF-HMAC-MD5, AES-XCBC-PRF-128
IKEv2 Integrity HMAC-SHA1-96, HMAC-SHA2-256-128, HMAC-SHA2-384-
192. HMAC-SHA2-512-256, HMAC-MD5-96, AES-XCBC-96
IKEv2 Diffie-Hellman Group Group 1 (768-bit), Group 2 (1024-bit), Group 5 (1536-bit),
Group 14 (2048-bit)
IP Security
IPSec Encapsulating Security
Payload Encryption
NULL, DES-CBC, 3DES-CBC, AES-CBC-128, AES-CBC-
256
Extended Sequence Number Value of 0 or off is supported (ESN itself is not supported)
IPSec Integrity
NULL, HMAC-SHA1-96, HMAC-MD5-96, AES-XCBC-96,
HMAC-SHA2-256-128, HMAC-SHA2-384-192, HMAC-
SHA2-512-256
Protocol Type Apple Profile Samsung Porfile
Internet Key
Exchange
version 2
IKEv2 Encryption AES-CBC-256 AES-CBC-128
IKEv2 Pseudo Random Function PRF-HMAC-SHA1 PRF-HMAC-SHA1
IKEv2 Integrity HMAC-SHA1-96 HMAC-SHA1-96
IKEv2 Diffie-Hellman Group Group 2 (1024-bit) Group 2 (1024-bit)
IP Security
IPSec Encapsulating Security Payload
Encryption AES-CBC-128 AES-CBC-128
Extended Sequence Number False False
IPSec Integrity HMAC-SHA1-96 HMAC-SHA1-96
Widely used security profiles
Cisco ePDG supports multiple profile
configuration
Best practice is to limit the No. of profiles
UE EPDG
IKEv2 SA INIT Request
IKEv2 SA INIT Response
IKEv2 Auth Request
Encryption, Integrity, PRF, DH Group, NAT
Detection source IP, NAT Detection destination IP
Encryption, Integrity, PRF, DH Group, NAT
Detection source IP, NAT Detection destination IP
25
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127
Stale Session
Recommended Approch
• EPDG will compare the PGW details with existing S2B session and initiates the delete session request to
Old PGW if the PGW selected is different from the old one.
Stale Session in PGW
• When UE initates re-attach, ePDG locally
cleans up the existing session and
performs PGW selection for new session
• If PGW selected is same old one, the
session will be replaced in PGW
• If PGW selected is different from old one,
the old PGW will hold a stale session
No clear guidelines from 3GPP to address this problem
Un-trusted /
Un-managed
Access
Network
UE IPSec
Client
ePDG
PGW 1
IMS
S2B
26
PGW 2S2B
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127
MTU
Solution Recommended
• Calculate Max payload EPDG can send in Swu interface without fragmentation
• EPDG max payload shall be configured as IMS MTU
• PGW MTU shall be IMS MTU + additional headers
• End to end MTU should be consistent
to ensuse the quality of experience
• Different protocol stack and
encapsulation method used across the
interfaces could cause fragmentation
• Fragmentation of IPSec packet could
cause additional processing at UE and
may delay in packet delivery to
application in UE
• NAT / Firewall devices may drop the
small fragemented IPSec packets as
threat
UEIPSec
Client
ePDG PGWSGI
IMSS2BSWu
27
IPV4 / IPV6
ESP
IPV4 / IPV6
GTP
UDP
IPv4 / IPV6
ESP
IPV4 / IPV6
ESP
IPv4 / IPV6
ESP
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
AAA Cluster
BRKSPM-2127
DRA Caching
PGW
S6b
IMS
S2B
Un-trusted /
Un-managed
Access
Network
IPSec
ClientePDG
AAA 1HSS
SWx
SWm
S6B
• During session initiation, AAA registers
its identity as serving 3GPP AAA in
HSS. HSS will use this identity for
future communication
• HSS expects same 3GPP AAA server to
be used for all communication related to
the subscriber session
• DRA should able to route both SWm
and S6b traffic related to the subscriber
session to same AAA
• DRA should support subscriber session
level caching to route single user
session traffic always to same AAA
Recommended Approch
• DRA should support subscriber session caching or IMSI based routing
28
AAA 2
DRA
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127
TimersTimer Type Description
EPDG Session Setup Timeout EPDG Service Configuration • Maximum time allowed to setup a session
IKE Session Setup Timer IKEv2 / IPSec Timer • This timer ensures that an IKE session set up is completed within a configured period
IKEv2 and IPSec SA Lifetime Timers IKEv2 / IPSec Timer • The ePDG maintains separate SA lifetime timers for both IKEv2 SAs and IPSec SAs. The
same is used to initiate rekeying
DPD Timers IKEv2 / IPSec Timer • When enabled, the ePDG may initiate DPD via IKEv2 keep-alive messages to check the
liveliness of the WLAN UEs
Watchdog-timeout Diameter • Watchdog messages are exchange between active peers on regular interval
Device-watchdog-request max-retries Diameer • No of Retries before marking the peer as inactive
GTPC echo-interval GTP • Duration between sending echo request messages
GTPC echo-retransmission-timeout GTP • Max time duration allowed to wait for the response brefore retransmitting.
GTPC max-retransmissions GTP • Maximum retries for GTP Echo requests sent before marking the node as inactive
29
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKSPM-2127
Conclusion
30
VoWIFI has moved from novelty to neccessity and it enables newbusiness opportunity for service operators
VoWIFI virtually turns every WiFi access point into cellular tower and itextents operators network instantly
VoWIFI complements VoLTE by reusing the same IMS investments andprovides better solution for indoor coverage issue
VoWIFI will give competitive advantage over OTT players
Q & A
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.
BRKSPM-2127 32
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions
BRKSPM-2127 33
Thank you
Top Related