Presentation - Cisco Knowledge Network
Presentation - Cisco Knowledge Network
Presentation - Cisco Knowledge Network
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
SP Wi-Fi Deployments and<br />
Evolution<br />
Gaetan Feige (gfeige@cisco.com), Solution Architect<br />
Boris Mimeur (bomimeur@cisco.com), Technical Marketing Engineer<br />
Prashant Jhingran (pjhingra@cisco.com), Technical Marketing Engineer<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 1
• SP Wi-Fi - Key drivers<br />
• SP Wi-Fi Deployments<br />
• SP Wi-Fi Evolution with MPC Integration<br />
• <strong>Cisco</strong> Intelligent Wireless Access Gateway (iWAG)<br />
• References<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 2
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 3
Explosion in Mobile Devices(Wi-Fi<br />
enabled)<br />
39x Surge in Mobile Data, Apps!<br />
Big Shift to<br />
Indoor Consumption<br />
SP Wi-Fi<br />
- Lack of 3G / 4G<br />
Spectrum<br />
- Limited BW<br />
- Attractive<br />
Economics of<br />
Offload<br />
- Unlicensed<br />
Wi-Fi<br />
Spectrum<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 4
Service Provider Wi-Fi<br />
Wireline Broadband<br />
Session Type IP Based Sessions PPP Based Sessions<br />
User type Mobile Users Fixed Residential<br />
Session Control<br />
Intelligent Services Gateway (ISG) – software component<br />
Place in <strong>Network</strong><br />
(PIN)<br />
Designation<br />
Wireless Access Gateway<br />
(WAG)<br />
Broadband <strong>Network</strong><br />
Gateway (BNG)<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 5
Deployment<br />
Type<br />
Traditional<br />
Public<br />
Wireless LAN<br />
(PWLAN)<br />
Seamless<br />
Authentication<br />
Mobile<br />
<strong>Network</strong><br />
Integration<br />
Software Components<br />
Open SSID with ISG<br />
Redirect for Web based<br />
Authentication<br />
EAP based secure<br />
authentication using ISG<br />
ISG and Proxy Mobile<br />
(PMIP) configured on a<br />
single box<br />
ASR1000<br />
Available Now<br />
Available Now<br />
Availability<br />
ASR9000<br />
Available Now<br />
Now – relies on<br />
<strong>Cisco</strong> Access<br />
Registrar (CAR)<br />
iWAG in XE 3.8 3Q CY 2013<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 6
Access Aggregation<br />
Access<br />
Subscriber Policy Layer<br />
AAA<br />
Server<br />
Policy<br />
Server<br />
Web<br />
Portal<br />
DHCP<br />
Server<br />
Controller<br />
Internet/Core<br />
Seamless<br />
Experience<br />
Open/Walled Garden<br />
Video<br />
Audio<br />
Servers<br />
Unified Architecture<br />
Radio Intelligence<br />
Access<br />
<strong>Network</strong> SP<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 7
Subscriber Policy Layer<br />
AAA<br />
Server<br />
Policy<br />
Server<br />
Web<br />
Portal<br />
DHCP<br />
Server<br />
…<br />
Subscriber<br />
Identity<br />
Management<br />
Open<br />
Northbound<br />
Interfaces<br />
ISG<br />
Policy<br />
Management<br />
and<br />
Enforcement<br />
<strong>Cisco</strong> Intelligent Services Gateway<br />
(ISG) is a licensed feature set on<br />
<strong>Cisco</strong> IOS that provides Session<br />
Management and Policy<br />
Management services to a variety of<br />
access networks<br />
Addresses PPPoE to IPoE migration<br />
while maintaining all subscriber<br />
management functions<br />
ISG<br />
So focal, that the entire device is often referred as an:<br />
Intelligent Services Gateway router or simply “The ISG”<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 8
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 9
SP Wi-Fi Deployment #1<br />
Connectivity<br />
IP Addressing<br />
• L2 connected network<br />
• Unclassified MAC address in data packet<br />
• IPv4 Clients<br />
• External DHCP<br />
Services<br />
• Residential, Enterprise, Wi-Fi Services for<br />
users behind CPE (billing per CPE)<br />
• Web Authentication<br />
• Pre-paid service<br />
• Dynamic Service Selection<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 10
AAA/<br />
Portal<br />
HLR OCS PCRF<br />
DHCP Server<br />
ISG<br />
Int or Sub-int<br />
GE (.1Q)<br />
MPLS /IP<br />
Core<br />
Internet<br />
Client<br />
Smartpho<br />
ne user<br />
PC/Laptop<br />
user<br />
Layer 2 network<br />
GE (dot1Q)<br />
VPLS/EoIP<br />
Services<br />
Web Authentication<br />
Open Access users<br />
EAP users<br />
Traffic flow<br />
AAA interactions<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 11
SP Wi-Fi Deployment #2<br />
Connectivity<br />
IP Addressing<br />
• L2-connected network<br />
• DHCP initiator<br />
• IPv4 Clients<br />
• Internal DHCP<br />
Services<br />
• Stadium, Metro Station Public Hotspots<br />
• Open Access Wi-Fi Services<br />
• Web Authentication<br />
• Dynamic Service Selection<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 12
AAA/<br />
Portal<br />
HLR OCS PCRF<br />
SSID GREEN<br />
Transport NW<br />
SSID RED<br />
Tunnel<br />
Server<br />
Layer 2 network<br />
SSID#1<br />
SSID#2<br />
ISG<br />
Internet<br />
Client<br />
Smartphone<br />
user<br />
VLAN #3<br />
VLAN #2<br />
Layer 2 Tunnel termination<br />
Tunnel Server forwards dot1q vlans to ASR1k.<br />
Access <strong>Network</strong><br />
SSID Red >>VLAN2<br />
Traffic flow<br />
SSID Green >>VLAN3<br />
AAA interactions<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 13
SP Wi-Fi Deployment #3<br />
Connectivity<br />
IP Addressing<br />
• L3-connected network<br />
• Unclassified IP OR RADIUS Proxy initiator<br />
• IPv4 Clients<br />
• External DHCP<br />
Services<br />
• Mobile Data Offload<br />
• Open Access Wi-Fi Services<br />
• Web Authentication<br />
• Dynamic Service Selection<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 14
SS7 <strong>Network</strong><br />
HLR /AuC<br />
EAP<br />
Client<br />
IOS AP<br />
DHCP Server<br />
ITP<br />
HLR Proxy<br />
AAA, Portal, Billing<br />
Client<br />
Smartphone<br />
user<br />
PC/Laptop<br />
user<br />
Open no-WEP<br />
Web Authentication<br />
Access <strong>Network</strong><br />
AZR assigns IP.<br />
Client--ISG L3 network.<br />
Access Zone Router<br />
(AZR)<br />
IP<br />
ASR1K<br />
MPLS /<br />
IP<br />
Corporate<br />
VPN<br />
Internet<br />
EAP<br />
Client<br />
Open no-WEP<br />
Web Authentication<br />
AZR<br />
Open Garden<br />
Services<br />
Service<br />
Web authentication for Unclassified IP<br />
session.<br />
RADIUS Proxy session with<br />
accounting from AZR.<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 15
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 16
Access Aggregation<br />
Access<br />
Subscriber Policy Layer<br />
AAA<br />
Server<br />
Policy<br />
Server<br />
Web<br />
Portal<br />
DHCP<br />
Server<br />
Controller<br />
ISG<br />
Internet/Core<br />
Seamless<br />
Experience<br />
Open/Walled Garden<br />
Video<br />
Audio<br />
Servers<br />
Unified Architecture<br />
Radio Intelligence<br />
Access<br />
<strong>Network</strong> SP<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 17
Mobile Packet Core<br />
Access Aggregation<br />
Subscriber Policy Layer<br />
Access<br />
Subscriber Policy Layer<br />
AAA<br />
Server<br />
Policy<br />
Server<br />
Web<br />
Portal<br />
DHCP<br />
Server<br />
HLR/HSS Policy<br />
Server<br />
Web<br />
Portal<br />
DHCP<br />
Server<br />
Mobile<br />
<strong>Network</strong> Operator<br />
Converged<br />
Core<br />
MPC<br />
Controller<br />
iWAG<br />
Internet/Core<br />
Seamless<br />
Experience<br />
Open/Walled Garden<br />
Video<br />
Audio<br />
Servers<br />
Unified Architecture<br />
Radio Intelligence<br />
Access<br />
<strong>Network</strong> SP<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 18
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 19
• Subscribers using mobility services<br />
(either GTP or PMIPv6)<br />
• Subscriber session is anchored on<br />
the MPC (PGW/GGSN) and also<br />
maintained on iWAG<br />
• IP address for the subscribers are<br />
allocated from the MPC, iWAG acts<br />
as a proxy DHCP server<br />
• Subscribers maintain IP address<br />
persistency while roaming across<br />
Wi-Fi to Wi-Fi or Wi-Fi to 3G/4G<br />
• Subscriber authentication is<br />
typically performed using out-ofband<br />
or in-band EAP-SIM/AKA<br />
• Simple IP users do not receive a<br />
mobility service (either GTP or<br />
PMIPv6)<br />
• Subscriber session is anchored<br />
and maintained on iWAG<br />
• IP address for the subscribers are<br />
allocated either via external<br />
DHCP server or via iWAG itself<br />
• Subscribers are not expected to<br />
have IP persistency while roaming<br />
• Subscriber authentication is<br />
typically performed using webauthentication<br />
or/and Transparent<br />
Auto-Logon<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 20
ISG Features<br />
• IPoE Sessions: DHCP initiated,<br />
unclassified IP or MAC-address<br />
initiator, Radius-Proxy initiator<br />
• Layer-4 Redirect<br />
• Traffic Classes<br />
• Postpaid & Prepaid Accounting<br />
• Dynamic Rate Limiting<br />
• Lawful Intercept<br />
• Radius based authentication and<br />
accounting<br />
• Radius CoA Interface<br />
• Per-subscriber QoS<br />
• IP Session keep-alives, timeouts<br />
• VRF Transfer<br />
• Port Bundle Host Key (PBHK)<br />
• Walk-by session handling/optimization<br />
• Local Breakout of subscriber<br />
traffic for Simple IP subscribers<br />
• …..and more http://www.cisco.com/go/isg<br />
GPRS Tunneling Protocol<br />
(GTP) for integrating Wi-Fi<br />
traffic into Gateway GPRS<br />
Support Node (GGSN)<br />
iWAG = Intelligent<br />
Wireless Access<br />
Gateway<br />
Mobile Access Gateway (MAG)<br />
using Proxy Mobile IPv6<br />
(PMIPv6) for integrating Wi-Fi<br />
traffic into Packet Data <strong>Network</strong><br />
Gateway (PGW)<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 21
HSS<br />
3GPP<br />
Access<br />
S6a<br />
Serving<br />
Gateway<br />
S5<br />
Gxc<br />
PDN<br />
Gateway<br />
Gx<br />
PCRF<br />
SGi<br />
Rx<br />
S6b<br />
SWx<br />
Operator's IP<br />
Services (e.g.<br />
IMS, PSS, etc.)<br />
iWAG enables a SP to integrate trusted<br />
non-3gpp (Wi-Fi) traffic into MPC via<br />
standard S2a interface<br />
HPLMN<br />
S2a<br />
3GPP AAA<br />
Server<br />
Non - 3GPP<br />
<strong>Network</strong>s<br />
Trusted WLAN<br />
Access<br />
<strong>Network</strong><br />
STa<br />
Intranet / Internet<br />
SWw<br />
UE<br />
S2a: provides the user plane with<br />
related control and mobility support<br />
between trusted non 3GPP IP access<br />
and the PGW<br />
SWw<br />
Trusted WLAN Access <strong>Network</strong><br />
WLAN<br />
Access<br />
<strong>Network</strong><br />
Trusted WLAN AAA<br />
Proxy<br />
STa<br />
iWAG<br />
S 2 a<br />
Trusted WLAN<br />
Access Gateway<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 22
ASR 1000 iWAG – IOS XE 3.8S<br />
HLR OCS PCRF CGF<br />
DHCP<br />
AAA<br />
Portal<br />
AP<br />
Gy Gx Ga<br />
AP<br />
WLC<br />
Mobile Home <strong>Network</strong> Policy<br />
L2 Connected<br />
Access <strong>Network</strong> Policy<br />
4G Core<br />
PGW/LMA<br />
Features:<br />
• L2 Access & AAA Policy<br />
1. EAP-SIM/AKA (via WLC) / FSOL – DHCP<br />
2. EAP-SIM/AKA (via ISG) / FSOL – Radius Proxy<br />
3. Web Logon /TAL. FSOL – Unclassified MAC<br />
• GGSN selection via DNS<br />
ASR1K<br />
iWAG<br />
Gn’<br />
GTP<br />
GGSN<br />
3G Core<br />
• Overlapping MNO address support with multiple<br />
SSID<br />
Internet<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 23
• Service Providers<br />
• Reduce network congestion: Reduce OpEx and increase network efficiency by<br />
offloading 3G/4G traffic<br />
• Provide Wi-Fi security and subscriber control: Deliver scalable,<br />
manageable, and secure wireless connectivity with a low TCO<br />
• Deliver a Wi-Fi platform that offers new, location-based services and enables new<br />
revenue-sharing business models<br />
• Users<br />
• Provide access to 3G/4G core inspite of lack of / weak cell signal<br />
• Provide a good QoE to subscribers on Wi-Fi networks similar to that provided on<br />
3G/4G networks<br />
• QoS based on subscriber profile and traffic classification<br />
• Provide access to mobile backhaul which could have better bandwidth and thus<br />
provide better service<br />
• Deliver a Wi-Fi platform that enables location-based services<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 24
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 25
• Proxy Mobile IPv6 Domain: A network where the<br />
mobility management of a mobile node is handled<br />
using the Proxy Mobile IPv6 protocol.<br />
• Local Mobility Anchor (LMA): LMA is the home<br />
agent for the mobile node in a PMIPv6 domain. It is<br />
the topological anchor point for the mobile node's<br />
home network prefix and is the entity that manages<br />
the mobile node's binding state.<br />
• Mobile Access Gateway (MAG): MAG is a function<br />
on an access router that manages the mobilityrelated<br />
signaling for a mobile node that is attached to<br />
its access link. It is responsible for tracking the<br />
mobile node's movements to and from the access<br />
link<br />
• Mobile Node (MN): An IP host or router whose<br />
mobility is managed by the network. The MN may be<br />
an IPv4-only node, IPv6-only node, or a dual-stack<br />
node and is not required to participate in any IP<br />
mobility related signaling for achieving mobility for an<br />
IP address that is obtained in that PMIPv6 domain.<br />
• Correspondent Node (CN): The device that the<br />
mobile node (MN) is communicating with such as a<br />
web server. A correspondent node may be either<br />
mobile (e.g. another MN) or stationary (e.g. server).<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 26
• Proxy Mobile IPv6 Domain: A network where the<br />
mobility management of a mobile node is handled<br />
using the Proxy Mobile IPv6 protocol.<br />
• Local Mobility Anchor (LMA): LMA is the home<br />
agent for the mobile node in a PMIPv6 domain. It is<br />
the topological anchor point for the mobile node's<br />
home network prefix and is the entity that manages<br />
the mobile node's binding state.<br />
• Mobile Access Gateway (MAG): MAG is a function<br />
on an access router that manages the mobilityrelated<br />
signaling for a mobile node that is attached to<br />
its access link. It is responsible for tracking the<br />
mobile node's movements to and from the access<br />
link<br />
• Mobile Node (MN): An IP host or router whose<br />
mobility is managed by the network. The MN may be<br />
an IPv4-only node, IPv6-only node, or a dual-stack<br />
node and is not required to participate in any IP<br />
mobility related signaling for achieving mobility for an<br />
IP address that is obtained in that PMIPv6 domain.<br />
• Correspondent Node (CN): The device that the<br />
mobile node (MN) is communicating with such as a<br />
web server. A correspondent node may be either<br />
mobile (e.g. another MN) or stationary (e.g. server).<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 27
• By keeping key mobility parameters constant<br />
throughout the Wi-Fi network/WLAN:<br />
A. MN’s IP address & anchor point<br />
B. MN’s Gateway IP address<br />
C. Gateway’s MAC (or Link-Layer address in IPv6) –<br />
RFC6543<br />
• Tracking the movement of Mobile Node – intra &<br />
inter MAG movements<br />
• In addition, the DHCP server is reachable and<br />
consistent throughout the Wi-Fi mobility domain<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 28
• <strong>Cisco</strong> PMIPv6 implementation is address family<br />
agnostic:<br />
• Mobile Nodes in a PMIPv6 domain operating in IPv4-<br />
only, IPv6-only, or in dual-stack mode<br />
• Transport network between the MAG and LMA can be<br />
either IPv4-only, IPv6-only or dual-stack (where IPv4<br />
would be preferred)<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 29
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 30
3G – GTPv1<br />
4G – PMIPv6<br />
Deployment<br />
Model #<br />
Access<br />
Type<br />
Authentication FSOL Service IP<br />
1 Layer 2<br />
EAP-SIM/AKA (out-ofband)<br />
DHCP<br />
Discover<br />
PGW/LMA<br />
2 Layer 2 EAP-SIM/AKA (in-band) Radius Proxy PGW/LMA<br />
3 Layer 2 Web Logon<br />
Unclassified<br />
MAC<br />
PGW/LMA<br />
4 Layer 2<br />
EAP-SIM/AKA (out-ofband)<br />
DHCP<br />
Discover<br />
GGSN<br />
5 Layer 2 EAP-SIM/AKA (in-band) Radius Proxy GGSN<br />
6 Layer 2 Web Logon<br />
Unclassified<br />
MAC<br />
GGSN<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 31
SP Wi-Fi Deployment #4<br />
Connectivity<br />
IP Addressing<br />
• L2-connected network<br />
• DHCP initiated<br />
• Offload: Unclassified MAC & RADIUS Proxy initiator<br />
• IPv4, IPv6 or Dual-stack Clients<br />
• Simple IP User Internal DHCP<br />
• Mobile IP User from MPC<br />
Services<br />
• Open Access Wi-Fi Services (Simple<br />
offload)<br />
• Web Authentication, EAP-SIM/AKA<br />
• Dynamic Service Selection<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 32
Wi-Fi <strong>Network</strong><br />
1<br />
AAA/<br />
Portal<br />
HLR OCS PCRF<br />
2<br />
WLC<br />
AAA<br />
Gy<br />
Gx<br />
3<br />
iWAG<br />
MN<br />
4<br />
WLC<br />
Internet<br />
5<br />
LMA<br />
CN – Server/Host<br />
6<br />
WLC<br />
iWAG<br />
Walled Garden<br />
Content<br />
7<br />
8<br />
WLC<br />
Traffic flow for Simple<br />
IP subscribers<br />
Traffic flow for Mobile<br />
IP subscriber<br />
AAA interactions<br />
802.11(x) CAPWAP L2<br />
PMIPv6<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 33
SP Wi-Fi Deployment #5<br />
Connectivity<br />
IP Addressing<br />
• L2-connected network<br />
• DHCP initiated<br />
• Offload: Unclassified MAC & RADIUS Proxy initiator<br />
• IPv4, IPv6 or Dual-stack Clients<br />
• Simple IP User Internal DHCP<br />
• Mobile IP User from MPC<br />
Services<br />
• Data to 4G Core PMIPv6 ( Mobile Offload)<br />
• Open Access Wi-Fi Services (Simple<br />
offload)<br />
• Web Authentication<br />
• Dynamic Service Selection<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 34
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 35
SP Wi-Fi Deployment #6<br />
Connectivity<br />
IP Addressing<br />
• L2-connected network<br />
• DHCP initiated<br />
• Offload: Unclassified MAC & RADIUS Proxy initiator<br />
• IPv4, IPv6 or Dual-stack Clients<br />
• Simple IP User Internal DHCP<br />
• Mobile IP User from MPC<br />
Services<br />
• Wholesale service to 4G ( Mobile Offload)<br />
• NAI: "mn0@serviceprovider.com" Client-id i.e. DHCP<br />
option 61<br />
• MAC: Calling-station ID ( Radius attribute 31)<br />
• Open Access Wi-Fi Services (Simple IP<br />
users)<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 36
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 37
SP Wi-Fi Deployment #7<br />
Connectivity<br />
IP Addressing<br />
• L2-connected network<br />
• DHCP initiated<br />
• Offload: Unclassified MAC & RADIUS Proxy initiator<br />
• IPv4, IPv6 or Dual-stack Clients<br />
• Simple IP User Internal DHCP<br />
• Mobile IP User from MPC<br />
Services<br />
• Residential Wi-Fi per CPE Billing<br />
• Community Wi-Fi per user Billing<br />
• Wholesale service to 4G ( Mobile Offload)<br />
• Open Access Wi-Fi Services (Simple offload)<br />
• Web Authentication<br />
• Dynamic Service Selection<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 38
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 39
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 40
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 41
3G – GTPv1<br />
4G – PMIPv6<br />
Deployment<br />
Model #<br />
Access<br />
Type<br />
Authentication FSOL Service IP<br />
1 Layer 2<br />
EAP-SIM/AKA (out-ofband)<br />
EXAMPLE<br />
DHCP<br />
Discover<br />
PGW/LMA<br />
2 Layer 2 EAP-SIM/AKA (in-band) Radius Proxy PGW/LMA<br />
3 Layer 2 Web Logon<br />
Unclassified<br />
MAC<br />
PGW/LMA<br />
4 Layer 2<br />
EAP-SIM/AKA (out-ofband)<br />
DHCP<br />
Discover<br />
GGSN<br />
5 Layer 2 EAP-SIM/AKA (in-band) Radius Proxy GGSN<br />
6 Layer 2 Web Logon<br />
Unclassified<br />
MAC<br />
GGSN<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 42
HLR OCS PCRF CGF<br />
AAA<br />
DHCP<br />
Access <strong>Network</strong> Policy<br />
Gy Gx Ga<br />
Mobile Home <strong>Network</strong> Policy<br />
EAP-SIM/AKA<br />
Authentication<br />
(out-of-band)<br />
AP<br />
PGW/LMA<br />
4G Core<br />
AP<br />
WLC<br />
FSOL: DHCP Discover<br />
Service IP<br />
ASR1K<br />
L2 Connected<br />
iWAG<br />
Model #<br />
Access<br />
Type<br />
Authentication FSOL Service IP<br />
Internet<br />
1 Layer 2<br />
EAP-SIM/AKA<br />
(out-of- band)<br />
DHCP<br />
Discover<br />
PGW/LMA<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 43
ITP<br />
Device 802.1x AP+WLC iWAG P-GW PCRF Policy Manager AAA<br />
HLR<br />
Sub DB CAR+ITP<br />
EAP Request/ID<br />
EAP ID<br />
Response/ID<br />
RADIUS Access Request<br />
(username= EAP ID, calling station ID = MAC, called-station-ID = AP:SSID)<br />
EAP-SIM Method, Recover IMSI from Pseudonym or Fast Re-Auth ID<br />
Recover Subscription<br />
Profile (IMSI)<br />
MAP SEND<br />
AUTH INFO<br />
Req<br />
MAP SEND<br />
AUTH INFO<br />
Res<br />
Configure authorized IMSIs on<br />
the Subscriber database with<br />
WiFi Subscriber Profile.<br />
WiFi Subscriber Profile:<br />
Realm, WiFi APN, Charging<br />
Characteristics, IPv4/IPv6<br />
service<br />
IMSI Authenticated, but<br />
MSISDN unknown<br />
MAP SRI for<br />
LCS Req<br />
(IMSI)<br />
MAP SRI for LCS<br />
Res (MSISDN)<br />
Store MSISDN<br />
Cache MAC, IMSI,<br />
MSISDN,<br />
subscriber profile<br />
RADIUS Access Accept<br />
EAP SUCCESS<br />
VLAN<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 44
iWAG<br />
ITP<br />
Device AP+WLC DHCP/MAG<br />
Source MAC Address: DHCP Discover<br />
P-GW/LMA<br />
PCRF<br />
SPR/<br />
Sub DB<br />
RADIUS Access Request (Calling Station ID = Source MAC<br />
address)<br />
RADIUS Access Accept(User Profile)<br />
AAA<br />
CAR+ITP<br />
HLR<br />
User Profile VSAs:<br />
CISCO-SERVICE-SELECTION (APN),<br />
CISCO-MOBILE-NODE-IDENTIFIER<br />
(IMSI@realm) , LMA,<br />
CISCO-MSISDN,<br />
3GPP-CHARGING-CHARS,<br />
CISCO-MN-SERVICE (IPv4)<br />
DHCP Offer (a.b.c.d)<br />
DHCP Req/Ack<br />
(Primary DNS recovered from<br />
PBA)<br />
PBU<br />
PBA<br />
Gx:CCR-I<br />
Gx:CCA-I<br />
IPv4 HoA = 0.0.0.0<br />
MN-ID (imsi@realm), SSMO (APN),<br />
MSISDN, CHARGING<br />
CHARACTERISTICS , ATT = Wi-Fi<br />
Gx:CCR-I: IMSI, MSISDN,<br />
APN, RAT Type<br />
Subscriber ID Type = E.164,<br />
RAT=WiFi<br />
Open PGW-CDR<br />
With container for WiFi<br />
Service, subscriber ID<br />
= MSISDN<br />
PMIPv6<br />
RF: Diameter ACR<br />
RF: Diameter ACA<br />
SP: Recover Subscriber<br />
Profile<br />
Policy Profile to Apply<br />
PBA: IPv4 Home Address<br />
(HoA)<br />
PCO: Primary DNS<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 45
For Your<br />
Reference<br />
pmipv6 or<br />
gtpv1<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 46
Platform RP/Memory ESP<br />
ASR1001 16GB integrated<br />
ASR1002-X 16GB integrated<br />
ASR1004 RP2 16GB ESP40<br />
ASR1006/13 RP2 16GB ESP40/100<br />
Existing ISG/broadband licenses support<br />
iWAG http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_c07-448862.html<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 47
• SP Wi-Fi becomes an access solution to the MPC<br />
• iWAG enables Wi-Fi integration into 3G via GTPv1<br />
• iWAG enables Wi-Fi integration into 4G via PMIPv6<br />
• iWAG provides service providers with new revenue-sharing<br />
business models<br />
• Enables SP to use common subscriber Billing and Policy [Gx, Gy] across<br />
3G,4G and Wi-Fi network<br />
• Building block of an integrated solution providing:<br />
• Seamless experience to customers (clientless)<br />
• Support for evolution of mobile operator services<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 48
• PMIPv6 - <strong>Network</strong>-Based Mobility Deployment Guide:<br />
http://www.cisco.com/en/US/docs/ios-xml/ios/mob_pmipv6/configuration/xe-<br />
3s/deployment/mob-pmipv6-deploy.html<br />
• ISG: <strong>Cisco</strong> ASR 1000 http://www.cisco.com/en/US/docs/iosxml/ios/isg/configuration/xe-3s/isg-xe-3s-book.html<br />
• MAG : <strong>Cisco</strong> ASR 1000 http://www.cisco.com/en/US/docs/ios-<br />
xml/ios/mob_pmipv6/configuration/xe-3s/asr1000/mob-pmipv6-xe-3s-asr1000-<br />
book.html<br />
• MAG: <strong>Cisco</strong> ISR http://www.cisco.com/en/US/docs/iosxml/ios/mob_pmipv6/configuration/15-2mt/imo-pmipv6-mag-support.html<br />
• MAG: <strong>Cisco</strong> WLC<br />
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080<br />
bd4100.shtml<br />
• iWAG on slide share http://www.slideshare.net/getyourbuildon/i-wag-intelligentwireless-access-gateway<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 49
• SP Wi-Fi NOSTG Product manager<br />
Amrit Hanspal – ahanspal@cisco.com<br />
• SP Wi-Fi ASR 1000 Product manager<br />
Greg Cote – grcote@cisco.com<br />
• SP Wi-Fi Technical Marketing Engineers<br />
Akshaya Kumar – sakskuma@cisco.com<br />
Boris Mimeur – bomimeur@cisco.com<br />
Prashant Jhingran – pjhingra@cisco.com<br />
• Or simply write to us: iwag@cisco.com<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 50
Thank you.
Platform RP/Memory ESP<br />
ASR1001 16GB integrated<br />
ASR1002-X 16GB integrated<br />
ASR1004 RP2 16GB ESP40<br />
ASR1006/13 RP2 16GB ESP40/100<br />
Existing ISG/broadband licenses support<br />
iWAG http://www.cisco.com/en/US/prod/collateral/routers/ps9343/product_bulletin_c07-448862.html<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 52
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 53
<strong>Cisco</strong>-AVPair = mn-nai=user1@serviceprovider.com<br />
<strong>Cisco</strong>-AVPair = mn-service=ipv4<br />
<strong>Cisco</strong>-AVPair = cisco-service-selection=service1.com<br />
<strong>Cisco</strong>-AVPair = cisco-msisdn=01919448927814<br />
3gpp-imsi = 262020000000642<br />
<strong>Cisco</strong>-AVPair = mn-apn=serviceprovider.com<br />
<strong>Cisco</strong>-AVPair = cisco-mpc-protocol-interface=gtpv1<br />
3G mobile user<br />
RADIUS profile<br />
GTP based<br />
4G mobile user<br />
RADIUS profile<br />
PMIPv6 based<br />
<strong>Cisco</strong>-AVPair = mn-nai=user1@serviceprovider.com<br />
<strong>Cisco</strong>-AVPair = mn-service=ipv4<br />
<strong>Cisco</strong>-AVPair = home-lma-ipv6-address=2001:db8:cafe:1024::101<br />
<strong>Cisco</strong>-AVPair = home-lma-ipv4-address=5.8.24.101<br />
<strong>Cisco</strong>-AVPair = home-lma=lma1<br />
<strong>Cisco</strong>-AVPair = mn-apn=serviceprovider.com<br />
<strong>Cisco</strong>-AVPair = cisco-mpc-protocol-interface=pmipv6<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 54
Integration to<br />
ISG<br />
interface GigabitEthernet0/1/0.3074<br />
description “4G Mobile users access interface”<br />
encapsulation dot1Q 3074<br />
ip address 5.8.22.15 255.255.255.0<br />
ipv6 address FE80::200:5EFF:FE00:5213 link-local<br />
service-policy type control PMIP_PROFILE<br />
ip subscriber l2-connected<br />
initiator dhcp<br />
interface GigabitEthernet0/3/6.1<br />
description “”3G Mobile users access interface”<br />
encapsulation dot1Q 1 native<br />
ip address 192.168.10.1 255.255.255.0<br />
ipv6 address FE80::300:5EFF:FE00:5213 link-local<br />
service-policy type control GTP_PROFILE<br />
ip subscriber l2-connected<br />
initiator dhcp<br />
Access interface<br />
definition for 4G<br />
user<br />
Access interface<br />
definition for 3G<br />
user<br />
mcsa<br />
enable sessionmgr<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 55
PMIPv6<br />
domain<br />
definition<br />
PMIPv6 LMA<br />
to which<br />
iWAG as<br />
MAG sends<br />
traffic to<br />
!<br />
ipv6 mobile pmipv6-domain D1<br />
mn-profile-load-aaa<br />
lma lma1<br />
ipv6-address 2001:DB8:CAFE:1024::101<br />
!<br />
ipv6 mobile pmipv6-mag M1 domain D1<br />
role 3GPP<br />
address ipv6 2001:DB8:CAFE:1025::15<br />
interface GigabitEthernet0/1/0.3074<br />
!<br />
PMIPv6<br />
MAG<br />
definition<br />
iWAG<br />
access<br />
interface(s)<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 56
GTP<br />
definition<br />
RAT: Radio Access<br />
Technology<br />
Details for<br />
iWAG to<br />
reach the<br />
GGSN<br />
gtp<br />
n3-request 3<br />
interval t3-response 10<br />
interval echo-request 60<br />
information-element rat-type wlan<br />
interface local GigabitEthernet0/3/0<br />
apn 1<br />
apn-name cisco1.com<br />
ip address ggsn 192.170.10.2<br />
default-gw 192.168.10.1 prefix-len 16<br />
dns-server 192.165.1.1<br />
dhcp-server 192.168.10.1<br />
dhcp-lease 30000<br />
iWAG<br />
access<br />
interface(s)<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 58
• SP Wi-Fi becomes an access solution to the MPC<br />
• iWAG enables Wi-Fi integration into 3G via GTPv1<br />
• iWAG enables Wi-Fi integration into 4G via PMIPv6<br />
• iWAG provides service providers with new revenue-sharing<br />
business models<br />
• Enables SP to use common subscriber Billing and Policy [Gx, Gy] across<br />
3G,4G and Wi-Fi network<br />
• Building block of an integrated solution providing:<br />
• Seamless experience to customers (clientless)<br />
• Support for evolution of mobile operator services<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 59
• PMIPv6 - <strong>Network</strong>-Based Mobility Deployment Guide:<br />
http://www.cisco.com/en/US/docs/ios-xml/ios/mob_pmipv6/configuration/xe-<br />
3s/deployment/mob-pmipv6-deploy.html<br />
• ISG: <strong>Cisco</strong> ASR 1000 http://www.cisco.com/en/US/docs/iosxml/ios/isg/configuration/xe-3s/isg-xe-3s-book.html<br />
• MAG : <strong>Cisco</strong> ASR 1000 http://www.cisco.com/en/US/docs/ios-<br />
xml/ios/mob_pmipv6/configuration/xe-3s/asr1000/mob-pmipv6-xe-3s-asr1000-<br />
book.html<br />
• MAG: <strong>Cisco</strong> ISR http://www.cisco.com/en/US/docs/iosxml/ios/mob_pmipv6/configuration/15-2mt/imo-pmipv6-mag-support.html<br />
• MAG: <strong>Cisco</strong> WLC<br />
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080<br />
bd4100.shtml<br />
• iWAG on slide share http://www.slideshare.net/getyourbuildon/i-wag-intelligentwireless-access-gateway<br />
© 2012 <strong>Cisco</strong> and/or its affiliates. All rights reserved. <strong>Cisco</strong> Public 60
Thank you.