4.1.1. Architecture based on the S2a interface

The functional architecture based on the S2a interface corresponds to trusted Wi-Fi access and network-based mobility (Figure 4.1).

The mobile data stream travels through the Wi-Fi radio interface and the S2a tunnel to access the packet data network (PDN). The PGW (PDN Gateway) entity is an IP (Internet Protocol) router that acts as a gateway for the mobile data stream.

The home subscriber server (HSS) and the AAA (Authentication, Authorization and Accounting) server provide the following functions:

• – mutual authentication of the mobile and the AAA server via the SWx and STa interfaces. This authentication has the effect of opening Wi-Fi access to the mobile;
• – transfer of the mobile profile to the PGW entity via the S6b interface and to the trusted Wi-Fi access via the STa interface. The mobile profile contains a list of access point names (APN) and the quality of service (QoS) level of the S2a tunnel and Wi-Fi interface.

The policy and charging rules function (PCRF) also provides the traffic profile, including the QoS level of the S2a tunnel, to the PGW entity via the Gx interface and to the trusted Wi-Fi access via the Gxa interface.

The user profile is stored in the HSS entity for the establishment of the default bearers and, in this case, the presence of the PCRF is optional.

The presence of the PCRF entity is mandatory for the establishment of the dedicated bearers on the initiative of an application function (AF) whose first example of implementation is the VoLTE (Voice over LTE) that provides telephone service.

The characteristics of the dedicated bearer for the IP packet containing the voice are only stored in the SPR (Subscription Profile Repository) database associated with the PCRF entity.

A trusted WLAN access network (TWAN) includes the following features:

• – WLAN AN: this feature includes Wi-Fi access points;
• – TWAG (Trusted WLAN Access Gateway): this function terminates the S2a tunnel;
• – TWAP (Trusted WLAN AAA Proxy): this function terminates the STa interface.

The transparent single-connection (TSC) mode provides a single connection to the PGW entity without the mobility support between LTE and Wi-Fi radio accesses. The IPv4 and/or IPv6 address of the mobile is provided by the TWAG function:

• – in the case of a stateful configuration, the TWAG function acts as a DHCP (Dynamic Host Configuration Protocol) server;
• – in the case of a stateless configuration, the TWAG function broadcasts the prefix of the IPv6 address.

The single-connection mode (SCM) supports the mobility between LTE and Wi-Fi accesses. This mode also supports non-seamless WLAN offload (NSWO) for which the traffic is directly routed to the Internet network through the TWAG function.

The multi-connection mode (MCM) supports NSWO and multi-access PDN connectivity (MAPCON) for which the various connections to the PDN pass through LTE (e.g. telephone service) or Wi-Fi (e.g. Internet service) interfaces according to the policy of the operator. The mobility between LTE and Wi-Fi radio accesses is possible. This mode also supports the NSWO function.

The connection via Wi-Fi interface is established by WLCP (WLAN Control Plane) protocol. The connection is identified by the MAC address of the mobile associated with a MAC address of the TWAG function.

For the single- or multi-connection modes, the IPv4 and/or IPv6 address of the mobile is provided by the PGW entity.

The PGW entity allocates the downlink packets to different S2a bearers based on the TFT (Traffic Flow Template) packet filters set up during the establishment of the S2a bearer (Figure 4.2).

The TWAN function of the trusted Wi-Fi access assigns the uplink packets to different S2a bearers based on the TFT packet filters set up during the establishment of the S2a bearer (Figure 4.2).

4.1.2. Architecture based on the S2b interface

The functional architecture based on the S2b interface corresponds to the untrusted Wi-Fi access and network-based mobility (Figure 4.3).

The mobile stream passes through the SWu and S2b tunnels to access the PDN via the PGW entity. The SWu tunnel is built between the mobile and the evolved packet data gateway (ePDG). The S2b tunnel is built between the ePDG and PGW entities.

The HSS entity and the AAA server provide the following functions:

• – mutual authentication of the mobile and the AAA server, via the SWx and SWa interfaces. This authentication has the effect of opening Wi-Fi access to the mobile;
• – mutual authentication related to the establishment of the SWu tunnel, via the SWx and SWm interfaces;
• – transfer of the mobile profile to the PGW entity via the interface S6b, the ePDG entity via the SWm interface and the untrusted Wi-Fi access via the SWa interface. The mobile profile contains a list of access point names (APN) and the quality of service (QoS) level of the S2b tunnel.

The PCRF entity provides the QoS level of the S2b tunnel to the PGW via the Gx interface and to the ePDG via the Gxb interface.

The PCRF entity provides the QoS level of the SWu tunnel to the ePDG entity via the Gxb interface. In this case, the ePDG entity provides the QoS level to be applied on the Wi-Fi radio interface via the SWn interface.

The mobile must establish an SWu instance for each PDN connection.

When the mobile connects to the PDN, a default bearer must be established on the S2b interface. This connection is maintained for the duration of the connection.

Dedicated bearers can be built for the same PDN connection, based on the rules provided by the PCRF.

A SWu instance transports the packets of all S2b bearers for the same connection to the PDN between the mobile and the ePDG entity.

The ePDG entity shall release the SWu instance when the S2b default bearer of the associated connection to the PDN is released.

Two IPv4 and/or IPv6 addresses are assigned to the mobile:

• – an address for the SWu tunnel built between the mobile and the ePDG entity, provided by the untrusted Wi-Fi access;
• – an address for the flow transiting in this tunnel, provided by the PGW entity.

The connection to the PDN is described in Figure 4.4.

The PGW entity must allocate the downlink packets to different S2b bearers according to the TFT packet filters set up during the establishment of the S2b bearer.

The ePDG entity must assign the downlink packets to the SWu instance based on the correspondence between the SWu instance and the identifier of the S2b bearer.

The mobile must assign the uplink packets to the SWu instance based on the correspondence between the APN identifier of the PDN connection and the SWu instance.

The ePDG entity must allocate uplink packets to different S2b bearers according to the TFT packet filters, which are set up during the establishment of the S2b bearer.

4.1.3. Architecture based on the S2c interface

The functional architecture based on the S2c interface corresponds to a mobility based on the mobile. The functional architecture is shown in Figure 4.5 for the trusted Wi-Fi access and Figure 4.6 for the untrusted Wi-Fi access.

The mobile data stream passes through the S2c tunnel built between the mobile and the PGW entity to access the PDN.

In the case of an untrusted Wi-Fi access, the S2c tunnel passes through the SWu tunnel built between the mobile and the ePDG entity.

4.2.1. Architecture based on the S2a interface

The S2a interface is the point of reference between the PGW entity and the trusted Wi-Fi access. This interface supports several mechanisms for the establishment of the S2a tunnel.

The construction of the S2a tunnel requires the selection of the PGW entity by Wi-Fi access, according to information provided by the AAA server during authentication.

This information can be the IP address of the PGW entity, the full qualified domain name (FQDN) or the APN. The trusted Wi-Fi access retrieves the IP address of the PGW entity by performing DNS (Domain Name System) resolution based on the FQDN or the APN.

4.2.1.1. PMIPv6 mechanism

The PMIPv6 (Proxy Mobile IP version 6) mechanism relies on the signaling provided by the mobility extension of the IPv6 header exchanged between Wi-Fi access and the PGW entity (Figure 4.7) and on the GRE (Generic Routing Encapsulation) tunnel of the mobile data stream (Figure 4.8).

The MIPv6 mechanism requires functionality in the IPv6 stack of a mobile node. The exchange of signaling messages between the mobile node and the home network agent makes it possible to create and maintain a correspondence between its address in the home network and the foreign network.

Network-based mobility supports the mobility of IPv6 nodes without mobile involvement by extending MIPv6 signaling between the TWAG function and the PGW entity.

This approach to support mobility does not require the mobile node to be involved in the exchange of signaling messages. The PMIPv6 protocol is an extension of the MIPv6 protocol.

A mobile node can operate in an IPv4, IPv6 or IPv4/IPv6 environment. The PMIPv6 protocol independently supports the mobility of the IPv4 address and the transport of IP packets in an IPv4 network.

The PMIPv6 mechanism can transport IPv4 or IPv6 streams in IPv4 or IPv6 tunnels.

4.2.1.2. MIPv4 mechanism

The MIPv4 FA (Mobile IP version 4 Foreign Agent) mechanism is based on MIPv4 signaling (Figure 4.9) and the IP packet (the mobile data stream) encapsulated in the IP tunnel (Figure 4.10).

MIPv4 signaling is exchanged, on the one hand, between the mobile and the trusted Wi-Fi access and, on the other hand, between the trusted Wi-Fi access and the PGW entity.

The MIPv4 protocol allows Wi-Fi access, playing the role of a foreign agent, to assign the mobile an IPv4 address in a foreign network.

The MIPv4 protocol makes it possible to register with the PGW entity, which plays the role of a home agent, the correspondence between the mobile IPv4 address in the home network, provided by the PGW entity, and the IPv4 address in the foreign network.

The MIPv4 mechanism makes it possible to transport only IPv4 streams in IPv4 tunnels.

4.2.1.3. GTPv2 mechanism

The GTPv2 (GPRS Tunneling Protocol version 2) mechanism is based on the GTPv2-C (Control) signaling exchanged between the trusted Wi-Fi access and the PGW entity (Figure 4.11) and on the GTP-U (User) tunnel of the mobile flow (Figure 4.12).

The GTPv2-C protocol allows the activation or the deactivation of a session as well as the creation, modification or release of GTP-U bearers.

The GTPv2 mechanism can transport IPv4 or IPv6 streams in IPv4 or IPv6 tunnels.

4.2.2. Architecture based on the S2b interface

The S2b interface is the point of reference between the PGW and ePDG entities. This interface supports the PMIPv6 (Figures 4.13 and 4.14) or GTPv2 mechanisms for the establishment of the S2b tunnel.

The SWu interface is the point of reference between the ePDG entity and the mobile. This interface supports the IPSec (IP Security) mechanism including IKEv2 (Internet Key Exchange version 2) signaling (Figure 4.13) and the ESP (Encapsulating Security Payload) tunnel of the mobile stream (Figure 4.14).

The construction of the SWu tunnel requires the retrieval of the IP address of the ePDG entity by the mobile. This IP address can be configured in the mobile by various means.

The mobile can also perform a DNS resolution on the FQDN of the ePDG entity. The mobile automatically builds the FQDN from the identity of the operator contained in its international mobile subscriber identity (IMSI) or from the tracking area identify (TAI), where the mobile is located.

The construction of the S2b tunnel requires the selection of the PGW entity by the ePDG entity from information provided by the AAA server during the authentication for the establishment of the SWu tunnel.

4.2.3. Architecture based on the S2c interface

The S2c interface is the point of reference between the PGW entity and the mobile. This interface supports the DSMIPv6 (Dual-Stack Mobile IP version 6) mechanism for the establishment of the S2c tunnel built between the mobile and the PGW entity.

In the case of a trusted Wi-Fi access, this interface supports DSMIPv6 signaling (Figure 4.15) and IP in the IP tunnel (Figure 4.16) of the mobile stream.

In the case of an untrusted Wi-Fi access, the IPSec tunnel established between the mobile and the ePDG entity protects the S2c interface.

The MIPv6 protocol allows IPv6 mobile nodes to move while maintaining accessibility and ongoing sessions.

The DSMIPv6 protocol prevents the IPv4/IPv6 dual-stack mobile from running both MIPv4 and MIPv6 mobility protocols simultaneously.

The DSMIPv6 protocol also takes into account the case where the mobile moves in a private IPv4 network. The mobile node must be able to communicate with the PGW entity, which acts as a home agent, through a NAT (Network Address Translation) device.

In the case of an untrusted Wi-Fi access, the S2c tunnel is established from the IP address of the PGW provided by the AAA server during the authentication for the establishment of the SWu tunnel.

The mobile can also retrieve the IP address of the PGW entity by querying a DHCP (Dynamic Host Configuration Protocol) server or by performing DNS resolution based on the FQDN of the PGW entity.

4.3.1. AAA server interfaces

The DIAMETER protocol is supported by the interfaces between, on the one hand, the AAA server, and on the other hand (Figure 4.17):

• – the trusted Wi-Fi access via the STa interface;
• – the untrusted Wi-Fi access via the SWa interface;
• – the PGW entity via the S6b interface;
• – ePDG entity via the SWm interface;
• – the HSS entity via the SWx interface.

The SWx interface is used by the AAA server to retrieve the authentication data, the subscriber profile and the parameters for the PMIPv6, MIPv4 FA, GTPv2 and DSMIPv6 mechanisms.

The SWx interface is used to register the address of the PGW and the AAA server in the HSS when establishing tunnel S2a, S2b or S2c.

The SWx interface is used by the HSS entity for updating the mobile profile and for detaching it.

Table 4.1 summarizes the DIAMETER messages exchanged on the SWx interface.

The STa and SWa interfaces share the same authentication procedure. During the authentication phase, the AAA server decides whether Wi-Fi access is trusted or untrusted, and communicates the decision to the Wi-Fi access point.

The STa and SWa interfaces are used to carry information relating to the mechanisms PMIPv6, MIPv4 FA (only in the case of the STa interface), GTPv2 and DSMIPv6.

The STa and SWa interfaces are used for detaching the mobile, the procedure being at the initiative of the Wi-Fi access or the AAA server.

The STa and SWa interfaces are used to renew mobile authentication. The procedure is initiated by the AAA server in the event that the subscriber’s profile stored in the HSS entity is changed, or at the initiative of the Wi-Fi access that wants to verify that the subscriber’s profile is not modified.

Table 4.2 summarizes the DIAMETER messages exchanged on the STa and SWa interfaces.

The S6b interface is used by the PGW entity to communicate its address to the AAA server when the tunnel S2a, S2b or S2c is established.

The S6b interface is used by the PGW entity to retrieve the subscriber’s profile and the PMIPv6 and GTPv2 mechanism information.

The S6b interface is used by the PGW entity to retrieve mobile authentication data for the DSMIPv6 mechanism. The authentication data is used to control the establishment of the IPSec mechanism to protect the DSMIPv6 signaling exchanged between the mobile and the PGW entity.

The S6b interface is used for terminating the mobile session, the procedure being initiated by the PGW entity or the AAA server.

Table 4.3 summarizes the DIAMETER messages exchanged on the S6b interface.

The SWm interface is used for the mutual authentication procedure of the mobile and the AAA server which is implemented during the establishment of the SWu tunnel.

The SWm interface is used by the ePDG entity to retrieve the subscriber’s profile and the PMIPv6 and GTPv2 mechanism information.

The SWm interface can also be used to transmit to the ePDG entity the IP address or the FQDN of the PGW entity.

The SWm interface is used for terminating the mobile session, the procedure being initiated by the ePDG entity or the AAA server.

Table 4.4 summarizes the DIAMETER messages exchanged on the SWm interface.

4.3.2. PCRF interfaces

The DIAMETER protocol is also supported on the interfaces between, on the one hand, the PCRF entity, and on the other hand (Figure 4.18):

• – the PGW entity via the Gx interface;
• – the trusted Wi-Fi access via the Gxa interface;
• – the ePDG entity via the Gxb interface.

The Gx, Gxa and Gxb interfaces make it possible to request the PCRF entity:

• – to retrieve the rules to apply to the default bearer created by the EPS network;
• – to inform the PCRF entity of the termination of the session on the EPS network.

The Gx, Gxa and Gxb interfaces allow the PCRF entity to provide the rules to be applied for the dedicated bearer.

Table 4.5 summarizes the DIAMETER messages exchanged on the Gx, Gxa and Gxb interfaces.