Nokia WLAN gateway. Foundation to deliver a superior customer experience



Similar documents
ALCATEL-LUCENT 7750 SERVICE ROUTER NEXT-GENERATION MOBILE GATEWAY FOR LTE/4G AND 2G/3G AND ANCHOR FOR CELLULAR-WI-FI CONVERGENCE

3G/Wi-Fi Seamless Offload

Amdocs Smart Net Solution

Managing carrier Wi-Fi

ALCATEL-LUCENT lightradio WI-FI SOLUTION TURNING WI-FI HOTSPOTS INTO A HOT BUSINESS OPPORTUNITY FOR WIRELESS SERVICE PROVIDERS

Supporting Municipal Business Models with Cisco Outdoor Wireless Solutions

Virtual CPE and Software Defined Networking

Co-existence of Wireless LAN and Cellular Henry Haverinen Senior Specialist Nokia Enterprise Solutions

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE

Business Intelligence and Policies to Drive Profitable Mobile Broadband Services

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

Application Note Secure Enterprise Guest Access August 2004

Cisco Outdoor Wireless Mesh Enables Alternative Broadband Access

Cisco Quantum Policy Suite for BNG

Wireless Local Area Networks (WLANs)

Delivering Dedicated Internet Access (DIA) and IP Services with Converged L2 and L3 Access Device

Wi-Fi integration with cellular networks enhances the customer experience. White paper

Service Automation Made Easy

Cisco Virtual Office Express

SDN PARTNER INTEGRATION: SANDVINE

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

Deploying IPv6 in 3GPP Networks. Evolving Mobile Broadband from 2G to LTE and Beyond. NSN/Nokia Series

Verizon Managed SD WAN with Cisco IWAN. October 28, 2015

Cellular Data Offload. And Extending Wi-Fi Coverage. With Devicescape Easy WiFi

Clavister Small Cell Site Security Solution

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

A Software Defined Networking Approach To Cable Wi-Fi Alon Bernstein, Vince Pandolfi, Charles Duffy, Sangeeta Ramakrishnan Cisco Systems

Design and Implementation Guide. Apple iphone Compatibility

ALCATEL-LUCENT 7750 SERVICE ROUTER: YOUR EDGE IN SERVICE EVOLUTION. Application Note

Acme Packet Net-Net SIP Multimedia-Xpress

Real World IPv6 Migration Solutions. Asoka De Saram Sr. Director of Systems Engineering, A10 Networks

Lucent VPN Firewall Security in x Wireless Networks

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

ProCurve Networking IPv6 The Next Generation of Networking

IP/MPLS Networks for Public Safety

Cisco EXAM Enterprise Network Unified Access Essentials. Buy Full Product.

Mobility Management for All-IP Core Network

464XLAT in mobile networks

Cisco Satellite Services Platform Delivering Managed Services over Satellite

Intel Network Builders Solution Brief. Intel and ASTRI* Help Mobile Network Operators Support Small Cell Networks

Securing Next Generation Mobile Networks

Enterprise WLAN Architecture

Mobile Wireless Overview

Best Practices for Outdoor Wireless Security

Integrating Lawful Intercept into the Next Generation 4G LTE Network

Diameter in the Evolved Packet Core

This document describes how the Meraki Cloud Controller system enables the construction of large-scale, cost-effective wireless networks.

Aruba HybridControl Architecture for Service Providers. The advanced Wi-Fi infrastructure for managed services and cellular data offload

WIRELESS IN THE METRO PACKET MICROWAVE EXPLAINED

Cloud communication and collaboration with Rapport on CloudBand

Verizon Wireless White Paper. Verizon Wireless Broadband Network Connectivity and Data Transport Solutions

Cisco RV 120W Wireless-N VPN Firewall

Alcatel-Lucent Enterprise Converged Network Solution

Managed 4G LTE WAN: Provide Cost-Effective Wireless Broadband Service

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

APPLICATION-AWARE ROUTING IN SOFTWARE-DEFINED NETWORKS

Nokia Siemens Networks mobile softswitching Taking voice to the next level

NX 9500 INTEGRATED SERVICES PLATFORM FOR THE PRIVATE CLOUD

Cisco Knowledge Network

Security and Authentication Concepts

Pronto Cloud Controller The Next Generation Control

Virtualization techniques for redesigning mobile backhaul networks: challenges and issues. Fabrice Guillemin Orange Labs, IMT/IMT/OLN/CNC/NCA

Building Wireless Networks. Tariq Hasan Regional Sales Manager, MENA Wireless Network Solutions Motorola Solutions

Course Contents CCNP (CISco certified network professional)

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

VPN. Date: 4/15/2004 By: Heena Patel

INTELLIGENT NETWORK SERVICES MIGRATION MORE VALUE FOR THE

November Defining the Value of MPLS VPNs

white paper Motorola s Wireless network Indoor/Outdoor Solution

ALCATEL-LUCENT ENTERPRISE CONVERGED NETWORK SOLUTION Deliver a consistent and quality user experience, streamline operations and reduce costs

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

IVCi s IntelliNet SM Network

Juniper Networks Universal Edge: Scaling for the New Network

Access to GSM and GPRS mobile services over unlicensed spectrum technologies through UMA

Virtual SmartCell. Virtual SmartCell. Gateway SERVICE PROVIDER CLASS WLAN CONTROLLER DESIGNED TO RUN IN THE CLOUD. data sheet KEY FEATURES/BENEFITS

GPRS and 3G Services: Connectivity Options

Nokia Networks. Voice over Wi-Fi. White paper. Nokia Networks white paper Voice over Wi-Fi

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Layer 7 Visibility and Control

Telecommunication Services Engineering (TSE) Lab. Chapter III 4G Long Term Evolution (LTE) and Evolved Packet Core (EPC)

MOBILE VIDEO WITH MOBILE IPv6

Demo 1. Network Path and Quality Validation in the Evolved Packet Core

TO PACKET CORE. EVOLving THE PACKET CORE TO An NFV/sdN ARCHITECTURE

Transition to IPv6 for Managed Service Providers: Meet Customer Requirements for IP Addressing

Optimizing Networks for NASPI

EMERGING INNOVATIONS IN CARRIER WI-FI

Security MWC Nokia Solutions and Networks. All rights reserved.

VLANs. Application Note

The following chart provides the breakdown of exam as to the weight of each section of the exam.

TECHNOLOGY WHITE PAPER. Correlating SDN overlays and the physical network with Nuage Networks Virtualized Services Assurance Platform

Easily Connect, Control, Manage, and Monitor All of Your Devices with Nivis Cloud NOC

Highly Available Unified Communication Services with Microsoft Lync Server 2013 and Radware s Application Delivery Solution

Transcription:

Foundation to deliver a superior customer experience White paper Carrier Wi-Fi technologies are playing an ever more important role in the mobile broadband strategies of telecom operators, including fixed operators, multiple service operators (MSOs), mobile network operators (MNOs), mobile virtual network operators (MVNOs) and converged operators. Wi-Fi usage and the number of Wi-Fi access points are rapidly increasing and a range of carrier Wi-Fi market applications beyond hotspots is emerging. Operators are looking for new service revenues and a competitive advantage by leveraging unlicensed Wi-Fi as an access technology and integrating carrier Wi-Fi applications into a common Wi-Fi core with carrier-grade infrastructure and systems. With the goal of a simple, secure, and seamless user experience, operators are actively looking to integrate their carrier Wi-Fi into wireless and wireline IP networks. As part of the Nokia Smart Wi-Fi portfolio, the WLAN Gateway (GW) plays a key role in realizing this goal by anchoring the carrier Wi-Fi access infrastructure and providing the GW to IP-based wireless and wireline services networks. This whitepaper describes several service deployment scenarios that leverage carrier Wi-Fi as an access technology, using the carrier-grade Nokia WLAN GW. 1 White paper

Contents 1. Leveraging Wi-Fi access technology 3 2. WLAN service deployment scenarios 4 3. Nokia WLAN Gateway 7 5. Conclusion 13 6. References 13 7. Acronyms 13 2 White paper

1. Leveraging Wi-Fi access technology These days, no operator s mobile broadband strategy is complete without carrier Wi-Fi technologies. The potential for new revenue generation is compelling, and in many markets competitive positioning demands it. Fixed operators are approaching carrier Wi-Fi from the perspective of community Wi-Fi, venue coverage, and extended hotspot strategies. Mobile and converged operators are looking to integrate carrier Wi-Fi into their cellular networks to provide users with a seamless mobile broadband experience. This is best achieved with secure and trusted connectivity across carrier Wi-Fi and cellular networks. Figure 1. Carrier Wi-Fi market applications Homespot Activation and customer care Hotspot Policy and subscriber management Wi-Fi Small cell Packet core IP edge Carrier cloud Enterprise WLAN GW Internet Mobile Wi-Fi hotspot In this dynamic environment, the suite of carrier Wi-Fi market applications is evolving rapidly. To date, some of the most widely adopted applications include: Homespot sharing of residential Wi-Fi access points with guests and passers-by Hotspot access to private, metro, or citynet-based mobile broadband services from venues or urban areas such as restaurants, stadiums, and parks Small cell access to licensed cellular and unlicensed Wi-Fi radio access infrastructures Enterprise continued expansion of hosted enterprise Wi-Fi infrastructures, as well as access to Wi-Fi within managed services from operators Mobile Wi-Fi hotspots carrier Wi-Fi access points that use cellular backhaul connections to support deployments in trains, public transport, and taxis To support these market applications, operators are making strategic changes to their networks. 3 White paper

First of all, it has become a strategic imperative for operators to implement carrier-grade Wi-Fi core infrastructure and systems. Operators are also discovering the advantage of leveraging unlicensed Wi-Fi spectrum to expand their service footprints. While they typically use carrier Wi-Fi access equipment from more than one vendor, they are ultimately integrating their carrier Wi-Fi applications into a common carrier Wi-Fi core. With these Wi-Fi network changes in place, operators can focus their attention on the delivery of a simple, secure, and seamless user experience across wireline and wireless networks. The WLAN GW plays a critical role in making this happen. It requires advanced integrated GW capabilities, such as authentication, subscriber management, billing and anchoring of user equipment (UE). It must also provide high bandwidth and aggregation, granular traffic conditioning, high density subscriber management and high availability. What s more, the WLAN GW must have the networking flexibility to concurrently support multi-vendor Wi-Fi access point (AP) infrastructure, as well as flexibly and efficiently integrate into the operator s IP network and business strategy. Section 2 describes three scenarios that demonstrate how an operator can meet the service and experience requirements of carrier W-Fi, using the Nokia WLAN GW. 2. WLAN service deployment scenarios 2.1 Layer 2 wholesale Wi-Fi service In this first scenario, a wireline or wireless operator with a carrier Wi-Fi service footprint can partner with retail service providers, MSOs, MNOs or MVNOs for use of their carrier Wi-Fi infrastructure, as shown in Figure 2. Figure 2. Layer 2 wholesale Wi-Fi service Shaping per SSID/AP AAA Retailer Wi-Fi service core Carrier cloud WLAN AP 802.11i security WLAN GW Internet Protected tunnel Retailer L2 VPN The WLAN GW provides a Layer 2 connection from the AP back to the retailer. All UE requests and traffic are passed back to the retailer as Layer 2 traffic. The retail service provider has the direct business relationship with end users and retains responsibility for issues, such as user authentication and IP address assignment. 4 White paper

The WLAN GW can perform ingress and egress shaping on the service set identifier (SSID) based on the Service Level Agreement (SLA) with the retailer. 2.2 Retail carrier Wi-Fi service/layer 3 wholesale A wireline or wireless operator can allow carrier Wi-Fi access through a retail SSID, as shown in Figure 3. Figure 3. Retail carrier Wi-Fi/Layer 3 wholesale Inter AP mobility 802.11i security AAA Shaping per SSID/AP with policing per UE Retailer Wi-Fi service core Carrier cloud WLAN AP Protected tunnel 802.11i security WLAN GW Internet In this scenario, the carrier Wi-Fi service operator has the business relationship with end users, so the retailer needs mechanisms to authenticate the end user, assign an IP address, and create a user context for accounting and billing. The following descriptions of these mechanisms refer to retail carrier Wi-Fi service, and apply equally to the provisioning of a Layer 3 wholesale service. The difference is only in who owns the back-end authentication and accounting servers. 2.2.1 User authentication The WLAN GW supports both portal-based and Extensible Authentication Protocol (EAP) user authentication mechanisms. Portal-based authentication is the familiar mechanism found in public hotspots where, after attaching to the carrier Wi-Fi service SSID, the user opens a web browser and is redirected to an authentication page to enter user credentials. EAP is an authentication framework frequently used in wireless networks and point-to-point connections. It requires no user intervention and instead allows for seamless authentication of UEs based on unique device identifiers. In IEEE 802.11 (Wi-Fi), the Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) standards have adopted IEEE 802.1X, with five EAP types as the official authentication mechanisms: EAP-TLS, EAP-SIM, EAP-AKA, LEAP, and EAP-TTLS. 5 White paper

2.2.2 IP address assignment The WLAN GW supports IP address assignment using various methods, including a local Dynamic Host Configuration Protocol (DHCP) server, DHCP relay, DHCP proxy and RADIUS. 2.2.3 UE context and policing The WLAN GW creates a UE context for accounting and billing based on information obtained from the policy server during authentication. As it does in the Layer 2 wholesale service, the WLAN GW performs ingress and egress shaping per SSID. In addition, it can also support hierarchical ingress and egress policing of the UE within the shaped SSID because the UE is anchored in the WLAN GW. 2.2.4 Inter-AP mobility The WLAN GW supports Wi-Fi inter-ap mobility for a UE that moves between APs and WLAN GWs within the carrier Wi-Fi service. When the UE traffic moves to a new AP-to-WLAN GW tunnel, the WLAN GW either seamlessly switches the UE connection, if anchored on the same WLAN GW, or detects the UE connection, if it moves between WLAN GWs. The UE can avoid full re-authentication and re-association, if the AP and UE support IEEE 802.11 Pairwise Master Key (PMK) caching, or if the APs implement IEEE 802.11r or IEEE 802.11i Opportunistic Key Caching (OKC). 2.3 Carrier Wi-Fi cellular inter-mobility Carrier Wi-Fi Cellular inter-mobility presents another retail carrier Wi-Fi service opportunity for MNOs and MVNOs. The operators can use the WLAN GW to ensure seamless connectivity and mobility between carrier Wi-Fi access networks and the cellular infrastructure. The WLAN GW obtains the UE IP address from the mobile core so that the WLAN GW can preserve the UE IP address, whether it is on carrier Wi-Fi or as the UE moves between the carrier Wi-Fi and cellular network. In the scenario illustrated in Figure 4, the carrier Wi-Fi network is used as an alternative radio access network for the MNO or MVNO subscribers. Figure 4. Carrier Wi-Fi Cellular inter-mobility SWx STa AAA HSS/HLR Carrier cloud 3G/LTE Packet core Carrier Wi-Fi to cellular mobility Shaping per SSID/AP with policing per UE S2a and Gn/Gp IP edge PGW/GGSN WLAN AP (Wi-Fi) Protected tunnel WLAN GW Internet 6 White paper

As in the retail carrier Wi-Fi service scenario, both portal-based and EAP authentication are supported. For each UE in the service, the WLAN GW creates a subscriber instance, so hierarchical policing of UE carrier Wi-Fi traffic is supported within the shaping per SSID in the AP. Unlike the other scenarios described, in this case the WLAN GW auto-creates the UE subscriber context by communicating with the mobile core to retrieve the authentication and other subscriber parameters. This allows MNOs and MVNOs to maintain a familiar operating model, and provide their subscribers with access to service experiences across the 3G/4G cellular network (for example, mobile portal, parental controls, and pre-paid charging). The WLAN GW supports the 3GPP model (SAMOG) in which the UE carrier Wi-Fi data traffic is tunneled using the GPRS Tunneling Protocol (GTP) v1 or v2 back to the packet data network GW/GW GPRS support node (PGW/GGSN) the anchor point for the UE. Used extensively in mobile networks, GTP headers contain useful bearer and policy information that the WLAN GW leverages in conjunction with IEEE 802.11e Wi-Fi Multimedia (WMM) to apply a common policy model across cellular and carrier Wi-Fi. As an enhancement to GTP tunneling all UE traffic back to the mobile core, the WLAN GW also supports Selective IP Traffic Offload (SIPTO) local breakout. Policy-defined UE traffic can be selected and then directly interconnected either to the required network resources that reside within the wireline network or to the internet. The remaining UE traffic continues to be tunneled back to the PGW/GGSN. In both cases, accounting can be unified at the mobile core. 3. Nokia WLAN Gateway Nokia offers a comprehensive Smart Wi-Fi portfolio that addresses both wireline and wireless provider requirements. Subsets of the architecture can be deployed depending on the objectives of the carrier Wi-Fi service. As a key component of the portfolio, the Nokia WLAN GW addresses requirements to anchor multi-vendor carrier Wi-Fi access infrastructure to support a range of carrier Wi-Fi market applications. The Nokia WLAN GW is supported on the Nokia 7750 Service Router (SR) or as a virtualized network function (VNF) application. Value-added services requiring service and application visibility for enabling per-user, per-device, and per-application service policies can benefit from the Application Assurance (AA) capabilities that can be deployed with the WLAN GW. 7 White paper

3.1 Traffic conditioning through aggregating and shaping Wi-Fi traffic The WLAN GW aggregates Wi-Fi traffic from the multi-vendor WLAN AP infrastructure and applies Quality of Service (QoS) traffic shaping to and from the APs. The degree to which the WLAN GW interacts with individual subscriber traffic depends on whether the Wi-Fi service is wholesale or retail. Retail services generally have more individual subscriber traffic visibility and the WLAN GW creates a state for each subscriber instance. In instances where the WLAN GW creates a Wi-Fi subscriber context, it can hierarchically police the subscriber traffic within the AP-level traffic shaping. 3.2 Networking flexibility Based on the Nokia Service Router Operating System (SR OS), the WLAN GW delivers the networking flexibility to anchor a range of multi-vendor carrier Wi-Fi market applications infrastructure. It has capabilities, such as soft Generic Routing Encapsulation (GRE), as well as virtual LAN (VLAN) and QinQ to integrate both existing and new multi-vendor carrier Wi-Fi market application access infrastructure. In addition, it provides the GW to IP services networks and delivers a range of IP networking capabilities such as VPNs, MPLS, BGP and OSPF-based control, IPv4 and IPv6 support, and 3GPP GPRS Tunnel Protocol to integrate into the mobile operator s packet core. With this networking flexibility, operators are able to keep options open to accommodate a variety of business and deployment strategies. For example, a business strategy focused on cost-containment might require that user data traffic originating at a large venue such as a stadium or in out-of-territory deployments not be backhauled to the retail service provider network. In this scenario, the Nokia WLAN GW can locally interconnect the user traffic to the internet or other ISP networks through its service router capabilities such as peering, BGP, and carrier-grade Network Address Translation (NAT). Alternatively, it can connect the user traffic directly to business or infrastructure virtual networks using its range of VPN capabilities. 3.3 Enhanced subscriber management mechanisms The WLAN GW supports mechanisms to coordinate with the provider s backend subscriber, policy and billing infrastructure for authentication, as well as parameters to create subscriber context such as: Per-subscriber authentication (web authorization or EAP-based) Advanced subscriber access management Service personalization through per-subscriber service context policies Quota management or credit control Carrier Wi-Fi mobility Lawful intercept 8 White paper

The WLAN GW has advanced subscriber access management features that optimize resources and protect legitimate Wi-Fi network users. For example, migrant Wi-Fi users can automatically associate with an SSID within range, and thus consume an IP address and network resources even though they do not intend to connect. The WLAN GW uses Layer 2-aware, carrier-grade NAT, which allows the sharing of inside IP address between subscribers, as well as constrained access until authentication is completed. In this way, the WLAN GW can handle large numbers of migrant Wi-Fi users without impacting authenticated active users. The WLAN GW also provides a seamless network experience for the user whether the service is carrier Wi-Fi only or combined with a wireline or wireless service subscription. In the case of carrier Wi-Fi retail services, the subscriber context exists on the WLAN GW. Optionally, the WLAN GW can coordinate with a mobile provider s core infrastructure by interconnecting with a packet network GW or a GW GPRS support node. For a carrier Wi-Fi service, the WLAN GW provides mechanisms to allow for inter-ap and inter-wlan GW mobility. This ensures that the carrier Wi-Fi service user can move seamlessly within the carrier Wi-Fi infrastructure or between the carrier Wi-Fi and the cellular RAN infrastructure. 3.4 High availability and OAM The WLAN GW delivers high availability from the perspectives of both network resiliency and gateway redundancy. It is managed by the Nokia 5620 Service Aware Manager (SAM). The 5620 SAM provides integrated management capabilities for Nokia carrier Wi-Fi and for the underlying backhaul and transport networks. Its capabilities enable: Increased service deployment agility through automation Proactive monitoring and management across multiple network layers Integration into the existing BSS/OSS through flexible, open APIs 3.5 Integrated advanced GW capabilities The WLAN GW can support a full range of IP service edge features simultaneously with the WLAN GW s integrated advanced GW capabilities, including: Dual-stack IPv4 and IPv6 for both network infrastructure and high-scale subscriber support Lawful intercept at high scale and high bandwidth for carrier Wi-Fi subscribers Policy interfaces, such as RADIUS and Diameter, to support the application of carrier Wi-Fi policies Carrier-grade NAT (supporting NAT44, NAT64, and Layer 2-aware NAT) for easy use of private network addresses 9 White paper

Subscriber accounting and credit control methods, including XML-based accounting files, RADIUS accounting and Diameter credit control for realtime charging service support 3.5.1 Application Assurance Application Assurance on the WLAN GW extends the service depth by enabling visibility and intelligent control for IP applications, including extensive perapplication, per-subscriber, or per-vpn service policies. Application Assurance enables a range of control/action, analytics, and accounting service capabilities that are important across the range of carrier Wi-Fi market application deployments. These include: HTTP redirect for subscriber authentication with HTTP whitelist - This enables the redirection of all non-authorized subscriber HTTP traffic to an authentication portal, while allowing the access of user traffic to specific whitelisted websites to download applications or software required for authentication. Policy-controlled HTTP redirect - Use of HTTP redirect under dynamic (or provisioned) policy control allows service providers portal communication with the user during an authenticated session. In these cases some or all of the subscriber s HTTP traffic can be redirected to the portal landing site, allowing an operator to use a captive portal for communications with the subscriber based on static or dynamic policy. This redirect can be done without interrupting other selected HTTP-based services, such as streaming video or HTTP-based apps that don t respond to HTTP redirects, thus avoiding unnecessary service interruption. HTTP in-browser notification - This provides a device-independent web browser messaging capability in the form of a web banner, overlays, or HTTP redirection-style captive portals. As a key mechanism for monetizing carrier Wi-Fi access services, this capability can be enabled based on a number of defined criteria, such as one time at subscriber authentication (service greetings), one time per Change of Authorization (COA), or on a periodic basis. Large-scale URL filtering - An ICAP client in the Application Assuranceenabled WLAN GW interacts with offline ICAP URL filtering services to deliver parental control and large-scale blacklisting services. The Application Assurance-based implementation dramatically reduces the costs of network-based URL filtering compared to inline filtering appliances. Only URLs for specific policy defined opt-in subscribers or APs are sent to the ICAP server, allowing URL filtering with no impact on the IP network forwarding topology. Traffic control for fair use policy - Application Assurance offers applicationbased management of traffic for fair use policies to prevent the disproportionate consumption of resources by limiting application volume across all subscribers, or on a per-subscriber basis. For example, opt-in Wi-Fi services may limit the use of file-sharing applications. 10 White paper

Stateful firewall - The deployment of application-level stateful firewall filters provides enhanced protection of subscriber devices from unsolicited sessions from other subscribers or from the internet. Analytics - This provides operator insight to improve the customer experience from an application or application-group prospective by providing visibility of application usage by time of day and day of week, as well as by device types and device OS. Accounting - This enables delivery of enhanced personalized service bundles, such as on a subscriber per-application basis or on a subscriber zero rating per-application basis. Application Assurance-based capabilities enable operators to enhance and differentiate consumer, business, and mobile service offerings, as well as provide a platform for carrier Wi-Fi monetization. 3.6 Carrier Wi-Fi access tunneling capabilities End-user devices or user equipment connect to the network using a tunnel established between WLAN APs and the WLAN GW with the AP responsible for placing the UE sessions into the tunnel. For thin APs that use an Access Controller (AC) to control multiple APs in a WLAN zone, the tunnel is created between the AC and the WLAN GW. The tunnel model imposes no new requirements on the UE, so tunneling can address the installed base of UEs. There is an AP requirement to support any tunneling mechanism chosen. So far, this discussion has referred to generic APs and UEs; however, the AP can reside within a managed home GW, and the tunneling is conceptually the same. The tunnel model accommodates different access methods, as shown in Figure 5. Figure 5. Nokia WLAN GW to AP tunneling protocols Trusted Wi-Fi SSID Private SSD Fixed access service Bridge NAPT VLAN1 IP VLAN2 Bridged: VLAN segregating trusted Wi-Fi traffic Simplified HGW Integrated FMC operator Trusted Wi-Fi SSID Private SSD Bridge Fixed access service Tunnel NAPT P VLAN2 Bridged: Tunneling L2oGRE (soft GRE) L2 VPNoGRE (soft GRE) Optionally GREoIPsec 11 White paper

Within each of the main tunneling approaches, there are several alternatives for encapsulation and/or encryption: 3.6.1. Encapsulation and Layer 2 bridged tunneling Nokia Smart Wi-Fi supports a variety of encapsulation methods between the AP/home gateway (HGW) and the WLAN GW, as shown in Figure 6. Nokia believes that bridged tunneling with Layer 2 over GRE (L2oGRE) or Layer 2 virtual private network (VPN) over GRE (L2VPNoGRE) offers the most flexible solution. The use of GRE also aligns with the 3GPP standards on the integration of carrier Wi-Fi with the cellular network packet core. 3.6.2 Support for IPv4 and IPv6 An advantage to using a Layer 2 tunnel is that the tunnel is agnostic as to whether it is transporting IPv4 or IPv6. A dual-stack IPv4/IPv6 UE can be supported across the tunnel and the AP need not be IPv6-aware. In contrast, a routed tunneling mechanism requires a complete IPv4 and IPv6 dual stack in the network or the added complexity of implementing 4to6/6to4 transition mechanisms. The Nokia WLAN GW supports IPv4 and IPv6 and is fully capable of supporting routed tunneling, but Layer 2 tunneling is a more elegant and scalable solution. 3.6.3 Support for wholesale Layer 2 WLAN services Layer 2 tunneling also lends itself to wholesale Layer 2 WLAN services, which routed tunneling cannot support. In the case where the AP is owned by a wholesale provider, a single tunnel from the AP to the WLAN GW can support multiple retailer WLAN SSIDs that can, for example, be delimited with IEEE 802.1Q VLAN tags. Efficient use of tunnels aid in the overall scale of the solution. In addition, a Layer 2 service allows the use of Layer 2-aware NAT, which greatly simplifies Wi-Fi IP address management. 3.6.4 Soft GRE The Nokia WLAN GW offers mechanisms for GRE tunnels to be automatically created when devices attach to the AP. This eliminates the need for each AP to be explicitly provisioned on the WLAN GW. Because this soft GRE is stateless and the tunnel contexts are created based on need, the WLAN GW does not need to maintain states for unused tunnels, thus improving the solution s scalability. 3.6.5 Hop-by-hop security There is no loss in data security because the traffic can be secured on a hopby-hop basis. IEEE 802.11i security and encryption protocols can be used to secure traffic between the UE and the AP. Also, the tunnel between the AP and the WLAN GW can be secured with IPsec by running GRE over IPsec (GREoIPsec). Corporate VPN access is also compatible because it allows endto-end encryption. In contrast, alternative implementations may require double IPsec encryption by the UE. 12 White paper

5. Conclusion For operators looking to fulfill their service expansion strategies by including carrier Wi-Fi capabilities, Nokia offers a complete and scalable portfolio. By delivering an industry-leading set of WLAN GW capabilities, Nokia provides operators with a platform on which to monetize carrier Wi-Fi. The WLAN GW delivers the performance operators need to enhance their wholesale and retail offerings with carrier-grade Wi-Fi services while achieving the strategic advantage of a simple, secure, and seamless user experience. 6. References 1. 3GPP TS 23.402: Architecture enhancements for non-3gpp accesses. Release 11. March 2012. http://www.3gpp.org/ftp/specs/htmlinfo/23402.htm 2. IEEE 802.1Q: Standard for local and metropolitan area networks Virtual Bridged Local Area Networks. May 19, 2006. http://standards.ieee.org/ getieee802/download/802.1q-2005.pdf 3. IEEE 802.1r: Standard for Information technology Telecommunications and information exchange between systems Local and metropolitan area networks Specific requirements. Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 2: Fast Basic Service Set (BSS) Transition. July 15, 2008. 4. IEEE 802.1X: Standard for local and metropolitan area networks Port- Based Network Access Control. February 5, 2010. http://standards.ieee. org/getieee802/download/802.1x-2010.pdf 5. IEEE 802.11 (WPA2): Wireless Local Area Networks. http://standards.ieee. org/getieee802/download/802.11i-2004.pdf 6. IETF Layer 2-Aware NAT. draft-miles-behave-l2nat-00. March 4, 2009. http://tools.ietf.org/html/draft-miles-behave-l2nat-00 7. Acronyms 3GPP 4G Third Generation Partnership Project Fourth Generation 5620 SAM 5620 Service Aware Manager 5780 DSC 5780 Dynamic Services Controller 7750 SR 7750 Service Router 7750 SR MG 7750 Service Router Mobile Gateway 8650 SDM 8650 Subscriber Data Manager 13 White paper

8950 AAA 8950 Authentication, Authorization and Accounting server 9471 WMM 9471 Wireless Mobility Manager AA Application Assurance AAA Authentication, Authorization and Accounting AC Access Controller AP Access Point BGP Borger Gateway Protocol CCS Convergent Charging System CDN Content Delivery Network DHCP Dynamic Host Configuration Protocol EAP Extensible Authentication Protocol FMC Fixed-Mobile Convergence GGSN Gateway GPRS Support Node GPRS General Packet Radio Service GRE Generic Routing Encapsulation GREoIPsec GRE over IPSec GTP GPRS Tunneling Protocol GW Gateway HLR Home Location Register HSS Home Subscriber Server IEEE Institute of Electrical and Electronics Engineers IETF Internet Engineering Task Force IP Internet Protocol IPsec IP Security L2oGRE Layer 2 over GRE L2VPNoGRE Layer 2 VPN over GRE LTE Long Term Evolution MNO Mobile Network Operator Motive AAA Motive Authentication, Authorization and Accounting Server Motive CSC Motive Customer Service Console Motive DMP Motive Data Management Platform 14 White paper

Motive MDM/HDM Motive SMP MSO MVNO NAPT NAT OKC OSPF PGW PKI PMK QoE QoS RADIUS SaMOG SLA SR OS SSID UE VLAN VPN Wi-Fi WLAN WMM WPA WPA2 XML Motive Mobile Device Manager/Home Device Manager Motive Service Management Platform Multiple Service Operator Mobile Virtual Network Operator Network Address Port Translation Network Address Translation Opportunistic Key Caching Open Shortest Path First Packet Data Network Gateway Public Key Infrastructure Pairwise Master Key Quality of Experience Quality of Service Remote Authentication Dial-In User Service S2a Mobility based on GPRS Tunneling Protocol Service Level Agreement Service Router Operating System Service Set Identifier User Equipment Virtual Local Area Network Virtual Private Network Wireless Fidelity Wireless Local Area Network Wi-Fi Multimedia Wi-Fi Protected Access Wi-Fi Protected Access II Extensible Markup Language Nokia is a registered trademark of Nokia Corporation. Other product and company names mentioned herein may be trademarks or trade names of their respective owners. Nokia Oyj Karaportti 3 FI-02610 Espoo Finland Tel. +358 (0) 10 44 88 000 Product code: PR1607021363EN (July) Nokia 2016 nokia.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information