Professional Documents
Culture Documents
BRKSPM-2123
Agenda
9
VoWiFi VoLTE VoIP 53%
8
7
Minutes of 6 41%
Use 5
(Trillions) 4
per Year 3
2
1 71% 6%
29%
0
2014 2015 2016 2017 2018 2019
Source: ACG, Cisco VNI Global Mobile Data Traffic Forecast, 2014–2019
VoWiFi Market Trends
VoWiFi – Apple iOS 8 Wi-Fi Calling
Standard based:
Same Phone dialer
Voice/Text over Wi-Fi ePDG/IPSec 3GPP
for 3G/4G/Wi-Fi voice
23.402
• Enterprise
802.11n and now ac providing high capacity network
Security challenges (many enterprises block IPSec to external peers)
Require a Wi-Fi network designed with voice in mind to provide a good QoE
Wi-Fi Calling & the influence on identity ecosystem
SWn RNC
• UE establishes IPSec tunnel to ePDG
• ePDG sets up a PDN session to PGW on behalf of UE
Untrusted network
(e.g. home/ent)
• PGW allocates IP address and manages P-CSCF discovery
– provides P-CSCF details to UE
• UE SIP registers with SBC/P-CSCF
SWu
AuC
HSS
MGCF MGW
Voice Core
CSCF TAS
3GPP
AAA Server
AP
IPSec Tunnel A-SBC I-SBC
WLC between UE & ePDG
ASR5K ASR5K
AP
L3 Infra L3 GiLAN
vGiLAN
ePDG PGW
S2b
AP
WLC
PCRF Internet
AP
ePDG as defined in Standards
• ePDG is part of the 3GPP LTE
SAE defined in 3GPP TS 23.402 HSS
SWx
S6a PCRF
Gxc Rx
• Responsible for interworking Gx
Operator's IP
SGi
between the EPC and un-trusted 3GPP Serving
Gateway
PDN
Services
(e.g. IMS, PSS
Access Gateway etc.)
non-3GPP networks S5
S6b
S2b
Gxb
SWm
S2a ePDG 3GPP AAA
Server
SWn
• ePDG terminates IPSec tunnels HPLMN
Gxa
established/initiated by UEs via Non-3GPP
Networks
Trusted
SWu Untrusted
un-trusted Wi-Fi network for Non-3GPP Non-3GPP IP
Access
Non-3GPP IP
Access SWa
STa
secure access to the EPC. UE
Wi-Fi Un-trusted
ePDG Basics – Main Functions
• User Authentication and Authorization
IKEv2 based on EAP-AKA
De-capsulation/Encapsulation of packets for IPSec
Tunnel authentication and authorization
APN authorization and PGW selection
Provide PGW identity for static address
• Tunnel and QoS mapping between S2b bearers and access network
Mapping of S2b bearer(s) to SWu (IPSec) sessions
Mapping of dedicated bearers on S2b using TFT packet filters
DSCP marking and/or 802.1p tagging for QoS
• Routing of downlink packets towards the SWu instance associated to the PDN
connection;
Transport level packet marking in the uplink;
Enforcement of QoS policies based on information received over S2b control plane
PGW Function for VoWiFi service
• UE IP address allocation
Sent to UE via ePDG
PCEF - Acts on instruction from IMS (via PCRF) to allocate
dedicated bearer for Voice
3. IKEv2 AUTH_REQ
4. DER
7. IKEv2 AUTH_REQ
8. DER
9. DEA
10. IKEv2 AUTH_RESP
1. SIP RE-INVITE
2. SIP RE-INVITE
3. Ro Call Control
4. Peer UE
procedures
5. 200 OK
6. AAR
7. RAR
8. AAA
9. RAA
10. 200 OK
11. CCR
12. CCA
13. Create Bearer Request
vSphere / vCloud
VMware ESXi
CPU/memory resource
OpenStack
(OS + Hypervisor)
Ubuntu / RedHat (OS)
• Elasticity: Capacity-on-
demand
Hardware: x86 server Hardware: x86 server
• Field Proven: Same
software as physical ePDG
Networking Networking
• Integrated OS + Hypervisor
• KVM as Hypervisor
• Benefits of Hardware/Network Acceleration
• Full OS Implementation (Ubuntu / RedHat)
• Single Vendor OS/Hypervisor (VMware)
• Multi-Vendor “Open Source” Environment
Voice over trusted Wi-Fi Access
VoWiFi over Trusted WLAN to EPC Integration using SaMOG GW
PSTN
AP + CM
MAG AuC
CPNR
Access Infra HSS
Cisco Prime
AP + DHCP
CM Prime Perf.
EoGRE MGCF MGW
Infra. Manager
DNS
Voice Core
SWx
CSCF TAS
STa 3GPP PCRF
AAA Server
S6b
A-SBC I-SBC
L2-GRE
L3-GRE
AP ASR5K ASR5K
Internet
SaMOG GW (LTE, UMTS)
internet
HSS Gi
SWx
AAA GGSN P-GW
Gi
Gn
Web Portal STa GTPv1 S2a
(Diameter) GTPv2
Packet Core Radius
EAP-SIM
WiFi access Non EAP-SIM Local Breakout
TWAP TWAG
DHCP
WLC WLC
AP AP
SaMOG GW
TWAP: Trusted WLAN AAA Proxy
• Subscriber authentication and authorization based on EPC credentials
EAP-AKA, EAP-AKA’ and EAP-SIM over Radius
3GPP Diameter STa interface support
Radius interface towards Trusted WLAN (WLC, AP)
• 3GPP Rel.11 trusted Wi-Fi model did not place any UE requirements
for PDN connectivity
• Rel.11 trusted Wi-Fi model cannot support APN signaling and
simultaneous PDNs
• Assumes managed Wi-Fi access with secured SSID ( by the carrier
or partner)
• No client based secured tunnel between UE and packet core
Hybrid Solution for Wi-Fi Calling
Optimized Wi-Fi Calling over EPC based Carrier Wi-Fi
(Supported on Cisco ePDG)
NAT
IKEv2 Outside Pool: Host:
allocated 10.10.1.1
173.38.1.0/24 SWu
2610:8dba:82 173.38.2.1
e1:ffff::/64
ePDG
SIPTO
NSWO + Wi- Enabled Including
Fi Calling Default APN SWu NAT
TWAG
Client P-GW traversal
SWu functionality
Default APN
DHCP SIPTO S2a Configuration IP
802.11
allocated Match IP UE Pool:
173.38.2.1 173.38.0.0/24
173.38.0.1
NSWO
DNS Resolves
IPv4 ePDG to
Internet 173.38.2.1
QoS Deployment Considerations
LTE vs Wi-Fi Bearer Comparison
UE Radio eNodeB
S1u SGW
S5 PGW
Default Bearer (SIP) Default Bearer (SIP) Default Bearer (SIP) IMS IPv6
QCI 5 QCI 5 QCI 5
Voice / QCI 1 Voice / QCI 1 Voice / QCI 1
Video / QCI 2 Video / QCI 2 Video / QCI 2 Video option
Downlink
802.11e WMM
LTE QCI DSCP
802.11ac
QCI to IP
DSCP mapping
QoS and Dedicated Bearer Creation
UE AP ePDG PGW PCRF IMS
AP
IMS core gets SIP invite
1. Rx AAR / AAA
and it requests QoS from
EPC
2. Gx RAR / RAA
• Bandwidth Requirement
Typically VoWiFi uses AMR-WB: 56.65 kbps per call
More than
90%
Native VoWiFi calling App
Wifi Calling Native OTT
Wifi calling
Wi- VoWiFi/VoLTE Not supported. Voice
Fi/Cellular supported call will drop when Wi-
mobility Fi is lost
OTT App
Native App
VoWiFi Handset support
Apple
Android
• No native Android OS support yet
• Samsung S6/S6-Edge Wi-Fi calling in selected markets
• Initiates IPSEC tunnel establishment towards ePDG using IKEv2 (Including DPD)
• Contains Identity for authentication
Idi in form of root NAI (IMSI@realm); Fast Reauth ID; X.509 certificate etc
How to
Authenticate these
Devices ???
Re-use existing
Proven, reliable, infrastructure and
standard interfaces systems
X.509 based authentication
• As non UICC devices do not have
IMSI, customized vIMSI in format
similar to UICC IMSI uniquely
identifying the non UICC device
needs to be shared by the device
• UE connects to LTE, selects PGW. MME updates HSS • ePDG sets up PDN connection with APN/IMSI pair and the
with PGW ID over S6a (Notify) PGW finds the existing LTE session and assigns same IP
address/services – PCRF updated if necessary
• UE moves to Wi-Fi and sets up IPSec with HO indication.
ePDG gets PGW ID over SWm and HSS • PGW updates PGW FQDN over S6b to AAA and AAA
updates HSS to ensure WiFi to LTE also selects the same
PGW
Handover from Wi-Fi to 2G/3G
• IMS Centralized Services entity – SCC (Service Centralization and Continuity) AS
provides Call Continuity Function between WiFi and 2G/3G
• 3GPP defined Dual Radio VCC (DR-VCC) specification is utilized at Client Side
for the handover from WiFi to 2G/3G. TS 23.237 – Dynamic STN method
IMS Core and service
P/S-CSCF, SCC AS ,
MGCF etc …
AP ePDG PGW
Handover of Active
call between Wi-Fi HLR, SMSC
and 2G/3G with Call IN/SCP etc …
Continuity function
SCC AS NodeB
RNC MSC
2G/3G Core and service
WiFi to 2G/3G handover method
MGW
NodeB
RNC MSC/VLR
iRAT Logic
APN1 Modem
access for each APN
Virtual IP1
IP1
Virtual IP2
IPSec
on inter RAT events IP1
IPSec
• Connection manager IP2
IP-W
PGW
connects to Wi-Fi AP Connection
Manager
Foreign
MSC/I
PLMN MS
OTT MSISDN
OTT Foreign
MSC/I
OTT
Client IP/Wifi MS
Home PLMN
VoWifi
Home PLMN
Home MSISDN
Foreign
ePDG/ MSC/
Wifi PGW IMS
Same home mobile number for MO/MT
Capture revenue long lost to OTT
No need to pay expensive roaming charge
No need to pay roaming partners
Same phone dialer for mobile and wifi call
International Roaming Savings - Example
VoWiFi- Ongoing work
VoWiFi Challenges and work in progress
• UE Support , IOS support is major driver - growing with
Android and other OS.
• E911 calling – location and Handover
• Wi-Fi Infrastructure designed for voice in mind to ensure the
QoE
• Wi-Fi calling location is becoming important
• Enterprise challenges (Enterprise blocking IPSec to external
peers)
A number of diverse drivers for location in Wi-Fi
Calling
• Charging/Taxation: Non-bundled consumption requires location to be identified
Roaming typically not-bundled and hence countries need to apply tax rates according to roamed
to country
• Analytics: Operators would like to establish where Wi-Fi calling is being
consumed .Can be used to target infrastructure investment or other offers
• Emergency calling: Need to provide PSAP with location where emergency call
is originated
• Regulatory: Location of Wi-Fi Calling target may be required to be presented to
LEA
• Authorization: Operators may desire to only authorize Wi-Fi calling service in
certain locations
Enterprise IPSec Blocking
• IPSec connection from Handset to ePDG