Implementing Cellular To Wi-Fi Offload

SOLUTIONS FOR IMPLEMENTING
CELLULAR TO WI-FI OFFLOAD

Hartmut Schroeder
September 2012
Legal Statement
Statements of direction set forth Juniper Networks current

intention and are subject to change at any time without notice.
No purchases are contingent upon Juniper Networks
delivering any feature or functionality depicted in this presentation.
Copyright 2012 Juniper Networks, Inc.
www.juniper.net
WHY WI-FI OFFLOAD?

3
www.juniper.net
GROWTH IN WIRELESS BROADBAND DATA CONTINUES

TABLET
GROWTH
SMART MOBILE
DEVICES
181%
1B
Growth fueled by:

Increased Smartphone Adoption
Wireless Enabled Portable Devices
Machine-to-Machine Mobile Devices
Gartner predicted that tablet sales will grow 181% in
2011 to 54.8M, many of which are built to take
advantage of mobile 3G and 4G networks.
4
According to IDC we will reach 1 billion smart mobile

devices in 2013. Morgan Stanley tells us we will reach 10B
mobile devices in 2050.
www.juniper.net
WIRELESS BROADBAND ALLIANCE
www.juniper.net
3 STAGES OF WI-FI OFFLOAD
Offload
Hard offload
User driven
Unmanaged
Optimize
Auto-login
User identity
Secure
2010
2012
Integrate
Policy driven
Session mobility
Fully transparent
2014
Source: Heavy Reading
www.juniper.net
REFERENCE ARCHITECTURE
7
www.juniper.net
KEY SOLUTION COMPONENTS

AUTHENTICATION
& SECURITY
JUNOS Pulse Client (optional)

Mobile Security Suite
VPN / secure tunneling
Enforcement point for future policy
based capabilities and data
collection
SBR CARRIER
Single platform managing AAA
functions for all access
technologies
Provides uniform user

experience with authentication,
security & policy enforcement
8
BACKHAUL & EDGE
MX-3D
POLICY ENFORCEMENT
& CHARGING
SRC
Juniper WLAN
Security GW
Video/Web
Optimization
NAT/FW functions
Server Load
Balancing
Mobility GW functions
Routing Functions
VPN Gateway
High performance
Reliable mobility
High Availability
Outdoor/Indoor
Superior Planning
and Lifecycle Mgnt
Direct and Central
Traffic breakout
Provides secure traffic

termination and service
delivery functions
www.juniper.net
Ideal if WLAN traffic not backhauled to

GGSN / P-GW
Leverages Juniper MX as PCEF
QoS
Service Mapping
DPI
Captive Portal
Volume Tracking (VTA)
Bandwidth limits
Daily/Monthly usage
Charging integration
Provides support for network

based policy enforcement and
charging
OPEN AND SECURE ACCESS

E2E ARCHITECTURE PHASE 1 (TODAY)
SSR
SBR
VTA
Subs-Data
Base / HLR
SQL
SIGTRAN
Auth-Check /
Service
SRC
Corba
Portal
Policy push
Ta
Rad
Policy push
Redirect
IP
JSRC
Open
Dia
Gi
WLC
AP
IP
Internet
Smartphone
802.1x
MX-BNG
WLM
www.juniper.net
JUNIPER VALUE PROPOSITION

Juniper MX as Wi-Fi Access
Gateway acts as a PCEF for
CGNAT (leveraging MS-DPC)
DPI (leveraging MS-DPC)
Basic QoS / Hirachical QoS
(leveraging MS-DPC)
Lawfull Interception Point for CC
DHCP-Server
SBR Carrier AAA with SSR
Juniper SRC (Session Resource

Controller)
Juniper Wireless WLA / WLC /

WLM
SIM-Module for seemless

authentiaction with HLR for EAPSIM/AKA
Session State Register for global,
redundant Subscriber Knowledge
10
Captive Portal
Volume Tracking Application
Various Accounting Interfaces
Policy push to all Juniper core routers
Wi-Fi Access with Backhauling due to

Central Switching
Complete Livecycle Management
through RingMaster
www.juniper.net
UNIVERSAL EDGE
11
www.juniper.net
MX 3D: A NETWORK SERVICES PLATFORM

Industry-leading performance and
scale
Ultimate in flexibility
Versatility of 4 platforms
ensures there is a platform tailor
made for every deployment
model
Unparalleled packet
processing performance
Separate control and data

plane that scale
independently
L2 to L3 to L4-7 services
Support multiple services
simultaneously without
impacting performance
OPEX Savings
Simplifies operations
12
3050% more power efficient & 40% more space efficient

Embedded monitoring services to ensure SLAs are met
Unparalleled functional bundling that allows massive cost saving
www.juniper.net
Services Flexibility for Mobile

MX 3D with Trio is a Common Services Layer for IP Convergence
Packet Core
S/P-GW
Fixed Edge
BNG
GGSN
Business Edge
TWAG
Security-GW
Datacenter
L2/L3 Switch
SDG
Transport
Backbone
Security
Carrier Grade NAT
MX 3D
Firewall
Backhaul
Common hardware, common software, investment protection

13
www.juniper.net
UNIVERSAL EDGE ENABLES NEW NETWORK

Network Applications
Cable Edge
Business Edge
Mobile Edge
Router-Integrated Services
Network-Integrated Apps.
& Services (Juniper )
Carrier Ethernet Aggregation

Video Distribution Networks
IPS
BGF
Media Flow
DAA
Network-Integrated Apps. &

Services (Partners)
StreamScope
eRM
Telchemy
Media
ePM
Enabler
MX 3D Series
Media Flow
Controller
14
SRC
Controller
www.juniper.net
JUNIPER WIRELESS
15
www.juniper.net
THE NONSTOP WIRELESS NETWORK

Single point of management
Active-active control
architecture
Self-organizing adds, moves
and changes
Self-repairing architecture
In service software upgrades
Full Featured Local switching
16
www.juniper.net
JUNIPER WLA SERIES ACCESS POINT FAMILY
Highest performance APs in the industry

Most cost effective APs in the industry
Full featured Intelligent switching
Spectrum analysis across the portfolio
Bridging and mesh
New
Functionality
WLA Series Highlights
New
3 Stream
MIMO
Dual Radio
Max.
Performance
2x2 MIMO
Dual Radio
High Density
3x3 MIMO
Dual Radio
All Weather
Dual Radio
Entry-level AP
WLA632
Single Radio
Low Cost AP
WLA532
WLA522
WLA322
WLA321
Entry level 802.11n
17
Indoor 11n
www.juniper.net
Outdoor 11n
Enterprise
JUNIPER WLC SERIES CONTROLLER FAMILY
Simplest solution in the Industry

Highest Reliability in the industry
Only vendor with In-service upgrades
One software platform
Full Featured distributed deployment
64 - 512 11n AP
WLC2800
16 - 256 11n AP 3-Stream
WLC Series Highlights
Campus
WLC880
16 - 128 11n AP 3-Stream
WLC800
12 AP
Branc
h
4 AP
WLC8
WLC2
4
12
16
32
64
128
192
256
512
# of AP
18
www.juniper.net
BEST IN CLASS WLAN LIFE CYCLE MANAGEMENT
RingMaster
Planning and Deployment
3D predictive planning tool

Indoor and Outdoor network plan
Configuration and Verification
Complete offline configuration

System and service wizards
Pushes configuration to WLCs
Monitoring and Reporting
By user, radio, AP, WLC, SSID

30 day history aids compliance
WIDS/WIPS integration
Location Aware
Search by Location
Roaming History
Geo Fencing
19
www.juniper.net
SBR CARRIER
20
www.juniper.net
SBR CARRIER: ENABLES SEAMLESS ACCESS

Reduce operational
cost: Single platform
managing AAA
functions for all
access technologies
HLR
Public Wi-Fi
GPRS UMTS
HSxPA
21
Seamless integration:
Supports any SDM
technology with any
schema
LDAP
Reduce complexity:
Single platform provides
glue between network
technologies and IT
systems
SQL
Steel Belted Radius

xDSL
FTTH
UMA
Femtocell
www.juniper.net
RADIUS
CDMA
1xRTT/EvDO
Fixed/Mobile
WiMAX
FLEXIBLE SDM INTEGRATION: ANY

CREDENTIAL, ANY DATABASE
HLR authentication
D authentication and
authorization Interface
SIM and AKA
SS7 over E1/T1
SIGTRAN
MAP v2/v3
NO separate MAP-GW
(installed on SBR)
HLR
LDAP
LDAP v2/v3
Load-balancing and
failover
Any LDAP schema
Programmable searches
with recursiveness
Scripting
Unparalleled performance
LDAP
SQL
Generic SQL over JDBC
Load-balancing and
failover
Any SQL schema
Stored procedure support
SQL
Oracle
Native oracle interface
Load-balancing and
failover
Any SQL schema
Stored procedure support
Unparalled performance
ORACLE
RADIUS
Credentials:
Username/password
Certificate
SIM & USIM
SMS OTP
Token
Service-ID (eg. APN, DNIS )
Steel Belted Radius

22
RADIUS proxy
Carrier grade proxy
engine
Weighted load-balancing
and failover
Target health detection
Advanced filtering
Unparalled performance
www.juniper.net
JUNIPER SRC
23
www.juniper.net
Service
SRC ENABLES
APPLICATION INTELLIGENT NETWORKING
Resource Control
Call Admission control, QoS,
Quota services
Data VPN
Software as a Service
Videoconference
Service Activation / Reporting
SRC
Policy
Engine
C3000
C5000
Provisioning / Accounting
Edge
24
Enterprise
Services
Network
Metering
Per service time & volume
Internet
IPTV
Home VoIP
Policy and Control
Dynamic Provisioning
Filters, Captive Portal, Bandwidth,
Applications
Residential
Services
www.juniper.net
Core
Data Center
SRC
Subscriber
state & profile
Policy
Plug-in API
SRC USAGE TRACKING / ACCOUNTING OPTIONS

Custom Plug-in
Flat file
RADIUS
VTA Plug-in
Charging
Systems
VTA
Traffic
Wi-Fi AP
End user
25
WLC 2800
MX
www.juniper.net
ENHANCED SUBSCRIBER MANAGEMENT

Regular
Enhanced
Per Service Accounting
Per subscriber accounting

Features
Periodical collection of counters associated to SRC managed services
Based on combination of 5-tuples or per application/application-groups
Accounting record generation from SRC (flat files or RADIUS) duration and volumes
Multiple accounting sessions per subscriber
Start, Stop and variable Interim

Benefits:
Fair usage / quota services with Volume Tracking Application
Usage based billing
26
Congestion mitigation by de-prioritizing heavy users
www.juniper.net
OVERVIEW OF THE SRC VOLUME TRACKING APPLICATION

The SRC Volume-Tracking Application (SRC VTA) allows service
providers to track and control the network usage of subscribers and
services. You can control volume and time usage on a per-subscriber
or per-service basis.
When a subscriber or service exceeds bandwidth limits (or quotas), the
SRC VTA can take actions, including
directing the subscriber to a portal to activate additional services or
purchase additional bandwidth,

imposing rate limits on traffic,
sending an e-mail notification,
or charging extra for additional bandwidth consumed.
27
www.juniper.net
FUTURE PRODUCTS /
SOLUTIONS
HOTSPOT V2.0
30
www.juniper.net
IEEE 802.11U AND HOTSPOT V2.0 PART 1

IEEE 802.11u (Standardization finished Feb 2011)
Allows a Station (UE/Mobile) to query information about the WLAN and Network behind it before an
Authentication is tried
Must be supported at WLAN-AP and UE/Mobile to work
Network Discovery and Selection component
Advertise Networks basic 11u capabilities in Beacons and Probe Response Frames to minimize Battery impact
Generic Advertisement Service (GAS) for extended Queries
Tell the Mobile which QOS DSCP Marking to set for IP Traffic according to operators policy
Expedited Bandwidth Request (EBR) support
Emergency services
31
Access Network Query Protocol (ANQP) and others (MIH)
QOS Map Set distribution
Access Type
Venue Info
HESSID
supported Advertisement Protocols
Roaming Consortium
Emergency Call ongoing Alert
Emergency Call and Network Alert support at the link level

www.juniper.net
Hotspot V2.0 Goals
Improve end-user experience to level of cellular networks

Facilitate Wi-Fi offload
Facilitate Wi-Fi roaming agreements between hot spot operators/service providers
Deliverables
Technical Spec. (uses heavily 11u), Test Plan, Certification Program, Deployment Guide
Phase 1 (called Passport), Certification starts: mid-year 2012
Access network discovery
Security
Phase 2, Certification starts: mid-year 2013
Operator Policy (TBD) Will it be ANDSF? At which Sublevel then?
On-line Signup (TBD)
Phase 3, Certification starts: TBD probably mid-year 2014
32
Scope isnt defined
proposals have been made around Wi-Fi offload issues and improved operations/monitoring.
www.juniper.net

Network Discovery (Phase 1)
New information elements (11u based)
GAS/ANQP Protocols (11u based)
Interworking, Advertisement Protocol, Roaming Consortium, BSS Load, WFA Peer to Peer
ANQP: Venue Name, Network Authentication Type, IP Address Type Availability, Network Access Identifier Realm
List, 3GPPP MCC/MNC, Domain Name List
HS2.0 ANQP extensions: Operator Name, WAN Metrics, Connection Capability, NAI Home Realm Query
Note: Only a SUBSET of 11u will be certified in HS 2.0.
QoS-Mapping Tests and Emergency Calls are not scope of HS2.0
Security (and Battery Life Extension) (Phase 1)
Certification includes 802.1x based WPA(2) Enterprise Authentication
EAP-TLS, EAP-TTLS (inner MS-CHAPv2), EAP-SIM/AKA (if the Device has a (U)SIM-Card it SHALL support this)
Certification does NOT include UE based Tunnels
Hotspot V2.0 certifies sort-of 3GPP Trusted Access Mobiles / UEs only
Proxy ARP and Proxy Neighbor Discovery (802.11v)

Downstream Group Addressed Frame Forwarding
Peer to Peer Communication Blocking
33
www.juniper.net
3GPP TRUSTED ACCESS

34
www.juniper.net
WI-FI OFFLOAD USING S2A GTP (SAMOG)

Documented in TS 23.402 section 16 for 3GPP Rel 11
802.1x recommended to ensure air interface security (WPA)
EAP-AKA credentials used to authenticate the UE
Needed to get IMSI identity of the UE
Allows HSS to pass information required for GTP management (including
target PGW)
Needed for IP future address preservation
Leverages standard GTP Create/Modify Session/Bearer messages
WLAN SaMOG GW
Access
AP
HSS/AAA
BENEFITS:
Avoids cost and overhead of IPsec
Uses standard GTP based procedures
CAVEATS:
Used only for trusted Wi-Fi networks
TWAG must see UE-MAC (Layer2)
IP-Address preservation comes in Rel. 12
Policy and Credential Servers

NetOpt
Credential
ANDSF
PCRF
App
Mngt
GTP S2a
Smartphone
Backhaul &
Packet Core
PGW
GGSN
HA
SDG
Service
Complex
VPN
Secure Simplified Access for Trusted Wi-Fi Networks

35
www.juniper.net
TRUSTED WLAN ACCESS TO EVOLVED PACKET CORE

ARCHITECTURE
No additional SW on UE / IP address Preservation (and no IKEv2/IPsec/ePDG)

SWw is a point-to-point IP link over 802.11 protected by 802.1X
Access Control enforced by Trusted WLAN on behalf of 3GPP operator (802.1X)
Default APN for Trusted WLAN PDN connection stored in subscription data
HSS
Rx
hPCRF
Gx
PDN
Gateway
S6a
HPLMN
SGi
SWx
Operator's IP
Services
(e.g. IMS, PSS
etc.)
3GPP AAA
Server
S6b
S9
SWd
S8
3GPP Serving
Access Gateway
vPCRF
Gxc
3GPP AAA
Proxy
S2a
VPLMN
Non-3GPP
Networks
S2a Mobility based On GTP and

WLAN access to EPC (SaMOG)
36
STa
Trusted
WLAN Access
Network
SWw
www.juniper.net
UE
TRUSTED WLAN ACCESS

INTERNAL FUNCTIONS
WLAN:
Intranet / Internet
APs terminating UEs SWw 802.11 WLAN link

Authenticates UE with EAP-AKA
Provide integrity and/or confidentiality protection
Trusted WLAN Access Gateway (TWAG):
SWw
Trusted WLAN Access Network

Trusted WLAN AAA
Proxy
STa
WLAN
Trusted WLAN
Access Gateway
S2a
Creates/Deletes S2a GTP tunnel

Default router and DHCP server
Enforces packet forwarding between UEs SWw point-to-point IP link and S2a
GTP tunnel based on UE MAC address
Trusted WLAN AAA Proxy (TWAP):

AAA proxy b/w WLAN Access Network and 3GPP AAA Server/Proxy over STa
Binds UE subscription data (e.g. IMSI, APN) with UE MAC address
Notifies TWAG of UE L2 Attach to / Detach from WLAN
37
www.juniper.net
TRUSTED WLAN ACCESS

PDN & NSWO POINT-TO-POINT LINK MODEL
DL: TWAG unicast to UE MAC
PDN1
UE MAC
S2a-TEID
or NSWO
802.11
Bridging
PDN23
UE1
UE2
UE3
UE4
AP/WLC
802.11 Association
PDN GW
TWAG
Per PDN/NSWO
VLAN or
GRE tunnel
NSWO
a.k.a. Local
Break-Out
UL: AP/WLC force-forwards

38
www.juniper.net
S2a PDN Connection
TRUSTED WLAN ACCESS

INITIAL ATTACH
Roaming Scenarios
UE
PDN
GW
TWAN
vPCRF
AAA
Proxy
hPCRF
HSS/
AAA
1. Non-3GPP
Specific Procedures
2. EAP Authentication
2. Authentication & Authorization
3. Create Session Request
Two variants based on PDN:

A. IPv4, IPv6, IPv4v6,
based on successful
authentication event
(recommended)
B. IPv4 only,
based on DHCPv4
address request
4. IP-CAN Session Establishment

Procedure
(A)
5. Update PDN GW Address
6. Create Session Response
7. GTP Tunnel
8. EAP authentication
Completion
9. L3 Attach
10. Create Session Request

11. IP-CAN Session Establishment
Procedure
12. Update PDN GW Address
13. Create Session Response
14. GTP Tunnel
15. L3 Attach Completion
39
www.juniper.net
(B)
High Level SaMOG Call Flow

User
Equipment
Access
Point
Internet
Layer3 VPN
SaMOG
Gateway
WLAN
Controller
GGSN / PDN
Gateway
AAA
(MAC, VLAN)
IEEE 802.11
Discovery
EAP Request to UE
EAP Response from UE to WLC
RADIUS EAP Response

Diameter EAP Response
EAP Request to UE
RADIUS EAP Request
Diameter EAP Request
EAP Response from UE to WLC

Diameter EAP Response
This will be RADIUS in

the first release
Depending on EAP
method, from 0 to N
such EAP Request/
Response Exchange
Diameter EAP Success

EAP Success to UE
RADIUS EAP Success
GTP Request Response

Acquired IP Address
4 Way Handshake
Derive PTK
Derive PTK
Ready to use / OK to use

IEEE 802.11 AES Data Encryption
DHCP Request / Response
802.11 abg
40
802.11 in CAPWAP
(VLAN, MAC)
IP Packet
GTP-Traffic
www.juniper.net
TRUSTED WLAN ACCESS TO EVOLVED PACKET CORE

MOTIVATION PHASE 2 / REL-12
Desire for (missing) Additional Functions
IP address preservation across handovers b/w 3GPP and WLAN
Concurrent Connectivity
Multiple PDN connections
Concurrent 3GPP access & Trusted WLAN Access
Concurrent PDN Connectivity and Non-Seamless WLAN Offload
UE / NW Selection of APN & NSWO
Solution Space has 2 dimensions:

UE / NW Signalling for APN/NSWO & attach/handover/detach
Layer 2: extensions to EAP-AKA or 802.11 ANQP
Layer 3: extensions to DHCP/DHCPv6
Per-PDN / NSWO Link Model
Per-PDN/NSWO VLAN tagging
Per-PDN/NSWO MAC address on TWAG side
41
www.juniper.net
TRUSTED ACCESS VISION TOWARDS FMC

Trusted Access
EAP-TTLS
AAA
Non HLR
based SDM
Set-Top
DHCP
HLR
Any Access
Network
CPE
PPPoX
BRAS
SaMOG based
TWAG
OCS
Trusted Access
EAP-SIM/AKA
PCRF
Portal
Gn (GTP)
IP
Networks
2G/3G RAN
SGSN
Internet access APN
GGSN
42
www.juniper.net
JUNOS PULSE WI-FI MANAGER MODULE

43
www.juniper.net
WHY USE CLIENT TECHNOLOGY

FOR WI-FI OFFLOAD?
Does OS natively provide tunneling?
Does OS support selective tunneling
& confidentiality?
Does OS support policy-based
control of network selection and
application routing?
Does OS support management of
more than just Wi-Fi authentication
credentials? 3rd party roaming?
If the answer to ANY question is no, then a client is required!

44
www.juniper.net
End User Quality of Experience
Wi-Fi Offloading can help.

However.
Solution must be 100% seamless and
transparent to the end user
Completely automated
Zero end user intervention
No compromise on quality of connection
No compromise on device performance
45
www.juniper.net
ELSE
Junos Pulse & Wi-Fi Offload

Junos Pulse + Pulse Wi-Fi Manager
bridges the gap between the
network and the end device
Junos Pulse
Pulse Wi-Fi
Manager (PWM)
Pulse manages 3G/Wi-Fi

Significantly enhancing end the
interactions based on prequality of experience (QoE) while
defined policy
still offering control to the carrier or
enterprise
Enhances end user
Quality of Experience
End User/Device
The Network
(UE)
47
www.juniper.net
PULSE WI-FI MANAGER ANDROID SUPPORT ONLY IN PHASE 1

Manage Wi-Fi
Wi-Fi Provisioning
- Push & manage Wi-Fi profiles
- Use on-device supplicant
Location & Device Aware
- User location (city level)
- Device type (iOS/Android)
- e.g. User in Austin provisioned with
SSID A & SSID B, User in San Jose
provisioned for SSID A only
Automatic credential
management
- Addresses gap for non EAPSIM/AKA enabled Android
devices
48
Smart Wi-Fi On/Off
VPN tunnel
Turn Wi-Fi On/Off on the device

based on location
Setup VPN tunnel from client based

on Wi-Fi type etc.
- Balance UX with Wi-Fi attach

- Automate action or notify user
- Secure air link

- Enable Wall garden access via
backhaul
- No IKEv2 (SSL VPN)
*Scale factors must be considered
- e.g. Enable/Disable Wi-Fi based on

proximity to malls, stadiums etc
based on 3G Cell broadcast ID
information
App Notification
Measure ROI & plan capacity
Discourage Offload for walled

garden applications
e.g. Notify user and allow them to
switch to 3G/4G when they run
certain walled gardened applications.
Reporting
www.juniper.net
- Bytes offloaded on Wi-Fi

- Time spent on Wi-fi
- Apps used, type of device etc.
- By SSID, AP, Location
Pulse Wi-Fi Offload workflow

User connects to Wi-Fi
based on Policy. Policy
controls when & how
user is offloaded.
Junos Pulse
Policy also dictates what

happens after offload (e.g. setup
VPN over insecure Wi-Fi)
Wi-Fi AP
Try to use an 802.1x

based Authentication
with the AAA
SGSN
BTS
GGSN
RNC
Internet
Phone boots
Pulse
takes
Pulse
contacts
Policy
gets
downloaded
up. Pulse
action
onManager
device
Wi-Fi
to starts
devicerunning
over 3G/4G
based
on
Policy
over
3G/4G
network.
Policy includes
on the
device
network
to get
Wi-Fi
profiles,
policies
credentials, location,
Firewall
HLR
AAA
(e.g. SBR)
application & other

criteria etc.
49
Pulse Wi-Fi
Manager (PWM)
www.juniper.net
Pulse Wi-Fi Offload including Trusted Access

User connects to Wi-Fi
based on Policy. Policy
controls when & how
user is offloaded.
Junos Pulse
T-WAG
SaMOG
Wi-Fi AP
802.1x SSID
Use 802.1x Authentication

with the AAA based on
PEAP or EAP-TTLS
BTS
RNC
SGSN
Trusted Wi-Fi Access Gateway

(SaMOG) forwards Layer 2
Traffic into GTP towards GGSN
Access-Accept has
IMSI + MSISDN
from PWM DB
GGSN
Internet
Phone
boots
collects
Pulse takes
Policy
gets
downloaded
up.
Pulse
IMSI
MSISDN
action+on
device
to
device
overWi3G/4G
starts
running
and
contacts
based
on Policy
network.
Policy
on
the
device
Fi Manager overincludes
Wi-Fi
3G/4Gprofiles,
network
credentials,
location,
to get policies
application & other
criteria etc.
50
Firewall
HLR
AAA
(e.g. SBR)
Pulse Wi-Fi
Manager (PWM)
www.juniper.net
PROVIDER ROAMING & WHOLESALE

52
www.juniper.net
EAP-IDENTITY BASED ROAMING EXAMPLE (W. CLEARING HOUSE)

Clearing House AAA
Visited AAA
Subscribers
Home AAA
WLC 2800
Subscriber DB
or HLR
Internet
1.) Subscriber moves to a Visited Network and attaches to next Wi-Fi AP.
2.) AP directs all Traffics through Metro (or Internet) to Wi-Fi Controller at Visited Network
3.) Wi-Fi Controller notice a new attachment and asks the UE for the EAP-Identity to start the EAP negotiation
4.) UE answers and starts EAP-Exchange with EAP-Identifier
5.) Wi-Fi Controller creates Radius Request to local (Visited) AAA
6.) Realm Part of User NAI identifies request cant be authenticated local -> Proxy forward to Clearing House AAA
7.) Clearing House AAA identifies Home AAA and forwards request.
8.) Home AAA analyses request (he may answer with a challenge which will case a few more interactions back and
forth before he can make a final conclusion)
9.) Home AAA authenticates Subscriber on Database/HLR and sends back Access-Accept (with a Profile to be used)
10.) Answer gets routed back the same way to VAAA (which analyses the Profile setting and may override it)
11.) Wi-Fi Controller gets Access-Accept with negotiated Cryptographic Keys and starts the $-Way Handshake with
the UE to secure the Air interface (AES-CCMP)
12.) Wi-Fi Controller generates Radius Accounting Information to be forwarded (VAAA to HAAA via Clearing House)
53
www.juniper.net
MetroNetwork
Wi-Fi AP
Smartphone
User
Wi-Fi AP
Wi-Fi AP
EXAMPLE ROAMING - VPLS BASED

HAAA
Pulse
Manager
H-HLR/HSS
IP
Networks
WAG
SWd
Home Network
Visited Network
VPLS based
Roaming
VAAA
Proxy
WLAN AP
MAC / VLAN
WLAN WLC
VAAA to add VLAN

attribute per Home
Network on returned
Access-Accept
WLAN AP
54
www.juniper.net
ROAMING TRUSTED LOCAL SAMOG

HAAA
OCS
Pulse
Manager
H-HLR/HSS
Home Network
Visited Network
VAAA
Proxy
Gp/GTP based
GRX roaming
WLAN AP
WLAN WLC
WLAN AP
55
MAC / L2
IP
Networks
H-GGSN
H-PGW
SWd
Visited WiFi
Access Gateway
(SaMOG)
www.juniper.net
PCRF
ROAMING TRUSTED HOME SAMOG VPLS

HAAA
OCS
Pulse
Manager
H-HLR/HSS
Home WiFi
Access Gateway
(SaMOG)
Home Network
Visited Network
VPLS based
Roaming
VAAA
Proxy
WLAN AP
IP
Networks
H-GGSN
H-PGW
SWd
MAC / VLAN
WLAN WLC
VAAA to add VLAN

attribute per Home
Network on returned
Access-Accept
WLAN AP
56
www.juniper.net
PCRF

Implementing Cellular To Wi-Fi Offload

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Implementing Cellular To Wi-Fi Offload

Enviado por

Direitos autorais:

Formatos disponíveis

SOLUTIONS FOR IMPLEMENTING

CELLULAR TO WI-FI OFFLOAD

Statements of direction set forth Juniper Networks current

delivering any feature or functionality depicted in this presentation.

Copyright 2012 Juniper Networks, Inc.

WHY WI-FI OFFLOAD?

Copyright 2012 Juniper Networks, Inc.

GROWTH IN WIRELESS BROADBAND DATA CONTINUES

Growth fueled by:

According to IDC we will reach 1 billion smart mobile

Copyright 2012 Juniper Networks, Inc.

WIRELESS BROADBAND ALLIANCE

Copyright 2012 Juniper Networks, Inc.

3 STAGES OF WI-FI OFFLOAD

Source: Heavy Reading

Copyright 2012 Juniper Networks, Inc.

Copyright 2012 Juniper Networks, Inc.

KEY SOLUTION COMPONENTS

JUNOS Pulse Client (optional)

Provides uniform user

BACKHAUL & EDGE

Provides secure traffic

Ideal if WLAN traffic not backhauled to

Provides support for network

OPEN AND SECURE ACCESS

Copyright 2012 Juniper Networks, Inc.

JUNIPER VALUE PROPOSITION

SBR Carrier AAA with SSR

Juniper SRC (Session Resource

Juniper Wireless WLA / WLC /

SIM-Module for seemless

Copyright 2012 Juniper Networks, Inc.

Wi-Fi Access with Backhauling due to

Copyright 2012 Juniper Networks, Inc.

MX 3D: A NETWORK SERVICES PLATFORM

Separate control and data

3050% more power efficient & 40% more space efficient

Services Flexibility for Mobile

Common hardware, common software, investment protection

Copyright 2012 Juniper Networks, Inc.

UNIVERSAL EDGE ENABLES NEW NETWORK

Carrier Ethernet Aggregation

Network-Integrated Apps. &

Copyright 2012 Juniper Networks, Inc.

Copyright 2012 Juniper Networks, Inc.

THE NONSTOP WIRELESS NETWORK

Copyright 2012 Juniper Networks, Inc.

JUNIPER WLA SERIES ACCESS POINT FAMILY

Highest performance APs in the industry

WLA Series Highlights

JUNIPER WLC SERIES CONTROLLER FAMILY

Simplest solution in the Industry

WLC Series Highlights

Copyright 2012 Juniper Networks, Inc.

BEST IN CLASS WLAN LIFE CYCLE MANAGEMENT

3D predictive planning tool

Configuration and Verification

Complete offline configuration

Monitoring and Reporting

By user, radio, AP, WLC, SSID

Copyright 2012 Juniper Networks, Inc.

Copyright 2012 Juniper Networks, Inc.

SBR CARRIER: ENABLES SEAMLESS ACCESS