Escolar Documentos
Profissional Documentos
Cultura Documentos
Legal Statement
www.juniper.net
www.juniper.net
181%
1B
www.juniper.net
www.juniper.net
Offload
Hard offload
User driven
Unmanaged
Optimize
Auto-login
User identity
Secure
2010
2012
Integrate
Policy driven
Session mobility
Fully transparent
2014
www.juniper.net
REFERENCE ARCHITECTURE
7
www.juniper.net
SBR CARRIER
Single platform managing AAA
functions for all access
technologies
MX-3D
POLICY ENFORCEMENT
& CHARGING
SRC
Juniper WLAN
Security GW
Video/Web
Optimization
NAT/FW functions
Server Load
Balancing
Mobility GW functions
Routing Functions
VPN Gateway
High performance
Reliable mobility
High Availability
Outdoor/Indoor
Superior Planning
and Lifecycle Mgnt
Direct and Central
Traffic breakout
www.juniper.net
VTA
Subs-Data
Base / HLR
SQL
SIGTRAN
Auth-Check /
Service
SRC
Corba
Portal
Policy push
Ta
Rad
Policy push
Redirect
IP
JSRC
Open
Dia
Gi
WLC
AP
IP
Internet
Smartphone
802.1x
MX-BNG
WLM
www.juniper.net
Captive Portal
Volume Tracking Application
Various Accounting Interfaces
Policy push to all Juniper core routers
www.juniper.net
UNIVERSAL EDGE
11
www.juniper.net
Ultimate in flexibility
Versatility of 4 platforms
ensures there is a platform tailor
made for every deployment
model
Unparalleled packet
processing performance
L2 to L3 to L4-7 services
Support multiple services
simultaneously without
impacting performance
OPEX Savings
Simplifies operations
12
www.juniper.net
Fixed Edge
BNG
GGSN
Business Edge
TWAG
Security-GW
Datacenter
L2/L3 Switch
SDG
Transport
Backbone
Security
Carrier Grade NAT
MX 3D
Firewall
Backhaul
www.juniper.net
Router-Integrated Services
Network-Integrated Apps.
& Services (Juniper )
IPS
BGF
Media Flow
DAA
StreamScope
eRM
Telchemy
Media
ePM
Enabler
MX 3D Series
Media Flow
Controller
14
SRC
Controller
www.juniper.net
JUNIPER WIRELESS
15
www.juniper.net
architecture
Self-organizing adds, moves
and changes
Self-repairing architecture
In service software upgrades
Full Featured Local switching
16
www.juniper.net
New
Functionality
New
3 Stream
MIMO
Dual Radio
Max.
Performance
2x2 MIMO
Dual Radio
High Density
3x3 MIMO
Dual Radio
All Weather
Dual Radio
Entry-level AP
WLA632
Single Radio
Low Cost AP
WLA532
WLA522
WLA322
WLA321
Entry level 802.11n
17
Indoor 11n
Copyright 2012 Juniper Networks, Inc.
www.juniper.net
Outdoor 11n
Enterprise
64 - 512 11n AP
WLC2800
16 - 256 11n AP 3-Stream
Campus
WLC880
16 - 128 11n AP 3-Stream
WLC800
12 AP
Branc
h
4 AP
WLC8
WLC2
4
12
16
32
64
128
192
256
512
# of AP
18
www.juniper.net
RingMaster
Planning and Deployment
Location Aware
Search by Location
Roaming History
Geo Fencing
19
www.juniper.net
SBR CARRIER
20
www.juniper.net
HLR
Public Wi-Fi
GPRS UMTS
HSxPA
21
Seamless integration:
Supports any SDM
technology with any
schema
LDAP
Reduce complexity:
Single platform provides
glue between network
technologies and IT
systems
SQL
UMA
Femtocell
www.juniper.net
RADIUS
CDMA
1xRTT/EvDO
Fixed/Mobile
WiMAX
HLR
LDAP
LDAP v2/v3
Load-balancing and
failover
Any LDAP schema
Programmable searches
with recursiveness
Scripting
Unparalleled performance
LDAP
SQL
Generic SQL over JDBC
Load-balancing and
failover
Any SQL schema
Stored procedure support
SQL
Oracle
Native oracle interface
Load-balancing and
failover
Any SQL schema
Stored procedure support
Unparalled performance
ORACLE
RADIUS
Credentials:
Username/password
Certificate
SIM & USIM
SMS OTP
Token
Service-ID (eg. APN, DNIS )
RADIUS proxy
Carrier grade proxy
engine
Weighted load-balancing
and failover
Target health detection
Advanced filtering
Unparalled performance
www.juniper.net
JUNIPER SRC
23
www.juniper.net
Service
SRC ENABLES
APPLICATION INTELLIGENT NETWORKING
Resource Control
Call Admission control, QoS,
Quota services
Data VPN
Software as a Service
Videoconference
SRC
Policy
Engine
C3000
C5000
Provisioning / Accounting
Edge
24
Enterprise
Services
Network
Metering
Per service time & volume
Internet
IPTV
Home VoIP
Dynamic Provisioning
Filters, Captive Portal, Bandwidth,
Applications
Residential
Services
www.juniper.net
Core
Data Center
SRC
Subscriber
state & profile
Policy
Plug-in API
Flat file
RADIUS
VTA Plug-in
Charging
Systems
VTA
Traffic
Wi-Fi AP
End user
25
WLC 2800
MX
Copyright 2012 Juniper Networks, Inc.
www.juniper.net
Enhanced
Per Service Accounting
Accounting record generation from SRC (flat files or RADIUS) duration and volumes
26
www.juniper.net
www.juniper.net
FUTURE PRODUCTS /
SOLUTIONS
HOTSPOT V2.0
30
www.juniper.net
Allows a Station (UE/Mobile) to query information about the WLAN and Network behind it before an
Authentication is tried
Must be supported at WLAN-AP and UE/Mobile to work
Network Discovery and Selection component
Advertise Networks basic 11u capabilities in Beacons and Probe Response Frames to minimize Battery impact
Tell the Mobile which QOS DSCP Marking to set for IP Traffic according to operators policy
Expedited Bandwidth Request (EBR) support
Emergency services
31
Access Type
Venue Info
HESSID
supported Advertisement Protocols
Roaming Consortium
Emergency Call ongoing Alert
www.juniper.net
Deliverables
Technical Spec. (uses heavily 11u), Test Plan, Certification Program, Deployment Guide
Security
32
proposals have been made around Wi-Fi offload issues and improved operations/monitoring.
Copyright 2012 Juniper Networks, Inc.
www.juniper.net
Interworking, Advertisement Protocol, Roaming Consortium, BSS Load, WFA Peer to Peer
ANQP: Venue Name, Network Authentication Type, IP Address Type Availability, Network Access Identifier Realm
List, 3GPPP MCC/MNC, Domain Name List
HS2.0 ANQP extensions: Operator Name, WAN Metrics, Connection Capability, NAI Home Realm Query
EAP-TLS, EAP-TTLS (inner MS-CHAPv2), EAP-SIM/AKA (if the Device has a (U)SIM-Card it SHALL support this)
Hotspot V2.0 certifies sort-of 3GPP Trusted Access Mobiles / UEs only
www.juniper.net
www.juniper.net
WLAN SaMOG GW
Access
AP
HSS/AAA
BENEFITS:
Avoids cost and overhead of IPsec
Uses standard GTP based procedures
CAVEATS:
Used only for trusted Wi-Fi networks
TWAG must see UE-MAC (Layer2)
IP-Address preservation comes in Rel. 12
GTP S2a
Smartphone
Backhaul &
Packet Core
PGW
GGSN
HA
SDG
Service
Complex
VPN
www.juniper.net
S6a
HPLMN
SGi
SWx
Operator's IP
Services
(e.g. IMS, PSS
etc.)
3GPP AAA
Server
S6b
S9
SWd
S8
3GPP Serving
Access Gateway
vPCRF
Gxc
3GPP AAA
Proxy
S2a
VPLMN
Non-3GPP
Networks
STa
Trusted
WLAN Access
Network
SWw
www.juniper.net
UE
Intranet / Internet
SWw
STa
WLAN
Trusted WLAN
Access Gateway
S2a
www.juniper.net
PDN1
UE MAC
S2a-TEID
or NSWO
802.11
Bridging
PDN23
UE1
UE2
UE3
UE4
AP/WLC
802.11 Association
PDN GW
TWAG
Per PDN/NSWO
VLAN or
GRE tunnel
NSWO
a.k.a. Local
Break-Out
www.juniper.net
PDN
GW
TWAN
vPCRF
AAA
Proxy
hPCRF
HSS/
AAA
1. Non-3GPP
Specific Procedures
2. EAP Authentication
2. Authentication & Authorization
3. Create Session Request
(A)
5. Update PDN GW Address
6. Create Session Response
7. GTP Tunnel
8. EAP authentication
Completion
9. L3 Attach
39
www.juniper.net
(B)
Access
Point
Internet
Layer3 VPN
SaMOG
Gateway
WLAN
Controller
GGSN / PDN
Gateway
AAA
(MAC, VLAN)
IEEE 802.11
Discovery
EAP Request to UE
EAP Request to UE
4 Way Handshake
Derive PTK
Derive PTK
802.11 abg
40
802.11 in CAPWAP
(VLAN, MAC)
IP Packet
GTP-Traffic
www.juniper.net
www.juniper.net
AAA
Non HLR
based SDM
Set-Top
DHCP
HLR
Any Access
Network
CPE
PPPoX
BRAS
SaMOG based
TWAG
OCS
Trusted Access
EAP-SIM/AKA
PCRF
Portal
Gn (GTP)
IP
Networks
2G/3G RAN
SGSN
GGSN
42
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
ELSE
Junos Pulse
Pulse Wi-Fi
Manager (PWM)
www.juniper.net
Wi-Fi Provisioning
- Push & manage Wi-Fi profiles
- Use on-device supplicant
Location & Device Aware
- User location (city level)
- Device type (iOS/Android)
- e.g. User in Austin provisioned with
SSID A & SSID B, User in San Jose
provisioned for SSID A only
Automatic credential
management
- Addresses gap for non EAPSIM/AKA enabled Android
devices
48
VPN tunnel
Reporting
www.juniper.net
Wi-Fi AP
BTS
GGSN
RNC
Internet
Phone boots
Pulse
takes
Pulse
contacts
Policy
gets
downloaded
up. Pulse
action
onManager
device
Wi-Fi
to starts
devicerunning
over 3G/4G
based
on
Policy
over
3G/4G
network.
Policy includes
on the
device
network
to get
Wi-Fi
profiles,
policies
credentials, location,
Firewall
HLR
AAA
(e.g. SBR)
Pulse Wi-Fi
Manager (PWM)
Copyright 2012 Juniper Networks, Inc.
www.juniper.net
T-WAG
SaMOG
Wi-Fi AP
802.1x SSID
BTS
RNC
SGSN
Internet
Phone
boots
collects
Pulse takes
Policy
gets
downloaded
up.
Pulse
IMSI
MSISDN
action+on
device
to
device
overWi3G/4G
starts
running
and
contacts
based
on Policy
network.
Policy
on
the
device
Fi Manager overincludes
Wi-Fi
3G/4Gprofiles,
network
credentials,
location,
to get policies
application & other
criteria etc.
50
Firewall
HLR
AAA
(e.g. SBR)
Pulse Wi-Fi
Manager (PWM)
Copyright 2012 Juniper Networks, Inc.
www.juniper.net
www.juniper.net
Subscribers
Home AAA
WLC 2800
Subscriber DB
or HLR
Internet
1.) Subscriber moves to a Visited Network and attaches to next Wi-Fi AP.
2.) AP directs all Traffics through Metro (or Internet) to Wi-Fi Controller at Visited Network
3.) Wi-Fi Controller notice a new attachment and asks the UE for the EAP-Identity to start the EAP negotiation
4.) UE answers and starts EAP-Exchange with EAP-Identifier
5.) Wi-Fi Controller creates Radius Request to local (Visited) AAA
6.) Realm Part of User NAI identifies request cant be authenticated local -> Proxy forward to Clearing House AAA
7.) Clearing House AAA identifies Home AAA and forwards request.
8.) Home AAA analyses request (he may answer with a challenge which will case a few more interactions back and
forth before he can make a final conclusion)
9.) Home AAA authenticates Subscriber on Database/HLR and sends back Access-Accept (with a Profile to be used)
10.) Answer gets routed back the same way to VAAA (which analyses the Profile setting and may override it)
11.) Wi-Fi Controller gets Access-Accept with negotiated Cryptographic Keys and starts the $-Way Handshake with
the UE to secure the Air interface (AES-CCMP)
12.) Wi-Fi Controller generates Radius Accounting Information to be forwarded (VAAA to HAAA via Clearing House)
53
www.juniper.net
MetroNetwork
Wi-Fi AP
Smartphone
User
Wi-Fi AP
Wi-Fi AP
H-HLR/HSS
IP
Networks
WAG
SWd
Home Network
Visited Network
VPLS based
Roaming
VAAA
Proxy
WLAN AP
MAC / VLAN
WLAN WLC
WLAN AP
54
www.juniper.net
OCS
Pulse
Manager
H-HLR/HSS
Home Network
Visited Network
VAAA
Proxy
Gp/GTP based
GRX roaming
WLAN AP
WLAN WLC
WLAN AP
55
MAC / L2
IP
Networks
H-GGSN
H-PGW
SWd
Visited WiFi
Access Gateway
(SaMOG)
www.juniper.net
PCRF
OCS
Pulse
Manager
H-HLR/HSS
Home WiFi
Access Gateway
(SaMOG)
Home Network
Visited Network
VPLS based
Roaming
VAAA
Proxy
WLAN AP
IP
Networks
H-GGSN
H-PGW
SWd
MAC / VLAN
WLAN WLC
WLAN AP
56
www.juniper.net
PCRF