8/9/2019 Implementing Cellular to Wi-Fi Offload
1/54
SOLUTIONS FOR IMPLEMENTINGCELLULAR TO WI-FI OFFLOAD Hartmut Schroeder
September 2012
8/9/2019 Implementing Cellular to Wi-Fi Offload
2/54
2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Legal Statement
Statements of direction set forth Juniper Networks’ current
intention and are subject to change at any time without notice.
No purchases are contingent upon Juniper Networks
delivering any feature or functionality depicted in this presentation.
8/9/2019 Implementing Cellular to Wi-Fi Offload
3/54
3 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WHY WI-FI OFFLOAD?
8/9/2019 Implementing Cellular to Wi-Fi Offload
4/54
4 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
GROWTH IN WIRELESS BROADBAND DATA CONTINUES
Growth fueled by:• Increased Smartphone Adoption• Wireless Enabled Portable Devices• Machine-to-Machine Mobile DevicesGartner predicted that tablet sales will grow 181% in2011 to 54.8M, many of which are built to takeadvantage of mobile 3G and 4G networks.
According to IDC we will reach 1 billion smart mdevices in 2013. Morgan Stanley tells us we will mobile devices in 2050.
181% TABLETGROWTH
1B SMART MOBILE
DEVICES
http://www.gartner.com/it/page.jsp?id=1452614http://www.gartner.com/it/page.jsp?id=1452614
8/9/2019 Implementing Cellular to Wi-Fi Offload
5/54
5 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WIRELESS BROADBAND ALLIANCE
8/9/2019 Implementing Cellular to Wi-Fi Offload
6/54
6Copyright © 2012 Juniper Networks, Inc. www.juniper.net
3 STAGES OF WI-FI OFFLOAD
Offload•Hard offload•User driven•Unmanaged
Optimize• Auto-login•User identity•Secure
Integrate•Policy d•Session •Fully tra
Source: Heavy Reading2010 2012 20
8/9/2019 Implementing Cellular to Wi-Fi Offload
7/54
7Copyright © 2012 Juniper Networks, Inc. www.juniper.net
REFERENCE ARCHITECTURE
8/9/2019 Implementing Cellular to Wi-Fi Offload
8/54
8Copyright © 2012 Juniper Networks, Inc. www.juniper.net
KEY SOLUTION COMPONENTS
AUTHENTICATION& SECURITY
BACKHAUL & EDGE POLICY ENFO& CHA
• Security GW• Video/Web
Optimization• NAT/FW functions• Server Load
Balancing• Mobility GW functions• Routing Functions• VPN Gateway
Provides uniform userexperience with authentication,security & policy enforcement
Provides secure traffictermination and service
delivery functions
Provides suppobased policy en
cha
MX-3DJUNOS Pulse Client (optional)• Mobile Security Suite• VPN / secure tunneling• Enforcement point for future policy
based capabilities and datacollection
SBR – CARRIER• Single platform managing AAA
functions for all accesstechnologies
• High performance• Reliable mobility• High Availability• Outdoor/Indoor• Superior Planning
and Lifecycle Mgnt• Direct and Central
Traffic breakout
Juniper WLAN • Ideal if WLAN traff
GGSN / P-GW• Leverages Juniper M
• QoS• Service M• DPI
• Captive Portal• Volume Tracking (V
• Bandwidt• Daily/Mo
• Charging integration
8/9/2019 Implementing Cellular to Wi-Fi Offload
9/54
9Copyright © 2012 Juniper Networks, Inc. www.juniper.net
OPEN AND SECURE ACCESSE2E ARCHITECTURE PHASE 1 (TODAY)
WLM
Open
802.1x
WLC AP
SBR SRC
Portal
SSR VTA Auth-Check /Service
Subs-DataBase / HLR
Policy push
MX-BNG
Smartphone
Policy push RedirectIP
TaRad
JSRCDia
GiIP
Corba
SQLSIGTRAN
8/9/2019 Implementing Cellular to Wi-Fi Offload
10/54
10 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Juniper MX as Wi-Fi AccessGateway acts as a PCEF for
CGNAT (leveraging MS-DPC)DPI (leveraging MS-DPC)Basic QoS / Hirachical QoS(leveraging MS-DPC)Lawfull Interception Point for CCDHCP-Server
SBR Carrier AAA with SSRSIM-Module for seemlessauthentiaction with HLR for EAP-SIM/AKASession State Register for global,redundant Subscriber Knowledge
Juniper SRC (Session ResoController)
Captive PortalVolume Tracking ApplicaVarious Accounting InterPolicy push to all Junipe
Juniper Wireless WLA / W
WLM Wi-Fi Access with BackhCentral SwitchingComplete Livecycle Manthrough RingMaster
JUNIPER VALUE PROPOSITION
8/9/2019 Implementing Cellular to Wi-Fi Offload
11/54
11 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
UNIVERSAL EDGE
8/9/2019 Implementing Cellular to Wi-Fi Offload
12/54
12 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
MX 3D: A NETWORK SERVICES PLATFORM
Ultimate inVersatility
ensures themade for evmodelL2 to L3 toSupport musimultaneoimpacting p
Industry-leading performance andscale
OPEX SavingsSimplifies operations
30 – 50% more power efficient & 40% more space efficientEmbedded monitoring services to ensure SLAs are metUnparalleled functional bundling that allows massive cost saving
Unparalleled packetprocessing performanceSeparate control and dataplane that scaleindependently
8/9/2019 Implementing Cellular to Wi-Fi Offload
13/54
13 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Services Flexibility for MobileMX 3D with Trio is a Common Services Layer for IP Convergence
Comm on hardware , com mo n sof tware, inves tment p ro tec t ion
MX 3D
TWAGSecurity-GW
S/P-GW
Backbone
Backhaul
Carrier Gra
BN
Firew
Business GGSN
Packet Core
Transport
Fixed E
Secur
DatacL2/L3 S
SDG
8/9/2019 Implementing Cellular to Wi-Fi Offload
14/54
14 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Networ
Se
Network-Integrated Apps.
& Services (Juniper )
UNIVERSAL EDGE ENABLES NEW NETWORK
Router-Integrated Servi
Cable EdgeBusiness Edge
Mobile EdgeCarrier Ethernet AggregationVideo Distribution Networks DAABGF Media Flow
TelchemePM
IPS
Media FlowController
SRCController
MX 3D Series
Network Applications
8/9/2019 Implementing Cellular to Wi-Fi Offload
15/54
15 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
JUNIPER WIRELESS
8/9/2019 Implementing Cellular to Wi-Fi Offload
16/54
16 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
THE NONSTOP WIRELESS NETWORK
Single point of management
Active-active controlarchitecture
Self-organizing adds, movesand changes
Self-repairing architectureIn service software upgrades
Full Featured Local switching
8/9/2019 Implementing Cellular to Wi-Fi Offload
17/54
17 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
JUNIPER WLA SERIES ACCESS POINT FAMILY
Entry level 802.11n Indoor 11n Outdoo
Single Radio
Low Cost AP
WLA321
Dual RadioEntry-level AP
WLA322
2x2 MIMODual Radio
High Density
WLA522
WLA Series Highlights
Highest performance APs in the industryMost cost effective APs in the industryFull featured Intelligent switchingSpectrum analysis across the portfolioBridging and mesh
3 StreamMIMO
Dual RadioMax.
Performance
WLA532
F u n c
t i o n a
l i t y
3x3 MIDual RaAll Weat
WLA6
WLA532
New
New
8/9/2019 Implementing Cellular to Wi-Fi Offload
18/54
18 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
JUNIPER WLC SERIES CONTROLLER FAMILY
WLC Series Highlights
Simplest solution in the Industry Highest Reliability in the industry Only vendor with In-service upgrades One software platform
Full Featured distributed deployment
4 12 16 32 128 192 2564
4 AP
WLC2WLC8
12 AP
16 - 128 11n AP 3-Stream
WLC800
B r a n c
h
C a m p u s
E n
t e r p r i s e
16 - 256 11n AP 3-Stream
WLC880
64 - 512 11n A
WLC280
8/9/2019 Implementing Cellular to Wi-Fi Offload
19/54
8/9/2019 Implementing Cellular to Wi-Fi Offload
20/54
20 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SBR CARRIER
8/9/2019 Implementing Cellular to Wi-Fi Offload
21/54
21 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SBR CARRIER: ENABLES SEAMLESS ACCESS
Steel Belted Radius
Seamless integration:Supports any SDMtechnology with any
schema
Reduce operationalcost: Single platformmanaging AAA
functions for allaccess technologies
Reduce compleSingle platformglue between ne
technologies ansystems
GPRS UMTSHSxPA
xDSLFTTH
UMAFemtocell
Public Wi-Fi
Fixed/MobileWiMAX
HLR RADIUSLDAP SQL
FLEXIBLE SDM INTEGRATION: ANY
8/9/2019 Implementing Cellular to Wi-Fi Offload
22/54
22 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
FLEXIBLE SDM INTEGRATION: ANYCREDENTIAL, ANY DATABASE
Steel Belted Radius
HLR LDAP SQL
HLR authenticationD’ authentication andauthorization InterfaceSIM and AKASS7 over E1/T1
SIGTRANMAP v2/v3NO separate MAP-GW(installed on SBR)
ORACLE
LDAPLDAP v2/v3Load-balancing andfailover
Any LDAP schema
Programmable searcheswith recursivenessScriptingUnparalleled performance
SQLGeneric SQL over JDBCLoad-balancing andfailover
Any SQL schemaStored procedure support
OracleNative oracle interfaceLoad-balancing andfailover
Any SQL schema
Stored procedure supportUnparalled performance
CredentialsUsername/CertificateSIM & USISMS OTPTokenService-ID
8/9/2019 Implementing Cellular to Wi-Fi Offload
23/54
23 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
JUNIPER SRC
SRC ENABLES
8/9/2019 Implementing Cellular to Wi-Fi Offload
24/54
24 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SRC ENABLESAPPLICATION INTELLIGENT NETWORKING
N e
t w o r k
P o
l i c y a n
d C o n
t r o
l
S e r v
i c e
InternetIPTVHome VoIP
CoreEdge
Service Activation / Repo
Provisioning / Accou
ApplicationsResidentialServices
SRCPolicyEngine
C3000
Dynamic ProvisioningFilters, Captive Portal, Bandwidth,…
Resource ControlCall Admission control, QoS ,…
Metering
Per service time & volumeQuota services
8/9/2019 Implementing Cellular to Wi-Fi Offload
25/54
25 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SRC USAGE TRACKING / ACCOUNTING OPTIONS
End user
Policy
SRCSubscriber
state & profile
Traffic
Flat fileRADIUS
Custom Plug-in
VTA
VTA Plug-in P l u g - i n
A P I
MX
WLC 2800Wi-Fi AP
8/9/2019 Implementing Cellular to Wi-Fi Offload
26/54
26 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ENHANCED SUBSCRIBER MANAGEMENT
Per subscriber accounting
Regular EnhancedPer Service Acco
Benefits:• Usage based billing
• Congestion mitigation by de-prioritizing heavy users
Features
• Periodical collection of counters associated to SRC managed services
• Based on combination of 5-tuples or per application/application-groups
• Accounting record generation from SRC (flat files or RADIUS) – duration and volumes
• Multiple accounting sessions per subscriber
• Start, Stop and variable Interim
• Fair usage / quota services with Volume Tracking Application
8/9/2019 Implementing Cellular to Wi-Fi Offload
27/54
27 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
OVERVIEW OF THE SRC VOLUME TRACKING APPLICATION
The SRC Volume-Tracking Application (SRC VTA) allows serviceproviders to track and control the network usage of subscribers andservices. You can control volume and time usage on a per-subscriberor per-service basis.When a subscriber or service exceeds bandwidth limits (or quotas), theSRC VTA can take actions , including
directing the subscriber to a portal to activate additional services orpurchase additional bandwidth,imposing rate limits on traffic,sending an e-mail notification,or charging extra for additional bandwidth consumed.
8/9/2019 Implementing Cellular to Wi-Fi Offload
28/54
FUTURE PRODUCTS /SOLUTIONS
8/9/2019 Implementing Cellular to Wi-Fi Offload
29/54
30 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
HOTSPOT V2.0
8/9/2019 Implementing Cellular to Wi-Fi Offload
30/54
31 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
IEEE 802.11U AND HOTSPOT V2.0 PART 1IEEE 802.11u (Standardization finished Feb 2011)
Allows a Station (UE/Mobile) to query information about the WLAN and Network behind it Authentication is triedMust be supported at WLAN-AP and UE/Mobile to work
Network Discovery and Selection component Advertise Networks basic 11u capabilities in Beacons and Probe Response Frames to minimize Battery impact
– Access Type – Venue Info – HESSID – supported Advertisement Protocols – Roaming Consortium – Emergency Call ongoing Alert
Generic Advertisement Service (GAS) for extended Queries – Access Network Query Protocol ( ANQP ) and others (MIH)
QOS Map Set distributionTell the Mobile which QOS DSCP Marking to set for IP Traffic according to operators policyExpedited Bandwidth Request (EBR) support
Emergency servicesEmergency Call and Network Alert support at the link level
8/9/2019 Implementing Cellular to Wi-Fi Offload
31/54
32 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
IEEE 802.11U AND HOTSPOT V2.0 PART 2
Hotspot V2.0 GoalsImprove end-user experience to level of cellular networksFacilitate Wi-Fi offloadFacilitate Wi-Fi roaming agreements between hot spot operators/service providers
DeliverablesTechnical Spec. (uses heavily 11u), Test Plan, Certification Program , Deployment Guide
Phase 1 (called “Passport”), Certification starts: mid-year 2012 – Access network discovery
– Security
Phase 2, Certification starts: mid-year 2013 – Operator Policy (TBD) Will it be ANDSF? At which Sublevel then?
– On-line Signup (TBD)
Phase 3, Certification starts: TBD probably mid-year 2014 – Scope isn’t defined – proposals have been made around Wi-Fi offload issues and improved operations/monitoring.
8/9/2019 Implementing Cellular to Wi-Fi Offload
32/54
33 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
IEEE 802.11U AND HOTSPOT V2.0 PART 3Network Discovery (Phase 1)
New information elements (11u based)Interworking, Advertisement Protocol, Roaming Consortium, BSS Load, WFA Peer to Peer
GAS/ANQP Protocols (11u based)
ANQP: Venue Name, Network Authentication Type, IP Address Type Availability, Network Access Identifier RealList, 3GPPP MCC/MNC, Domain Name ListHS2.0 ANQP extensions: Operator Name, WAN Metrics, Connection Capability, NAI Home Realm Query
Note: Only a SUBSET of 11u will be certified in HS 2.0. – QoS-Mapping Tests and Emergency Calls are not scope of HS2.0
Security (and Battery Life Extension) (Phase 1)Certification includes 802.1x based WPA(2) Enterprise Authentication
EAP-TLS, EAP-TTLS (inner MS-CHAPv2), EAP-SIM/AKA ( if the Device has a (U)SIM-Card it SHALL Certification does NOT include UE based Tunnels
Hotspot V2.0 certifies “sort -of” 3GPP “Trusted Access” Mobiles / UE’s only Proxy ARP and Proxy Neighbor Discovery (802.11v)Downstream Group Addressed Frame ForwardingPeer to Peer Communication Blocking
8/9/2019 Implementing Cellular to Wi-Fi Offload
33/54
34 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
3GPP TRUSTED ACCESS
( )
8/9/2019 Implementing Cellular to Wi-Fi Offload
34/54
35 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WI-FI OFFLOAD USING S2A GTP (SAMOG)
Smartphone
Secure Simplified Access for Trusted Wi-Fi Networks
WLANAccess
AP
Backhaul &Packet Core Service
Complex
VPN
SDGPGWGGSN
HA
Policy and Credential SNe A ANDSF
CredentialMngt
SaMOG GW
GTP S2a
• Documented in TS 23.402 section 16 for 3GPP Rel 11• 802.1x recommended to ensure air interface security (WPA)• EAP-AKA credentials used to authenticate the UE
• Needed to get IMSI identity of the UE• Allows HSS to pass information required for GTP management (including
target PGW)• Needed for IP future address preservation
• Leverages standard GTP “Create/Modify” Session/Bearer messages
HSS/AAA
BENEFITS:• Avoids cost and overhea• Uses standard GTP base
CAVEATS:• Used only for trusted W• TWAG must see UE-M• IP-Address preservation
TRUSTED WLAN ACCESS TO EVOLVED PACKET COREARCHITECTURE
8/9/2019 Implementing Cellular to Wi-Fi Offload
35/54
36 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ARCHITECTURENo additional SW on UE / IP address Preservation (and no IKEv2/IPsec/ePDG)SWw is a point-to-point IP link over 802.11 protected by 802.1X
Access Control enforced by Trusted WLAN on behalf of 3GPP operator (802.1X)Default APN for Trusted WLAN PDN connection stored in subscription data
hPCRF
HSS
TrustedWLAN Access
Network
PDN Gateway HPLMN
Non - 3GPPNetworks
VPLMN
vPCRF
S2a
S9
SGi Gx
S6b
Operator's IPS ervices
(e.g. IMS, PSSetc.)
Rx SWx
Gxc
S8
S6a
3GPP Access
Serving Gateway
SWw UE
S2a Mobility based On GTP andWLAN access to EPC (SaMOG)
TRUSTED WLAN ACCESSINTERNAL FUNCTIONS
8/9/2019 Implementing Cellular to Wi-Fi Offload
36/54
37 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
INTERNAL FUNCTIONS
WLAN: APs terminating UE’s SWw 802.11 WLAN link Authenticates UE with EAP-AKAProvide integrity and/or confidentiality protection
Trusted WLAN Access Gateway ( TWAG ):Creates/Deletes S2a GTP tunnelDefault router and DHCP serverEnforces packet forwarding between UE’s SWw point-to-point IP linkGTP tunnel based on UE MAC address
Trusted WLAN AAA Proxy ( TWAP ): AAA proxy b/w WLAN Access Network and 3GPP AAA Server/Proxy overBinds UE subscription data (e.g. IMSI, APN ) with UE MAC addressNotifies TWAG of UE L2 Attach to / Detach from WLAN
SWw
Intranet / Internet
Trusted WLAN Access Network
WLAN
Trusted WLP
Trusted Access G
TRUSTED WLAN ACCESSPDN & NSWO POINT TO POINT LINK MODEL
8/9/2019 Implementing Cellular to Wi-Fi Offload
37/54
38 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
PDN & NSWO POINT-TO-POINT LINK MODEL
S2a PDN Connectio
802.11Bridging
DL: TWAG unicast to UE MAC
UE MAC
S2a-TEID or NSWO
TWAG PDN G AP/WLC
NSWOa.k.a. LocalBreak-Out
PDN1
UL: AP/WLC force-forwards
802.11 Association Per PDN/NSWO
VLAN orGRE tunnel
UE1
UE2
UE3
UE4
TRUSTED WLAN ACCESSINITIAL ATTACH
8/9/2019 Implementing Cellular to Wi-Fi Offload
38/54
39 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
INITIAL ATTACH Roaming Scenarios
UE AAAProxy
PDNGW
3. Create Session Request
TWAN
2. Authentication & Authorization
5. Update PDN GW Address
2. EAP Authentication
1. Non-3GPPSpecific Procedures
15. L3 Attach Completion
7. GTP Tunnel
6. Create Session Response
4. IP-CAN Session EstablishmentProcedure
vPCRF
9. L3 Attach
8. EAP authenticationCompletion
10. Create Session Request
12. Update PDN GW Address
14. GTP Tunnel
13. Create Session Response
11. IP-CAN Session EstablishmentProcedure
Two variants based on PDN: A. IPv4, IPv6, IPv4v6,
based on successfulauthentication event(recommended)
B. IPv4 only,based on DHCPv4address request
High Level SaMOG Call Flow
8/9/2019 Implementing Cellular to Wi-Fi Offload
39/54
40 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
4 Way Handshake
Diameter EAP Response
EAP Response from UE to WLC
EAP Response from UE to WLC
High Level SaMOG Call Flow
RADIUS EAP Response
(MAC, VLAN)
SaMOGGateway
IEEE 802.11Discovery
AAAWLANController
AccessPoint
UserEquipment
Layer3 VPN
Diameter EAP Success
GTP Request Response
Acquired IP Address
RADIUS EAP SuccessEAP Success to UE
Derive PTK Derive PTK
Ready to use / OK to use
IEEE 802.11 AES Data EncryptionDHCP Request / Response
8 02.1 1 ab g 802.11 in CAPWAP (VL AN, M AC ) IP Packet
EAP Request to UE
Diameter EAP RequestRADIUS EAP RequestEAP Request to UE
Diameter EAP Response
T
GTP-Traffic
TRUSTED WLAN ACCESS TO EVOLVED PACKET COREMOTIVATION PHASE 2 / REL 12
8/9/2019 Implementing Cellular to Wi-Fi Offload
40/54
41 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
MOTIVATION – PHASE 2 / REL-12
Desire for (missing) Additional FunctionsIP address preservation across handovers b/w 3GPP and WLANConcurrent Connectivity
Multiple PDN connectionsConcurrent 3GPP access & Trusted WLAN AccessConcurrent PDN Connectivity and Non- S eamless WLAN Offload
UE / NW Selection of APN & NSWO
Solution Space has 2 dimensions:UE / NW Signalling for APN/NSWO & attach/handover/detach
Layer 2: extensions to EAP-AKA or 802.11 ANQPLayer 3: extensions to DHCP/DHCPv6
Per-PDN / NSWO Link ModelPer-PDN/NSWO VLAN taggingPer-PDN/NSWO MAC address on TWAG side
TRUSTED ACCESS VISION TOWARDS FMC
8/9/2019 Implementing Cellular to Wi-Fi Offload
41/54
42 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
TRUSTED ACCESS VISION TOWARDS FMC
2G/3G RAN
GGSN
SaMOG basedTWAG
AAA
NetwSGSN
HLR
Gn (GTP)
OCS
Non HLRbased SDM
Trusted AccessEAP-SIM/AKA
Trusted AccessEAP-TTLS
BRAS
Any AccessNetwork
Set-TopDHCP
CPEPPPoX
Interne
8/9/2019 Implementing Cellular to Wi-Fi Offload
42/54
43 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
JUNOS PULSE WI-FI MANAGER MODU
WHY USE CLIENT TECHNOLOGYFOR WI-FI OFFLOAD?
8/9/2019 Implementing Cellular to Wi-Fi Offload
43/54
44 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
FOR WI-FI OFFLOAD?
Does OS natively provide tunneli
If the answer to ANY question is “no”, then a client is required!
Does OS support selective tunnel& confidentiality?
Does OS support policy-basedcontrol of network selection andapplication routing?
Does OS support management ofmore than just Wi-Fi authenticaticredentials? 3 rd party roaming
End User Quality of Experience
8/9/2019 Implementing Cellular to Wi-Fi Offload
44/54
45 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Q y p
Wi-Fi Offloading can help.However….
Solution must be 100% seamless andtransparent to the end user
Completely automatedZero end user interventionNo compromise on quality of connectionNo compromise on device performance
EL
Junos Pulse & Wi-Fi Offload
8/9/2019 Implementing Cellular to Wi-Fi Offload
45/54
47 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
End User/Device(UE)
Th
Enhances end userQuality of Experience
Junos Pulse + Pulse Wi-Fi Managerbridges the gap between thenetwork and the end device
Significantly enhancing end thequality of experience (QoE) whilestill offering control to the carrier or
enterprise
Pulse manages 3G/Wi-Finteractions based on prdefined policy
Junos Pulse
PULSE WI-FI MANAGER ANDROID SUPPORT ONLY IN PHA
8/9/2019 Implementing Cellular to Wi-Fi Offload
46/54
48 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Manage Wi-Fi
Wi-Fi Provisioning- Push & manage Wi-Fi profiles- Use on-device supplicant
Location & Device Aware- User location (city level)- Device type (iOS/Android)- e.g. User in Austin provisioned withSSID A & SSID B, User in San Joseprovisioned for SSID A only
Automatic credentialmanagement- Addresses gap for non EAP-SIM/AKA enabled Androiddevices
Smart Wi-Fi On/Off
Turn Wi-Fi On/Off on the devicebased on location
- Balance UX with Wi-Fi attach- Automate action or notify user
- e.g. Enable/Disable Wi-Fi based onproximity to malls, stadiums etcbased on “3G Cell broadcast ID”information
App Notification
Discourage Offload for walledgarden applications
e.g. Notify user and allow them toswitch to 3G/4G when they runcertain walled gardened applications.
VPN
Setup VPN tunnel fron Wi-Fi type etc.
- Secure air link- Enable Wall gardenbackhaul- No IKEv2 (SSL VP*Scale factors must b
Rep
Measure ROI &- Bytes offloaded o- Time spent on W- Apps used, type- By SSID, AP, L
8/9/2019 Implementing Cellular to Wi-Fi Offload
47/54
Pulse Wi-Fi Offload including Trusted Access
8/9/2019 Implementing Cellular to Wi-Fi Offload
48/54
50 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
BTS SGSN
HLR
RNC GGSN
Wi-Fi AP802.1x SSID
Pulse Wi-FiManager (PWM)
Firewall
Junos Pulse
Phone bootsup. Pulse
starts runningon the device
Pulse collectsIMSI + MSISDNand contacts Wi-Fi Manager over3G/4G networkto get policies
Policy gets downloaded
to device over 3G/4Gnetwork. Policy includesWi-Fi profiles,credentials, location,application & othercriteria etc.
Pulse takesaction on devicebased on Policy
User connects to Wi-Fibased on Policy. Policycontrols when & how
user is offloaded.
Trusted Wi-Fi Access Gatew(SaMOG) forwards Layer 2Traffic into GTP towards GG
g
Use 802.1x Authenticationwith the AAA based onPEAP or EAP-TTLS
T-WAGSaMOG
8/9/2019 Implementing Cellular to Wi-Fi Offload
49/54
8/9/2019 Implementing Cellular to Wi-Fi Offload
50/54
52 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
PROVIDER ROAMING & WHOLESALE
EAP-IDENTITY BASED ROAMING EXAMPLE (W. CLEARING H
8/9/2019 Implementing Cellular to Wi-Fi Offload
51/54
53 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Smartphone
User
Wi-Fi AP
InternetSubscriber DBor HLR
SubscribersHome AAA
MetroNe
WLC 280
Clearing House AAA
1.) Subscriber moves to a Visited Network and attaches to next Wi-Fi AP.2.) AP directs all Traffics through Metro (or Internet) to Wi-Fi Controller at Visited Network3.) Wi-Fi Controller notice a new attachment and asks the UE for the EAP-Identity to start the EAP negotiation4.) UE answers and starts EAP-Exchange with EAP-Identifier
5.) Wi-Fi Controller creates Radius Request to local (Visited) AAA6.) Realm Part of User NAI identifies request can’t be authenticated local -> Proxy forward to Clearing House AAA7.) Clearing House AAA identifies Home AAA and forwards request.8.) Home AAA analyses request (he may answer with a challenge which will case a few more interactions back andforth before he can make a final conclusion)9.) Home AAA authenticates Subscriber on Database/HLR and sends back Access-Accept (with a Profile to be used)10.) Answer get’s routed back the same way to VAAA (which analyses the Profile setting and may override it)11.) Wi- Fi Controller get’s Access -Accept with negotiated Cryptographic Keys and starts the $-Way Handshake withthe UE to secure the Air interface (AES-CCMP)12.) Wi-Fi Controller generates Radius Accounting Information to be forwarded (VAAA to HAAA via Clearing House)
EXAMPLE ROAMING - VPLS BASED
8/9/2019 Implementing Cellular to Wi-Fi Offload
52/54
54 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
HAAA
H-HLR/HSS
PulseManager
VPLS basedRoaming
WAG
VAAAProxy
SWdHome NetworkVisited Network
VAAA to add VLANattribute per Home
Network on returnedAccess-Accept
WLAN AP
WLAN AP
WLAN WLC
MAC / VLAN
ROAMING TRUSTED LOCAL SAMOG
8/9/2019 Implementing Cellular to Wi-Fi Offload
53/54
55 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
H-GGSNH-PGW
HAAA
H-HLR/HSS
PulseManager
OCS
Gp/GTP basedGRX roaming
Visited WiFiAccess Gateway
(SaMOG)
VAAAProxy
SWd
Home NetworkVisited Network
WLAN AP
WLAN AP
WLAN WLC MAC / L2
ROAMING TRUSTED HOME SAMOG VPLS
8/9/2019 Implementing Cellular to Wi-Fi Offload
54/54
56 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
H-GGSNH-PGW
HAAA
H-HLR/HSS
PulseManager
OCS
VPLS basedRoaming
Home WiFiAccess Gateway
(SaMOG)
VAAAProxy
SWdHome NetworkVisited Network
VAAA to add VLANattribute per Home
Network on returnedAccess-Accept
WLAN AP
WLAN AP
WLAN WLC
MAC / VLAN