Académique Documents
Professionnel Documents
Culture Documents
ABSTRACT
Seamless Wi-Fi offload is a new paradigm in unified mobile and wireless data services. This paper examines how mobile network operators can build on EAP-SIM and convergent Wi-Fi / 3G / LTE service management solutions to deliver high-quality carrier-class Wi-Fi to smartphones, tablets and non-SIM devices. Solutions will empower operators to address a broad base of users with new business models reflecting a range of new and attractive data service.
HOW
WI-FI OFFLOAD
Interested in WHY? Read our other white paper Seamless Wi-Fi Offload: A business opportunity today
EXECUTIVE SUMMARY
Seamless Wi-Fi offload is enabling a new paradigm in combined Wi-Fi and 3GPP-based broadband data services. Mobile network operators can already today offer automatic, clientless, and convenient seamless Wi-Fi services to smartphones and other SIM-enabled devices with EAP-SIM. The solution allows MNOs to profit quickly from carrier-class Wi-Fi by building a new class of always-on data connectivity addressing smartphone users. Carrier-class Wi-Fi with intelligent service provisioning lets MNOs profit from a range of services based on new business models. MNOs can choose to deploy their own Wi-Fi networks or to partner with existing Wi-Fi service providers for national or international seamless Wi-Fi coverage. In either case proven EAP-SIM authentication and Wi-Fi core service management solutions are available to support a variety of partnership models, deployment schemes, authentication methods and service types. Aptilo Networks has seen offload rates of up to 50% on individual sites saving CAPEX on 3G or LTE equipment while reducing the need for expensive licensed mobile spectrum. Carrier-class Wi-Fi offers quality offload services while spare capacity can be used to serve ad-hoc consumer or B2B customers such as other service providers, venue owners, communities and more. Many options for integration of Wi-Fi into MNO core networks exist today including tunneling of smartphone Wi-Fi traffic back to the mobile core. A variety of network architectures allow MNOs to optimize traffic flows and service policy control while receiving the commercial benefit of seamless Wi-Fi offload. Even more sophisticated means of network selection, traffic optimization, and service control will develop over the next few years (2013-2015). Because many practical requirements for Wi-Fi service deployments are not standardized, MNOs need to adopt service management systems and strategies that address a new reality: Carrierclass Wi-Fi networks are nearly always multi-purpose intended to serve many device and client types. To build combined Wi-Fi / 3G / LTE services as well as services for non-SIM users service management flexibility is required.
In the current version of iOS the smartphone or tablet will automatically prefer Wi-Fi to mobile broadband carriers. Over the next couple of years seamless Wi-Fi solutions will evolve to allow the device and the network to interactively control the preferred carrier depending on number of parameters. The evolution of seamless Wi-Fi is discussed later in this paper. Clients may be a requirement e.g. for CDMA operators. Clients can be pre-provisioned in the factory for specific MNOs or provisioned over-the-air although this will introduce an additional administrative process for MNOs.
Even offers of Free Wi-Fi or Free VoIP suffer from this difficulty. From experience it seems that relying on user self-provisioning reduces the addressable market to no more than a few percent. Seamless Wi-Fi offload with EAP-SIM authentication carries with it the potential for global massmarket adoption because smartphone users need to do precisely nothing to enable the service. This is one of the reasons why many industry experts expect EAP-SIM to be a game-changing enabler of new Wi-Fi business opportunities for service providers in the Wi-Fi space.
Figure 1: The evolution of seamless carrier-class Wi-Fi authentication and interworking. Todays solutions are all currently available from Aptilo as are a selection of the integration options of Phase 2 including GTP traffic routing.
Figure 2: Seamless Wi-Fi offload using EAP-SIM (EAP-AKA) and local WLAN traffic breakout. The device authenticates on the mobile network HLR (or HSS) through the Wi-Fi service management platform including a SIM authentication server.
The interaction-free authentication starts with an EAP-SIM or EAP-AKA message from the smartphone or tablet. The Wi-Fi AP encapsulates the message using a secure 802.1X link and RADIUS. A Wi-Fi access gateway (AG) and service management platform signals toward the HLR (or HSS in the case of LTE) MNO core network using standard SS7 / MAP. The IP-based SIGTRAN protocol can also be used for this signaling, which is especially useful in the case of hosted authentication services. Most vendors use a SIM authentication server to manage the authentication toward the HLR or HSS. Some vendors including Aptilo also have this function pre-integrated in the service management platform. Once SIM-authentication is complete, the device is free to use the Wi-Fi network for data services subject to service policies. Today, device traffic is usually passed to the local Internet with local WLAN breakout, i.e. traffic is routed from the Wi-Fi access gateway to the local Internet thus saving backhaul transmission resources. One of the important benefits of EAP-SIM authentication is that it complies with the known and trusted 3GPP method of using authentication vectors. The method is known for its high level of access security and has played an important role in the global success of GSM and 3G. Wi-Fi network access with EAP-SIM is therefore as secure as todays mobile network access.
For more on authentication types and methods see chapter 6 of this paper.
Figure 3: Typical carrier-class Wi-Fi networks using 802.11n offer better performance than 3G/HSPA+. In some cases 802.11n will perform at levels comparable to LTE depending on device capabilities and Wi-Fi deployment schemes. The table above is indicative only as assumptions beyond the scope of this paper have been applied in deriving the values. For more information on the assumptions contact Aptilo.
The 600 MHz of unlicensed Wi-Fi band is typically not used in a single block but should be viewed as a pool of available frequencies from which Wi-Fi service providers select a number of sub-bands also known as Wi-Fi channels. In the 2.4 GHz band carrier-class Wi-Fi deployments typically use 3-4 channels of 20 MHz bandwidth each. In the 5 GHz band most service providers today will use up to a maximum 9 channels of 20 MHz. These channels are then arranged into a frequency reuse pattern. By selecting from a large pool of available channels, Wi-Fi service providers can keep interference low to achieve high service quality and throughput.
Figure 4: Build options for monetizing the MNO Wi-Fi offload opportunity. Any or all of the above can be pursued in parallel based on similar technical approaches to EAP-SIM authentication. All of the above require flexible service management to accommodate a variety of services including ad-hoc users and MNO subscribers.
MNOs are faced with a number of options: Building their own Wi-Fi networks to complement 3G / LTE networks, partnering with Wireless ISPs (or cable operators, hotel owners, etc.) or a combination of the two. MNOs may also choose to partner with Wi-Fi hotspot aggregators such as iPass or Boingo. Some MNOs own Wi-Fi hotspot networks that can be used to provide seamless Wi-Fi offload and a number of MNOs are already doing this successfully. A fourth option is for MNOs to acquire existing WISP businesses. Finally, MNOs can choose to offer international SIM-enabled Wi-Fi roaming through partnerships with foreign WISPs. In all cases EAP-SIM seamless Wi-Fi authentication will apply although the details of the Wi-Fi services, Wi-Fi core network support, and mobile core interworking may differ widely.
Any seamless Wi-Fi solution requires not only compliance with 3GPP standards but also flexibility in service management including multiple means of authentication, policy control, and billing. Wi-Fi networks are nearly always multi-purpose serving not only MNO subscribers but also adhoc users and roaming users through other service providers on the same or on parallel physical Wi-Fi networks.
Figure 5: Serving SIM-enabled subscribers seamlessly across Wi-Fi and 3GPP-based networks and serving non-SIM devices on a single combined Wi-Fi network.
10
Figure 6: The typical distribution of traffic on a mobile broadband network. The few mobile sites carrying a large proportion of the total traffic can be offloaded by up to 50% with seamless Wi-Fi offload.
The figure above shows the typical data traffic distribution experienced by many MNOs. The distribution is highly uneven as most of the traffic comes from a few sites. The 80% / 20% rule often applies and some distributions can be even more skewed. This applies not only to cities but also to suburban and rural areas. Seamless Wi-Fi offload can be used effectively in any area where mobile sites are heavily loaded.
5 6
According to Ruckus Wireless, U.S.A. See the Aptilo White Paper: Seamless Wi-Fi Offload for MNOs A real business opportunity today
11
12
Not all WISP partners may fulfill the technical requirement for EAP-SIM authentication, as older Wi-Fi access points may not be 802.1X-enabled. MNOs need to ensure that WISP partners comply with such requirements or select partners that own and operate fully EAP-SIM-capable networks. It is also important wherever possible for MNOs to select partners providing the right Wi-Fi service quality using for example 802.11n-based systems as opposed to legacy APs. Various WISP partners may request a multitude of service policies and roaming payment options as individual WISP expectations and business models can vary widely. The MNO needs to have the right business processes and service platforms in place to manage in the worst case dozens of tariffs and policies across its partnering footprint. Aptilo has years of experience in configuring Wi-Fi service platforms to manage such scenarios effectively.
13
14
7 8
Policy and Charging Rules Function Policy and Charging Enforcement Function
15
Figure 7: Multiple authentication methods allow SIM-based and non-SIM devices to access carrier-class Wi-Fi networks through a flexible service management platform. The SMS & MAC method uses an SMS message from the users phone to authenticate the service after which the MAC address of the device is used for future logins.
16
Figure 8: The full matrix of authentication schemes supported by the Aptilo Service Management Platform. The most secure authentication is EAP-SIM using 802.1X encryption while the least secure uses manual login with a user ID and password. Any combination of the methods can be applied for any given Wi-Fi service provider.
There are many examples of the need for multiple methods and as MNOs develop new business models for combined Wi-Fi and 3G / LTE services more will emerge. Here are a few examples requiring the specialized support of the service management platform as well as mobile core and billing systems: EAP-SIM authentication with bill-shock prevention: When Wi-Fi services are capped (either in combination with 3G data quotas or independently) users need to be advised of and acknowledge the additional charge once the cap has been reached to prevent bill shock. The user is directed to a captive portal to confirm or reject the additional charge. Aptilo has already implemented such a scheme for a large MNO customer in Latin America. SMS-based authentication for devices not supporting EAP-SIM Users with devices not supporting EAP-SIM (such as legacy smartphones) can be authenticated for Wi-Fi based on their mobile subscription by sending a one-time password to the device via SMS. The identity of the user can be verified by lookup in the HLR or HSS of the MNO. It is also possible to use a client on the device to automatically connect using the SMS-transmitted password. WISPr 1.0-based authentication for non-SIM devices Some hotspot aggregators such as iPass and Boingo use WISPr-compatible clients in the devices to automatically authenticate the Wi-Fi user via home or visited AAA.
17
18
Mobile Core
Policy & Charging Integration
Prepaid
Policy & Charging
Billing
SWf CDR Gx
SWo
Database lookups
Service Management PlatformTM Carrier-Class Wi-Fi Service Management
RADIUS / http
CRM
PCRF
One-time-password
SMS-C
D/Gr
HLR HSS
Gx /Gy /Gz
TM
Wx /SWx
EAP-SIM/AKA
Wi-Fi Core
AP Controller
S6b
Access TM Controller
TTG ePDG
GTP /PMIP
WAG TWAG
or 3 party access GW Policy-based routing to DPI
rd
SGSN S-GW
Internet
Wi-Fi Offload
Wi-Fi RAN
Mobile RAN
19
BEST OF BOTH WORLDS: TRUSTED ACCESS USING YOUR WI-FI ACCESS GW AS A VIRTUAL SGSN / S-GW
Wi-Fi
AP
WAG TWAG
Tunnel
GTP/MIP/PMIP
GGSN P-GW
Internet
In 2G and 3G mobile broadband the radio access network connects to an SGSN network node before entering the mobile core GGSN. A Wi-Fi network can emulate this architecture by making Wi-Fi an integrated sub-network of the mobile core. As in the case above non-SIM Wi-Fi traffic breaks out locally, while the EAP-SIM-authenticated Wi-Fi traffic is tunneled (with GTP or PMIP) to the MNOs GGSN using a Wireless Access Gateway (WAG) emulating an SGSN. MNOs may be attracted to this option because it uses 3GPP specifications for interworking with Wi-Fi including in the Aptilo case a 3GPP-compliant AAA platform as a part of the service management platform or as a stand-alone server. This method also uses policy control functions (PCEF) already configured in the mobile core so that ideally less system integration is required. This option also supports all well-known management functions for general Wi-Fi services including open SSID for non-SIM-based Wi-Fi users for example with Web-based login. In many ways this solution represents a best of both worlds approach to combined Wi-Fi & 3G services.
20
In the case of Wi-Fi interworking with LTE core networks i.e. toward the EPC or Enhanced Packet Core differences in 3GPP architecture call for a new approach. Building on the 3G architecture above, SIM-authenticated Wi-Fi traffic is routed to the P-GW (Packet Data Network Gateway) using one of GTPv2, PMIPv6, or MIPv4 tunneling with multiple tunneling protocol support also available. As above non-SIM traffic is routed to the local Internet from the access gateway. A combined Access Gateway and TWAG (Trusted Wireless Access Gateway) allows for local WLAN breakout of non-SIM-authenticated traffic while the Wi-Fi service management platform serves the important functions of AAA and policy enforcement. One of the key benefits of this method is that the P-GW acts as an anchor for the mobility of the Wi-Fi subscriber.
TTG ePDG
Tunnel
GTP/PM IP
GGSN P-GW
Internet
The 3GPP standardized the first non-3GPP interworking architecture in Release 6 called I-WLAN (Interworking Wireless LAN). This early standard required the use of the IPSec protocol for socalled untrusted access of non-3GPP traffic including that of Wi-Fi to the mobile core. The I-WLAN option still exists today for 3G networks but requires a TTG (Tunnel Termination Gateway) inside the core network for terminating the IPSec connection from the device. The option of using IPSec as means of tunneling Wi-Fi data traffic into the core remains also for LTE networks that use an ePDG network node as the termination point for IPSec. Today the better part of the industry considers untrusted access less likely to be the solution preferred by MNOs. This is because the IPSec requires a resource-demanding client in the device as well as at network termination points. Aptilos seamless carrier Wi-Fi solutions support the untrusted architecture as required in both 3G and LTE versions.
21
22
Home Wi-Fi
Policy & Charging
Office Wi-Fi
Public Wi-Fi
Local Break-out
Small Cell Wi-Fi Backhaul to mobile core through tunnels Wi-Fi Gateway
23
Aptilo ServiceGlue
Configurable Functions
100
Request Lookups & parameter mapping
SOAP/XML LDAP RADIUS Diameter
IDI
101 102
Lo ook kup up
OSS OSS
Action
103
Gateway
Request Action Action
104 105
BSS BS S
Action/Post
HLR/HSS
Action
R Request t
PCRF
Diameter, RADIUS
Aptilo ServiceGlue offers flexibility of service control beyond the capabilities of any ready-made service management platforms and it is especially valuable in the case of Wi-Fi offload: MNOs can look up policies from several mobile core sources and map these to corresponding functions in the Wi-Fi core network including vendor specific attributes (VSA).
24
10
ABOUT APTILO
Aptilo Networks has provided service management solutions to Wi-Fi 3G / LTE and WiMAX service providers since 2001 serving more than 90 Wi-Fi service providers in 60 countries. Today, Aptilo is a recognized industry leader in enabling the seamless service delivery across Wi-Fi and 3GPP-based network systems. Aptilo Networks routinely partners with leading carrier-class Wi-Fi and 3GPP equipment vendors to deliver end-to-end carrier-class solutions to the global wireless market. Aptilo Networks is headquartered in Stockholm, Sweden, with regional offices in Kuala Lumpur, Plano, Texas and Toledo, Ohio. Aptilo Networks is privately held with Norvestor Equity as the majority shareholder.
25