task of sending extra password informa-tion to their customers. Numerous devices already support

EAP-SIM over Wi-Fi, including RIMs BlackBerry phones, Nokia handsets running Symbian, several SonyEricsson models, as well as Apples iPhone (mod-els 3 and 4) and iPad (models 1 and 2). General support for Android devices is currently expected in 2012.

VisionEricssons vision for Wi-Fi integration in 4th-generation IP networks, illustrat-ed in Figure 2, is based on the ongoing cooperation between Broadband Forum and 3GPP EPC architectures, which uses a simple, functional architecture that is scalable, flexible and easily tuned. Wi-Fi solutions need to implement

both packet-core integration and local breakout of services, using a BNG func-tion as shown in Figure 2. Traffic can be EPC-routed using the mobile service- delivery cluster PGWs, GGSNs and oth-er value-added services as part of the Gi network. Anchoring with mobile edge enables mobile service logic to apply for subscribers using Wi-Fi. This approach reuses the northbound integration usu-ally implemented as part of the mobile

Now that mobile broadband and mobile multimedia services are so popular, subscribers are beginning to expect broadband access to be available wherever they go not just at home or in the office. People want to be able to connect from their cars, on the train, in aircraft, from remote locations, in the urban jungle and even from areas where it is difficult to provide access, such as in mines, tough terrain or subway tunnels.

Market situationThe Ericsson Traffic and Market Data Report (November 2011)1 indicates that mobile broadband subscriptions will reach almost 5 billion in 2016 a dramat-ic increase from the 900 million expect-ed by the end of 2011. Irrespective of the type of device used, internet access will continue to drive mobile-traffic develop-ment; and mobile data-traffic is expect-ed to grow by nearly 60 percent a year between 2011 and 2016. Subscribers downloading and watching video con-tent, and using video-communication services are expected to be the primary

drivers of this tenfold increase in mobile data-traffic over a five-year period. The strong growth in Wi-Fi-enabled

handsets with SIM-based authentica-tion provides additional opportunities to capture residential and hotspot ser-vices such as those often available at airports that use web-login techniques. As with most types of growth, this devel-opment represents both opportunities and challenges for operators to inte-grate Wi-Fi allowing them to increase mobile-broadband reach while main-taining convenience for subscribers.

Support for terminalsTo provide subscribers with conve-nient access to operator hotspots and open access to residential Wi-Fi, new mechanisms beyond todays web-l ogin and portal-based authentication are required. If embedded SIM-security over Wi-Fi is the chosen solution, the SIM of the connecting device can provide an access key using EAP-SIM or EAP-AKA authentication. In this way, a subscriber can connect to a mobile-broadband net-work without having to enter a key man-ually and operators avoid the additional

A N DE R S LU N DST RM A N D GR A N H A L L

E R I C S S O N R E V I E W 2 2011

Easing hotspot issues

Wi-Fi integration People want to be able to use their smartphones, laptops, tablets and other devices everywhere, and so they need access to 3G, 4G and Wi-Fi.

BOX A Terms and abbreviations

3GPP 3rd Generation Partnership Project4G 4th-generation mobile wireless standardsAAA authentication, authorization and accountingAVP attribute value pairBPCF Broadband Policy Control FunctionBNG Broadband Network GatewayCLIPS calllineidentificationpresentationCMIPv4 Client-based mobile IPv4DHCP DynamicHostConfiguration ProtocolDSMIPv6 Dual-stack Mobile IPv6EAP Extensible Authentication ProtocolEAPoL EAP over LAN

EAP-AKA EAP for UMTS Authentication and Key AgreementEAP-SIM EAP-Subscriber Identity ModuleEPC Evolved Packet CoreePDG Evolved Packet Data Gateway GBA Generic Bootstrapping ArchitectureGGSN Gateway GPRS Support NodeGi GGSN external interface GGSN to PDNGPRS general packet radio serviceGSM Global System for Mobile CommunicationsGTP GPRS Tunneling Protocol GTPv1 GTP version 1HLR home location registerHSPA High-Speed Packet Access

HSS Home Subscriber ServerHTTP Hypertext Transfer ProtocolIMS IP Multimedia SubsystemIMSI International Mobile Subscriber IdentityIP Internet ProtocolIP-CAN IP connectivity access network IPsec IP SecurityIPTV IP TelevisionIPv4 IP version 4IPv6 IP version 6IKEv2 Internet Key Exchange version 2iWLAN interworking wireless local area networkLAN local area networkLTE Long Term Evolution

5,000

4,500

4,000

3,500

3,000

2,500

2,000

1,500

1,000

500

2008 2009 2010 2011 2012 2013 2014 2015 20160

Mobile PCs and tabletsHandheld devices

Subscriptions(millions)

FIGURE 1 Mobile broadband subscriptions by device type, 20082016 (Source: Ericsson1)

service edge. Solutions for converged policy control and common user man-agement are essential tools for operators that want to offer Wi-Fi as an extension of mobile broadband.

User experience and servicesWherever they are, and whatever access network they use, subscribers should be able to enjoy seamless Wi-Fi and mobile-broadband connections, with consis-tent QoE for operator-provided as well as OTT content and services. New ser-vices, such as prepaid WLAN hotspot access, can be offered, reusing GGSN/PGW prepaid integration, by validating users in fixed access using SIM-based authentication. Value-added services traditionally offered over mobile net-works could also be offered to subscrib-ers using fixed access. Functions that support enhanced

user experience such as HTTP enrich-ment, content-caching and parental control can be deployed for both Wi-Fi and mobile broadband. In this way, subscribers get a consistent service and operators can reduce transport costs at the same time. The parental control function can be provided seamlessly and consistently for mobile and Wi-Fi networks without the need to install new clients on a device.

Other solutionsUnder current 3GPP standards, mobile devices switch from a fixed network to a mobile network using one of the following solutions:

An IPsec- and IKEv2-based client toward a TTG or ePDG, and connection with PMIPv6 or GTPv1 toward the GGSN/PGW from the TTG/ePDG; A DSMIPv6-based client connecting to PGW with or without ePDG;A CMIPv4-based client with a stand-alone home agent; orGBA-based authentication for HTTP-based services.

All of these options have been stan-dardized as pure overlay solutions in 3GPP and 3GPP2, and have existed for many years as part of the iWLAN and

EPC standardization without any market uptake however. They place no demands on Wi-Fi access and treat fixed access as a simple transport pipe with no ability to set policies. Before connecting to the network

with a mobile-IP-based or iWLAN solu-tion, terminals must first set up a Wi-Fi access connection to get an IP address. As a result, terminals may be required to first handle authentication with the Wi-Fi network and then later perform SIM-based authentication. In addition, these options impact on terminal

MAP Mobile Application PartMME Mobility Management EntityMPG mobile packet gatewayMSP multi-sequence positioningOTT over-the-topPCC policy and charging controlPCRF policy and charging rules functionPDIF packet data interworking functionPDN Packet Data Network PGW PDN gatewayPEAP Protected Extensible Authentication ProtocolPMIPv6 Proxy Mobile IPv6QoE quality of experienceQoS quality of serviceRADIUS Remote Authentication Dial-In User

ServicesRx radio receiverSGi PGW external interface, PGW to Packet Data Network (PDN)SGW service gatewaySIGTRAN Signaling Transport over IPSIM subscriber identity moduleSoftGRE Tunneling with dynamic use of GRE as encapsulation protocolSS7 signaling system 7SSID ServiceSetIdentifierSTa Diameter interface to 3GPP AAA from trusted non-3GPP accessSWm ePDG to 3GPP AAA interfaceSWx 3GPP AAA to HSS interfaceTTG tunnel termination gateway

UM User ManagementUMTS Universal Mobile Telecommunications SystemVLAN virtual LANWi-Fi trademark of the Wi-Fi Alliance Wi-Fi AC Wi-Fi access controllerWLAN wireless LAN

E R I C S S O N R E V I E W 2 2011

design. Solutions based on iWLAN require terminals that support the IPsec and IKEv2 security protocols, in part by creating the cryptographic keys that are used during each session. Furthermore, these protocols need to be made avail-able to the client software handling the connectivity through different access forms. Access to local content using overlay

solutions can be problematic via fixed access or a local breakout point, as user traffic is tunneled using IPsec or mobile IP to the anchor point in the mobile access network, making it difficult to isolate traffic between the terminal and the anchor point.The main benefit of overlay

solutions is that they do not demand support from the Wi-Fi or fixed-access network. Instead, all requirements are transferred to the terminal, with the mobile network providing the necessary support.Many operators and vendors have

reported problems with overlay solu-tions and unmanaged Wi-Fi, and these solutions have enjoyed only limit-ed success as a result. Joint 3GPP and Broadband Forum studies have iden-tified the need for better models for Wi-Fi integration with mobile services models that take managed Wi-Fi into account. This research has resulted in a common architectural model, which is illustrated in Figure 3.The target architecture supports both

local breakout and EPC-routed traffic. Operators can decide whether they want to break out traffic locally in the BNG, or route it over the PGW. Based on

HSS

PCRF

ePDG

BNGOperators IP

services and localbreakout

RG

BPCF

3GPP AAAserver

Fixed accessAAA

MME

E-UTRAN

UTRAN

GERAN

Servinggateway

PDNgateway

Mediacenter

PCTV

STB

UE

WiFiAP

EPC

EPC/LTE

BBF-defined accessand network

Broadbandhome network

S10S6a

S5S1-U

S2cS2b

S2a

S11S1-MME

SWx

Gx Operators IPservices(e.g. IMS)

S9aS6b

SWm

STa

SGi

Rx

FIGURE 3 Broadband Forum and 3GPP integrated architecture

Easing hotspot issues

Mobile network

Fixed network

PRCF UM

PGW

BNG

YouTubeVirgin MediaApple TV

FIGURE 2 Wi-Fi integration in 4G networks vision

E R I C S S O N R E V I E W 2 2011

AP access pointBBF Broadband ForumEDGE Enhanced Data rates for GSM EvolutionE-UTRAN Enhanced UTRANGERAN GSM EDGE Radio Access NetworkRG residential gatewaySTB set-top boxUE user equipmentUTRAN Universal Terrestrial Radio Access Network

TABLE 1 Additional acronyms in Figure 3

scalable and proven roaming principles, a GTP option is currently being added to the 3GPP specification (S2a in Figure 3). This architecture supports common authentication using EAP methods over fixed access, enabling seamless login to Wi-Fi networks by 3GPP terminals and Wi-Fi-only devices. With this architecture, both fixed

and mobile operators can use their net-work assets and capabilities to retain value and benefit financially from the increase in highly sophisticated Wi-Fi-capable terminals.For fixed access, the architecture

includes the following additional functionality:

SIM-based authentication via communication with the HSS; converged policy control, where a policy controller can provide both fixed and mobile policy control, as well as enabling fixed-access roaming with the QoS provided by the visited network;nomadicity with anchoring in either the BNG or PGW. The anchor is selected by the policy controllers;mobility enabled by anchoring in PGW, providing IP-session continuity between fixed WLAN access and mobile access networks; andfull mobile-service availability, regardless of access network, by anchoring calls in the PGW.

This architecture provides support for traditional use cases, such as peo-ple using laptops to access web-login Wi-Fi services, as well as EAP-SIM/EAP-AKA authentication for residential and hotspot deployments.The BNG can use the S2a interface

to tunnel a specific users traffic into the EPC network for a complete mobile feature set with full reuse of all north-bound systems. This approach maxi-mizes an operators existing investment in packet core and enables authenti-cated subscriber access over the fixed network.Overlay solutions are primarily

intended for deployment with unman-aged and unsecured Wi-Fi access points, but they continue to be part of the S2b and S2c standards shown in Figure 3. The Wi-Fi solutions in use today are

built on an authentication model for fixed access, using local credentials and port-based authentication for

E R I C S S O N R E V I E W 2 2011

HLR

IP fixed access

VLAN private

VLAN operator

Radius802.1x

MAP/SS7SIGTRAN

IPIPDHCP

AAA

PCRF

Mobile content app

Internet

Apps multimedia

SSID1 private

AuthenticationIP allocationUser data flow

BNG

Mobileoptimization

SSID2 operator

FIGURE 4 Overview of current Ericsson solution functionality

VLAN privateSSID1private

HSS

EPC

PGWSGW

IP fixed access

Broadband everywhere

Mobileaccess

VLAN operator

S2aGTPAAA

Mobile internet

Internet

Apps multimedia

Apps multimedia

Mobile content, app

IPTV, content, apps

SSID2operator

BNG

Mobileoptimization

MMEPCRF

FIGURE 5 Overview of current Ericsson solution functionality

residential services, or portal-based authentication for hotspot-style ser-vices. These existing solutions do not provide the required level of security and user convenience, and as users are hidden behind network-address trans-lation, they cannot provide individual-ized services.

An in-depth pragmatic approachThe Ericsson Wi-Fi Integrated Network solution incorporates a number of recent developments, with support for 802.1x and EAP-SIM in the latest gen-eration of handsets, laptops and oth-er devices. The solution provides local breakout of all traffic, with the option of using policy routing to direct certain users to mobile service-nodes, providing advanced mobile broadband functional-ity such as deep packet-inspection and proxy functions optimized for mobile devices.The Ericsson solution uses the SIM

card to authenticate an existing hand-set seamlessly. Operators can provide a customized service offering with a large feature set and the solution supports hotspots and residential deployments of operator-managed Wi-Fi. Figure 4 pro-vides an overview of the current solu-tion functionality. To enable further integration with

the mobile network for SIM-based

terminals, a mobile service-logic for Wi-Fi terminals, as shown in Figure 5, is currently under discussion for 3GPP Rel-11. As with the existing solution, the

operators SSID will be broadcast on the residential gateway or the Wi-Fi hotspot access point, which requires 802.1 EAPoL to be enabled. The SSID traffic will be encapsulated into a dedicated VLAN or a SoftGRE tunnel and termi-nated in the BNG.When a device attempts to connect to

the operator SSID, either an EAP-SIM or EAP-AKA authentication procedure exe-cutes depending on whether the card used is a SIM or a USIM. The device uses EAPoL to communicate with the access point, which in turn packages the infor-mation into a RADIUS message AVP car-rying either an EAP-SIM or EAP-AKA container. The RADIUS is routed to the AAA, which translates messages sent to the HLR using a MAP gateway.Upon successful authentication,

the client device starts a DHCP proce-dure to obtain an IP address. A success-ful authentication or DHCP request triggers the initiation of a GTP tunnel from the BNG (as shown in Figure 5 ) or a Wi-Fi access controller, to the PGW in the mobile network. The direct connec-tion from a Wi-Fi access controller pro-vides an alternative to BNG for hotspots,

E R I C S S O N R E V I E W 2 2011

Easing hotspot issues

1- RADIUS/ EAP authentication

3- RADIUSaccess request

4- RADIUS accounting

7- Optional authorization

11- RADIUS accounting

7- Optional S9a establishment

5- GTP Create session request/response 6- IP-CAN establishment

0- 802.11association setup

802.1x SSID

1- 802.1x EAPoL

2- DHCP discover

8- DHCP offer

9- DHCP request

10- DHCP ack

BNG AAA

HSS

BPCF PGW PCRF

Mobile content, app.

Apps multimedia

FIGURE 6 Call flow for Wi-Fi terminals connecting through mobile service logic

while BNG is the most natural option for residential deployments.In this tunnel setup, an IP address is

allocated by the PGW (from a local IP pool or a connected AAA server). With this IP address, the client can access the operators network and the inter-net according to the subscribers service offerings. Figure 6 describes in more in detail how integration is implemented in the call flow.

0- 802.11 association setup the client device sets up the 802.11 association with the Wi-Fi access point;

1- 802.1x EAPoL the client device is authenticated using EAP-SIM/EAP-AKA over 802.1x and RADIUS to an AAA in the network. The RADIUS message is routed to the AAA, possibly transparently, through the BNG or a Wi-Fi access controller (Wi-Fi AC);

2- DHCP discover the client device starts a DHCP procedure to get an IP address. The DHCP discovery is forwarded to the BNG or a Wi-Fi AC;

3- RADIUS access request the BNG (Wi-Fi AC) triggers a radius access request for authorization of the IP (CLIPS) session and to make a connection between IMSI and MAC addresses;

4- RADIUS accounting a radius accounting procedure informs the AAA that the IP (CLIPS) session is established;

Anders Lundstrm

joined Ericsson in 1999 working in 3G packet-core system-management. He currently works in the

product line Packet Networks as a strategic product manager for EPC. In this role he is responsible for convergence strategies for Wi-Fi integration as part of Ericssons overall EPC offering. Previously, he was key lead for Ericsson in the development of a 3GPP2 migration path LTE/EPC and has spent several years working in the US in various product management positions.

E R I C S S O N R E V I E W 2 2011

Gran Hall

is an expert in Packet Core Network Architecture at Product Unit Packet Core, System

& Technology. He joined Ericsson in 1991 to work on development and standardization, primarily within the area of packet core network architecture for GPRS, WCDMA, PDC and later also EPC, serving as a key lead for the development of initial EPC standards and nodes. He is currently responsible for technical strategies and forward-looking activities at PDU PC System and Technology.

1. TrafficandMarketDataReportonthe Pulse of the Networked Society, November 2011, http://hugin.info/1061/R/1561267/483187.pdf

References

5- GTP Create session request/response the DHCP discover (or successful authentication) will also trigger a GTP create session request to the PGW to get an IP address from the PGW and to set up a tunnel for the client devices user data or a subset thereof;

6- IP-CAN establishment on GTP session establishment, a Gx session is typically also set up between the PGW and the PCRF. This allows policies for the session to be downloaded to the PGW;

7- Optional S9a establishment/7- Optional authorization policies for the BNG (Wi-Fi AC) from the PCRF in the mobile network may be included in signaling for the GTP tunnel setup, or sent via the S9a interface. Policies for the BNG (Wi-Fi AC) may then be pushed from the PCRF to the BPCF and further on to the BNG (Wi-Fi AC); the standardization of this process is still under discussion and several alternatives exist, including policy download for traffic that is broken out at the BNG (Wi-Fi AC);

8,9,10- DHCP offer, request and ack when the GTP session is established, the client device receives a DHCP offer with the IP address assigned by the PGW and the DCHP request/ack procedures will confirm the IP address for the client; and

11- RADIUS accounting if accounting is performed in the fixed AAA in addition to the PGW, a RADIUS accounting can also be sent to the BPCF from the BNG to trigger the policy download to BPCF from the PCRF.

The initial solution will support nomad-ic mobility between mobile access and Wi-Fi, but mobility support between cellular and Wi-Fi access to enable IP session continuity is currently being researched. Existing terminals can support the nomadic solution, where-as the solution for session continuity will probably require terminal updates. Currently, mobility between Wi-Fi and 3GPP access is not supported, howev-er, there are already many applications implemented to handle a change of IP address allowing the user session to con-tinue after just a short interrupt.As existing S2a interface specifica-

tions support only PMIPv6 for S2a, the development of a solution based on stan-dards will require an evolution of the S2a interface specifications to include GTP usage. Ericsson is currently seek-ing an alignment between S2b and S2a GTP interfaces. This alignment should

be in place by the time 3GPP Release 11 introduces S2a GTP. Ericsson also plans to offer pre-standard solutions for oper-ators who want rapid deployment of converged fixed-mobile services and a seamless user experience.

ConclusionIn Ericssons vision for Wi-Fi integration in fourth-generation IP networks, traffic from SIM-based terminals can be routed through the mobile service -delivery clus-ter PGWs, GGSNs and other value-added services to enable mobile service-logic to apply for subscribers using Wi-Fi. This approach maximizes an operators existing investment in packet core and enables authenticated subscriber access over the fixed network.