Академический Документы
Профессиональный Документы
Культура Документы
Blank Page
Document History
Edition
Date
Author
Remarks
01
2009-02-16
Ikram ANDONIAN
First edition
Module Objectives
Upon completion of this module, you should be able to:
Describe the E2E architecture of any WiMAX Network and its different
components
List the different interfaces and distinguish between the legacy and
compliant one and the difference between them
Explain the E2E scenarios for all the services provided by the WiMAX network
Identify the QOS mechanisms used in the air interface and the Ip transport
network
Identify the Security algorithms used in the whole network.
Table of Contents
Switch to notes view!
1 IEEE802.16e Vs The WiMAX FORUM
1.1 IEEE802.16 Standards
1.2 WiMAX Forum Specifications
2 Network Reference Model
2.1 WiMAX Forums Network Reference Model
2.2 ASN (Access Service Network)
2.3 CSN & ASP
2.5 Alcatel-Lucent Reference Model
2.5.1 Alcatel-Lucents Template Exemple
3 E2E Services Over WiMAX Access
3.1 Reference Model for E2E Services Over Wimax Access
3.1.1 Direct IP Access
3.1.2 E2E Voice Over IP services
3.1.3 E2E Video Over IP services (MiTv)
3.1.4 E2E Corporate VPN Services
3.1.5 RAN Sharing
3.1.5.1 Service Level Agreement
3.2 Direct Internet Access, VoIP, Live TV and VLAN services
4 Alcatel-Lucent Solution Network Elements
4.1 Alcatel-Lucent NAS Network Elements
4.1.1 WiMAX Base Station (WBS)
4.1.2 WiMAX Access Controller (WAC)
4.1.3 9753 OMC-WR
All Rights Reserved Alcatel-Lucent @@YEAR
9700 WiMAX E2E Architecture 5
4.1.4 9759 NPO
4.1.5 9755 RNP
4.1.6 5580 HNM
4.1.7 Backhauling Solution
4.1.7.1 Wireless Solutions
4.1.7.2 Wired Solution
4.1.7.3 Example (DSL Backhauling)
4.1.8 Aggregation Solutions
4.2 Alcatel-Lucent Core Network Elements
5 QoS Management in WiMAX RAN
5.1 QoS in Alcatel-Lucent WiMAX E2E solution
5.1.1 QoS in The Air Interface
5.1.1.1 Service Flows
5.1.1.1 Classifiers
5.1.1.2 ARQ/ H-ARQ Mechanisms
5.1.2 QoS In the IP Transport Interface
5.1.2.1 DCSP Values
5.2 User Profile
5.2.1 Packet-Flow-Descriptor Attribute
5.2.1.1 Packet Data Flow ID
5.2.2 QoS-Descriptor Attribute
5.2.5 QoS Authorization Reference Model
5.2.3 Authorization & Preprovisioned SF
5.2.4 Provisioned SF Creation
5.3 Lease Line
5.3.1 Lease Line Principles
5.3.1.1 Leased Line Profile Example
5.4 Support of VLAN (Tagged Frames)
6 Protocoles & Interfaces in WiMAX Alcatel-Lucent Network
6.1 Network Elements Interconnection
6.2 Air Interface (R1)
6.2.1 PHY Layer
Page
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
24
25
26
27
28
29
31
33
34
35
36
37
38
39
40
41
42
43
44
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
Page
67
68
69
70
71
72
73
74
76
77
78
79
81
82
84
86
87
88
89
90
92
93
94
95
96
97
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
117
119
120
121
122
123
124
125
Page
126
127
128
129
130
131
132
133
134
136
137
138
139
140
141
142
143
144
145
146
150
151
152
IPIP
transport
transport
MAC
Service
ServiceSpecific
SpecificConvergence
Convergence
Sublayer
Sublayer(CS)
(CS)
MAC
MACCommon
CommonPart
PartSublayer
Sublayer
(MAC
CPS)
(MAC CPS)
Privacy
Privacysublayer
sublayer
Physical
PhysicalLayer
Layer(PHY)
(PHY)
802.16e-2005: IEEE Standard for Local and Metropolitan Area Networks - Part 16: Air Interface for Fixed and
MobileBroadband Wireless Access Systems - Physical and Medium Access Control Layers for Combined Fixed
and Mobile Operation in Licensed Bands-IEEE Computer Society Document
This Amendment updates and expands IEEE Standard 802.16 to allow mobility for mobile subscriber
stations.
WiMAX
Forum
(28%)
Component
Suppliers
(17%)
434 Members
Representation in 57
Countries
28 WiMAX Forum
Certified Products
Service Providers
System
Vendors
(32%)
(23%)
There are several standards belonging to the WiMAX family. Some of these standards relating to End-toEnd architecture are outlined below:
1- Recommendations and Requirements for Networks based on WiMAX Forum CertifiedTM Products
Release 1.2.2 --- Stage 1
2- WiMAX End-to-End Network Systems Architecture - (Stage 2: Architecture Tenets, Reference Model and
Reference Points)
3- WiMAX End-to-End Network Systems Architecture (Stage 3: Detailed Protocols and Procedures)
CSN comprises networks elements such as routers, AAA proxy/server, user databases, Interworking GW
devices.
ASP is a 3rd-party business entity that provides applications or services via Visited-NSP or Home-NSP.
/ RAN
/ RAN
WiMAX RAN
WiMAX CN
H4
HA
WAC1
TELECOM
MSS
CN Telecom
BS1
WAC2
BS2
SBC
WAC3
AAA
NGN - IMS
OMC-R Server
DHCP MSS
OMC-R
Client
9700 WiMAX E2E Architecture 16
9753
OMC-R
AAA
DNS/DHCP
Linux/Dell 1950
M
Wi
Internet
AX
Ethernet
9740 WAC
Home Agent
Cisco
Firewall
Data Plane
Control Plane
Data Plane
Control Plane
MG
MGC
Billing
RTP/IP
SIP
LSM
AAA/HSS
DHCP
RADIUS
DIAMETER
SIP
SBC
Gq/DIAMETER
DHCP
RTP/IP
BS
WAC
Home Agent
IP
Internet/ISP
Mobile Interactive TV
DHCP
Mob. TV streaming
server
AAA
SBC
Gq/DIAMETER
RTP/IP
RADIUS
Mob. TV
Studio 5942
DHCP
RTP/IP
BS
Home Agent
WAC
HTTP
IP
Internet /ISP
Mob. TV engine
8670
Data Plane
Control Plane
Transparent connection of customer site to service provider network at layer 2 via WiMAX RAN
Ethernet frames transparently transported through WiMAX RAN
QoS on air interface & WiMAX RAN (per VLAN QoS)
NSP 1
NSP 1
NSP 2
NSP 2
ER
DHCP
DNS
AAA
SBC/
FW/
NAT
NSP n
NSP n
DHCP
DNS
AAA
SBC/
FW/
NAT
ER
ER
ER
ER
ER
802.1q
802.1qtransport
transportnetwork
networktransport
transport
GRE tunnel
(one per SF)
WAC cluster 1
WAC cluster p
transport network
transport network
BS
BS
BS
BS
BS
BS
NAP WiMAX
network
MSs
MSs
MSs
MSs
W3 situation:
Only fixed NSPs. No mobility for RAN sharing, only in HA less configuration.
No roaming
W4 Improvement:
MSs
MSs
NAP
NSP
CSN 1
CPE I SP 1
ASN
CSN x
CPE I SP x
SLA
9700 WiMAX E2E Architecture 25
Backhaul
Broadband
WiMAX Access Broadband Services
Aggregation & Mobility Control
Routing
Gig-E Ring
Eth.
PTP Microwave
Eth.
Service
Routing
7450
ESS
Copper
Eth.
Fiber
Content
7450
ESS
WAC
or
Optical
Multi-Service
Node
7750
SR
HA
PSTN
OMSN
WAC
Eth.
OMSN
Leased lines
9700 WiMAX E2E Architecture 26
Video Head-End
VoD
Encoders
Ethernet
Eth.
Services
Network
7750
SR
Internet
BS (Base Station): A WiMAX Base Station provides wireless Internet access to Subscriber
Stations (MSS), which are compliant with (WiMAX) standard IEEE 802.16e.
WAC (WiMAX Access Controller): The WAC provides the connectivity for the MSS with
the rest of the network (Internet, Core Network, Corporate Network, etc..).
NPO: it performs network quality of service monitoring and radio Network optimization
for the WiMAX Access Network.
C-WBS
Compact
Base Station for WiMAX
L-WBS
Lightweight
Base Station for WiMAX
All-in-one
High Capacity
Single Carrier with 4TX/RX
All-in-one
Small form factor
Single Carrier with 2TX/RX
L2-WBS
Lightweight-2
Base Station for WiMAX
All-in-one
Reduced weight versus L-WBS
Multi-Carrier with 2TX/RX
D-WBS
Distributed
BS Solutions for WiMAX
D-WBS for central site functions
L- and C-WBS for remote unit
WAC Unit 1
WAC Unit 2
WAC Unit 3
Configuration 1
Configuration 4
Configuration 6
WAC Server 4
Configuration 10
WAC Server 4
WAC Server 4
WAC Server 12
WAC Server 3
WAC Server 3
WAC Server 3
WAC Server 2
WAC Server 2
WAC Server 2
WAC Server 3
WAC Server 2
WAC Server 11
WAC Server 1
WAC Server 1
OK PRI PWR BPS
OmniSwitc h 6850- 24 X
10
11 12
13 1 4 1 5 16
17
18 19
2 0 21
22
23 24
10
11
12
13
14
WAC Server 1
15 16
17
18 19
2 0 2 1 22
23 24
10
11 12
13
USB
WAC Server 1
WAC Server 1
14
15
16 17
18 19
20
21 22
23 2 4
OK PRI PWR BPS
OmniSwitc h 6850- 24 X
USB
10
11 12
1 3 1 4 1 5 16 1 7 1 8 19
20
21 22
23
O K PR I PWR BPS
24
X1
21
X1
X2
22
23
24
X2
CL AS S 1 LA SE R P RO D UC T
CLA S S 1 LA SE R P RO D UC T
C O NS O LE
10
11 12
13 1 4 1 5 16
17
18 19
20
21
22
23 24
USB
X1
21
X1
X2
22
23
24
X2
CLA S S 1 LA SE R P RO D UC T
C LA SS 1LA S ER PR O DU C T
C O NS O LE
21
X1
X2
22
23
24
X1
C LAS S 1 LA SE R P R OD U CT
X2
CLA S S 1 LAS E R P RO D UC T
CO N SO LE
WAC Switch 1
USB
USB
X1
X2
C O NS O LE
WAC Switch 1
WAC Switch 1
X1
21
X1
X2
22
23
24
C O NS O LE
WAC Switch 1
WAC Switch 3
WAC Switch 2
WAC Switch 2
X2
C LA SS 1LA S ER PR O DU C T
CL AS S 1 LA SE R P RO D UC T
WAC Switch 2
21
X1
X2
22
23
24
CLA S S 1 LAS E R P RO D UC T
CLA S S 1 LAS E R P RO D UC T
WAC Switch 1
WAC Switch 3
WAC Switch 2
WAC Server 10
WAC Server 9
WAC Server 7
WAC Server 7
WAC Server 8
Power Distribution
Power Distribution
WAC Server 6
WAC Server 6
WAC Server 5
WAC Server 5
WAC Server 5
Power Distribution
Power Distribution
Power Distribution
OMC-R
WiMAX
QoS analysis
SNMP
Interface
LMT
BS
BS NEM
OMC-R: it performs network surveillance, quality of service monitoring and radio network
planning/optimization for the WiMAX Access Network. It provides a complete set of advanced
management features:
Easy interface with Radio Network Planning (RNP) application for trouble-free
implementation of the network during deployment and densification.
Network plug and play functions
Provisioning and template-based radio configuration
Highly intuitive man-machine interface
Full set of QoS indicators and predefined or customized QoS reports give full network
performance visibility,
RNO (Radio Network Optimizer)
Scalable capacity, up to 2000 cells,
It hosts a NTP server, a DNS server and a DHCP server
LMT
WAC
WAC NEM
Northbound
Registration procedures
SS attachements
Sessions setup
Handover procedures and execution times
Authentication events
IP packet statistics
User plane statistics
QoS measurements
Radio measurements
Traffic load
Radio traces
NPO
PM
Consolidation, QoS
Analysis and long
term storage
PM
Temporary storage
and QoS alerter
processing
OMC
WAC
BS
Network Elements
The WiMAX CPE obeys IEEE 802.16 and WiMAX forum standards. It shall support TR-069
standard for remote CPE management to interwork with HNM 5580.
9700 WiMAX E2E Architecture 36
The WiMAX CPE follows the procedures of IEEE 802.16 (Channel Synchronization, Initial Ranging, Basic
Capabilities Negotiation, AAA Procedures, PKM Key Exchange and Registration Procedure) for entering into
the network. After BS registration (Reg-req, Reg-rsp) the CPE performs DHCP (Dynamic Host Control
Protocol) procedures [Ref. 2.4]. During the DHCP procedure the CPE obtains the URL of HNM 5580 in the
DHCP offer message included in DHCP option 43 and the CPE uses DNS (Domain Name Server) to
resolve the IP address of the HNM 5580 server.
Chain Topology
WiMAX
Microwave
backhauling
Microwave
backhauling
WiMAX-WAC
WiMAX-WAC
Microwave
Metro
Microwave
Metro
9400 AWY
10/100
BaseT
7 GHz up to 38 GHz
9600 USY
6 GHz up to 38 GHz
10/100 BaseT
STM1
WAC
WiMAX Site
Up to 8 twisted pairs
BS
10/100 Base
1521 CL IP
1521 CL IP
Ethernet switch,
Optical solution: There are two optical solutions: one SDH solution based on Alcatel SDH
family products and a stand-alone solution based on the Alcatel 1521FL IP.
Ethernet, switch,
Router, ADM
BS
1521 CL IP
Optical fibre
BS
9700 WiMAX E2E Architecture 39
1521 Subrack
1521 FL IP
All Rights Reserved Alcatel-Lucent @@YEAR
The Alcatel 1521CL IP extends the reach of native Ethernet services to sites by using twisted copper pairs
thanks to standards-based 2BASE-TL and SHDSL and G-SHDSL technology. Ethernet frames are fragmented
across multiple copper pairs.
Alcatel 1615BCE is a solution for Ethernet extension of SDH network on copper line up to 4 pairs. It is managed by
the Alcatel 1353SH also used for all the OMSN Alcatel family. It can be an integrated solution when the SDH
network is an Alcatel one. If the SDH network is not from Alcatel the stand-alone solution is well adapted.
PEF
Indoor CPE
OMC-R
BS
AAA
server
Can be
common
WAC
IP
IP
CORE
CORE
Session
Resource
Broker
S-CSCF
Outdoor CPE
HA
ISAM
ADSL modem
Ethernet
switch
ADSL
ADSL
AWS AN
AN
Router with
HA function
Voice
Gateway
BRAS
SBC
INTERNET
Base Station is connected on the existing Ethernet switch embedded in the ISAM
Solution is valid for Fixed Wireless Access and also for Nomadicity/Mobility services
PSTN
PSTN
MPLS
network
WTD
product
9500
MXC
IPD
products
An IPD product is used as aggregation switch for two wireless backhauling networks,
As this IPD product uses unqualified mode, any frames received on its 2 ports are
A broadcast sent by a booting WBS in the first group of WBS is forwarded to the
As interconnection device on CSN (7450 SHT - Packet One), to connect AAA, DHCP, HA.
Layer 2 VPN
With VLL, a point to point layer 2 Ethernet connection is defined between two endpoints
With VPLS, multipoint to multipoint Ethernet connections are available (MPLS network is then seen as a
Big switch )
In this release multiple NSPs may supply their service through the same NAP. In this case mobility (full
mobility) is not supported (handover is not supported).
When the NAP and NSP domains are separated domains, an Edge Router (ER) shall be present at the
interface between the NAP and each NSP to control the traffic according to the SLA each NSP has with the
NAP. This ER may also have firewall functions.
When the NAP and NSP domains are in the same administrative domain, there is no need to have an ER at
the interface between the NAP and each NSP. In this case the ER shall be at the interface between the
NSPs and external content providers (ASP).
IP Networks
IP
IP
MSS
applications)
BS
(QoS sensitive
WAC
IP QoS Classes (DiffServ)
SBC
Classification
Process by which a packet is mapped on to a particular connection (CID) for transmission between
MSS and BS
SF associated to a CID.
Classification mechanism = procedure used to select most appropriate SF
Browser
SIP user
agent
IP packet classifiers
Reference to a CID ( Connection Id )
Mapping of a packets to a classifier priority
Convergence
HTTP ports,
sub-layer
IP @
nrtPS
Classifiers parameters
TOS/DSCP range
Protocol
Source port and source IP address
Destination port and destination IP address
RTP ports, IP @
BE
IP stack
UGS
QoS parameters
Examples of application
5.1.1.1 Classifiers
A classifier for IP CS may include the following criteria:
IP Type of Service/DSCP (one range of ToS/DSCP values may be included),IP masked
ARQ is one of the mechanisms that are used on the radio interface to satisfy the QoS requirements
of a service flow received in the user QoS profile.
Defined in IEEE802.16e ARQ is a MAC layer mechanism between a MS and a BS that uses the
retransmission of parts of MAC SDUs (ARQ blocks) being received erroneously to reduce the number
of errored SDUs or even to deliver error free SDUs.
H- ARQ
All Rights Reserved Alcatel-Lucent @@YEAR
6
7
ECN : Explicit Congestion
Notification
Exemple:
Service type = Media flow type
DSCP
DSCP
ARQ
Decimal
Schedule
Type
Value
VoIP
Streaming live TV, Streaming VoD
Robust Browser
EF (101110)
46
UGS or ERT- VR
AF41 (100010)
34
RT- VR or ERT VR
BE
BE (000000)
EF (101110)
46
AF41 (100010)
34
RT - VR
AF31 (011010)
26
NRT - VR
UGS or ERT - VR
TLV
ID
1
2
4
5
6
7
8
9
10
TLV N ame
PacketDataFlowID
ServiceDataFlowID
Direction
ActivationTrigger
TransportType
UplinkQosID
DownlinkQoSID
UplinkClassifier
DownlinkClassifier
Length
Octets
2+ 2
2+ 2
2+ 1
2+ 1
2+ 1
2+ 1
2+ 1
2+ Length
2+ Length
QoS Descriptor
TLV ID
TLV N a me
1
4
5
6
7
9
10
12
13
14
15
Q oS ID
Schedule Type
Traffic Priority
Maximum Sustained Traffic Rate
Minimum Reserved Traffic Rate
Tolerated Jitter
Maximum Latency
Media Flow Type
Unsolicited Grant Interval
SDU Size
Unsolicited Polling Interval
Length
O ctets
3
3
3
6
6
6
6
3
4
3
4
Pre-Provisioned Service Flow: PDF-ID value is greater than 20 with the Activation Trigger identifying
a pre-provisioned SF.
These Service Flows are established after the MS IP allocation procedure during the Initial Network Entry.
Dynamic Service Flow: PDF-ID value is greater than 20 with the Activation Trigger identifying a
Dynamic SF.
Dynamic SFs retrieved from the AAA server are used for Authorization when a call setup or VoD request is
received from the user through the SBC. Dynamic SFs are only established during call setup and are
activated via Gq.
MSS
SIP / RTSP ( SDP : Media information )
RTSP Client
P-CSCF
SIP Client
BS
Diameter
Relay
WAC
Diameter
PDF
RELAY
AAR/AAA
(SF/QoS
Parameters)
PEF
AC
Gq Diameter
PEF
AC
Service Information
AC
(SF/QoS
Parameters)
IP transport
MAC
scheduler
IP transport
R1
MAC
scheduler
IP transport
IP transport
R6
R4
AC - Admission Control: the set of actions taken by a network during the call
set-up phase or during
handover in order to determine if the call should be accepted or rejected.
PDF - Policy Decision Function: is a logical policy decision element that uses
standard IP mechanisms to
implement policy in the IP media layer. The PDF makes decisions in regard to
network based IP policy
Using policy rules, and communicates these decisions to the PEF.
PEF - Policy Enforcement Function: a logical entity that enforces policy
decisions made by the PDF.
Serving BS
User authentication
WAC
Radius client
AAA
User profile
Example:
128 kbit/s minimum UL & DL
512 kbits/s maximum UL & DL
RAN
SBC
WAC Serving
Gq
Diameter
User Profile
Check
SF Creation
Request
SF Creation
Response
Diameter: AAR
(service information)
Diameter: AAA
(success)
SIP: TRYING/RINGING/2000K/ACK
or Service flow
Classifiers defining which user flows will be encapsulated in the GRE tunnel.
A Service Flow leased line corresponds to a pre-provisioned service flow
Scheduling types For LL, may be set to UGS or RT-Vr or ERT-Vr or NRT-Vr
Service Flow Leased lines may be established using the following service types:
LEASED LINECONVERSATIONAL
LEASED LINE STREAMING
LEASED LINE-NON-REAL TIME
entry.
A leased line corresponds to a pre-provisioned service flow created from profiles in
the AAA server through RADIUS Access Accept message and corresponding to a given
user QoS profile.
Classifiers
BE
WAC parameters
LLC
BS
CPE
BE
BS
LLC
WAC
Robust Bowser
DSCP = 0
Lease Line
Conversationnal
DSCP = 46
Service Flows
AAA
Profiles
HA
1) Network entry
AAA server
WAC
PC
Example:
Lease line (UGS connection)
512 kbits/s guaranteed UL
512 kbits/s guaranteed DL
PC
CPE
4) Connection creation
(512 kbits/ s UL, DL)
VLAN-tagging on the CN side (HA less configuration): to isolate the traffic of the different NSPs.
VLAN-tagging on the ASN side (HA and HA less configurations): priority bits in the Ethernet frames.
VLAN-tagging on the CN and ASN side (HA less configuration): priority bits in the Ethernet frames.
DIAMETER/TCP/IP
SNMPv3
DHCP
XML/HTTPS
R1
MSS
DHCP/UDP/IP
R6
BS
802.16e
MAC
R3
WAC
R3
CCC/TCP/IP
MIP/UDP/IP
R3
R4
HA
RADIUS/UDP/IP
DIAMETER/TCP/IP
WAC
AAA
9700 WiMAX E2E Architecture 64
Server
Convergence
Convergence Sub-layer
Sub-layer (CS)
(CS)
CS
MAC
MAC SAP
MAC CPS
MAC
MAC Common
Common Part
Part Sub-layer
Sub-layer
Security Sub-layer
Security
Security Sub-layer
Sub-layer
PHY
PHY SAP
Physical
Physical Layer
Layer
PHY
Sub-channel
DL& UL maps
Preamble DL
FCH
DL-MAP
FCH
UL-MAP
DL-MAP
FCH
UL-MAP
Sucarriers
Preamble DL
DL Preamble
DL
UL
OFDMA Frame
9700 WiMAX E2E Architecture 66
WiMAX as defined in the IEEE 820.16e supports both TDD and FDD. The Commercial Alcatel-Lucent solution is
limited to the TDD (Time Duplex Mode). Burst downlinks allow the use of more advanced robustness and
capacity enhancement techniques, such as subscriber-level adaptive burst profiling and advanced antenna
systems.
SS
Network
Network Access
Access
Connection
Connection Establishment/Release
Establishment/Release
Connection
Connection Maintenance
Maintenance
Service
Service Flow
Flow Establishment
Establishment
Network.
The transport network may be a Layer 3 (IP) network or a Layer 2 network (layer2),
BS
Control Plane
User plane
WAC
RAN CN
OAM IP@
CP IP@ WAC-BS & IWAC
UP IP@ WAC-BS (GRE/NSP)
UP IP@ IWAC (GRE/NSP)
Management plane
1 CP IP@ VLAN/NSP)
Control plane
NSP1
NSP2
WAC
BS
NSPn
VLAN /NSP
1 unique CP @/Bs
1 unique UP IP @
BS
WAC
GRE Tunnel
Outer IP
Header
GRE
Header
Inner IP
Header
Inner IP
Payload
GRE
Key
DSCP
GRE
Packet
DSCP
There is one separate tunnel endpoint IP address per NSP on WAC side, but one common
tunnel endpoint IP address for all NSPs on BS side.
9700 WiMAX E2E Architecture 70
Base Station
TCP
Control
Interface
Control
Interface
Control
Interface
WAC
WAC
Serving
WAC
Cluster
9700 WiMAX E2E Architecture 71
Home NSP
NAP
procedure.
R3
ASN
CSN
connectivity management.
AAA
RAN
WAC Serving
Embedded HA
External HA
SBC
R3 compliant
- DHCP proxy or DHCP
relay
External HA
- HA IP@ from AAA
Enhanced Legacy
- DHCP relay
- DHCP server IP from OMC
- HA IP@ from DHCP server
- DHCP Relay
- HA IP@ assigned in initial
Serving WAC
Embedded
HA
Radius
CPE
WAC
AAA Server
RADIUS Codes (decimal) are assigned according to the message type as follows:
1
2
3
4
5
11
12
13
255
Access-Request
Access-Accept
Access-Reject
Accounting-Request
Accounting-Response
Access-Challenge
Status-Server (experimental)
Status-Client (experimental)
Reserved
WAC
Access-Request
AAA
Dst Port
Length
Attributes
EAP-Attribute
MiP Tunnel 1
E
Ho xte
me rna
Ag l
en
t
CSN
CoA1
RAN
Foreign Agent
MiP Tunnel 2
CoA2
Foreign Agent
A router on a mobile node's home network which tunnels datagrams for delivery to the mobile node and maintains
current location information for the mobile node.
A router on a mobile node's visited network which provides routing services to the mobile node while registered.
The foreign agent de-tunnels and delivers datagrams to the mobile node that were tunneled by the mobile node's home
agent.
Home address
IP address received by the MSS from the DHCP (Local IP Address Allocation)
The termination point of a tunnel toward a mobile node, for datagrams forwarded to the mobile node while it is away
from home. It is the address of the serving WAC.
New IP header
Original IP Packet
@IP Source HA
@IP Care of address
Payload
MN
RAN
HA
Tunnel
FA CoA
Payload
1.1.1.7
Foreign
Agent (WAC)
New tunnel
Mobile
Node
CoA
1.1.1.7
1.1.1.7
1.1.1.8
1.1.1.5
10.31.1.1
10.31.2.1
10.31.2.1
10.31.3.1
10.31.2.1
Foreign
Agent (WAC)
1.1.1.7
Old tunnel
Home Agent
10.31.1.1
Corresponding Node
MSS
BS
WAC/FA
DHCP Server
HA
Ww
MSS
BS
WAC/FA
DHCP Server
HA
Type=Registration Request
Registration Life Time =1h
Home Adress (MN IP@)
Home Agent IP@
CoA IP@
HoA IP@
MS IP@
IP@ Offer
DHCP Server
IP@
DHCP Relay
IP@
CPE/MS MaC @
Option List
R6
WAC
Serving
WAC
DR
User Profiles
R1
User Profiles
R3
Gq
Diameter
SBC
command
<AAR> = < Diameter Header: 265, REQ, PXY >
< Session-Id >
{ Auth-Application-Id }
{ Origin-Host }
{ Origin-Realm }
{ Destination-Realm }
[ Media-Component-Description ]
CPE1
CPE2
WAC
SBC
INVITE (Session1)
AAR (Session 1)
AAA (Session 1)
INVITE (Session2)
AAR (Session 2)
AAA (Session 2)
Bye (Session1)
STR (Session 1)
STA (Session 1)
Description
Code
CER
257
CEA
257
AAR
AA Request
265
AAA
AA Answer
265
ASR
274
ASA
274
DWR
280
DWA
280
STR
275
STA
275
DPR
282
DPA
282
Details
CPE
BS
WAC
AAA
DHCP
Ext
HA
DR
ASP
CPE
BS
Ww
R6
WAC
Network Discovery
and Selection
ND&S
BS Selects
prefered WAC
SS Associated-Ind (MS-MAC@)
Ranging cause=NW_ENTRY
SS Associated-res (MS-MAC@ UP-T W-Adress-list)
Upon installation, an MSS begins scanning its frequency list to find an operating channel. The MSS tries to
synchronize to the downlink transmission by detecting the periodic frame preambles. Once the physical
layer is synchronized, the MSS will look for the periodically broadcast Downlink Coding Descriptor (DCD) and
Uplink Coding Descriptor (UCD) messages.
Upon learning what parameters to use for its initial ranging transmissions, the MSS will look for initial
ranging opportunities by scanning the Uplink-MAP messages present in every frame. The MSS chooses an
initial ranging slot to send a ranging request message.
The response also provides the MSS with the basic and primary management CIDs.
To avoid wasting capacity, the MSS next reports its PHY capabilities, including the modulation and coding
schemes it supports. The BS, in its response, can deny or accept the use of any capability reported by the
MSS.
Ww
BS
R6
WAC
R3
AAA
Each MSS contains both a manufacturer-issued factory-installed X.509 digital certificate and the
certificate of the manufacturer. The network is able to verify the identity of the MSS by checking
the certificates and can subsequently check the level of authorization of the MSS. If the MSS is authorized
to join the network, the BS will respond to its request with an Authorization Reply containing an
Authorization Key (AK). Upon successful authorization, the MSS will register with the network.
CPE
BS
Ww
R6
WAC
SS_SF_Cnf (SFID
After registration, the MSS attains an IP address via DHCP and establishes the time of day via the Internet
Time Protocol (NTP server).
MS IP@ Offer
DHCP Server
MS IP@ ??
Legacy
AAA
WAC (DHCP-RELAY)
HA
DHCP Proxy:
No DHCP Server
MS IP@ ??
AAA
WAC (DHCP-Proxy)
HA
Ww
BS
R6
WAC
(DHCP Relay)
DHCP
Server
R3
External HA
PCS_PDU(DHCP DISCOVER)
Initial SF
IP Destination@ set to
255.255.255.255
(DHCP DISCOVER)
-OMC configuration
-AAA VSA
PCS_PDU(DHCP REQUEST)
GRE (DHCP REQUEST)
CPE
Ww
BS
R6
WAC
DHCP Proxy
AAA
External HA
Initial SF
PCS_PDU(DHCP DISCOVER)
R3
MS IP@ (HoA)
IP Destination@ set to
255.255.255.255
PCS_PDU(DHCP OFFER)
PCS_PDU(DHCP REQUEST)
GRE (DHCP REQUEST)
No DHCP Server
7.1.5 Accounting
WAC starts to record the duration of the session (HSI), input and output octets, or input and output
packets of the user.
CPE
Ww
BS
R6
WAC
(ASN Anchor)
R3
AAA
Accounting Response
2nd MiP Registration
HA
BS
WAC
AAA
DHCP
Radio entry
Scan, DL/UL
Parameters
Mutual Authentication via EAP
Registration
Local IP address allocation
Service Flow
Creation
MIP registration
Accounting start
SIP Registration
VoIP Call Setup
HA
HSI
MS
BS
WAC
AAA
DHCP
HA
SBC
IMS
MS-2
BS
WAC
DHCP
HA
SBC
Softswitch
MS-2
BS
WAC
DHCP
HA
SBC
Softswitch
MSS
BS
WAC
Diameter
Relay WAC
SBC
Video Streaming
server
1
HTTP Get (HTTP_url, HTTP_headers)
User Authentication
HTTP 200 OK (rtsp_url,CONF_ID, UID)
HTTP 200 OK (rtsp url,CONF ID, UID)
BS
Diameter
Relay WAC
WAC
SBC
1
RTSP DESCRIBE (rtsp url,Accept:Application/sdp)
BS
WAC
Diameter
Relay WAC
SBC
DIAMETER:AAR(Service
Information for Audio and Video)
DIAMETER:AAR(Service
Information for Audio and Video)
SS-SF-Req(MS MAC,SF-ReqType=ADDITION, SFlist)
Service flow creation for
Audio and Video
SS-SF-Cnf(MS MAC@,
Service Flow Results
DIAMETER:AAA(success)
DIAMETER:AAA(success)
RTSP PLAY(rtsp url, RtspSessionID,Range)
RTSP 200 OK ( RtspSessionID,Range,RTP-Info)
9 Mobility
9 Mobility
Handover between base stations keeping the same WAC as anchor point
No change of Mobile IP Foreign Agent (FA)
Inter WAC handover
WAC
(proxy M IP/ FA)
BS
IMS
HA
802.1 6e
Corporate
Internet
BS
WAC
(proxy M IP/ FA)
Seamless handover
intra WAC
inter WAC
IP@ managed by the HA. All traffic to/from the WiMAX terminal converge to the HA.
The Foreign Agent located in the WiMAX RAN (i.e. in the WAC). All traffic to/from
terminal moves from one FA to another (i.e. from one WAC to another).
9 Mobility
steps:
WAC
Handover execution
ho req
Network re-entry
After this step MSS can send/receive
ho rsp
ho rsp (BS)
Mob-ho-ind (BS)
Network re-entry
Cell reselection
HO initiation
& preparation
9 Mobility
update L3 routing
WAC-1
(proxy M IP)
802.1 6e
HA
WiMAX RAN
Macro mobility
WAC-2
(proxy M IP)
Agent IP @)
WAC performs the Mobile IP registration on behalf of the MS. This is transparent to the
MS.
binding : CoA (IP@ of the FA in the WAC) and MS IP@ done in HA
1) IP@ acquisition
2) IP@ acquisition
3) MIP RRQ / RSP
4) ACK
DHCP
server
WAC-1
(PMIP)
802.1 6e
HA
WiMAX RAN
Macro mobility
WAC-2
(PMIP)
Core Network
WAC-1
HA
HA
WAC-2
WAC-1
WAC-2
WAC-1
WAC-2
9 Mobility
9 Mobility
there are pending data for this MS in the network (If any, the MS re-enters the
network)
Periodically refresh MS context lifetime stored in the Paging Controller
Periodically listen to paging information broadcast by the network in order to know if
the MS has moved to another Paging Group
Role of the Paging Controller:
Keeps track of MS location while in idle mode to know in which paging group the MS is
Stores MS context for MS in idle mode
Notifies MS in idle mode of incoming IP packets
Paging:
When PC receives a downlink packet towards an IDLE MS, it first checks the current PG
of the MS. PC can initiate Paging procedure to all the BSs of the Cluster which belong
to the PG via R6 interface.
Location Update:
LU MAY be either Secure or Unsecure
Each WAC unit can manage all the BSs belonging to the Cluster.
Each WAC Unit can manage all the PGs of the BSs in the Cluster.
The BSs controlled by the WAC units from the same cluster can be divided into different
PGs.
BS association with a particular PG within a cluster is done via OMC-R.
User authentication
CHAP
TLS
EAPTTLS
EAP
EAP
PKM
PKM
16e MAC
16e MAC
16e PHY
MSS
EAP
RADIUS
EAP
RADIUS
RADIUS
or
DIAMETER
RADIUS
or
DIAMETER
BS/WAC
control
BS/WAC
control
TCP
TCP
UDP
UDP
UDP
UDP
IP
IP
IP
IP
IP
IP
L2/L1
L2/L1
L2/L1
L2/L1
L2/L1
L2/L1
16e PHY
BS
WAC
All Rights Reserved Alcatel-Lucent @@YEAR
HomeAAA
Server
The real username of the user is used in CHAP, and the association username/password is stored in AAA server.
MSS
WAC
TTLS Server
AAA Server
EAP messages are exchanged between MSS and TTLS AAA server in each direction. They are transparently
relayed by BS and WAC.
The WAC initiates the EAP authentication exchanges by sending an EAP Request / Identity to the MSS via the
Base Station. Subsequent EAP messages are relayed by the WAC.
The TLS layer authenticates the homeTTLS/AAA server to the MSS and builds a secure MSS-AAA Server tunnel for
subsequent MSS authentication using CHAP.
MSS
WAC
AAA Server
EAP-Request / Indentity
EAP-Response / Indentity
The identity contains the realm
Check Realm
EAP-Request / TTLS Start
AAA Server
ServerHelloDone
MSS
AAA Server
Compute
pre master secret
EAP-Response / ClientKeyExChange
pre master encrypted, Rsp([Certificate],
ClientKeyExchange TLS record, ChangeCipherSpec,
Compute
pre master secret
MSS
AAA Server
EAP-Request
WAC
AAA Server
EAP-sucess
The MS directly sends the CHAP challenge response to the AAA server, as the challenge used is
calculated with the master key.
At the end of CHAP authentication, the TTLS AAA server sends an EAP-success message to the MS.
This message is encapsulated in an EAP-Access-Accept message, sent to the WAC and relayed to
the MS.
This message also contains key materials : Master Secret Key (MSK), derived from master secret,
is sent encrypted in RADIUS attributes.
EAP-AKA
This authentication mechanism has been originally defined for the UMTS
mobile system. It uses a SIM card (Subscriber Identity Module). Client and
Server share a predefined secret key.
The transfer of TEK on the control plane from BS to MS is realized thanks to encryption
with the KEK key.
Key derivation from previous MSK ( elaborated during users authentication phase)
and distribution of key materials in order to secure the exchange of data on the air
interface.
BS
MS
MSK
512 bits
WAC
MSK
512 bits
EAP authentication
MSK
512 bits
AK
160 bits
AK
160 bits
KEK
KEK
TEK
TEK
AAA
server
AK
160 bits
RADIUS
CMAC-Key-UL
(128)
CMAC-Key-DL
(128)
BSID: BS Identity
KEK (128)
TEK (128)
{KEK, TEK}
protected by KEK
Use of secured protocol SNMPv3, all transactions between OMC-R , WAC and BS are encrypted and
authenticated:
Parameters setting
counters polling
Alarms management
Use of SSL between WAC and OMC (authentication and encrypted tunnel to transfer data for an HTTP
session):
o
o
Use of SSH2 to connect on NE (BS and WAC) (ensure authentication and encryption):
WAC
o SSH
o SSH
BS
o SSH
o SSH
The ASP supports accounting for VoIP, VoD, and other services if any.
OFF Line:
ON Line:
Online subscription feature : also called Over the Air (OTA) provisioning
Pre-paid : capability to handle sessions based on the consumption of a pre-existing credit managed by a PrePaid Server (PPS)
Hot lining for on line subscription when AAA detects an unknown user
Hot lining for on line replenishment (or account refilling) : triggered by AAA when PPS detects that credit
limit is reached.
Note: Pre-paid option can be used on a WiMAX RAN without Online subscription. But Online Subscription usage implies also Pre-paid option for
the self registered users
The WiMAX RAN provides access to the High Speed Internet Service (HSI).
The PPC function for HSI is located in the WAC.
The interface between PPS and AAA interface is used to provide online accounting for High Speed
Internet (HSI) service.
Vital AAA
ICC DB
Diameter
WAC
DB
Web Portal
SOAP/ HTTP
Voucher DB
The other PPC for VoIP and VoD services are located in the CSN. DCC interface is also used
between PPS and PCC at CSN.
9700 WiMAX E2E Architecture 139
Online Subscription is also called Over The Air (OTA) provisioning. Online Subscription feature permits a
future WiMAX user to register himself/herself on the WiMAX RAN. This is the same approach in WiMAX
than for WiFi users self registration on WiFi Hotspots.Feature goal:
To allow a user, which purchases a WiMAX capable device, to subscribe to WiMAX services directly from its device to any
provider.
The WiMAX service provider, chosen by the customer, shall offer solution to provision a new user account and to provision and
configure the user device
Additional online procedures: account modification by the user, account deletion (operator,automatic)
W4 assumptions
- Online subscription only for prepaid user
- Only concerns High Speed Internet service
- W4.1: payment using voucher (scratch card)
- future: payment using CB
W4 restrictions
- In W4, the terminal configuration is done by user: no bootstrapping and provisioning over the air
- In W4, no online subscription modification
- In W4, online subscription deletion done manually by the operator on each server (PPS, AAA)
PPS
ICC DB
Diameter
DB
SOAP/ HTTP
Web Portal
HTTPS
Voucher DB
depleted.
ASN-GW
Prepaid attributes
User Device
Prepaid Client
RADIUS
Client
RADIUS
Prepaid Server
RADIUS
Server
Diameter
User Plane
FA
HA
IPIPservices
services
When the credit expires, the session is ended. When the session ends before credit expires,
the unused credit is given back to the Prepaid Server
9700 WiMAX E2E Architecture 141
On-line accounting mainly involves two entities: the Prepaid Client (PPC), and the Prepaid Server (PPS)
The PPC
dialogs with AAA and PPS for the prepaid accounting authorization
The PPS
Home-CSN
PPC
for VoIP
Dia
me
ter
MS
PPC for
Internet Access
Service
Radius
Home-AAA Transl.
Server
Agent
Diameter
ter
me
a
i
D
PPC
for VoD, ...
ASN
Pre-Paid
Server
Online
Charging
Server
HLA
depleted.
The refill capability is available both at Network Entry and during a session.
During Hotlining, the user can only access to the User account refill web page presented by the
Radius
MS
HLD
H- AAA
Diameter
PPS
(OCS)
HLA
The Prepaid mode uses the Hotlining feature to enable user to refill their account when it is depleted. This refill
capability is available both at Network Entry (no initial) and during a session (credit has exhausted). During
hotlining, the user can only access to the User account refill web page presented by the the NSP Web Portal.
HLA
The Hot-Line Application is a functional entity that performs the following roles:
Initiates notification of the Hot-Line status to the MS. This is done via a delivery of an
HTML page to the subscribers browser.
Provides a mechanism for the user to rectify the issue that triggered Hot-Lining (Web Page).
Terminates the user's packet data session upon unsuccessful resolution of the problem.
HLD
A Hot-Lining Device (HLD) implements the Hot-Lining rules requested by the Home AAA server for a
user. All User Plane packets of a hot-lined user are checked against the Hot-Lining rules and when a
match is found the corresponding action (permit, deny, or redirect) is performed by the HLD.
PPS/OCS
Communicates with the AAA (Diameter Credit Control)
Maintains the user account balance.
Serves requests issued by the PPC for allocation of user quota.
Associates every allocated quota with a Validity-Time (VT). The CSN operator configures VT
on a per service basis. Should the PPC loose the prepaid context of a user (PPC reset) the
allocated quota is moved back to the user account on VT expiry.
Subscriber/Account creation
The user is informed that it has to reconnect to Wimax in order to access the service (normal entry phase)
Ww
BS
WAC/HLD
NSPAAA/
HLA
DHCPServer
SF creation
Accounting Start (NAI, SessionID,
MS mac@, Class, HOTLINE
indication)
9700 WiMAX E2E Architecture 145
Pre-provisioning phase
1- ASN access: scanning,
radio synchronisation,
NSP discovery and selection
2- Authentication
3- Pre-provisioned subscription service flow creation.
Hot-lined session: user flow re-directed to the Subscription Web Portal => only a limited access is authorized
Ww
BS
NSPAAA/
HLA
WAC
HTTP 404 (Page not found, please access the following URL
to subscribe to the service provider network)
HTTP get request (Open Welcome Page to Subscription Web Portal )
HTTP get answer (Open Welcome Page to Subscription Web Portal )
HTTPS post: ordering subscription and accounting selection)
Subscription phase
4a- User confidential data requested to create an account through a secured connection
4b- User subscription creation authorized: voucher validity checked
4c- User account creation on AAA and PPS
NSP Web
Portal/ PS
Ww
BS
NSPAAA/
WAC
NSP Web
Portal/ PS
HTTP redirection
HTTP 404 (Page not found, please access the following URL
to subscribe to the service provider network)
oPassword
oConfirm
HTTPpassword
get request (Open Welcome Page to Subscription
A description of each
possible subscription is
provided,
inlcuding
Web
Portal
) :
cost, bandwith, et .. la
duration in min
Service selection
256
768
1500
Cancel
In a return NOK(404): The associated message recommend to access the proposed URL (several could be
proposed for several device format) in order to be authorized to access the service.
- Interfaces with the user through an HTTPS interface with HTML format
-
To get user information needed to create the account through a secured connection
data are provided to the user to allow him to perform a subsequent initial network entry (NAI, url/pwd)
The user is also informed that, in order to achieve his subscription he has:
- To disconnect from the WiMAX network
- To follow the instructions (get when he buys the voucher or that he will receive) to configure his device
- To re-enters the WiMAX network to access the subscribed HSI service
Ww
BS
NSPAAA/
WAC
xxxxxxxxx
HTTP redirection
HTTP 404 (Page not found, please access the following URL
xxxxxxxxx
to subscribe to the service provider network)
xxxxxxxxx
oPassword
xxxxxxxxx
HTTP get request (Open
Welcome Page to Subscription Web Portal )
oPassword
A description of each
possible subscription is
:
cost, bandwith, et .. la
duration in min
oConfirmpassword xxxxxxxxx
HTTPpassword
get request (Open Welcome Page to Subscription Web
provided,
Portal
inlcuding
)
oConfirm
Service
selection
NAI: xxxxxxxxx
256
768
1500
Validate
OK
Cancel
NSP Web
Portal/ PS
Ww
BS
WAC
NSPAAA/
HLA
NSP Web
Portal/ PS
users.
Accounting messages that convey Usage Data Records (UDRs) are sent by the NAS to a AAA
server.
The AAA server creates text files for UDR that are processed by a charging server.
In any case charging files always include the actual identity of the user.
Charging server
User Device
ASN-GW
RADIUS
Client
RADIUS ACCOUNTING
(UDRs)
RADIUS
Server
User Plane
FA
HA
IPIPservices
services
Ww
BS
DHCP
WAC
AAA
CG
IPIP
services
services
Off line accounting is completely transparent for the WAC for VoIP and Video services, the accounting in this case
is managed by the NGN, IMS or MiTV part.
Exercises
What
What
What
What
What
Exercise
Some equipments and components are missing in the following WiMAX Network,
please try to add the missed equipment in order to allow User1 to enter the
network and call User2 and User3
User 1
OMC-R
WiMAX
RAN
WAC
WiMAX
CN
User 2
BS
IMS/NGN
User 3
PSTN/2G/3G
10 mn
Soft
Switch
Exercise
Using the given information try to match the equipments description with the
corresponding equipment:
10 mn
OMC
Exercise
Below is a part of the WiMAX network with the different interfaces
mentioned as described by the WiMAX forum, please give the protocol
used for each interface for all types of traffic:
R1:
R3:
R4:
R6:
10 mn
Sr IP@ Ms(1)
CN
Ip@
PAYLOAD
HA
HA
HA
WAC 1
WAC2
WAC3
BS1
1h
9700 WiMAX E2E Architecture 159
BS2
Cluster (1)
BS3
MS1
MS1
All Rights Reserved Alcatel-Lucent @@YEAR
Corresponding Node
Sr IP@ Ms(1)
CN
Ip@
PAYLOAD
AR
Cluster (2)
Cluster (1)
HA
HA
HA
HA
WAC 1
WAC2
WAC3
WAC 1
BS1
BS2
30 mn
MS1
9700 WiMAX E2E Architecture 160
BS3
MS1
BS4
BS5
Exercise
Assume that we have one NSP connected to the WiMAX RAN, please put
on the picture all the IP@ in CN and RAN side for the WAC server, and do
the same for the BS.
RAN
CN
WAC
WAC
10 mn
9700 WiMAX E2E Architecture 161
Exercise
Please check the right answer (True/False):
The Home Agent is mandatory in the WiMAX Network
No services with QoS are provided by Internet
The WAC manages the mobile access and radio resources
The SBC is optional for Real time services
The WAC is always DHCP relay
Control plane is encapsulated between the BS and the WAC
DHCP messages are encapsulated in the RAN
In the RAN sharing, each NSP implements its own HA
PPC for all the services is embedded in the WAC
The WAC manages only HSI accounting session
15 mn
9700 WiMAX E2E Architecture 162
Exercise
From the following user profile taken from the AAA, try to list the QoS parameters
of this user:
INSERT INTO users ( user_name, user_realm, password, auth_type, reply_group )
VALUES ( 'w261-user8', 'lannion.fr', 'wimax', 'eap-ttls', 'BE1-LLCUGS' );
INSERT INTO group_avps values ( 'BE1-LLCUGS', '3gpp2-Service-OptionProfile="Maximum-Instances=1,Service-Option=\"Option-Number=176,MaximumInstances=1\""WiMAX-Packet-Flow-Descriptor="Packet-Data-Flow-ID=01,Service-DataFlow-ID=1,Direction=Bi-Directional,Transport-Type=IPv4-CS,ActivationTrigger=\"Active=true\",Uplink-QoS-ID=1,Downlink-QoS-ID=2WiMAX-QoSDescriptor="QoS-ID=1,Media-Flow-Type=Robust-Browser,Schedule-Type=BESTEFFORT,Traffic-Priority=0,Maximum-Sustained-Traffic-Rate=128000"WiMAX-QoSDescriptor="QoS-ID=2,Media-Flow-Type=Robust-Browser,Schedule-Type=BESTEFFORT,Traffic-Priority=0,Maximum-Sustained-Traffic-Rate=1024000"
WiMAX-Packet-Flow-Descriptor="Packet-Data-Flow-ID=3,Service-Data-FlowID=3,Direction=Bi-Directional,Activation-Trigger=\"Active=true\",Transport-Type=IPv4CS,Uplink-QoS-ID=3"WiMAX-QoS-Descriptor="QoS-ID=3,Schedule-Type=UGS,MinimumReserved-Traffic-Rate=120000,Tolerated-Jitter=150,Maximum-Latency=150,MediaFlow-Type=Leased-Line-Conversational,Unsolicited-Grant-Interval=20"ServiceType=Framed-User Framed-IP-Address=255.255.255.255 Termination-Action=RadiusRequest', 1 );
15mn
9700 WiMAX E2E Architecture 163
Exercise
Using the Trace (1) given by the trainer:
A- Please, try to find:
The Realm
The User Identity
The method used for user authentication.
The Ciphering method used by the two peers (User & AAA)
B- List the different steps of the authentication as you can observe on the
trace.
C- what can you conclude??
30mn
9700 WiMAX E2E Architecture 164
Exercise
Using the Trace given by the trainer, try to find:
The IP@ of each element in the following diagram.
The NSP ID or the Realm.
WiMAX RAN
H4
WiMAX CN
HA
WAC1
TELECOM
MSS
CN Telecom
BS1
BS2
WAC2
SBC
WAC3
AAA
NGN - IMS
OMC-R Server
20 h
DHCP MSS
OMC-R
Client
Exercise
Using the Trace(2) and the previous exercise results, fill the main
different steps that follow the Radio Network Entry on the following chart
flow:
MS
BS
WAC
AAA
DHCP
45mn
9700 WiMAX E2E Architecture 166
HA
Annexes
Annexes
Content
The Content of the annexes is:
1.
NGN Network
2.
IMS Network
3.
VLAN
Annexes NGN
Annexes
NGN
The 2 basic principles of an NGN:
NGN
Voice
Voice/data
convergence
Data
Multi
media
The need today is to route and manage increasing volumes of data traffic including voice and video.
Next Generation Networking (NGN) is a broad term to describe some key architectural evolutions in
telecommunication core and access networks that will be deployed over the next 5-10 years. The general idea
behind NGN is that one network transports all information and services (voice, data, and all sorts of media such
as video) by encapsulating these into packets, like it is on the Internet. NGNs are commonly built around the
Internet Protocol, and therefore the term "all-IP" is also sometimes used to describe the transformation towards
NGN.
Annexes
NGN
NGN Class 4
MGC
LEX
AN
Circuit Networks
TGW
TGW
LEX
AN
TGW
Packet
Backbone
BRAS
DSLAM
LPF
Internet
Annexes
NGN
NGN Class 5
MGC
AN
Circuit Networks
AGW
TGW
RGW
AN
AGW
STP
Packet
Backbone
BRAS
DSLAM
LPF
Internet
Annexes
NGN
The Signaling is SS7. The MGW is a signalling GW to map it on SIGTRAN on
the NGN side.
The User plane is carried over IP
Call Server Call Server
Home
(CPE)
Access
node
AN
Local
switch
LEX
Transit
National
TEX
MGW
IP
MGW
IP
MGW
TDM
User plane
Control plane
9700 WiMAX E2E Architecture 173
A Media Gateway, abbreviated MGW acts as a translation unit between disparate telecommunications networks
such as PSTN; Next Generation Networks; 2G, 2.5G and 3G radio access networks or PBX. Media Gateways
enable multimedia communications across Next Generation Networks over multiple transport protocols such as
ATM and IP.
Annexes
NGN
Thank to the SBC the WiMAX network is integrated with the NGN network
Home
(CPE)
Access
node
AN
Local
switch
LEX
Transit
National
TEX
MGW
IP
MGW
SBC
TDM
WAC
IP
HA
A Media Gateway, abbreviated MGW acts as a translation unit between disparate telecommunications networks
such as PSTN; Next Generation Networks; 2G, 2.5G and 3G radio access networks or PBX. Media Gateways
enable multimedia communications across Next Generation Networks over multiple transport protocols such as
ATM and IP.
Annexes
NGN
s
today
f
o
e
s
On
itche
w
s
M
TD
NGN
Call Server
Services and
connection control
Access
Gateways
Switching
matrix
Subscriber
interfaces
Trunking
Gateways
IP
Circuit
interfaces
H323/SIP "soft" & "hard" phones
Annexes IMS
Annexes
IMS
Open, standardised, operator friendly, NGN multimedia architecture for
mobile and fixed services
Based on SIP, DIAMETER controls
Supports legal interception, localisation, PSTN interworking, etc.
Developed in 3GPP but now adopted by ETSI
Access Independent
Applications
Applications
3G
3Gmobile
mobile
WiMAX
WiMAX
Internet
IMS
IMSPlatform
Platform
DSL
DSL
Fibre
Fibre
Ethernet
Ethernet
PSTN
IP
IPtransport
transport
MGW
MGW
3GPP has decided to use a layered approach to architectural design. This means that transport and bearer are
separated from the IMS signalling network and the session management service.
Application layer:
Service Capabilities
Standardized access to telecom service capabilities for 3rd party developers: open Interfaces.
Control layer:
Manages multimedia sessions using only one multimedia protocol (SIP) for session and service control.
Transport layer:
Assumes the independence (as long as it is IP) with the access: fixed, mobile, wireless.
Combination with charging package for data and IMS services is possible.
Access layer:
Represents all the possible broadband access technologies: UTRAN, CDMA2000, xDSL, WLAN, cable networks.
Annexes
IMS
DHCP
AAA
WAC
Circuit
networks
WiMAX
GGSN
SGSN
HLR
AuC
GPRS
backbone
Node-B
RNC
IMS
GGSN
Packet
networks
Annexes
IMS
Application
Layer
Control
Layer
AS
AS
HSS/ SLF
AS
S-CSCF
I-CSCF
IBCF
P-CSCF
Transport
Layer
IP network
AS
Application Server
CSCF
HSS
IBCF
I-BGF
I-CSCF
Interrogating-CSCF
P-CSCF
Proxy-CSCF
S-CSCF
Serving-CSCF
SLF
I-BGF
Others IMS
Networks
Annexes
IMS
WiMAX Access
IMS Core
Control Layer
P-CSCF
Transport Layer
Access Transport
PEF
Network
BS
9700 WiMAX E2E Architecture 180
WAC
All Rights Reserved Alcatel-Lucent @@YEAR
Annexes
IMS: P-CSCF
Entry point of
the IMS
IMS
network for UE
P-CSCF
Access Network
Internet
Alcatel-Lucent LAN
http
proxy
9700 WiMAX E2E Architecture 181
Annexes
IMS: S-CSCF
HSS
I-CSCF
S-CSCF
Other IMS
Network
P-CSCF
VMSC/VLR
Access Network
HLR
AuC
GMSC
Circuit
networks
BTS
BSC
Annexes
IMS: HSS
HSS
I-CSCF
S-CSCF
Other IMS
Network
P-CSCF
AuC
Access Network
HLR
VMSC/VLR
Circuit
networks
BTS
BSC
GMSC
Annexes
IMS: SIP
User Agent Client:
Entity that creates and process new request,
User Agent
(ex: Endpoints)
Registrar:
Stores endpointss adresses ("location service"),
Redirect server:
Forward to the caller a set of callees addresses (contacts) thanks to the
location service
Annexes
IMS: SIP
Annexes
IMS: SIP
sip:erwan@orange.fr is reachable at
192.0.2.101
Location DB
Location DB
Registrar
REGISTER
sip:erwan@orange.com
192.0.2.101
Registrar
Proxy
Proxy
UE
UE
INVITE sip:christophe@sfr.fr
Im calling Christophe
sfr.fr
orange.fr
9700 WiMAX E2E Architecture 186
Annexes VLAN
Annexes
Sell
s
R&
D Fi
nan
ces
R&
D
Hub1
R&
D
Hub2
LAN1
Sell
st
r
po
Im C
R&
D
sells
Hub4
Hub3
B
A
t
art
p
de
rt
o
p B
Ex
R&
D
Hub5
LAN3
X
Fina
nces
Fina
nces
Hub6
W
LAN2
R&
D
Router
Annexes
VLAN: Concept
VLAN2
VLAN1
Switch
1
VLAN-Aware Switches
Switch
2
Y
C
W
VLAN3
A VLAN comprises a set of stations ( defined by the VLAN association rules in effect) together with the links and
switches needed to interconnect them.
Virtual LAN (VLAN) technology allows us to separate the logical connectivity from the physical connectivity. Users
are still connected via physical cables to physical wiring devices, but the connectivity view from the station or
application perspective is no longer restricted to the bounds of this physical topology. That is, the set of
stations or applications that can directly communicate as if on a common LAN can be controlled through
software configuration of the switches and/or the end stations in the LAN. The LAN is virtual in that a set of
stations and applications can behave as if they are connected to a single physical LAN when in fact they are
not.
A VLAN is a flexible group of devices that can be located anywhere in a network, but they communicate as if they
are on the same physical segment. With VLANs, you can segment your network without being restricted by
physical connections a drawback of traditional network design. As an example, with VLANs you can segment
your network according to:
Departmental groups For example, you can have one VLAN for the Marketing department, another for the
Finance department, and another for the Development department.
Hierarchical groups For example, you can have one VLAN for directors, another for managers, and another
for general staff.
Usage groups For example, you can have one VLAN for users of e-mail, and another for users of
multimedia.
To achieve this flexibility, we must use switches rather than shared bandwidth (repeater) hubs for our device
interconnections. Furthermore, the switches need to be VLAN ; they must include a set of features and
capabilities beyond those of the VLAN switches considered up to now. It is these additional capabilities that
allow us to configure the logical connectivity as appropriate for the user's application environment.
All Rights Reserved Alcatel-Lucent @@YEAR
TMO18005
9700 W4 End-to-End Architecture Page 189
Annexes
VLAN: Security
VLAN2
VLAN1
Switch
1
Switch
2
Y
C
W
VLAN3
When using a shared-bandwidth (non-switched) LAN, there is no inherent protection provided against unwanted
eavesdropping. Indeed, this is often used as a generic complaint against shared LANs; any user can, using
software on a conventional personal computer, capture and inspect every frame on the LAN, regardless of the
intended destination.
A malicious user on a shared LAN can also induce problems by sending lots of traffic to specific targeted users
(i.e., overloading their network interfaces and LAN software with huge amounts of spurious traffic, resulting in
performance degradation, undesired behavior, or system crashes) or the network as a whole (using spurious
broadcasts). The only cure is to physically isolate the offending user
By creating logical partitions with VLAN technology, we further enhance the protections against both unwanted
eavesdropping and spurious transmissions. A properly implemented port-based VLAN allows free communication
among the members of a given VLAN, but does not forward traffic among switch ports associated with members
of different VLANs. This isolation accrues both to unicast and multicast traffic.
The VLAN configuration is providing traffic isolation, even among ports on the same switch. This is true for
multicast and unknown unicast traffic as well. While a conventional switch forwards all multicast and unknown
unicast traffic to all ports except that on which the traffic arrived, a properly-configured VLAN-aware switch
will forward such traffic only to those ports ( except for the arrival port, of course) that contain members of
the VLAN associated with that traffic.
Users can eavesdrop only on the multicast and unknown unicast traffic within their own VLAN ; presumably the
configured VLAN comprises a set of logically related users (e.g., a company department). It is no longer possible
to eavesdrop on traffic from other departments. Similarly, while it is still possible to inject malicious traffic,
such traffic should only propagate among switch ports within a single VLAN, and thus any network disruption is
localized. Of course, this improvement in security is achieved through a reduction in connectivity; it is no
longer possible to communicate directly (Le., at the Data Link layer) between stations in disjoint VLANs, even
though they are connected to a common switched LAN. (Communication can still be achieved at Network layer
through a router.)
Annexes
VLAN
A
Sell
s
R&
D F
inan
ces
R&
D
R&
D
1 2 3 4 5 6
SwitchSwitch-A 0
Port
1
2
3
4
5
6
0
0
0
rtm
pa
e
d
ort B
p
Ex
vlan
1
3
2
2
2
2
1
2
3
Sell
ts
r
po
m
C
I
R&
D
sells
Port
1
2
3
4
5
6
0
0
0
vlan
1
2
1
2
3
3
1
2
3
R&
D
R&
D
0 1 2 3 4 5
SwitchSwitch-B 6
9 8 7
X
Fina
nces
Y
Fina
nces
Annexes
VLAN
Destination Address
Source Address
Ethertype
= 0x8100
MAC Length/Type
Data
MAC Length/Type
PAD
Data
FCS
PAD
FCS
VID
802.1p
User priority Acronym
1
BK
2
0 (Default)
BE
3
EE
4
CL
5
VI
6
VO
7
NC
The tagging scheme proposed by the 802.3ac standard suggests the addition of the four octets after the source
MAC address. Their presence is indicated by a particular value of the EtherType field (called TPID), which has
been fixed to be equal to 0x8100.
When a frame has the EtherType equal to 0x8100, this frame carries the tag IEEE 802.1Q/802.1p.
The tag is stored in the following two octets and it contains :
CFI : Canonical Format Identifier (1 bit ), Canonical format refers to the bit ordering (Little or Big Endian) of
the bytes within a frame. The CFI is used for compatibility reasons between Ethernet-type networks and
Token Ring-type networks. Data within Ethernet frames is normally sent using canonical (Little Endian) bit
order (CFI=0). Token Ring frames normally send data using non-canonical (Big Endian) bit order (CFI=1).
VLAN ID (12 bits ). The VID is the identification of the VLAN, which is basically used by the 802.1Q standard;
being on 12 bits, it allows the identification of 4096 VLANs.
User Priority (3 bits) is used by the 802.1p standard. The priority field is actually unrelated to the use of tags
for VLAN identification; it is not there for VLAN purposes at all. (see note 1)
After the two octets of TPID and the two octets of the Tag Control Information field there are two octets that
originally would have been located after the Source Address field where there is the TPID. They contain either
the MAC length in the case of IEEE 802.3 or the EtherType in the case of Ethernet version 2.
Note 1 : Priority - Some LAN technologies have the native ability to carry user priority information (e.g., IEEE
802.4 Token Bus); others (such as Ethernet) don' have this capability. Therefore, it made sense to provide the
means to add explicit priority information to frames for use in those technologies with. out native priority
support. However, it seemed unreasonable to provide two types of tags, one for priority information and
another for VLAN identification; the two functions were therefore combined into a single tag. Thus, the
802.1Q VLAN tag carries priority information, which is actually there for the benefit of IEEE 802.1p (priorityaware) switches. A side benefit of this approach was that the tag format could be specified in just one place
(802.1Q), rather than having its semantic definitions spread out over multiple standards.
Note 2 : Adding a tag in a frames implies that the FCS field has to be recomputed
Annexes
VLAN
Physical connection
Switch 1
Switch 2
vlan1
vlan3
vlan3
W
vlan2
vlan2
Virtual
connections
Physical
connection
4
9700 WiMAX E2E Architecture 193
vlan1
All Rights Reserved Alcatel-Lucent @@YEAR
There are two methods for identifying the VLAN membership of a given frame:
Parse the frame and apply the membership rules. This is sometimes referred to as implicit tagging. A frame's VLAN
association can always be inferred by inspecting the frame contents and applying the complete set of VLAN association
rules for the LAN. Typically, this form of VLAN determination is made by an edge switch the forwarding behavior of the
switch is, in part, determined by the resulting VLAN association of the frame.
Provide an explicit VLAN identifier within the frame itself This is known as explicit tagging (or sometimes just tagging). A
VLAN-aware end station or switch can declare the VLAN association through the use of a predefined tag field carried
within the frame.
implicit Tags
The name notwithstanding, there are no tags involved with implicit tagging An implicitly tagged frame is a normal, unmodified
frame as emitted by any conventional end station or switch. The VLAN association is implied by the frame contents and is a
function of the VLAN rules particular to the application environment. The VLAN association may be a function of:
- Data Link Source Address
- Protocol type
Annexes
VLAN
A
Sell
s
R&
DF
inan
ces
R&
D
Port
1
2
3
4
5
6
0
0
0
vlan
1
3
2
2
2
2
1
2
3
R&
D
1 2 3 4 5 6
SwitchSwitch-A 7
rtm
pa
e
d
ort B
p
Ex
Sell
s
R&
ort
D
p
Im C
R&
D
ells
Port
1
2
3
4
5
6
0
0
0
vlan
1
2
1
2
3
3
1
2
3
R&
D
1 2 3 4 5
Switch-B 6
0 Switch9 8 7
X
Fina
nces
Y
Fina
nces
O
O1
O2
A
A1
A2
P
P1
P2
B
B1
B2
Q
Q1
Q2
C
C1
C2
R
R1
R2
D
D1
D2
S
S1
S2
E
E1
E2
T
T1
T2
F
F1
F2
9700 WiMAX
E2E Architecture
196 F1
Full
Writing
of Term
Full Writing of Term F2
U
U1
U2
G
G1
G2
V
V1
V2
H
H1
H2
W
W1
W2
I
I1
I2
X
X1
X2
J
J1
J2
Y
Y1
Y2
K
K1
K2
Z
Z1
Z2
L
L1
L2
M
M1
M2
N
N1
N2
Glossary
#
#1
#2
Explanation of Term #1
Explanation of Term #2
A
A1
A2
Explanation of Term A1
Explanation of Term A2
B
B1
B2
Explanation of Term B1
Explanation of Term B2
C
C1
C2
Explanation of Term C1
Explanation of Term C2
D
D1
D2
Explanation of Term D1
Explanation of Term D2
E
E1
E2
Explanation of Term E1
Explanation of Term E2
F
F1
F2
Explanation of Term F1
Explanation of Term F2
G
G1
G2
Explanation of Term G1
Explanation of Term G2
H
H1
H2
Explanation of Term H1
Explanation of Term H2
I
I1
I2
Explanation of Term I1
Explanation of Term I2
J
J1
J2
Explanation of Term J1
Explanation of Term J2
K
K1
K2
Explanation of Term K1
Explanation of Term K2
L
L1
L2
Explanation of Term L1
Explanation of Term L2
M
M1
M2
Explanation of Term M1
Explanation of Term M2
Glossary [cont.]
N
N1
N2
Explanation of Term N1
Explanation of Term N2
O
O1
O2
Explanation of Term O1
Explanation of Term O2
P
P1
P2
Explanation of Term P1
Explanation of Term P2
Q
Q1
Q2
Explanation of Term Q1
Explanation of Term Q2
R
R1
R2
Explanation of Term R1
Explanation of Term R2
S
S1
S2
Explanation of Term S1
Explanation of Term S2
T
T1
T2
Explanation of Term T1
Explanation of Term T2
U
U1
U2
Explanation of Term U1
Explanation of Term U2
V
V1
V2
Explanation of Term V1
Explanation of Term V2
W
W1
W2
Explanation of Term W1
Explanation of Term W2
X
X1
X2
Explanation of Term X1
Explanation of Term X2
Y
Y1
Y2
Explanation of Term Y1
Explanation of Term Y2
Z
Z1
Z2
Explanation of Term Z1
Explanation of Term Z2
End of Module