Beruflich Dokumente
Kultur Dokumente
Area Networ V11.0.0!WLAN" (2012-09) interwor in#; Technical Specification System description !$elease %%"
3GPP TS 23.234
The present document has been developed within the 3rd Generation Partnership Project (3GPP TM) and may be further elaborated for the purposes of 3GPP. The present document has not been subject to any approval process by the 3GPP Or ani!ational Partners and shall not be implemented. This "pecification is provided for future development wor# within 3GPP only. The Or ani!ational Partners accept no liability for any use of this "pecification. "pecifications and reports for implementation of the 3GPP TM system should be obtained via the 3GPP Or ani!ational Partners$ Publications Offices.
$elease %%
&
%eywords
LTE, UMTS, radio, LAN, inter or!in"
&nternet
+tt*/33 .3"**.or"
Copyright Notification 'o part may be reproduced e(cept as authori!ed by written permission. The copyri ht and the fore oin restriction e(tend to reproduction in all media.
) *+,*- 3GPP Or ani!ational Partners (./&0- .T&"- 11".- 2T"&- TT.- TT1). .ll ri hts reserved. 3MT"4 is a Trade Mar# of 2T"& re istered for the benefit of its members 3GPP4 is a Trade Mar# of 2T"& re istered for the benefit of its Members and of the 3GPP Or ani!ational Partners 5T24 is a Trade Mar# of 2T"& currently bein re istered for the benefit of its Members and of the 3GPP Or ani!ational Partners G"M6 and the G"M lo o are re istered and owned by the G"M .ssociation
3GPP
$elease %%
.ontent'
1ontents....................................................................................................................................................3 7oreword...................................................................................................................................................8 , "cope......................................................................................................................................................9 * /eferences..............................................................................................................................................9 3 :efinitions- symbols and abbreviations................................................................................................,+
3., :efinitions............................................................................................................................................................,+ 3.* "ymbols................................................................................................................................................................,, 3.3 .bbreviations.......................................................................................................................................................,,
; <5.' /adio networ#s interwor#in with 3GPP................................................................................,* = >i h?level /e@uirements and Principles..............................................................................................,3
=., .ccess 1ontrol.....................................................................................................................................................,3 =.,., <5.' &mpacts.................................................................................................................................................,3 =.,.* 2(istin 3GPP 2lement &mpacts.......................................................................................................................,; =.,.3 /e@uirements for <5.' :irect &P .ccess......................................................................................................,; =.,.; /e@uirements for <5.' 3GPP &P .ccess.......................................................................................................,; =.,.;., /e@uirement for private networ# access from <5.' 3GPP &P .ccess.......................................................,= =.,.;.* /e@uirements for "upport of &M" 2mer ency 1alls.....................................................................................,= =.,.= <5.' .ccess .uthori!ation...........................................................................................................................,A =.,.A 3GPP <5.' .ttach.........................................................................................................................................,A =.* Boid ,8 =.3 3ser &dentity.........................................................................................................................................................,8 =.3., General ,8 =.3.* '.& 3sername..................................................................................................................................................,8 =.3.3 '.& /ealm 'ame..............................................................................................................................................,8 =.3.; '.& decoration for roamin ..............................................................................................................................,8 =.3.= '.& decoration for &M" 2mer ency 1all "ervice............................................................................................,9 =.; 'etwor# .dvertisement and "election.................................................................................................................,9 =.;., :escription of the issue.....................................................................................................................................,9 =.;.* &?<5.' .ccess 'etwor# .dvertisement and "election..................................................................................,C =.;.*., 1ase of &222 9+*.,, <5.'s.......................................................................................................................,C =.;.*.,., General ,C =.;.*.,.* <5.' .ccess 'etwor# .dvertisement.....................................................................................................*+ =.;.*.,.3 &?<5.' .ccess 'etwor# "election...........................................................................................................*+ =.;.*.* 1ase of other <5.'s....................................................................................................................................*, =.;.3 P5M' .dvertisement and "election................................................................................................................*, =.;.3., General *, =.;.3.* 'etwor# .dvertisement.................................................................................................................................*, =.;.3.3 'etwor# "election..........................................................................................................................................*, =.= .uthentication methods.......................................................................................................................................** =.A "ervice .uthori!ation Principles for <5.' 3GPP &P .ccess............................................................................** =.A., .ccessin >ome 'etwor# provided services...................................................................................................** =.A.* .ccessin Bisited 'etwor# provided services..................................................................................................*3 =.A.3 2(ternal &P 'etwor# selection..........................................................................................................................*3 =.8 &P 1onnectivity for <5.' 3GPP &P .ccess.......................................................................................................*3 =.8., Principles...........................................................................................................................................................*3 =.8.* Tunnellin /e@uirements..................................................................................................................................*; =.8.3 Boid *; =.9 /oamin re@uirements for <5.' 3GPP &P .ccess...........................................................................................*; =.C /outin 2nforcement and Policy 2nforcement for <5.' 3GPP &P .ccess......................................................*= =.C., Purpose for routin enforcement and policy enforcement................................................................................*= =.C.* /outin 2nforcement in the <5.' .'..........................................................................................................*= =.C.3 /outin enforcement and policy 2nforcement in the >P5M'........................................................................*= =.C.; /outin enforcement and policy 2nforcement in the BP5M'........................................................................*=
3GPP
$elease %%
=.,+ &P address allocation for the <5.' 32............................................................................................................*= =.,+., General............................................................................................................................................................*= =.,+.* "tatic and :ynamic /emote &P .ddress.........................................................................................................*A =.,, 1har in .............................................................................................................................................................*A =.,* ... Protocol /e@uirements.............................................................................................................................*8 =.,3 Do" "upport.......................................................................................................................................................*8 =.,3., General............................................................................................................................................................*8 =.,3.* 3se of 1o" based :iff"erv for providin Do" over &?<5.' usin <5.' 3GPP &P .ccess.....................*9 =.,3.3 Do" re@uirements on the architecture.............................................................................................................*9
A &nterwor#in .rchitecture....................................................................................................................*9
A., /eference Model..................................................................................................................................................*9 A.,., 'on /oamin <5.' &nter?wor#in /eference Model...................................................................................*C A.,.* /oamin <5.' &nter?wor#in /eference Model...........................................................................................*C A.* 'etwor# elements.................................................................................................................................................3, A.*., <5.' 32........................................................................................................................................................3, A.*.,., Boid 3* A.*.* 3GPP ... Pro(y.............................................................................................................................................3* A.*.3 3GPP ... "erver............................................................................................................................................33 A.*.; >5/E>""..........................................................................................................................................................33 A.*.= <5.' .ccess Gateway...................................................................................................................................3; A.*.=., Policy 2nforcement........................................................................................................................................3= A.*.=.* Boid 3= A.*.A Pac#et :ata Gateway........................................................................................................................................3= A.*.8 "ubscription 5ocator 7unction ("57)...............................................................................................................3A A.*.9 Offline 1har in "ystem...................................................................................................................................3A A.*.C Online 1har in "ystem...................................................................................................................................3A A.3 /eference Points...................................................................................................................................................38 A.3., <a reference point............................................................................................................................................38 A.3.,., General description........................................................................................................................................38 A.3.,.* 7unctionality..................................................................................................................................................38 A.3.* <( reference point............................................................................................................................................38 A.3.3 :$EGr$ reference point........................................................................................................................................39 A.3.; <o reference point............................................................................................................................................39 A.3.= <f reference point.............................................................................................................................................39 A.3.A < reference point............................................................................................................................................3C A.3.8 <n reference point............................................................................................................................................3C A.3.9 <p reference point............................................................................................................................................3C A.3.C <i reference point.............................................................................................................................................3C A.3.,+ <m reference point.........................................................................................................................................3C A.3.,, <d reference point..........................................................................................................................................;+ A.3.,,., General description......................................................................................................................................;+ A.3.,,.* 7unctionality................................................................................................................................................;+ A.3.,* <u reference point..........................................................................................................................................;+ A.3.,3 <w reference point.........................................................................................................................................;, A.3.,3., General :escription.....................................................................................................................................;, A.3.,3.* 7unctionality................................................................................................................................................;, A.3.,; :w reference point..........................................................................................................................................;, A.3.,= <y reference point..........................................................................................................................................;, A.3.,A <! reference point..........................................................................................................................................;, A.; Protocols...............................................................................................................................................................;, A.;., /emote &P 5ayer...............................................................................................................................................;* A.;.* Tunnellin layer................................................................................................................................................;* A.;.3 Transport &P 5ayer............................................................................................................................................;* A.= <5.' user profile..............................................................................................................................................;*
8 Procedures............................................................................................................................................;3
8., &?<5.' and BP5M' "election Procedure........................................................................................................;3 8.,., &nitial networ# selection....................................................................................................................................;3 8.,.* 'etwor# re?selection.........................................................................................................................................;3 8.* <5.' .ccess .uthentication and .uthorisation...............................................................................................;; 8.3 "ubscriber Profile 3pdate....................................................................................................................................;A
3GPP
$elease %%
8.3.+ <5.' :irect .ccess .uthori!ation information update procedure................................................................;A 8.3., .ccess and service .uthori!ation information update procedure.....................................................................;8 8.; 1ancellin <5.' /e istration...........................................................................................................................;9 8.= :isconnectin a "ubscriber by <5.'................................................................................................................;C 8.A :isconnectin a "ubscriber by Online 1har in "ystem....................................................................................=+ 8.A., The O1" initiated <5.' .' access disconnection.......................................................................................=+ 8.A.* The O1" initiated tunnel disconnection...........................................................................................................=, 8.8 1har in offline char ed subscribers...................................................................................................................=* 8.9 1har in online char ed subscribers...................................................................................................................=3 8.C <?.P' resolution and Tunnel establishment......................................................................................................=; 8.C., Boid =8 8.C.* "ubse@uent authentication.................................................................................................................................=8 8.C.3 3se of :'".......................................................................................................................................................=8 8.C.; "ubse@uent tunnel establishment......................................................................................................................=8 8.,+ Tunnel disconnection procedures.......................................................................................................................=8 8.,+., <5.' 32 initiated tunnel disconnection......................................................................................................=9 8.,+.* The networ# initiated tunnel disconnection....................................................................................................=C 8.,+.3 :isconnection of the last tunnel for a <5.' 32..........................................................................................=C 8.,, The <5.' 32 initiated <5.' .' .ccess disconnection.............................................................................A+ 8.,* 3ser identity to >"" resolution..........................................................................................................................A+ 8.,*., General............................................................................................................................................................A+ 8.,*.* "57 @uery........................................................................................................................................................A, 8.,3 :isconnectin a "ubscriber by the 2(ternal ... "erver.................................................................................A* 8.,3., The 2(ternal ... "erver initiated tunnel disconnection...............................................................................A*
Annex A (informative): Void........................................................................................................63 Annex B (informative): Void........................................................................................................64 Annex C (informative): Possible interworking ar !ite t"res between #$A% A% and P$&% ................................................................................................................6' 1., <5.' shared by (or connected to) multiple &"Ps and P5M's.......................................................A= 1.* /outin pac#ets from <5.' 32 when <5.' .' is connected to multiple BP5M'sE&"Ps and it provides direct &nternet access......................................................................................................A=
1.*., "eparatin traffic for different BP5M's.........................................................................................................A= 1.*.* /outin the traffic.............................................................................................................................................AA 1.*.3 "eparatin traffic to different BP5M's usin a combined :'"E'.T approach............................................A8
3GPP
$elease %%
1.3 <5.' .' e(clusively owned by and connected to a sin le P5M'...............................................AC 1.; <5.' .' connected to a sin le &"P..............................................................................................AC Annex ( (normative): )!ort &essage )ervi e..........................................................................*+ :., .rchitecture for support of "M"......................................................................................................8+ :.* Boid..................................................................................................................................................8+ :.3 Boid..................................................................................................................................................8+ Annex , (informative): Void........................................................................................................*Annex . (normative): /nformation on re0"sing t!e 11)% to im2lement t!e P(1 f"n tion*3 7., &ntroduction.......................................................................................................................................8* 7.* Mappin between 2*2 tunnel and GTP tunnel.................................................................................83
7.*., General..............................................................................................................................................................83 7.*.* 'o re?use of policy control functionality in the GG"'....................................................................................83 7.*.3 /e?use of policy control functionality in the GG"'........................................................................................83 7.*.3., 3sa e of :iff"erv mar#in of the GTP tunnel..............................................................................................83 7.*.3.* 3sa e of Do" profile of the GTP tunnels......................................................................................................8;
7.; Boid..................................................................................................................................................89
7.= Tunnel Terminatin Gateway (TTG) functionality.............................................................................................89
Annex 1: Void...............................................................................................................................4+ Annex 5 (informative): #ork in ot!er bodies............................................................................4>., Do" Mappin ...................................................................................................................................9, >.* <MM specifications from <i?7iTM .lliance.................................................................................9* >.3 9+*.,: specifications from &222.....................................................................................................9* >.; &/ 3; specifications from G"M......................................................................................................93 Annex / (informative): C!ange !istor6......................................................................................44
3GPP
$elease %%
-ore ord
This Technical "pecification has been produced by the 3rd Generation Partnership Project (3GPP). The contents of the present document are subject to continuin wor# within the T"G and may chan e followin formal T"G approval. "hould the T"G modify the contents of the present document- it will be re?released by the T"G with an identifyin chan e of release date and an increase in version number as followsF Bersion (.y.! whereF ( the first di itF , presented to T"G for informationG * presented to T"G for approvalG 3 or reater indicates T"G approved document under chan e control. y the second di it is incremented for all chan es of substance- i.e. technical enhancements- correctionsupdates- etc. ! the third di it is incremented when editorial only chan es have been incorporated in the document.
3GPP
$elease %%
S(o*e
This document specifies system description for interwor#in between 3GPP systems and <ireless 5ocal .rea 'etwor#s (<5.'s). This specification is not limited to <5.' technolo ies. &t is also valid for other &P based .ccess 'etwor#s that support the same capabilities towards the interwor#in system as <5.' does. The intent of 3GPPH<5.' &nterwor#in is to e(tend 3GPP services and functionality to the <5.' access environment. The 3GPPH<5.' &nterwor#in "ystem provides bearer services allowin a 3GPP subscriber to use a <5.' to access 3GPP P" based services. This specification defines a 3GPP system architecture and procedures to do the followin F ? ? ? ? Provide .ccess- .uthentication and .uthorisation (...) services to the 3GPP?<5.' &nterwor#in "ystem based on subscription. Provide access to the locally connected &P networ# (e. . the &nternet) if allowed by subscription. Provide <5.' 32s with &P bearer capability to the operator$s networ# and P" "ervices- if allowed by subscription. Provide <5.' 32s with &P bearer capability to access &M" 2mer ency calls for both 3&11 and 3&11?less cases.
%e4eren(e'
/eferences are either specific (identified by date of publication- edition number- version number- etc.) or non?specific. 7or a specific reference- subse@uent revisions do not apply. 7or a non?specific reference- the latest version applies. &n the case of a reference to a 3GPP document (includin a G"M document)- a non?specific reference implicitly refers to the latest version of that document in the same Release as the present document. I,J I*J I3J I;J I=J IAJ I8J I9J ICJ I,+J I,,J I,*J I,3J void. void. void. void. 3GPP T" *3.++3F K'umberin - addressin and identificationK. 3GPP T" *3.+;+F KTechnical /ealisation of the "hort Messa e "ervice ("M")K. 3GPP T" *3.+A+F KGP/"G "ervice descriptionK. void. 3GPP T" *;.*3;F K3GPP "ystem to <5.' &nterwor#in G 32 to 'etwor# protocolsG "ta e 3K. 3GPP T" *C.++*F KMobile .pplication Part (M.P) specificationK. void. void. 3GPP T" 3*.*=,F KTelecommunication mana ementG 1har in mana ementG Pac#et "witched (P") domain char in K.
The followin documents contain provisions which- throu h reference in this te(t- constitute provisions of the present document.
3GPP
$elease %%
3GPP T" 33.*3;F K<5.' &nterwor#in "ecurityK. 3GPP T" *3.,*=F KOverall >i h 5evel 7unctionality and .rchitecture &mpacts of 7low 0ased 1har in K. void. &2T7 /71 ;*9*F KThe 'etwor# .ccess &dentifierK. void. &222 "td 9+*.,L?*++,F 5&222 "tandard for 5ocal and metropolitan area networ#sM Port?0ased 'etwor# .ccess 1ontrolK. &2T7 /71 ;*9;F K&dentity "election >ints for the 2(tensible .uthentication Protocol (2.P)K. &222 "td 9+*.,,?,CCC- 5ocal and metropolitan area networ#sM"pecific re@uirementsMPart ,,F <ireless 5.' Medium .ccess 1ontrol (M.1) and Physical 5ayer (P>N) specifications- &222"ep. ,CCC. &2T7 /71 ;,98F K2(tensible .uthentication Protocol Method for 3rd Generation .uthentication and %ey . reement (2.P?.%.)K. &2T7 /71 ;,9AF K2(tensible .uthentication Protocol Method for Global "ystem for Mobile 1ommunications (G"M) "ubscriber &dentity Modules (2.P?"&M)K. 3GPP T" *3.**9F K &P Multimedia "ubsystem (&M")G "ta e *K. 3GPP T" **.*3;F K/e@uirements on 3GPP system to <ireless 5ocal .rea 'etwor# (<5.') interwor#in K. 3GPP T" 3*.*=*F KTelecommunication mana ementG 1har in mana ementG <ireless 5ocal .rea 'etwor# (<5.') char in K. 3GPP T" 3*.*CAF KTelecommunication mana ementG 1har in mana ementG Online 1har in "ystem (O1") applications and interfacesK. 3GPP T" *C.+A+F KGP/"G GTP across the Gn and Gp interfaceK. 3GPP T" *3.++9F KOr ani!ation of subscriber dataK. 3GPP T/ *,.C+=F KBocabulary for 3GPP "pecificationsK. 3GPP T" *3.++*F K'etwor# architectureK. &2T7 /71 ;83CF K Multiple .uthentication 2(chan es in the &nternet %ey 2(chan e (&%2v*) ProtocolK. 3GPP T" *3.,+8F K3rd Generation Partnership ProjectG Technical "pecification Group "ervices and "ystem .spectsG Duality of "ervice (Do") concept and architecture K. &222 9+*.,:- ,CC9 2dition (&"OE&21 ,=9+*?3F,CC9)F K&222 "tandard for &nformation technolo y??Telecommunications and information e(chan e between systems??&222 standard for local and metropolitan area networ#s??1ommon specifications??Media access control (M.1) 0rid esK. &222 9+*.,,eF K&222 "tandard for &nformation Technolo y ? Telecommunications and &nformation 2(chan e 0etween "ystems ? 5ocal and Metropolitan .rea 'etwor#s ? "pecific /e@uirements ? Part ,,F <ireless 5.' Medium .ccess 1ontrol (M.1) and Physical 5ayer (P>N) "pecifications ? .mendmentF Medium .ccess Method (M.1) Duality of "ervice 2nhancementsK. 3GPP T" *3.*+3F K3rd Generation Partnership ProjectG Technical "pecification Group "ervices and "ystem .spectsG Policy and 1har in 1ontrol .rchitectureK. &2T7 /71 *;8=F K.n .rchitecture for :ifferentiated "ervicesK.
I**J I*3J I*;J I*=J I*AJ I*8J I*9J I*CJ I3+J I3,J I3*J I33J I3;J
I3=J
I3AJ I38J
3GPP
$elease %%
%*
I39J I3CJ
&2T7 /71 *;8;F K:efinition of the :ifferentiated "ervices 7ield (:" 7ield) in the &Pv; and &PvA >eadersK. 3GPP T" *3.*+;F K3rd Generation Partnership ProjectG Technical "pecification Group "ervices and "ystem .spectsG "upport of "M" and MM" over eneric 3GPP &P accessK.
3.1 6e4inition'
7or the purposes of the present document- the terms and definitions defined in T/ *,.C+= I3+J and the followin applyF Available ))/(: .n ""&: that the <5.' 32 has found after active andEor passive scannin which meets certain conditions as specified in &222 9+*.,, I,CJ. 31PP 0 #$A% /nterworking: 3sed enerically to refer to interwor#in between the 3GPP system and the <5.' family of standards. .nne( 0 includes e(amples of <5.' /adio 'etwor# Technolo ies. 31PP #$A% 7o) 2rofile: 3GPP defined Do" profile for &?<5.' access. (ifferentiated )ervi es .ield (() .ield): The &Pv; header TO" octet or the &PvA Traffic 1lass octet when interpreted in conformance with the definition iven in &2T7 /71 *;8; I39J. ,xternal AAA )erver: The ... "erver is located in the e(ternal pac#et data networ#s. The P:G interwor#s with the 2(ternal ... "erver via the <i reference point. ,xternal /P %etwork8,xternal Pa ket (ata %etwork: .n &P or Pac#et :ata networ# with access provided by the 3GPP H <5.' &nterwor#in - rather than directly from the <5.' .'. 5ome #$A%: . <5.' which interwor#s with the >P5M' without usin a BP5M'. /nterworking #$A% (/0#$A%): . <5.' that interwor#s with a 3GPP system. /0#$A% sele tion: Procedure to select a specific &?<5.' from the available &?<5.'s. $o al )ervi e /dentifier: .n identifier used within the 3GPP system for a service available directly from the &?<5.'for e(ample &nternet access or access to a specific corporate networ#. 9ffline !arging: Mechanism for collectin and forwardin char in information concernin &?<5.' and core networ# resource usa e without affectin the service rendered in real?time. 9nline !arging: Mechanism for collectin and forwardin char in information concernin &?<5.' and core networ# resource usa e where the service may be affected in real?time. Poli 6 ,nfor ement: 7unctionality implemented in a <.G to ensure pac#ets comin from or oin to the <5.' .' are allowed based on unencrypted data within the pac#ets. (e. . source and destination &P address and port number). Private network a ess from #$A% 31PP /P A ess: 32 access to an e(ternal &P networ# via a P5M' via a tunnel. This is one of the <5.' 3GPP &P access. <hile the <5.' 3GPP &P access only performs user authentication and authori!ation with 3GPP ... server- this access performs authentication and authori!ation with e(ternal server via P:G in addition to the authentication and authori!ation with 3GPP ... server. P) based servi es: General term to refer to the services provided by a P5M' usin the &P bearer capability between a <5.' 32s and the P5M' when <5.' 3GPP &P .ccess is used. 2(amples include bearer services such as &nternet access- and 1orporate &P networ# access and hi her level services such as "M" and 51". :e;"ested #0AP%: The <?.P' re@uested by the user. :o"ting ,nfor ement: /outin 2nforcement ensures all pac#ets sent toEfrom the <5.' 32 for 3G P" based service are routed to the interwor#in BP5M' (roamin case) or >P5M' (no roamin case). /outin 2nforcement is implemented between a <5.' .' and a <.G. )ele ted #0AP%: The <?.P' selected by the networ# as a result of the <5.' ?32 subscriber re@uest.
3GPP
$elease %%
%%
)ervi e A"t!ori<ation: .uthori!ation allowin a subscriber to access the re@uested service based on subscription. ="nnel /dentifier: &dentifier of a tunnel between a <5.' 32 and a P:G. &t is contained in the unencrypted part of a pac#et. >ser /dentifier: &dentifier of a user which may be used- for e(ample- in char in functionality. #$A% A ess Point %ame (#0AP%): &s used to identify a specific &P networ# and a point of interconnection to that networ# (Pac#et :ata Gateway). #$A% 31PP /P A ess: .ccess to an &P networ# via a P5M' via a tunnel. . related term is <5.' :irect &P .ccess. #$A% overage: The area where a <5.' 32 can connect to a <5.'. #$A% (ire t /P A ess: .ccess to an &P networ# directly from a <5.' .' without passin data to a P5M' via a tunnel. . related term is <5.' 3GPP &P .ccess. #$A% >,?s lo al /P address: The address used to deliver a pac#et to a <5.' 32 in a <5.' .'. &t identifies the <5.' 32 in the <5.' .'. The <5.' 32$s local &P address may be translated by a 'etwor# .ddress Translation prior to bein received by any other &P networ#- includin a P5M'. #$A% >,?s remote /P address: The address used by the data pac#et encapsulated inside the <5.' 32 to P:G tunnel. &t represents the address of the <5.' 32 in the networ# which the <5.' 32 is accessin via the P:G.
3.2 S78,o)'
7or the purposes of the present document the followin symbols applyF :$ :w Gr$ <a <d <f < <i <m <n <p <o <u <w <( <y <! /eference point between a pre?/A >""E>5/ and a 3GPP ... "erver /eference point between a 3GPP ... "erver and an "57 /eference point between a pre?/A >""E>5/ and a 3GPP ... "erver /eference point between a <5.' .ccess 'etwor# and a 3GPP ... "erverEPro(y (char in and control si nallin ) /eference point between a 3GPP ... Pro(y and a 3GPP ... "erver (char in and control si nallin ) /eference point between an Offline 1har in "ystem and a 3GPP ... "erverEPro(y /eference point between a 3GPP ... "erverEPro(y and <.G /eference point between a Pac#et :ata Gateway and an e(ternal &P 'etwor# /eference point between a Pac#et :ata Gateway and a 3GPP ... "erver or 3GPP ... pro(y /eference point between a <5.' .ccess 'etwor# and a <5.' .ccess Gateway /eference point between a <5.' .ccess Gateway and a Pac#et :ata Gateway /eference point between a 3GPP ... "erver and an O1" /eference point between a <5.' 32 and a Pac#et :ata Gateway /eference point between a <5.' 32 and a <5.' .ccess 'etwor# /eference point between an >"" and a 3GPP ... "erver /eference point between a P:G and an O1" /eference point between a P:G and an Offline 1har in "ystem
3.3 A,,re9iation'
... .15 .%. .P .P' 1o" :>1P :'" :"1P 2.P .uthentication- .uthorisation and .ccountin .ccess 1ontrol 5ist .uthentication and %ey . reement .ccess Point .ccess Point 'ame 1lass of "ervice :ynamic >ost 1onfi uration Protocol :omain 'ame "ystem :iff"erv 1ode Point 2(tensible .uthentication Protocol
3GPP
$elease %%
%&
7D:' GG"' GTP >5/ >P5M' >"" &222 &P &P?"M?G< &"P &?<5.' '.& '.T O1" P:. P:G P5M' "&M ""&: 32 3MT" 3"&M ""&: B5.' BP5M' <.G <?.P' <5.' <5.' .' <5.' 32 <MM
7ully Dualified :omain 'ame Gateway GP/" "upport 'ode GP/" Tunnellin Protocol >ome 5ocation /e ister >ome P5M' >ome "ubscriber "erver &nstitute of 2lectrical and 2lectronics 2n ineers &nternet Protocol &P "hort Messa e Gateway &nternet "ervice Provider &nterwor#in <5.' 'etwor# .ccess &dentifier 'etwor# .ddress Translation Online 1har in "ystem Personal :i ital .ssistant Pac#et :ata Gateway Public 5and Mobile 'etwor# "ubscriber &dentity Module "ervice "et &:entifier 3ser 2@uipment 3niversal Mobile Telecommunications "ystem 3MT" "&M "ervice "et &:entifier Birtual 5ocal .rea 'etwor# Bisited P5M' <5.' .ccess Gateway <5.' .P' <ireless 5ocal .rea 'etwor# <5.' .ccess 'etwor# <5.' 3ser 2@uipment <i?7iTM Multimedia
4
?
it+ 3GPP
This specification defines two new procedures in the 3GPP "ystemF <5.' .ccess- .uthentication and .uthorisation- which provides for access to the <5.' and the locally connected &P networ# (e. . &nternet) to be authenticated and authorised throu h the 3GPP "ystem. .ccess to a locally connected &P networ# from the <5.'- is referred to as <5.' :irect &P .ccess. <5.' 3GPP &P .ccess- which allows <5.' 32s to establish connectivity with 2(ternal &P networ#s- such as 3G operator networ#s- corporate &ntranets or the &nternet via the 3GPP system.
<5.' 3GPP &P .ccess should- as far as possible- be technically independent of <5.' .ccess .uthentication and .uthorisation. >owever- <5.' 3GPP &P .ccess to 2(ternal &P 'etwor#s from 3GPPH<5.' &nterwor#in "ystems shall be possible only if <5.' .ccess .uthenticationE.uthorisation has been completed first. 'OT2F The independence re@uirement does not preclude the possibility that the procedure <5.' GPP &P .ccess may rely on information derived in the procedure for <5.' .ccess .uthori!ation.
7i ure ;., illustrates <5.' networ#s from the point of view of 3GPP interwor#in . The Pac#et :ata Gateway supports <5.' 3GPP &P .ccess to 2(ternal &P networ#s. The <5.' includes <5.' access points and intermediate ... elements. &t may additionally include other devices such as routers. The <5.' 3ser 2@uipment (<5.' 32) includes all e@uipment that is in possession of the end user- such as a computer- <5.' radio interface adapter etc.
3GPP
$elease %%
%3
;ntranet 3 ;nternet
WLAN
3GPP PS 'er9i(e' (in()&din" a((e'' to internet)
3GPP ;P A((e''
1i#ure ('%2 Simplified WLAN Networ 3odel' The shaded area refers to WLAN 3GPP 4P Access functionality .s 3GPP?<5.' interwor#in concentrates on the interfaces between 3GPP elements and the interface between the 3GPP system and the <5.'- the internal operation of the <5.' is only considered in order to assess the impact of architecture optionsEre@uirements on the <5.'. 3GPP?<5.' interwor#in shall be independent of the underlyin <5.' /adio Technolo y.
3GPP
$elease %%
%(
? ? 0
&t shall be possible to indicate to the user of the results of authori!ation re@uests. The <5.' .ccess .uthori!ation mechanism shall be able chan e service provisionin dynamically- and inform the user and <5.' of any chan e. =rans2orting A"t!enti ation signalling over #$A% :adio /nterfa e: <5.' authentication si nallin is carried between <5.' 32 and <5.' .' by <5.' .ccess Technolo y specific protocols. To ensure multivendor interoperability these <5.' technolo y specific protocols shall conform to e(istin standards of the specific <5.' access technolo y. =rans2orting A"t!enti ation signalling between #$A% A% and 31PP network F <5.' .uthentication si nallin shall be transported between an6 #$A% A% and 31PP network by a standard protocol- which is independent of the specific <5.' technolo y utilised within the <5.' .ccess networ#. 1han es to the <5.' re@uired to support &M" 2mer ency 1alls should be supported- althou h these chan es are to be minimi!ed.
? ?
3GPP
$elease %%
%-
? ?
Duality of "ervice shall be supported when accessin these services via <5.'- althou h some limitations may e(ist because of the <5.' .'. . combined access capable user with the subscription for both services should be able to choose between K<5.' :irect &P .ccess onlyK or K<5.' 3GPP &P .ccessK. The <5.' 32 shall be able to detect if a 3GPPH<5.' does not support access to 3GPP P" based services.
:ata flows must be able to be routed to the >P5M' or the BP5M'- e. . accordin to subscription. The enforcement of this routin shall not rely on the <5.' 32 client. This routin enforcement may re@uire additional functionality in the <5.' .'
'OT2F 0
,nd to ,nd A"t!enti ation: <5.' .uthentication si nallin is e(ecuted between <5.' 32 and 3GPP ... "erver for the purpose of authenticatin the end?user and authori!in the access to the <5.' and 3GPP networ#. :etails of 2nd?to?2nd .uthentication is covered in T" 33.*3; I,;J. )ervi e )ele tion and A"t!orisation: The solution shall include means for securely deliverin service selection information from the <5.' 32 to the 3GPP ... "erver in the >ome 'etwor#. &f a user chooses to access the &nternet directly usin the local &P networ#- no service selection information is passed to the P5M'. &n all other cases- where <5.' 3GPP &P .ccess is desired- the service selection information shall contain the name of the <?.P' to which access is re@uested. The 3GPP ... "erver in the >ome networ# shall verify the users subscription to the indicated <?.P' a ainst the subscriber profile retrieved from >"". The 3GPP ... "erver selects a <?.P' based on the re@uested <?.P' and on the user$s subscriptionElocal policy. The service re@uest shall be indicated by a tunnel establishment re@uest from the <5.' 32 to the P:G. The P:G shall then see# authenticationEauthorisation from the 3GPP ... Pro(y or "erver in the same networ#. The results of the authorisation decision shall be communicated to the Bisited 'etwor#. .ll subscription?based authorisation decisions are made in the >ome networ#. &n the case of a re@uest for access to services provided in the Bisited 'etwor#- the 3GPP ... Pro(y shall also authorise access based on local policy.
? ? ?
$.1.4.1
%e=&ire8ent 4or *ri9ate net or! a((e'' 4ro8 :LAN 3GPP ;P A((e''
The followin re@uirements should be satisfied by the <5.' 3GPP?<5.' &nterwor#in function with re ard to allowin private networ# access from <5.' 3GPP &P .ccessF ? ? ? ? 1onfidentiality of &: and password used for authentication and authori!ation by P:' service provider shall be possible. &t shall be possible that P.P and 1>.P capability with e(istin /.:&3" protocol between P:G and e(ternal /.:&3" server in P:' is utili!ed. :uration of tunnellin establishment should be as short as possible. &mpact to 32 or P:G should be as less as possible.
$.1.4.2
The followin re@uirements shall be satisfied by the <5.' 3GPP?<5.' &nterwor#in function with re ard to support for &M" 2mer ency 1allsF ? )ervi e )ele tion and A"t!orisation: The <5.' 32 shall be able to as# for &M" 2mer ency 1all "ervice in tunnel establishment via an &M" 2mer ency 1all specific <?.P' for this purpose. The P:G shall then see# authenticationEauthorisation from the 3GPP ... Pro(y or "erver in the same networ#. 'o service subscription shall be necessary for the user to ain access to the &M" 2mer ency 1all <?.P' i.e. the 3GPP ... "erver in the >ome networ# does not need to verify the users subscription to the indicated <?.P' a ainst the subscriber profile retrieved from >"". ? ,nd to ,nd A"t!enti ationF 0ased on the national re ulations and operator$s policy- <5.' .uthentication si nallin between <5.' 32 and 3GPP ... "erver for the purpose of authenticatin the end?user and
3GPP
$elease %%
%.
authori!in the access to the <5.' and 3GPP networ# may be s#ipped. :etails of 2nd?to?2nd .uthentication are covered in T" 33.*3; I,;J. 7or the 3&11?less case- it shall be possible to either (i) "#ip authentication or (ii) use a dummy or null authentication method. ? The results of the authorisation decision shall be communicated to the BP5M' and the <5.' .'.
3GPP
$elease %%
%/
The Pseudonym username is used for user identity protection. The use of the Pseudonym username is necessary to replace the Permanent username derived from &M"& in radio transmissions- so that it protects the user a ainst tracin from unauthori!ed access networ#s. The 7ast re?authentication username is used in fast re?authentication. &t also provides user identity protection. 7or the fast re?authentication- a <5.' 32 shall use the previously allocated 7ast re?authentication identity as specified in the &2T7 2.P?"&M I*3J and &2T7 2.P?.%. I**J /71s. Temporary identities (pseudonyms and fast re?authentication identities) are allocated by the 3GPP ... "erver. The format and the procedure for derivin the temporary identities are defined in T" 33.*3; I,;J.
3GPP
$elease %%
%0
WLAN AN
67
1i#ure -'%2 Networ Advertisin# and Selection Scenario .n area is shown covered by a <5.' .ccess 'etwor#s havin a set of roamin a reements with different 3G networ#s (3GPP Bisited 'etwor# P,- P*-Q- Pn). . <5.' 32 enterin the <5.' .' wants to connect to his own 3GPP >ome 'etwor# to which he is a subscriber (as shown in fi ure =.,). /eferrin to the fi ure the user subscribin to the services provided to the 3GPP >ome 'etwor# can reach the associated home networ# in two different ways- e. . via either of 3GPP Bisited 'etwor# P, or 3GPP Bisited 'etwor# P*.
3GPP
$elease %%
%,
WLAN AN8%
WLAN AN8&
WLAN AN8n
67
1i#ure -'&2 Networ Advertisin# and Selection Scenario .nother scenario is represented by an area covered by some <5.' .ccess 'etwor#s (<5.' .'P,- P*- Q- Pn) havin a set of roamin a reements with different 3G networ#s (3GPP Bisited 'etwor# P,-P*-Q-Pn) and where one of the <5.' .ccess 'etwor# has a directly roamin a reement with the 3GPP >ome networ# or the <5.' .ccess 'etwor# is directly deployed by the 3GPP >ome networ#. . <5.' 32 enterin the area wants to connect to his own 3GPP >ome 'etwor# to which he is a subscriber (as shown in fi ure =.*). /eferrin to the fi ure the user subscribin to the services provided to the 3GPP >ome 'etwor# can reach the associated home networ# in three different ways- e. . via <5.' .'P, then throu h either of 3GPP Bisited 'etwor# P, or 3GPP Bisited 'etwor# P*- or via <5.' .'P*.
The followin principles shall applyF ? ? ? ? /e@uire no modifications of e(istin le acy .Ps. >ave no impact on e(istin le acy clients (implies no modification of current broadcast ""&:s). >ave low latency and overhead. The <5.' 32 should be able to select the &?<5.' .ccess 'etwor# supportin the preferred P5M'.
&n the case of &222 9+*.,, <5.'sF ? ? ? ? Modification of current broadcast ""&:s shall not be re@uiredG .ctive scannin should be supported by the <5.' 32G Passive scannin shall be supported by the <5.' 32G Multiple ""&:s may be supported (i.e. only standard 9+*.,, capable .Ps are re@uired).
3GPP
$elease %%
&*
$.4.2.1.2
. <5.' networ# name is provided in <5.' beacon si nal in so?called ""&: ("ervice "et &:) information element. There is also the possibility for a <5.' 32 to actively solicit support for specific ""&:s by sendin a probe re@uest messa e and receive a reply if the access point does support the solicited ""&:. .ctive and passin scannin are defined in &222 9+*.,, I*,J. . <5.' .' may indicate that it provides 3G interwor#in without the involvement of any other networ# than the <5.' .'. The above re@uirement may be met throu h e(plicit 2.P?based procedures or throu h the eneric Preferred ""&: list procedures ? for e(ample Preferred ""&: lists could include ""&: formats defined by operators for the above purposes. 7or the case of 2.P based procedures- <5.' should be able to indicate which P5M's e(plicitly support &M" 2mer ency 1all service (via service specific realms). 'OT2F The definition of the service specific realm for &M" emer ence calls is 77".
$.4.2.1.3
7or purpose of selectin the preferred &?<5.' .' the <5.' 32 may contain lists of &?<5.' identities$ preferences. One list will contain the ""&:s preferred by the >ome 'etwor# operator and one list contains the ""&:$s preferred by the user. The Operator$s preferred ""&: list would be populated- for e(ample- with the ""&:s commonly used by major hotspot operators with whom the >ome Operator has a direct or indirect (throu h BP5M' in a roamin case) relationship. There are two modes in networ# selection- i.e. Manual mode and automatic mode. &an"al mode &n the manual mode- the <5.' 32 shall try to find all available ""&:s throu h passive scannin andEor active scannin (when it is supported). Once a list of all available ""&:s has been obtained- it shall be possible for the <5.' 32 to obtain a list of all available P5M's from each ""&:. <hen a list of P5M's has been obtained from all ""&:s it shall present them to the user to select one. The <5.' 32 shall then associate with the ""&: that supports the P5M' that is selected by the user. A"tomati &ode &n the automatic mode the procedure is as followsF +. The <5.' 32 scans for all available ""&: usin passive scan andEor active scans. &f the <5.' 32 contains the &?<5.' identities$ preference lists- the scan should be done in the order of these lists. &t is not re@uired to continue the scannin after the hi hest priority ""&: is found. ,. "tart association and perform 'etwor# :iscovery. <hen there is more than one available ""&: and the <5.' 32 contains &?<5.' identities$ preference lists- the association shall be done in the order of these lists. ,a) &f authentication to >P5M' succeeds (i.e. 2.P?"uccess is received)- then stop this procedure. ,b)&f 'etwor# .dvertisement information I*+J is received (i.e. 2.P?&dentityE/e@uest is received)- then store the list and start a ain step ,. /epeat step, for all available ""&:s. &f the scannin in step + was stopped due to the discovery of the hi hest priority ""&:- but the >P5M' has not been found (e. . because the ""&: list is not updated or the selected ""&: was a fa#e one)- then the user should o bac# to step + and scan for all remainin ""&:s. 'ote that if an .P supportin >P5M' is found in the middle of the procedure- step ,a- then step , is stopped and association with the remainin available .Ps will not ta#e place. *. 3se the lists of $3ser 1ontrolled P5M' "elector list for &?<5.'$ and $Operator 1ontrolled P5M' "elector list for &?<5.'$ and the lists from step ,b) to select the best matchin P5M'. 'ote that the $3ser 1ontrolled P5M' "elector list for &?<5.'$ has hi her priority than the $Operator 1ontrolled P5M' "elector list for &?<5.'$.
3GPP
$elease %%
&%
Then select the &?<5.' .' that supports the best match P5M'. &f more than one &?<5.' .' supports the best matched P5M'- the &?<5.' .' havin the hi hest priority ""&: is selected- if $&?<5.' identities$ preference lists are available. 3. .ssociate with the .P selected in step * and attempt authentication with the best match P5M'. . <5.' .' may indicate that it provides 3G interwor#in without the involvement of any other networ# than the <5.' .'. &f such an indication is provided by the <5.' .' and if the <5.' 32 supports the indication- then the <5.' 32 shall use it at ""&: selection as defined in T" *;.*3; ICJ. The above re@uirement may be met throu h e(plicit 2.P?based procedures or throu h the eneric $&?<5.' identities$ preference lists procedures ? for e(ample &?<5.' identities preference lists could include ""&: formats defined by operators for the above purposes. 'OT2F These selection procedures may have to be modified for the &M" 2mer ency 1all case.
$.4.2.2
Other .ccess 'etwor# Technolo ies are not described in this T" but not e(cluded.
The followin principles shall be used in P5M' .dvertisement and "electionF ? ? ? ? ? ? This procedure ta#es place after association with an .P The user shall be able to select the Bisited 'etwor# 3se the '.& for routin of ... messa es. >ave low latency and overhead. 3se e(istin 2.P mechanisms- if possible. 0e e(tensible to permit advertisement of <5.' characteristics other than the P5M'&:s of roamin partners.
$.4.3.2
'etwor# advertisement information enumerates the roamin partners and associated '.& realms. This information shall be provided to the <5.' 32 when the <5.' is unable to route an authentication re@uest from the <5.' 32 based on the initial '.& (e. . when the <5.' .' receives a '.& with an un#nown realm) and when the <5.' 32 e(plicitly re@uests 'etwor# advertisement information. The networ# advertisement information is returned from the first hop ... functionality. The first hop ... functionality may be located either in the <5.' .' or in the P5M' in case no ... functionality is in the <5.' .'. The provisionin of this ... functionality is an implementation issue and does not put new re@uirements on 3GPP ... Pro(yE"erver. :etails on the usa e and codin of 'etwor# advertisement information are included in T" *;.*3; ICJ. &n order to support &M" 2mer ency 1all service- this information shall contain an indicator showin those P5M's that support &M" 2mer ency 1all service.
$.4.3.3
The automatic and manual mode P5M' selection procedures are defined in T" **.*3; I*=J. The detailed procedure in case of &222 9+*.,, <5.' is described in =.;.*. The <5.' 32 shall indicate its home networ# throu h the use of an initial '.&. The realm part of this initial '.& shall be derived from the &M"&- as described in section =.3.3. Optionally- if there is preference for a roamin networ#the initial '.& then ta#es the form of a /oamin '.&- as described in section =.3.;G e. .- for optimi!in user access e(perience in re?access case- the <5.' 32 may include information of preferred roamin networ# from previous successful authentication while it is associated to the same .P. 7or &M" 2mer ency 1all case- '.& shall be decorated as described in =.3.=.
3GPP
$elease %%
&&
7or the manual selection case allowed by some operator- initial '.& can include the roamin networ# decided by the user- e. . usin a preferred P5M' list stored in the 3&11. &f the <5.' .' is able to route authentication re@uest based on the initial '.&- then no special processin for networ# advertisementEselection is needed. &f the <5.' .' is unable to route authentication re@uest from <5.' 32 based on the initial '.&- the <5.' .' shall deliver the networ# advertisement information to the <5.' 32. The <5.' 32 processes this information accordin to its internal roamin preference policies or prompts the user to select a BP5M' preference. &t uses the result to determine how to construct a new '.& indicatin the selected BP5M'- accordin to "ection =.;.*. .fter the networ# advertisement information is delivered and BP5M' selection is performed- the <5.' 32 attempts to authenticate with the new '.& determined in the prior step. The <5.' .' shall use the '.& to route the ... traffic to the appropriate BP5M' ... Pro(y.
? ?
? ?
3GPP
$elease %%
&3
7or the case of &M" 2mer ency 1alls- there shall be <?.P' indicatin the &M" 2mer ency 1all service. 'o subscription is needed to access this service.
? ?
&n the roamin case- &M" 2mer ency 1alls shall be accessed in the BP5M'.
3GPP
$elease %%
&(
The tunnel establishment is not coupled to <5.' access authenticationEauthorisation. The <5.' 32 may establish several tunnels in order to access several e(ternal &P networ#s simultaneously. The e(ternal &P networ# selection is performed as part of the establishment of each tunnel. 2ditor$s noteF /outin towards the >ome P5M' in the Bisited P5M'- as well as its impacts on the <5.' .'- are for further study.
5ocal &P address (outer &P)F ? ? The tunnel protocol shall be able to support &Pv; and &PvA transport addresses The tunnel protocol shall support private <5.' 32$s local &P addresses- which are non?routable in the public &nternet.
The protocol should be fully specified and 3GPP should define its usa e to enable multi?vendor inter?operability.
$.2.3 Void
3GPP
$elease %%
&-
$.9 %o&tin" En4or(e8ent and Po)i(7 En4or(e8ent 4or :LAN 3GPP ;P A((e''
$.9.1 P&r*o'e 4or ro&tin" en4or(e8ent and *o)i(7 en4or(e8ent
&n order to ensure operator policies- e. . Do"- 1har in can be applied to user traffic- <5.' 3GPP &P .ccess re@uires routin enforcement and policy enforcement to be implemented in the 3GPPH<5.' &nterwor#in "ystem.
3GPP
$elease %%
&.
can be assi ned by >P5M'- BP5M' or an e(ternal &P networ#. The remote &P address can be statically or dynamically assi ned. The only case where BP5M' assi ns the remote &P address for the <5.' 32 is when the <5.' 32? initiated tunnel terminates at the BP5M'$s P:G. <hen the <5.' 32$s remote &P address is allocated by the e(ternal &P networ#- the P:G is re@uired to have an interface with an address allocation server- such as ... or :>1Pbelon in to the e(ternal &P networ#. 7or the <5.' 32$s remote &P address- &Pv; addresses shall be supported. <hen the <5.' 32 accesses 3G P" based services usin an &PvA networ# such as &M" services- &PvA addresses shall be supported for the <5.' 32$s remote &P address. To avoid any clashes between addresses used in <5.' .' and P5M' and to enable correct routin of pac#ets sent out by the <5.' 32 the P5M' operator should allocate public addresses to networ# nodes- which are addressed by <5.' 32s. <hen a <5.' 32 accesses several 3G P" based services with different <?.P's simultaneously- the <5.' 32 can et several remote &P addresses. There may be several <5.' 32?initiated tunnels for the services.
&t is the >P5M' operator that defines in the subscription whether static &P address allocation is used. <hen static &P address allocation is used- a <5.' 32 either can include its static &P address in the tunnel setup re@uest messa e- or indicate in the tunnel setup re@uest messa e that the networ# should confi ure the static &P address of the <5.' 32 or the networ# simply provides the static address to the <5.' 32.
$.11 .+ar"in"
The followin functionality and re@uirements have been identifiedF ? ? ? ? ? ? The <5.' .ccess 'etwor# shall be able to report the <5.' access usa e to the appropriate 3GPP system (i.e. BP5M' in the roamin case and >P5M' in the non?roamin case). &t shall be possible for the 3GPP system to control a specific on oin <5.' access session for online char in purposes. &t shall be possible for an operator to maintain a sin le prepaid account for <5.'- P"- 1"- and &M" for a user. The 3GPP system shall be able to process the <5.' access resource usa e information- and convert it into the format used in 3GPP networ#s (e. . 1:/). &t shall be possible to correlate char in and accountin records enerated in <5.' .ccess related nodes and records enerated in 3GPP nodes. &t shall be possible to apply offline char in and online char in mechanisms for the <5.' interwor#in with 3GPP networ#.
.dditionally- for <5.' 3GPP &P .ccessF ? ? &t shall be possible to enerate per user char in information in the >P5M' and in the BP5M' irrespective of whether the service is provided in the >P5M' or in the BP5M'. <5.' 1har in &nformation shall be collected for each <5.' 32 by the <.G and the P:G that are servin the <5.' 32. The operator can control whether char in information shall be collected in the P:G on an individual <5.' 32 andEor <?.P' conte(t basis by appropriately settin the "ubscribed 1har in
3GPP
$elease %%
&/
1haracteristics andEor <?.P' 1har in 1haracteristics in the >"". The 1har in 1haracteristics on the <5.' subscription and individually subscribed <?.P's are specified in T" 3*.*=* I*AJ.
:LAN UE
:LAN AN
TE
End-to-End Ser9i(e
1i#ure -'32 9oS Architecture for WLAN :irect 4P Access 7i ure =.; shows the considered Do" architecture for <5.' 3GPP &P .ccess.
3GPP
$elease %%
&0
The 2nd?to?2nd "ervice provides transport of the si nallin and user data between the <5.' 32 and another (e(ternal) T2 (or correspondent node) passed over different bearer services of the networ#. &n case of <5.' :irect &P .ccess- it consists of <5.' 0earer "ervice and 2(ternal 0earer "ervice. &n case of <5.' 3GPP &P .ccess- it consists of 3GPP &P .ccess 0earer "ervice and 2(ternal 0earer "ervice. The 2(ternal 0earer "ervice is not further elaborated here as this bearer may be usin several networ# services- e. . another 3MT" 0earer "ervice (T" *3.,+8 I33J). The 3GPP &P .ccess 0earer "ervice provides transport of si nallin and user data between <5.' 32 and P:G and supports Do". <5.' 0earer "ervice supports <5.' .' specific bearer capability between <5.' 32 and <5.' .'.
$.13.2 U'e o4 .oS ,a'ed 6i44Ser9 4or *ro9idin" @oS o9er ;-:LAN &'in" :LAN 3GPP ;P A((e''
<hen usin 3GPP &P .ccess- a tunnel from 32 to P:G is established for carryin P" based services traffic. This tunnel traverses over inter P5M' bac#bone (e. . G/L) in the case of a roamin user. <hile accessin home networ# servicesone or more tunnels will be setup that will carry traffic for all home networ# services that are bein accessed irrespective of the level of Do" re@uired for an individual service. &t is possible that data for more than one &P flow and for different services is carried in one tunnel. "ince the data within these tunnels (includin the inside &P headers) is li#ely to be encrypted- it may not be possible to separate out individual &P flows and service traffic at intermediate nodes. . possible way to provide Do" in such a situation is the use of :iff"erv I38J by the <5.' 32 and P:G to appropriately colour the :" 7ield in the e(ternal &P header based on the Do" re@uired for the service that the individual pac#et belon s to :iff"erv therefore allows to provide for different classes of traffic different levels of Do". "uch use of :iff"erv mechanism wor#s well with G"M.$s specifications on G/L (&/ 3;).
3GPP
$elease %%
&,
SL-
<SS
rC 3G
:1
6C
:4
:o
:8
B.S :7
:AG
:*
P6G
:i
NBTE/
3GPP
$elease %%
3*
&ntranet E &nternet
:4
:a
:d
6 :1
SL<SS <L%
:*
3 6C rC G
: 4
:&
:i
NBTE/
1i#ure .'&a2 $oamin# reference model + 3GPP PS ;ased services provided via the 3GPP 5ome Networ
3GPP
$elease %%
3%
:LAN : UE :&
:n :AG
:*
:>
&ntranet E &nternet SL<SS <L% B44)ine .+ar"in" S7'te8 3GPP 5ome Networ
NBTE/ T+e '+aded area re4er' to :LAN 3GPP ;P A((e'' 4&n(tiona)it7.
:1
C 6C 3 Gr
:4
1i#ure .'&;2 $oamin# reference model + 3GPP PS ;ased services provided via the 3GPP )isited Networ
3GPP
:d
:"
:8
$elease %%
3&
? ?
&f Do" mechanisms are appliedF the 32 applies :iff"erv mechanisms by mar#in the :" field of &P pac#ets accordin to the application Do" re@uirements (as recommended in .nne( >)G &f Do" mechanisms are applied- the 32 maps the :" field of &P pac#ets into <5.' technolo y specific Do" parameters.
7or <5.' 3GPP &P .ccess enabled <5.' 32F ? ? ? ? ? ? ? ? 0uildin an appropriate <?.P' to be used for 2(ternal &P networ# selection. /e@uest the resolution of a <?.P' to a P:G address. &f &Pv; and &PvA addresses are returned durin the resolution process- the <5.' 32 shall select the address that has the same format as its own local &P address (&Pv; or &PvA). 2stablish a secure tunnel to a P:G. Obtain a remote &P address. .ccessin services provided in the operators P" domain. .llowin users to select the type of networ# access- i.e. <5.' 3GPP &P .ccess or <5.' :irect &P .ccess. .bility to indicate whether multiple authentication is needed or not in the tunnel establishment procedure. This function is only re@uired in case that the specified <?.P' re@uires the authentication and authori!ation with the 2(ternal ... "erver. :etails on the multiple authentications are specified in /71 ;83C I3*J.
#.2.1.1
Void
7or <5.' 3GPP &P .ccess onlyF ? ? ? ? ? /eceivin per?tunnel char in information based on the tunnel identifier from the <.G and mappin of a user identifier and a tunnel identifier from the P:GG eneratin per user char in records for roamin users. /eceivin authori!ation information related to subscriber re@uests for <?.P's in the >ome or Bisited networ# .uthori!ation of access to Bisited networ# <?.P's accordin to local policy /eceivin the suitable policy enforcement information from ...?"erver and provides it to the <.G in BP5M'. May provide suitable routin enforcement information to <5.' .'.
The 3GPP ... Pro(y functionality can reside in a separate physical networ# node- it may reside in the 3GPP ... "erver or any other physical networ# node.
3GPP
$elease %%
33
7or <5.' 3GPP &P .ccessF ? 1ommunicates (includin updates) service authori!ation information (e. . authori!ed <?.P'- necessary #eyin material for tunnel establishment and user data traffics) to the P:G. ... pro(ies if the P:G is located in BP5M'. Provides the P:G with the <5.' 32$s remote &P address- received from the >""- when static remote &P address allocation is used. Provides the ...?Pro(y with suitable policy enforcement information. Provides suitable policy enforcement information to <.G in >P5M'. May provide suitable routin enforcement information to <5.' .'. &f Do" mechanisms are appliedF the 3GPP ... server authori!es the 3GPP <5.' Do" profile for tunnels. The authori!ed Do" profile is based on the subscriber$s <5.' Do" profile in the subscription information and stored 3GPP <5.' Do" profile for the <5.' :irect &P .ccess if <5.' .ccess .uthentication and .uthori!ation procedure has been performed.
? ? ? ? ?
#.2.4 <L%3<SS
The >5/E>"" located within the 3GPP subscriber$s home networ# is the entity containin authentication and subscription data re@uired for the 3GPP subscriber to access the <5.' interwor#in service. 0esides other information- the >"" contains 3GPP <5.' Do" profiles$ authentication and subscription data for the 3GPP subscriber.
3GPP
$elease %%
3(
The >"" also provides access to the <5.' 32$s <5.'?attach status for other entities- e. . answers or relays the <5.'?attach status @uery from other entities. To this end- the >"" shall store the &P address of the 3GPP ... server to which the <5.' 32 is re istered. <hen a 3GPP ... "erver other than the re istered 3GPP ... "erver of a subscriber- re@uests authentication information or the profile of the subscriber- the >"" should re@uest it transfer the authentication to the re istered 3GPP ... "erver by providin the re istered 3GPP ... "erver address to it.
"ince the <.G does not have a full trust relationship with the <5.' 32- it is not able to stop all messa es. >owevermessa es from an un#nown &P address can easily be discarded. Other approaches may be used as well. .dditional types of messa e screenin are left to the operators$ control. 7urthermore- 'etwor# .ddress Translators within the <5.' may modify the source address of &P pac#ets from the <5.' 32s. The modified source address can be reliably associated to a <5.' 32 by the P:G durin tunnel establishment and provided to the <.G via the 3GPP ... "erverEPro(y. 0efore this point- all tunnel establishment pac#ets shall be routed by the <.G e(cept those which are possibly discarded due to certain 7irewall rules implemented on the <.G. 'OT2F Per tunnel accountin eneration in the <.G is not re@uired when the <.G and P:G are in the same networ#- i.e. the non?roamin case.
The <.G may implement policy enforcement before tunnel establishment to enhance the firewall a ainst unwanted pac#ets o throu h the P5M'- for e(ample- to forbid the roamin <5.' 32 from sendin tunnel establishment to P5M' other than its >P5M'G to forbid pac#ets from unauthori!ed <5.' 32. The <.G shall implement policy enforcement after tunnel establishment. .fter tunnel establishment- the followin procedures apply at the <.GF ? &f service is provided throu h a P:G in the >P5M' the <.GF ? ? ? 2nsures that all pac#ets from the <5.' 32 are routed to the >P5M'. 2nsures that pac#ets from the authorised <5.' 32s are only routed to the appropriate P:G in the >P5M' and that pac#ets from other sources than that P:G are not routed to the <5.' 32.
3GPP
$elease %%
3-
? ?
2nsures that all pac#ets from the <5.' 32 are routed to the BP5M'. 2nsures that pac#ets from the authorised <5.' 32s are only routed to the appropriate P:G in the BP5M' and that pac#ets from other sources than that P:G are not routed to the <5.' 32.
#.2.$.1
Po)i(7 En4or(e8ent
&nformation re ardin the selected P:G- includin whether the P:G is in the >P5M' or the BP5M' is provided by the >P5M' to the BP5M'. &n the roamin case- the P:G information is delivered from the 3GPP ... "erver to the 3GPP ... Pro(y. <ithin the BP5M'- policy enforcement information is delivered to the <.G. 'OT2F <hether information re ardin one or all P:Gs is provided will li#ely impact the si nallin which supports the activation of a further <?.P'. :eliverin information of all valid P:Gs may limit impacts on si nallin for further <?.P' establishment.
The policy enforcement delivered durin initial authentication (before the tunnel establishment) will be bound to a user$s ... si nallin . The <.G re@uires functionality to be able to associate this information to a user$s traffic. .s an implementation option- this functionality can be achieved by allocatin the local &P .ddress by BP5M'. The bindin of the policy to a user$s traffic allows the <.G to drop un?authori!ed pac#ets sent toEfrom a user.
#.2.$.2
Void
The Pac#et :ata GatewayF ? ? ? ? ? ? ? 1ontains routein information for <5.'?3G connected usersG /outes the pac#et data received fromEsent to the P:' toEfrom the <5.'?3G connected userG Performs address translation and mappin G Performs de?capsulation and encapsulationG accepts or rejects the re@uested <?.P' accordin to the decision made by the 3GPP ... "erverG .llows allocation of the <5.' 32$s remote &P addressG /elays the <5.' 32$s remote &P address allocated by an e(ternal &P networ# to the <5.' 32- when e(ternal &P networ# address allocation is used.
3GPP
$elease %%
3.
? ? ?
Performs re istration of the <5.' 32$s local &P address and bindin of this address with the <5.' 32$s remote &P addressG Provides procedures for unbindin a <5.' 32$s local &P address with the <5.' 32$s remote &P addressG Provides procedures for authentication and prevention of hijac#in (i.e. ensurin the validity of the <5.' 32 initiatin any bindin of the <5.' 32$s local &P address with the <5.' 32$s remote &P address- unbindin etc.) May filter out unauthorised or unsolicited traffic with pac#et filterin functions. .ll types of messa e screenin are left to the operators$ control- e. . by use of &nternet firewalls. :elivers the mappin of a user identifier and a tunnel identifier to the ... Pro(y. Generates char in information related to user data traffic for offline and online char in purposes. May apply &P flow based bearer level char in (T" 3*.*=, I,3J- T" *3.,*= I,=J)- e. . in order to differentiate or suppress <5.' bearer char in for 3GPP P" based services. &n case the P:G has the interface with the P:' which re@uires the authentication and authori!ation with the 2(ternal ... "erver- then the P:G shall ne otiate with the <5.' 32 whether KMultiple authentication 2(chan es in &%2v*K is supported or not. &f both <5.' 32 and P:G support this function and <5.' 32 re@uests multiple authentications with the 2(ternal ... "erver- then ne(t authentication and authori!ation with the 2(ternal ... "erver is performed after the successful authentication and authorisation with the 3GPP ... "erver. :etails on the multiple authentications are specified in /71 ;83C I3*J. <hether or not multiple authentications and authori!ations are re@uired is confi ured on a <?.P' basis in the P:G. &f Do" mechanisms are appliedF it operates as a Do" ed e router between 3GPPE<5.' &nterwor#in system and e(ternal networ#- by supportin :iff"erv ed e function. <hen applyin receiver control :iff"erv ed e functions the authori!ed 3GPP <5.' Do" profile (as received from the 3GPP ... server) shall be enforced accordin to operator policy. This may result in re?classification (re?mar#in the :"1P) or discardin of &P pac#ets. &f Do" mechanisms are appliedF enforces policy control (e. . service based Do" control or atin ) accordin to T" *3.*+3 I3AJ.
? ? ? ? ?
.nne( 7 describes how P:G functionality can be provided by re?usin e(istin unmodified GG"' functionality.
3GPP
$elease %%
3/
The <a reference point connects the <5.' .ccess 'etwor#- possibly via intermediate networ#s- to the 3GPP 'etwor# (i.e. the 3GPP ... Pro(y in the roamin case and the 3GPP ... server in the non?roamin case). The prime purpose of the protocols crossin this reference point is to transport authentication- authori!ation and char in ?related information in a secure manner. The reference point has to accommodate also le acy <5.' .ccess 'etwor#s. 5e acy lo ical nodes outside of 3GPP scope that terminate or pro(y the <a reference point si nallin and do not support 3GPP ... protocol shall re@uire si nallin conversion between the le acy ... protocol and the 3GPP ... protocol. 2.P authentication shall be transported over the <a reference point.
#.3.1.2
-&n(tiona)it7
The functionality of the reference point is to transport ... framesF ? ? ? 1arryin data for authentication si nallin between <5.' 32 and 3GPP 'etwor#G 1arryin data for authori!ation (includin the authori!ation information update) si nallin between <5.' .' and 3GPP 'etwor#. These data may include a well?defined identification of the <5.' .'G 1arryin char in si nallin per <5.' user to enable offline andEor online char in . To minimi!e the re@uirements put on the <5.' .ccess 'etwor#- the use of online char in over <a is optional and depends on the a reement between the operators of the <5.' .' and the 3GPP P5M'G 2nablin the identification of the operator networ#s amon st which the roamin occursG 1arryin #eyin data for the purpose of radio interface inte rity protection and encryptionG May carry /outin 2nforcement information from the P5M' to ensure that all pac#ets sent toEfrom the <5.' 32 for P" based services are routed to the interwor#in BP5M' (roamin case) or >P5M' (no roamin case) appropriatelyG Pur in a user from the <5.' access for immediate service terminationG Providin access scope limitation information to the <5.' based on the authorised services for each user (for e(ample- &P address filters)G &f Do" mechanisms are appliedF carryin data for <5.' .' Do" capabilitiesEpolicies (e. . the supported 3GPP <5.' Do" profiles) within authentication re@uest from <5.' .' to 3GPP ... Pro(y and 3GPP ... "erver.
? ? ?
? ? ?
3GPP
$elease %%
30
? ? ?
/etrieval of online char in E offline char in function addresses from >"". 7ault recovery procedure between the >"" and the 3GPP ... "erver. /etrieval of service related information (e. . <?.P's that may be selected by the <5.' 32 and the data defined for the <?.P's in the <5.' 32$s profile) includin an indication of whether the BP5M' is allowed to provide this service.
The functions provided on the :$EGr$ reference points are a subset of the functions provided on the :EGr reference points described in T" *3.++* I3,J. &f a 3GPP ... "erver supports the :$ reference point- it will appear to the >5/E>"" as a B5/ and shall behave accordin to the description of the behaviour of a B5/ supportin the : reference point as described in T" *3.++* I3,J. &f a 3GPP ... "erver supports the Gr$ reference point- it will appear to the >5/E>"" as an "G"' and shall behave accordin to the description of the behaviour of an "G"' supportin the Gr reference point as described in T" *3.++* I3,J.
<o reference point should be similar to /o interface currently used in 3GPP O1".
3GPP
$elease %%
3,
1alculation of inter?operator accountin from all roamin users. This inter operator accountin is used to settle the payments between visited and home networ# operator andEor between homeEvisited networ# and <5.'.
The functionality of the reference point is to transportF ? <5.' access?related char in data per <5.' user.
3GPP
$elease %%
(*
? ?
1arryin messa es between P:G and ... "erver in support of the user authentication e(chan e which ta#es place between <5.' 32 and 3GPP ... serverEpro(y. 1arryin messa es for user authori!ation (includin authori!ation information update) between P:G and 3GPP ... serverEpro(y. These messa es transport e. . the re@uested <?.P' from P:G to 3GPP ... serverEpro(y and eventually the authori!ed <?.P' from 3GPP ... serverEpro(y to P:G. 1arryin authentication data for the purpose of tunnel establishment- tunnel data authentication and encryption. 1arryin mappin of a user identifier and a tunnel identifier sent from the P:G to the ... Pro(y throu h the ... "erver.
? ?
The <d reference point connects the 3GPP ... Pro(y- possibly via intermediate networ#s- to the 3GPP ... "erver. The prime purpose of the protocols crossin this reference point is to transport authentication- authori!ation and related information in a secure manner. 2.P authentication shall be transported over the <d reference point.
#.3.11.2
? ? ? ? ? ? ? ? ? ?
-&n(tiona)it7
The functionality of the reference point is to transport ... messa es includin F 1arryin data for authentication si nallin between 3GPP ... Pro(y and 3GPP ... "erverG 1arryin data for authori!ation si nallin between 3GPP ... Pro(y and 3GPP ... "erverG 1arryin char in si nallin per <5.' userG 1arryin #eyin data for the purpose of radio interface inte rity protection and encryptionG 1arryin authentication data for the purpose of tunnel establishment- tunnel data authentication and encryptionfor the case in which the P:G is in the BP5M'G 1arryin mappin of a user identifier and a tunnel identifier sent from the P:G to the ... Pro(y throu h the ... "erverG 3sed for pur in a user from the <5.' access for immediate service terminationG 2nablin the identification of the operator networ#s amon st which the roamin occursG Providin access scope limitation information to the <5.' based on the authorised services for each user (for e(ample- &P address filters)G &f Do" mechanisms are appliedF carryin data for <5.' .' Do" capabilitiesEpolicies (e. . the supported 3GPP <5.' Do" profiles) within authentication re@uest from 3GPP ... Pro(y to 3GPP ... "erver.
3GPP
$elease %%
(%
The reference point <w connects the <5.' 32 to the <5.' .ccess 'etwor# per &222 9+*.,( I,CJ specifications or for other access systems- by mechanisms providin e@uivalent security. The definition of &222 Physical and Medium .ccess 1ontrol layers protocols (e. . 5ayer , and 5ayer * defined by &222 9+*.,, standards) is out of the scope of 3GPP.
#.3.13.2
-&n(tiona)it7
The functionality of the reference point is based on &222 9+*.,( specifications I,CJ or- for non?<5.' access systemsspecifications with e@uivalent functionality and it is intended to transport si nallin messa es includin F ? ? parameters for authentication si nallin between the 3GPP ... "erver and the <5.' 32G parameters for identification of the operator networ#s for roamin purposes (i.e. P5M' list).
#.4 Proto(o)'
The protocol stac# between the <5.' 32 and the P:G is shown in fi ure A.3
1i#ure .'32 Protocol stac ;etween the WLAN 67 and the Pac et :ata Gateway
3GPP
$elease %%
(&
? ?
3GPP
$elease %%
(3
Pro(ed&re'
1i#ure /'%2 4+WLAN and )PL3N selection procedure ,. The <5.' 32 selects a <5.' .' and establishes the <5.' connection with a <5.' technolo y specific procedure (e. . in &222 9+*.,, it starts an association procedure). The details of the selection of the <5.' .' are specified in T" *;.*3; ICJ. *. The .uthentication procedure is initiated in a <5.' technolo y specific way and as a part of this process- the <5.' 32 sends a '.& to the <5.' .'. The '.& shall be constructed as it is specified in T" *3.++3 I=J. 3. &f the <5.' .' is not able to route the authentication re@uest (e. . in the case where the <5.' .' receives an initial '.& with an un#nown realm)- the <5.' .' sends a response to the <5.' 32 that provides information about the 3GPP networ#s to which the <5.' .' is able to route authentication re@uests. &f &M" 2mer ency 1alls are supported in a iven 3GPP networ#- this shall be indicated to the <5.' 32 via an &M" 2mer ency 1all specific realm. 7rom this point the <5.' 32 may continue the access authentication with the selected <5.' .' usin a different '.& (step *) or may start access authentication with another available <5.' .' (step ,) or may stop. The details of the <5.' 32 behaviour are specified in T" *;.*3; ICJ. &f the <5.' 32 continues the access authentication with the selected <5.' .'- it shall select a BP5M' amon the 3GPP networ#s indicated in the response received from the <5.' .' and build the new '.& as a roamin '.& indicatin this BP5M'. ;. The <5.' .' routes the ... messa e to the 3GPP ... "erver or 3GPP ... Pro(y based on the '.& and the access authentication is performed as it is specified in T" *;.*3; ICJ.
3GPP
$elease %%
((
*. 'ecessaryamountof 2.P /e@uestO 2.P /esponsemessa ee(chan es between32 and 3GPP ... "erver as specifiedin the utilised2.P type
3. .uthentication &nfo retrievalfrom >"" if info not yet available in 3GPP ... server
;. "ubscriberprofile retrieval from >"" if info not yet available in this 3GPP ... server =. Policyenforcement info delivery A. .ccess .ccept I#eyin material and authorisation information within messa eJ 9. .ccountin "tart C. Balidate the new session ,+. <5.' /e istration to >"" if <5.' usernot yet re isteredto this 3GPP ... "erver
8. 2.PE"uccess
1i#ure /'&2 Authentication and authorisation procedure ,. <5.' connection is established with a <5.' technolo y specific procedure (out of scope for 3GPP). *. The 2.P authentication procedure is initiated in <5.' technolo y specific way. .ll 2.P pac#ets are transported over the <5.' interface encapsulated within a <5.' technolo y specific protocol. .ll 2.P pac#ets are transported over the <a reference point. . number of 2.P /e@uest and 2.P /esponse messa e e(chan es is e(ecuted between 3GPP ... "erver and <5.' 32. The amount of round trips depends e. . on the utilised 2.P type. &nformation stored in and retrieved from >"" may be needed to e(ecute certain 2.P messa e e(chan es. 7or &M" 2mer ency 1alls- the used 2.P method shall accommodate the emer ency re@uest. The <5.' .' may send its Do" capabilitiesEpolicies (e. . the supported 3GPP <5.' Do" profiles) to the 3GPP ... "erver within above authentication procedure si nallin . "tandardi!ed techni@ues for capabilities e(chan e are to be determined in sta e 3. 3 &nformation to e(ecute the authentication with the accessed user is retrieved from >"". This information retrieval is needed only if necessary information to e(ecute the 2.P authentication is not already available in
3GPP
$elease %%
(-
3GPP ... "erver. To identify the user the username part of the provided '.& identity is utilised. :urin the information retrieval the >""E>5/ chec#s if there is a 3GPP ... "erver already re istered to serve for the user. &n case the >""E>5/ detects that another 3GPP ... "erver has already re istered for this user- it shall provide the current 3GPP ... "erver with the previously re istered 3GPP ... "erver address. The authentication si nallin is then routed to the previously re istered 3GPP ... "erver. 'OT2 ,F 7or &M" 2mer ency 1alls- authentication may be s#ipped entirely dependin on the national re ulations or the operator$s preference. ; "ubscribers <5.' related profile is retrieved from >"". This profile includes e. . the authorisation information and permanent identity of the user. /etrieval is needed only if subscriber profile information is not already available in 3GPP ... "erver. 'OT2 *F &n case of &M" 2mer ency 1alls it is possible that no subscription information is available- therefore no data retrieval from the >"" is possible- e. . in case of 3&11?less &M" 2mer ency 1alls. =. Optionally- the 3GPP ... "erver (or the 3GPP ... Pro(y in roamin case) may send the policy enforcement information to the <.G in the P5M' that the <5.' 32 selected in case BP5M' is to allocate the local &P .ddress for the <5.' 32. 'OT2 3F .dditional process- such as allocatin the &P address- may be necessary durin or before this step to be performed. A &f the 2.P authentication and authorisation was successful- then 3GPP ... "erver sends .ccess .ccept messa e to <5.'. &n this messa e 3GPP ... "erver includes 2.P "uccess messa e- #eyin material derived from the 2.P authentication as well as connection authorisation information (e. . '." 7ilter /ule or Tunnellin attributes) to the <5.'. <hen Do" mechanism is applied the authori!ed 3GPP <5.' Do" profile shall be included in this messa e- and 3GPP ... "erver shall store authori!ed 3GPP <5.' Do" Profile andEor <5.' Do" capabilitiesEpolicies if available. <5.' stores the #eyin material and authorisation information to be used in communication with the authenticated <5.' 32. 'OT2 ;F &n the roamin case- authorisation information is passed from 3GPP ... "erver to 3GPP ... Pro(y in the form of 5ocal service identifiers (see section A.=). 'OT2 =F :ependin on national re ulations and operator preferences- in the case of &M" 2mer ency 1alls- the 3GPP ... server may still send .ccept (i.e. indicatin success of authentication and authori!ation) even thou h authentication or authori!ation fails. &n case the <5.' 32 has indicated &M" 2mer ency 1all within the procedure- the routin policy sent to the <5.' shall include only those policies necessary to set up an &M" 2mer ency 1all (e. . allow tunnel set up but no :irect &P .ccess permitted). 8 <5.' informs the <5.' 32 about the successful authentication and authorisation with the 2.P "uccess messa e. 9 The 3GPP ... server receives an accountin start messa e from the <5.' .'. C .t this point the 3GPP ... server considers that a new authenticated session is started and it chec#s its validity. &f there is a different previously established authentication session of the <5.' user- e. .- a session that uses a different <5.' 32 or roamin in a different <5.' .' or in a different BP5M'- the 3GPP ... "erver shall close the previously established session (K"ession abort procedureK over <a) to avoid multiple <5.' direct &P access sessions. ,+ 3GPP ... "erver re isters the <5.' users 3GPP ... "erver to the >"". &n re istration messa es the subscriber is identified by his permanent identity. This re istration is needed only if the subscriber is not already re istered to this 3GPP ... "erver.
3GPP
$elease %%
(.
1i#ure /'32 Su;scri;er Profile and access authori<ation info 6pdate Procedure ,. 3ser is re istered to a 3GPP ... "erver *. "ubscribers subscription is modified in the >"" e. . via OOM. 3. >"" updates the profile information stored in the re istered 3GPP ... "erver by <( reference point procedure K"ubscriber ProfileK. ;. &f the policy enforcement information updated in step 3 and the policy enforcement information was sent to the <.G beforehand (e. .- in step = of clause 8.*)- it should be updated to the <.G in this step. =. The <5.' access authorisation information of the associated connection is updated to <5.' as necessary. &f the subscriber loses the authori!ation of the <5.' access- <5.' shall disconnect the radio interface connection by <5.' technolo y specific mechanisms.
3GPP
$elease %%
(/
1i#ure /'(2 Authori<ation information 6pdate Procedure ,. 3ser is re istered to a 3GPP ... "erver *. 3ser$s service subscription is modified in the >"" e. . via OOM3. >"" updates the profile information stored in the re istered 3GPP ... "erver by <( reference point procedure K"ubscriber ProfileK. ;. The <5.' access authorisation information of the associated connection is updated to <5.' .' if necessary. &f the subscriber loses the authori!ation of the <5.' access- <5.' shall disconnect the radio interface connection by <5.' technolo y specific mechanisms. =. The service authorisation information of the activated services is updated to P:Gs if necessary. . deactivation of service may be initiated if the subscriber lost the authori!ation of the activated service. A. The filterin policy information of the activated services is updated to <.G if necessary. 'OT2F The de?re istration may be initiated by the 3GPP ... "erver to the >"" as necessary- i.e.- the 3GPP ... "erver determines that the <5.' 32 is unable to access any service upon the updated authori!ation.
3GPP
$elease %%
(0
1i#ure /'-2 =ancellation of WLAN $e#istration Procedure ,. The 3GPP subscribers <5.' subscription is cancelled in >"". *. >"" cancels subscribers <5.' re istration in the 3GPP ... "erver by <( reference point procedure K1ancel <5.' /e istrationK. &n the messa es subscriber is identified by his permanent identity. 3. &f the subscriber$s <5.' access connection still e(ists- <a reference point procedure K"ession .bortK procedure is e(ecuted towards <5.'. ;. &f the radio connection still e(ists- <5.' disconnects the radio interface connection by <5.' technolo y specific mechanisms. =. &f the subscriber$s tunnel connection with one or several P:G(s) e(ists- the 3GPP ... "erverEPro(y informs the P:G(s) over the <m reference point- to remove the tunnel related information and resource. A. &f accountin has been started in the 2(ternal ... "erver- then the P:G initiates K.ccountin "topK procedure to the 2(ternal ... "erver. 8. The filters- which were deployed to <.G for the tunnel(s) durin the tunnel establishment- are removed.
3GPP
$elease %%
(,
,."ession termination event tri ered *. <a K"ession TerminationK procedure <.G P:G 2(ternal ... "erver
3. /elease tunnel resource and information in P:G (if needed) ;. "top accountin (if needed) =. /emove the filters in the <.G (if needed) A. 3GPP ... server decides to remove the <5.' 32s state and initiates <( KPur eK.
1i#ure /'.2 WLAN initiated disconnection procedure ,. <5.' detects that a "ession related to a <5.' 32 should be terminated towards the 3GPP ... "erver- e. . when the <5.' 32 has disappeared from <5.' covera e. *. <5.' initiates <a "ession Termination procedure towards 3GPP ... "erver. 3. &f the subscriber has a tunnel connection with one or more P:Gs- and the 3GPP ... "erverEPro(y needs to remove the connections- it informs the P:G(s) over the <m reference point to remove the tunnel related information and resource. ;. &f accountin has been started in the 2(ternal ... "erver- then the P:G initiates K.ccountin "topK procedure to the 2(ternal ... "erver. =. The filters- which were deployed to <.G for the tunnel(s) durin the tunnel establishment- are removed. A. &n case when the 3GPP ... "erver decides to remove the <5.' 32s state from the 3GPP ... "erver- the 3GPP ... "erver notifies >"" usin <( procedure KPur eK that the <5.' re istration in the 3GPP ... "erver has been cancelled. >"" removes the state related to that 3GPP ... "erver- e. .- the address of the servin 3GPP ... "erver for the identified subscriber.
3GPP
$elease %%
-*
,. 3ser is online char ed *.Online credit re@uest denied by O1" 3.<a K"ession .bortK procedure ;. :isconnection of the <5.' radio interface connection
<.G
P:G
=. /elease tunnel resource and information in P:G (if needed) A. "top accountin 8. /emove the filters in the <.G (if needed) 9.<( Kpur eK (if needed)
1i#ure /'/2 The >=S initiated WLAN AN access disconnection procedure This section applies to the case when an online char ed user runs out of credit and is totally disconnected from <5.'. ,. . subscriber is online char ed by 3GPP ... "erver for <5.' access. *. The O1" (Online 1har in "ystem) denies credit re@uest from the 3GPP ... "erver for <5.' access. The possibly already retrieved online credit runs out. 3. To disconnect the subscriber$s connection- <a reference point procedure K"ession .bortK procedure is e(ecuted towards the <5.' .'. ;. The <5.' .' disconnects the radio interface connection by <5.' technolo y specific mechanisms. =. &f the subscriber$s tunnel connection with one or several P:G(s) e(ists- the 3GPP ... "erverEPro(y informs the P:G(s) over the <m reference point- to remove the tunnel related information and resource. A. &f accountin has been started in the 2(ternal ... "erver- then the P:G initiates K.ccountin "topK procedure to the 2(ternal ... "erver. 8. &f filters were deployed to <.G for the tunnel(s) durin the tunnel establishment- then they are removed. 9. &f no <( KPur eK procedure was already initiated in step 3- then the 3GPP ... "erver notifies >"" that <5.' re istration in the 3GPP ... "erver has been cancelled- by means of <( procedure KPur eK
3GPP
$elease %%
-%
3. <5.' .' .ccess :isconnection (if needed) ;.<( Kpur eK (if needed)
1i#ure /'0a2 The >=S initiated tunnel disconnection procedure This section applies to the case when the tunnels of an online char ed user are disconnected due to the lac# of credits. ,. The Online 1har in "ystem (O1") denies the credit re@uest from the P:G. The possibly already retrieved online credit runs out. *. The P:G disconnects the tunnels that re@uire new credits usin the networ# initiated tunnel disconnection procedure (clause 8.,+.*). The tunnels that do not re@uire new credits (e. .- the tunnels usin free of char e <? .P's) will not be disconnected. 3 &f all tunnels of the subscriber have been disconnected in the previous step then the 3GPP ... "erver may decide to totally disconnect the subscriber by performin K"ession .bortK towards the <5.' .' (i.e. step 3 and ; of clause 8.A.,). ;. &f the subscriber is disconnected from the <5.' .' in step 3 and no <( KPur eK procedure was already initiated- then the 3GPP ... "erver notifies >"" that <5.' re istration in the 3GPP ... "erver has been cancelled- by means of <( procedure KPur eK.
3GPP
$elease %%
-&
1i#ure /'02 =har#in# Procedure for >ffline =har#ed Su;scri;ers ,. The <5.' user is authenticated and authori!ed for <5.' access. 3ser profile is downloaded into 3GPP ... "erver. Part of the profile is information that the user is to be offline char ed. *. The <5.' .' collects char in data related to access or services locally consumed. 3. The <5.' .' periodically forwards collected char in information to the 3GPP ... "erver over <a reference point. <hile roamin - the 3GPP ... Pro(y in BP5M' then relays this information to BP5M'$s offline char in system over <f interface and to the 3GPP ... "erver in >P5M' over <d interface. ;. This step only happens in roamin case as shown in fi ure A.*aF /oamin reference model ? 3GPP P" based services provided via the 3GPP >ome 'etwor#. &n this case the <.G in BP5M' periodically sends char in information to the 3GPP ... Pro(y in BP5M' over < reference point. The 3GPP ... Pro(y in BP5M' then relays this information to BP5M'$s offline char in system over <f interface. =. &n case 32 establishes &Psec Tunnel with P:G. The P:G periodically sends char in information to the 3GPP Offline char in system over <! reference point.
3GPP
$elease %%
-3
A. The 3GPP ... "erver forwards char in information to the >P5M'$s Offline 1har in "ystem over the <f reference point. 'OT2F &n visited networ# the 3GPP ... Pro(y may also periodically report the usa e of resources to the local Offline 1har in "ystem over the <f reference point.
*. 3GPP ...server re@uests creditfromO1" over<oreferencepoint as a partofauthorisation 3. 1redit is returned as time orvolume@uota
;. Duota is reported to <5.' .' as a part of authentication procedure =. <5.' monitors @uotaconsumplion A. <5.' .' issues re? authenticationupon@uota e(haustionandreports the@uota usa e
8. 3GPP ...server re@uests creditfromO1" over<oreferencepoint as a part of re?authorisation 9. 1redit is returned as time orvolume@uota
C. Duota is reported to <5.' .' as a part of re?authentication procedure ,+. 3ser disconnects ,,. <5.' .' reports the used@uota ,*. 3ser accountis credited Edebitedaccordin ly
1i#ure /',2 =har#in# Procedure for >nline =har#ed Su;scri;ers ,. The <5.' user is authenticated and authori!ed for <5.' access. 3ser profile is downloaded into 3GPP ... "erver. Part of the profile is information that the user is to be online char ed.
3GPP
$elease %%
-(
*. The 3GPP ... "erver re@uests online char in credit from the O1". 3. The O1" returns credit as time andEor volume @uota. ;. The allocated @uota is indicated to the <5.' .'. =. The <5.' .' monitors the @uota consumption. A. <hen @uota is almost used- the <5.' .' issues re?authentication messa e over <a reference point. 3sed @uota is indicated in the re@uest. 8. The 3GPP ... "erver re@uests more credit from the O1". 9. The O1" returns credit as time andEor volume @uota. C. The allocated new @uota is indicated to the <5.' .'. ,+. The user disconnects from <5.' .'. ,,. The <5.' .' reports the used @uota to the 3GPP ... "erver over <a reference point. ,*. The user account is debited E credit accordin the usa e information in the final messa e. 'OT2F &n visited networ# the 3GPP ... Pro(y may also periodically report the usa e of resources to the local Online 1har in "ystem over <f reference point. &n home networ# the 3GPP ... "erver may also report the usa e to the Online 1har in "ystem over the <f reference point usin offline char in procedures for statistical or other purposes.
3GPP
$elease %%
--
<5.' 32
<5.' .'
<.G
Bisited P:G
>ome P:G
,. <5.' 32 local &P address allocation and optionally <5.' .ccess .uthentication and .uthori!ation *. <?.P' resolution and tunnel establishment to P:G in Bisited P5M' *., :'" @ueryF *.* 2nd?to?end tunnel establishment
*.3 /etrievin .uthentication and .uthori!ation data *.; 'e(t .uthentication and .uthori!ation if needed
3. <?.P' resolution and tunnel establishment to P:G in >ome P5M' 3., :'" @ueryF 3.* 2nd?to?end tunnel establishment
3.; 'e(t .uthentication and .uthori!ation if needed 3.3 /etrievin .uthentication and .uthori!ation data
1i#ure /'%*2 7?ample messa#e flow to WLAN 67+4nitiated tunnel esta;lishment <hen the user decides that he wants to access a service- the <5.' 32 selects the <?.P' networ# &: associated to the service re@uested by the user. . detailed description of the <?.P' resolution and the <5.' 32?&nitiated Tunnel 2stablishment is iven below. 7or the case of &M" 2mer ency 1alls- a <?.P' shall be used to indicate emer ency access to P" domain. The emer ency call <?.P' defaults to the visitedElocal P:G. *. :ependin on internal confi uration- the <5.' 32 initiates <?.P' resolution and tunnel establishment with a P:G in BP5M'. 'OT2 *F The confi uration of the <5.' 32 re ardin <?.P's can be controlled by e. . 3"&M .pplication Tool#it?based mechanisms. *., <5.' 32 constructs an 7D:' usin the <?.P' 'etwor# &dentifier and BP5M' &: as the Operator &dentifier and performs a :'" @uery to resolve it. The :'" response will contain one or more &P addresses of e@uivalent P:Gs that support the re@uested <?.P' in the BP5M' accordin to standard :'" procedures. &f the BP5M' does not support the <?.P'- then the :'" @uery returns a ne ative response. &n this casethe <5.' 32 continues with step 3.
3GPP
$elease %%
-.
*.* The <5.' 32 selects a P:G from the list received in step *.,. &f the :'" response contains &Pv; and &PvA addresses- the <5.' 32 has to select an address that has the same format as its own local &P address. &f a P:G is finally selected- the establishment of an end?to?end tunnel is performed between the <5.' 32 and this P:G. The <5.' 32 shall include the <?.P' and the user identity in the initial tunnel establishment re@uest. *.3 :urin the tunnel establishment- the P:G contacts the 3GPP ... "erver in the >P5M' via the 3GPP ... Pro(y for authori!ation of the <5.' 32 for the <?.P' bein re@uested by the <5.' 32 and to retrieve the information re@uired for the mutual authentication part of the tunnel establishment. The authori!ed 3GPP <5.' Do" profile shall be sent to the P:G if Do" mechanisms are applied. .s a result of successful mutual authentication the 3GPP ... "erver re isters itself at the >"" (<5.' re istration procedure). This action may be omitted- if the 3GPP ... "erver is already re istered at the >"". The 3GPP ... "erver shall be able to chec# that the user re@uestin the tunnel establishment has been already successfully <5.' .ccess .uthori!ed. 0ased on operator policy it shall be possible to turn this chec# on and off. The chec# may be based on the user$s subscription data- e. . the user$s subscribed services. &f the chec# is not successful- the tunnel establishment re@uest is rejected. &f the <5.' 32 is not allowed to use a visited?P:G to access the iven <?.P'- the 3GPP ... "erver shall send a rejection messa e to the P:G and then the tunnel establishment shall be rejected by the P:G. The 3GPP ... "erver shall provide P:G with the subscribed 1har in 1haracteristics or <?.P' 1har in 1haracteristics. &f it is not possible to establish the tunnel with any of the P:Gs received from step*.,- or the tunnel establishment failure reason is that the <5.' 32 is not allowed to use a visited?P:G to access the iven <?.P'- then the <5.' 32 continues with step 3. Otherwise- the visited P:G shall dynamically assi n a remote &P address for the <5.' 32 or shall re@uest it from an e(ternal &P networ# usin standard mechanisms (such as :>1P- /adius). 'OT2 3F The access to emer ency <?.P' shall not re@uire any subscription. Tunnel establishment towards the local emer ency <?.P' shall not be rejected based on chec# of user$s subscribed services or that user is not allowed to use a P:G from the visited networ#. >owever- authori!ation procedures may be used on <m to re ister the P:G at the 3GPP ... "erver as servin the user for the emer ency <?.P'. *.; &f the specified <?.P' re@uires the ne(t authentication and authori!ation with the 2(ternal ... "erver- the P:G initiates the ne(t authentication and authori!ation with the 2(ternal ... "erver after the successful authentication and authorisation in step *.3. The .ccountin start messa e is sent to the 2(ternal ... "erver if the specified <?.P' re@uires. *.= :urin the tunnel establishment procedure- the P:G and the <.G e(chan e information via the 3GPP ... Pro(y in order to establish a filterin policy to allow the forwardin of tunnelled pac#ets to the P:G. The 3GPP ... Pro(y re@uests the <.G to apply filterin policy based on information obtained from the P:G. The 3GPP ... Pro(y decides which filterin policy could be applied by the <.G accordin to local information (e. . based on number of users- <.G capabilities- roamin a reement policy- etc). The P:G binds the remote &P address with the local &P address of the <5.' 32. The remote &P address is communicated to the <5.' 32. 3. :ependin on internal confi uration- or due to the failure of step *., or *.3- the <5.' 32 initiates <?.P' resolution and tunnel establishment with a P:G in >P5M'. 3., <5.' 32 constructs an 7D:' usin <?.P' 'etwor# &dentifier and the >P5M' &: as the Operator &dentifier- and performs a :'" @uery to resolve it. The :'" response will contain one or more &P addresses of e@uivalent P:Gs that support the re@uested <?.P' in the >P5M' accordin to standard :'" procedures. 3.* The <5.' 32 selects a P:G from the list received in step 3.,. &f the :'" response contains &Pv; and &PvA addresses- the <5.' 32 has to select an address that has the same format as its own local &P address. &f a P:G is finally selected- establishment of an end?to?end tunnel is performed between the <5.' 32 and this P:G. The <5.' 32 shall include the <?.P' and the user identity in the initial tunnel establishment re@uest. 3.3 :urin the tunnel establishment- the P:G contacts the 3GPP ... "erver in the >P5M' for authori!ation of the <5.' 32 for the <?.P' bein re@uested by the <5.' 32 and to retrieve the information re@uired for the mutual authentication part of tunnel establishment. The authori!ed 3GPP <5.' Do" profile shall be sent to the P:G if Do" mechanisms are applied. .s a result of successful mutual authentication the 3GPP ... "erver re isters itself at the >"" (<5.' re istration procedure). This action may be omitted- if the 3GPP ... "erver is already re istered at the >"". The 3GPP ... "erver shall be able to chec# that the
3GPP
$elease %%
-/
user re@uestin the tunnel establishment has been already <5.' .ccess .uthori!ed. 0ased on operator policy it shall be possible to turn this chec# on and off. The chec# may be based on the user$s subscription data- e. . the user$s subscribed services. &f the chec# is not successful- the tunnel establishment re@uest is rejected. &f the <5.' 32 is not allowed to use a >ome P:G to access the iven <?.P' accordin to his subscription- the 3GPP ... "erver shall send a rejection messa e to the P:G and then the tunnel establishment shall be rejected by the >ome P:G. The 3GPP ... "erver shall provide the P:G with the <5.' 32$s remote &P address- received from the >""- when static remote &P address allocation is used. Otherwise the home P:G shall dynamically assi n a remote &P address for the <5.' 32 or shall re@uest it from an e(ternal &P networ# usin standard mechanisms (such as :>1P- /adius) The 3GPP ... "erver shall provide P:G with the subscribed 1har in 1haracteristics or <?.P' 1har in 1haracteristics. 3.; &f the specified <?.P' re@uires the ne(t authentication and authori!ation with the 2(ternal ... "erver- the P:G initiates the ne(t authentication and authori!ation with the 2(ternal ... "erver after the successful authentication and authorisation in step 3.3. The .ccountin start messa e is sent to the 2(ternal ... "erver if the specified <?.P' re@uires. 3.= :urin the tunnel establishment- the P:G and the <.G e(chan e information via the 3GPP ... "erver and 3GPP ... Pro(y in order to establish a filterin policy to allow the forwardin of tunnelled pac#ets to the P:G. The 3GPP ... "erver re@uests to the <.G to apply filterin policy based on information obtained from the P:G. The 3GPP ... "erver decides which filterin policy could be applied by the <.G accordin to local information (e. . based on number of user- <.G capabilities- roamin a reement policyetc). The applied filterin policy is communicated to the >ome?P:G. The P:G binds the remote &P address with the local &P address of the <5.' 32. The remote &P address is communicated to the <5.' 32.
2.9.1 Void
3GPP
$elease %%
-0
? ? ?
'ormal service termination resultin from an end user re@uestin termination of the end?to?end tunnel connection usin tunnel control si nallin or deletion of the &P bearers associated with a service"ervice termination resultin from networ# operator intervention5oss of radio connections which are used to transport the tunnel si nallin .
The tunnel disconnection messa e e(chan es between the <5.' 32 and the P:G are performed basin on the specific tunnel control si nallin protocol. The <5.' 32 and the P:G release the control information associated with the tunnel durin the e(chan e- and the P:G should send a tunnel release report to the 3GPP ... "erver to update the correspondin subscriber$s service connection information and status in the 3GPP ... "erver- e. . the serviceEtunnel connection activation info- the allocated &P address- etc. The filterin policy information applied on the <.G should also be removed. if necessary.
=. "top accountin (if needed) Aa. "ervice infoE status update Ab. 7ilterin policy remove from <.G
1i#ure /'%&2 WLAN 67 initiated tunnel disconnection ,. The <5.' 32 determine to release the tunnel- e. . due to the normal service termination operation. *. The <5.' 32 send a /elease tunnel re@uest to the P:G. 3. 3pon receivin the /elease tunnel re@uest- the P:G sends a /elease ac#nowled ement to the <5.' 32releases the resources and the associated control information of the tunnel- and sends a Tunnel disconnection report to the 3GPP ... "erver. ;. 3pon receivin the /elease ac#nowled ement- the <5.' 32 releases the resources and the control information of the tunnel. =. &f accountin has been started in the 2(ternal ... "erver- then the P:G initiates K.ccountin "topK procedure to the 2(ternal ... "erver. A. 3pon receivin the Tunnel disconnection report- the 3GPP ... "erver updates the related service information andEor status of the subscriberG and removes the filterin policy related to the disconnected tunnel from <.G if necessary.
3GPP
$elease %%
-,
,. The P:G determine to release the tunnel *. /elease tunnel /e@ 3. /elease the tunnel resource and info 3. /elease .c# ;. /elease the tunnel resource and info 2(ternal ... "erver
=. "top accountin (if needed) Aa. "ervice infoE status update Ab. 7ilterin policy remove from <.G
1i#ure /'%32 The networ initiated tunnel disconnection ,. The P:G determines to release the tunnel- e. . due to timeout of the tunnel connection or a re@uest from the 3GPP ... "erver- or due to a networ# initiated normal service termination or a service termination resultin from networ# operator intervention. *. The P:G sends a /elease tunnel re@uest to the <5.' 32. 3. 3pon receivin the /elease tunnel re@uest- the <5.' 32 releases the resources and the associated control information of the tunnel- and sends the /elease ac#nowled ement to the P:G. ;. 3pon receivin the release ac#nowled ement- the P:G releases the resources- the associated control information of the tunnel- and the related service authori!ation informationG and sends a Tunnel disconnection report to the 3GPP ... "erver. =. &f accountin has been started in the 2(ternal ... "erver- then the P:G initiates K.ccountin "topK procedure to the 2(ternal ... "erver. A. 3pon receivin the Tunnel disconnection report- the 3GPP ... "erver updates the related service information andEor status of the subscriberG and removes the filterin policy related to the disconnected tunnel from <.G if necessary.
3GPP
$elease %%
.*
(is onne tion of t!e #$A% radio onne tion 3pon receivin a <5.' radio disconnection re@uest (e. .- :isassociation in case of &2229+*.,, <5.' .') from the <5.' 32 with the <5.' access connection- the <5.' .' should perform the Kdisconnectin a subscriber by <5.' .'K (section 8.=) durin or after the <5.' radio disconnection- with or without confirm messa e to the <5.' 32. (is onne tion of t!e #$A% /P onne tivit6 The 32 initiated disconnection of the <5.' &P connectivity is usually performed before the disconnection of the <5.' radio connection and after the disconnection of the 3GPP P" access tunnels. >owever the <5.' 32 may initiate a <5.' &P connectivity disconnection before the 3GPP P" access tunnels are disconnected. This will tri er the tunnel disconnection procedure specified in section 8.,+.*. &f the <5.' 32 initiates a disconnection of the <5.' &P connectivityF ,. The <5.' 32 may initiate a disassociation after the disconnection procedure. *. The <5.' .' stops the connection under the re@uest of the <5.' 32- e. . close the opened port to the <5.' 32. 3. The <5.' .' should perform the Kdisconnectin a subscriber by <5.' .'K durin or after the disconnection of <5.' access connection. The <5.' .' should initiate an authentication or a disconnection of <5.' radio connection with this <5.' 32- if the <5.' 32 #eeps the <5.' radio connection without subse@uent indication or re@uests in a certain period of time. =!e 31PP P) A ess t"nnel dis onne tion The 32 initiated tunnel disconnection is usually performed before the disconnection of <5.' &P connectivity and the disconnection of the <5.' radio connection. >owever- the <5.' 32 may directly initiate a disconnection of the <5.' radio connection as a fast disconnection option when tunnel connections with P:G e(ist. This will tri er the tunnel disconnection procedure specified in section 8.,+.*.
3GPP
$elease %%
.%
0y sendin the :w?operation :<R"57RD32/N the 3GPP ... "erver indicates a user identity of which it is loo#in for an >"". 0y the :w?operation :<R"57R/2"P- the "57 responds with the >"" address. The 3GPP ... "erver may optionally store the >"" address for a iven subscriber so subse@uent @ueries to the "57 are not needed. "ubclause 8.,*.* presents an e(ample of the session flow when the 3GPP ... "erver needs to @uery the "57.
1i#ure /'%(2 9uery throu#h SL1 ,. 3GPP ... "erver detects that it re@uires the user profile- the re istration or new authentication vectors for a iven 3GPP subscriber- so has to @uery for the location of the user$s subscription data. The 3GPP ... "erver sends a :<R"57RD32/N to the "57 and includes as parameter the user identity of the subscriber. *. The "57 loo#s up its database for the @ueried user identity. 3. The "57 answers with the >"" address in which the user$s subscription data can be found. ;. The 3GPP ... "erver can proceed by @ueryin the appropriate >"" by <( protocol.
3GPP
$elease %%
.&
<5.' 32
<5.' .'
<.G
P:G
>""
,.2nternal ... "erver initiates tunnel disconnection *. P:G initated tunnel disconnection
3. <5.' .' .ccess :isconnection (if needed) ;.<( Kpur eK (if needed)
1i#ure /'%-2 The 7?ternal AAA Server initiated tunnel disconnection procedure This section applies to the case when the tunnel disconnection is initiated by the 2(ternal ... "erver. ,. "ome &P applications- for e(ample- the authori!ation of usa e of the <?.P' e(pired- could need to interwor# with the P:G to terminate a particular session. 7or this purpose- the 2(ternal ... "erver may initiate the tunnel disconnection. *. The P:G disconnects the tunnels usin the networ# initiated tunnel disconnection procedure (clause 8.,+.*). 3 &f all tunnels of the subscriber have been disconnected in the previous step then the 3GPP ... "erver may decide to totally disconnect the subscriber by performin K"ession .bortK towards the <5.' .' (i.e. steps 3 and ; of clause 8.A.,). ;. &f the subscriber is disconnected from the <5.' .' in step 3 and no <( KPur eK procedure was already initiated- then the 3GPP ... "erver notifies >"" that <5.' re istration in the 3GPP ... "erver has been cancelled- by means of <( procedure KPur eK.
3GPP
$elease %%
.3
3GPP
$elease %%
.(
3GPP
$elease %%
.-
Anne1 . (in4or8ati9e)/ Po''i,)e inter or!in" ar(+ite(t&re' ,et een :LAN AN and PLMN ..1 :LAN '+ared ,7 (or (onne(ted to) 8&)ti*)e ;SP' and PLMN'
This is typically when a <5.' .' is owned by an independent entity such as a hotel and the owner allows subscribers of &"Ps to use their <5.' .' by usin the &"P networ#. >owever- <5.' .' owned by an &"P or a P5M' may also allow other &"PEP5M' subscribers to use the <5.' in a similar way. &n this situation- the <5.' .' may be connected to multiple &"Ps and P5M's in the layer * for <5.' 3GPP &P .ccess as shown in 7i ure 1.,.,. .nother solution usin :'" and '.T is described in 1.*.3. To this end- B5.' or other layer * tunnellin capabilities may be implemented in .Ps or access controller in <5.' .' in order to separate traffic of different networ#s. The interface between the <5.' .' and the P5M' may be a 5ayer * tunnel- such as B5.'- Martini- or BP5"- etc. The <.G ta#es the role of the access router of the <5.' .'. This enables end to end tunnellin for <5.' 3GPP &P .ccess- even when the &P address of the P:G is not routable on the &nternet. The local &P address of a <5.' 32- when usin <5.' 3GPP &P .ccess- belon s to the P5M'$s &P address space. "o- all the pac#ets to a <5.' 32 shall pass throu h the P5M'.
1i#ure ='%'%2 Wn 4nterface when WLAN is connected to multiple 4SPs and PL3Ns
..2
%o&tin" *a(!et' 4ro8 :LAN UE +en :LAN AN i' (onne(ted to 8&)ti*)e VPLMN'3;SP' and it *ro9ide' dire(t ;nternet a((e''
3GPP
$elease %%
..
Therefore- for each BP5M' there must be a separate (lo ical) router in the <5.' .' which has a connection to that BP5M' and also to the &nternet (noteF this is a $lo ical$ router H it doesn$t represent a restriction on <5.' .'$s physical architecture). This router will receive all the traffic from <5.' 32s that are authenticated throu h that BP5M'. <e call this the K<5.' .' 0order /outer for BP5M' LK. Barious techni@ues could be used to ensure that all the <5.' 32s traffic is sent to the correct (lo ical) routerincludin F ? B5.'s . separate B5.' is defined for each BP5M'. The <5.' .' 0order /outer for a iven BP5M' is only accessible from that BP5M'$s B5.'. .ppropriate /.:&3" .BPs can be used to place the user onto a particular B5.'. On receivin this instruction- the <5.' .P performs B5.' ta in of all frames from the user. "ince the <5.' .' #nows the identity of the correct BP5M' at initial authenticationEauthorisation timethis instruction can be sent to the .P at this time. .s a result- all traffic from the user will be sent to the correct router. ? 1ompulsory tunnellin "tandard /.:&3" .BPs are used to re@uest the <5.' .P to establish a compulsory tunnel for the <5.' 32s frames towards the correct router. . ain- this can be done at initial authenticationEauthorisation time. Other techni@ues may also e(ist- but since there is no re@uirement for si nallin from BP5M' to <5.' .'- the techni@ue chosen is entirely a matter for the <5.' .' operator.
1onfi uration or advertisement of these addresses into the <5.' .' does not ma#e these addresses routable from the Public &nternet. Only users who are .uthenticated and .uthorised 3GPP <5.' 32s will be able to send pac#ets to the (lo ical) <5.' .' 0order /outer- so only these devices can send pac#ets to the confi uredEadvertised addresses. The above two approaches re@uire that the addresses or prefi(es confi ured or advertised are not also advertised over the public &nternet. This is because althou h an addressEprefi( may be confi uredEadvertised- there may be firewall rules or policies in the BP5M' which prevent pac#ets bein routed over the inter?operator bac#bone to that address. &n that case- pac#ets to that address would be dropped- meanin that any device re?usin that address would not be routable at all from the <5.' 32s. The solution is summarised in the fi ure below (assumin the B5.' option for dealin with multiple BP5M's). 'ote that this is a lo ical view H the e(istence of two 0order /outers with lin#s to the &nternet does not imply two physical elementsElin#s.
3GPP
$elease %%
Tra44i( 4ro8 UE1 *)a(ed onto VLAN2 and ro&ted 9ia A%1, VPLMN1 to t+e 'a8e P6G
./
:LAN AN
)LAN% A%1
VPLMN1
UE1
AP1
)LAN&
;NTE%NET
UE2
<PLMN
AP2 A%1
P6G
VPLMN2
%o&tein" ad9erti'e8ent it+ P6G addre'' or *re4i1 A**)ie' 4ire a)) r&)e'3*o)i(ie' to ,)o(! tra44i( to e.". GSN'
UE3
Tra44i( 4ro8 UE3 *)a(ed onto VLAN2 and ro&ted 9ia A%2, VPLMN2 to t+e 'a8e P6G
1i#ure ='&'%2 Traffic routein# ;ased on the use of )LANs in the WLAN AN
3GPP
$elease %%
:LAN UE
.0
Lo(a) :LAN Na8e Ser9er :AG (Na8e Ser9er3NAT)
AP
6<.P Ser9er
AAA Ser9er
2. VPLMN 'e)e(tion
3. Get ;P addr, )o(a) 6NS 'er9er and de4a&)t ro&ter 4. 6NS re=&e't 4or :-APN -@6N $. -or ard re=&e't to VPLMN na8e 'er9er #. -or ard re=&e't to <PLMN na8e 'er9er
2. %e'o)9e :-APN -@6N ?. %e'*ond it+ addre'' re(ord o4 :-APN 9. .+an"e addre'' in re(ord to an addre'' +o'ted ,7 t+e :AG and 'tore t+i' 8a**in" 10. %e'*ond it+ addre'' re(ord
12. :LAN UE e'ta,)i'+e' t&nne) to addre'' (ontained in addre'' re(ord, +i(+ i' (+an"ed in :AG
1i#ure ='&'&2 :NS controlled reverse NAT procedure ,. <5.' access authentication procedure between <5.' 32 and ... server based on 2.P. *. <5.' 32 retrieves P5M' list from <5.' and selects a preferred BP5M'. 3. <5.' 32 ets transport &P address- local name server (optionally) and default router address via :>1P. ;. <5.' 32 builds <?.P' 7D:' indicatin BP5M' (optionally) and >P5M' and sends :'" re@uest to local name server or directly to the name server in the BP5M'. =. 5ocal name server inspects <?.P' 7D:' and forwards :'" re@uest to BP5M' name server. BP5M' name server is implemented to ether with a KreverseK '.T and probably a 7irewall on the <.G. A. BP5M' name server inspects <?.P' 7D:' and forwards :'" re@uest to >P5M' name server throu h GP/" roamin networ#. 8. >P5M' name server resolves <?.P'. 9. >P5M' name server responds to BP5M' name server with an address record of the <?.P'. C. BP5M' name server (actin as :'" Pro(y) optionally chan es the P:G address contained in the address record to an address of the <.G address space (this address may be a private address) and stores the mappin between the two addresses. The new address must be routable within the <5.' to the <.G. 1han in the addresses may be an option confi urable by the operator. ,+. BP5M' name server responds the address record to local name server. ,,. 5ocal name server responds the address record to <5.' 32.
3GPP
$elease %%
.,
,*. <5.' 32 establishes tunnel to the address contained in the address record. This may be an address hosted by the <.G (otherwise it is the P:G address). This address is chan ed (K'.TtedK) at the <.G to the KrealK P:G address.
..3
This is when a P5M' operator installs its own <5.' .' without any connections to other &"Ps or P5M's. &n this case- <5.' .' can be re arded as an e(tension of the P5M'$s &P networ# and no tunnel is re@uired between <5.' .' and P5M'. The local &P address of a <5.' 32 in <5.' 3GPP &P .ccess belon s to the P5M'$s &P address space.
..4
This is when <5.' .' is solely connected to an &"P$s bac#bone networ#. <5.' .' is re arded as an e(tension of the &"P$s bac#bone networ#. Many le acy <5.' .'s can be cate ori!ed to this case The connectivity between the <5.' .' and the P5M' is in layer 3 throu h the &"P$s bac#bone networ# as shown in fi ure 1.;.,. This #ind of <5.' .' supports <5.' :irect &P .ccess as defined in the T" *3.*3;- i.e. the authenticated <5.' 32 can access the &nternet directly via the &"P. 7or <5.' 3GPP &P .ccess- the local &P address of a <5.' 32 is enerally allocated by the &"P and it belon s to the &"P$s &P address space. <hen P5M' allocates <5.' 32$s local &P address- a layer * tunnel is re@uired. <hen the end to end tunnellin is used between a <5.' 32 and a P:G and the &P address of the P:G is non?routable in the &nternet- an additional means is re@uired for routin the pac#ets to the P:G and to meet the routin enforcement re@uirement. &t is 77" for methods to enable <5.' 3GPP &P .ccess for this #ind of <5.' .'.
&nternet
P5M' &"P bac# born networ# 5ayer * <5.' connection .ccess .ccess router 'etwor#
32
<.G
P:G
<i
&nternet
3GPP
$elease %%
/*
Anne1 6 (nor8ati9e)/ S+ort Me''a"e Ser9i(e 6.1 Ar(+ite(t&re 4or '&**ort o4 SMS
The architecture for support of &P delivery of "M" messa es is specified in T" *3.*+; I3CJ.
6.2
Void
6.3
Void
3GPP
$elease %%
/%
3GPP
$elease %%
/&
Anne1 - (nor8ati9e)/ ;n4or8ation on re-&'in" t+e GGSN to i8*)e8ent t+e P6G 4&n(tion
This anne( does not introduce new normative re@uirements for the P:G.
-.1
;ntrod&(tion
This section provides information on how to re?use e(istin GG"' deployments to implement the P:G functionality via usin a subset of the Gn reference point (denoted here as Gn$). The Gn$ reference point provides means where GP/" mobile operators can reuse e(istin infrastructure and functionality for a user accessin from a <5.' 32. 0y usin this e(istin standardi!ed reference point- interoperability towards the Gateway GP/" "upport 'odes (GG"') is assured. "uch a P:G implementation allows re?use of e(istin GG"' functionality without up radin GG"'s. 7or e(ample- GG"' functions- which are used in this case areF ? ? ? ? 1har in Gateway interfacesG &P address allocationG .uthentication in e(ternal networ#sG "in le access to 3GPP P" domain services.
Traffic Plane 7unctionality in the GG"' for online and offline service data flow char in (&P flow level bearer char in introduced in /el?A- Policy and 1har in 2nforcement 7unction (P127) in /el?8)- may also be re?used. &f Do" mechanisms are applied policy control functionality (e. . service based Do" control or atin ) accordin to T" *3.*+3 I3AJ may be re?used. The followin fi ure depicts a P:G implementation that re?uses GG"' functionality. &t shall be noted that only a subset of the GG"' is reused for this purpose.
:8
:*
P:G
T&nne) Ter8ination Gate a7
GnD
Gi 3 :i
S&,'et o4 GGSN 4&n(tion'
:&
1i#ure 1'%2 P:G implementation re+usin# GGSN functionality The P:G functionality described in this specification may be implemented usin the architecture described above in 7i ure 7.,. &n case this implementation is applied- the TTG and GG"' parts of the P:G shall be in the same P5M'. This type of P:G implementation shall remain transparent to the other functional elements of the networ#.
3GPP
$elease %%
/3
-.2
-.2.1 Genera)
The end?to?end tunnel between the <5.' 32 and the P:G is setup accordin to the procedure described in this specification. &n a confi uration when the Gn$ reference point is used- the end?to?end tunnel setup is terminated by the TTG of the P:G- and the setup of GTP tunnel(s) is tri ered towards the GG"' part of the P:G. The GTP tunnel(s) between the TTG part and the GG"' part of the P:G are established usin the two messa es 1reate P:P 1onte(t /e@uest and 1reate P:P 1onte(t /esponse. . GTP tunnel is identified in each node with a T2&: (Tunnel 2nd?point &dentifier ? an inte er)- an &P address and a 3:P port. The <?.P' provided over the end?to?end tunnel shall be forwarded in the 1reate P:P 1onte(t /e@uest messa e to the GG"' to select the e(ternal networ#. The &M"& of the <5.' 32 shall be forwarded to the GG"' in the 1reate P:P 1onte(t /e@uest messa e. 7or further details on GTP tunnel mana ement please refer to T" *C.+A+ I*9J.
Bne-to-one 8a**in" ,et een ea(+ end-to-end t&nne) and a (orre'*ondin" GTP t&nne)
1i#ure 1'&'&2 3appin# ;etween 7&7 tunnel and a sin#le GTP tunnel
3GPP
$elease %%
/(
G1 P6G TTG
:&
GnD
Gi 3 :i
3GPP PS Ser9i(e'
Bne-to-one 8a**in" ,et een ea(+ end-to-end t&nne) and a (orre'*ondin" GTP t&nne)
1i#ure 1'&'3'%2 3appin# ;etween 7&7 tunnel and a sin#le GTP tunnel
The end?to?end tunnel is released by the TTG when the last active GTP tunnel to the GG"' is released. &n the :5 direction the correct GTP tunnel is selected based on the active predefined P11 rules.
G1 P6G TTG P6G GnD 6<.P 6<.P %adi&' %adi&'
3GPP 3GPPPS Ser9i(e' Ser9i(e PS '
:&
Gi 3 :i
Bne to 'e9era) 8a**in" ,et een ea(+ end-to-end t&nne) and one *ri8ar7 and 'e9era) 'e(ondar7 GTP t&nne)'
1i#ure 1'&'3'&2 3appin# ;etween 7&7 tunnel and one primary and several secondary GTP tunnel!s"
-.3
GnC (on'ideration'
2ditor$s noteF The Gn$ procedures shall comprise a subset of the Gn reference point procedures. There shall be no enhancements to Gn applied.
3GPP
$elease %%
/-
-.3.0 Genera)
. minimum set of interwor#in procedures over the Gn$ reference point would include the followin messa es from the Gn reference point messa es and procedures specified in T" *C.+A+ I*9JF ? ? ? ? ? ? 1reate P:P 1onte(t /e@uest E /esponseG 3pdate P:P 1onte(t /e@uest E /esponseG :elete P:P 1onte(t /e@uest E /esponseG 2rror &ndicationG Bersion 'ot "upportedG GTP Payload 7orwardin .
The TTG must be provided with information- e. . M11 and M'1 of the BP5M'- needed to include the /.& &nformation 2lement within the messa in to the GG"' to enable simple position based billin and to enable the >P5M' to restrict certain content to those countries dependin on that country$s le al re@uirements. The assi nment of the remote &P address should be done from a pool of &P address belon in to the GG"'E/.:&3" server or at least Kaddress ran e coordinatedK with those to enable correct routin on Gi. The 2nd?user?address &2 must be provided in the 1reate P:P 1onte(t /e@uest. &f address assi nment is done by the GG"'E/.:&3"- the &2 shall be empty in the re@uest messa e (indicatin dynamic address assi nment by GG"'E/.:&3")- which ma#es the GG"'E/.:&3" assi n and return an &P address in the /esponse messa e. The '".P& value to be provided over the Gn$ reference point is allocated in the TTG- see subclause 7.=. &f a certain char in profile should be applied in GG"' the 1har in 1haracteristics &2 may be included. &n that case this information needs to be available in the TTG. The 1har in 1haracteristics may be used to ive special char in for <5.' in the GG"'. The 1har in 1haracteristic is defined per subscriber and is stored in >5/. 7or GP/" the 1har in 1haracteristic is sent to "G"' at attach and is forwarded to GG"' at P:P conte(t creation. 7or <5.' interwor#in - the TTG may for e(ample et this information from >5/ via the 3GPP ... "erver.
3GPP
$elease %%
/.
WLAN Access Authentication and Authorication and WLAN UE local IP address allocation
DNS
uer! 1. E2E Tunnel establishment request 2. "etrie#in$ authentication and authori%ation data &. 'reate PDP conte(t request
&. 'reate PDP conte(t res,onse ). E2E Tunnel establishment ac* +. A,,l! ,ac*et -ilter ,olic! to the WA. /. 0,tionall! -urther secondar! PDP conte(ts are set u,
1i#ure 1'3'%2 Tunnel esta;lishment procedure ,) The 32 performs a :'" @uery to resolve the <?.P' and sends 2*2 tunnel establishment re@uest (<?.P'user identity) to the TTG (see subclause 8.C). *) The TTG contacts the 3GPP ... "erver in the >P5M' possibly via the ... pro(y for authori!ation and authentication of the <5.' 32 (see subclause 8.C). .dditionally- the TTG retrieves the &M"&- M"&":'- and servin networ# identity from the ... server. 3) The TTG performs P:P 1onte(t .ctivation procedure towards the GG"' by usin 1reate P:P 1onte(t /e@uest messa e and 1reate P:P 1onte(t /esponse messa e (see T" *3.+A+ I8J). ;) The TTG returns 2*2 tunnel establishment ac#nowled ement (remote &P address) to the <5.' 32. =) The TTG provides filterin information to the <.G (see subclause 8.C). A) &f policy control functionality in the GG"' is re?used accordin to clause 7.*.3.* further secondary P:P conte(ts are established.
3GPP
$elease %%
//
1. "elease tunnel request 2. Delete PDP conte(t request 2. Delete PDP conte(t res,onse &. "elease ac* &. Tunnel disconnection re,ort
1i#ure 1'3'&'%2 67 initiated tunnel disconnection procedure ,) The <5.' 32 determines to release the tunnel and sends a /elease tunnel re@uest to the TTG (see subclause 8.,+.,). *) 3pon receivin the /elease tunnel re@uest- the TTG performs P:P 1onte(t :eactivation procedure for the primary and possibly established secondary P:P conte(ts towards the GG"' by usin :elete P:P 1onte(t /e@uest messa e and :elete P:P 1onte(t /esponse messa e (see T" *3.+A+ I8J). 3) The TTG sends a /elease ac#nowled ement to the <5.' 32 and Tunnel disconnection report to the 3GPP ... server (see subclause 8.,+.,). ;) 3pon receivin the Tunnel disconnection report- the 3GPP ... server removes the filterin policy from the <.G (see subclause 8.,+.,).
3GPP
$elease %%
/0
2. "elease ac* 2. Delete PDP conte(t res,onse &. Tunnel disconnection re,ort
1i#ure 1'3'&'&2 Networ initiated tunnel disconnection procedure ,) The GG"' determines to release the last active GTP tunnel and sends :elete P:P 1onte(t /e@uest messa e towards the TTG (see T" *3.+A+ I8J). The TTG then sends a /elease tunnel re@uest to the <5.' 32 (see subclause 8.,+.*). *) 3pon receivin the /elease tunnel re@uest- the <5.' 32 sends a /elease ac#nowled ement to the TTG (see subclause 8.,+.*). The TTG sends a :elete P:P 1onte(t /esponse messa e to the GG"' (see T" *3.+A+ I8J). 3) The TTG sends a Tunnel disconnection report to the 3GPP ... server (see subclause 8.,+.*). ;) 3pon receivin the Tunnel disconnection report- the 3GPP ... server removes the filterin policy from the <.G (see subclause 8.,+.*). 'OT2F 'etwor# initiated tunnel disconnection procedure may also be tri ered by the TTG (e. . re@uest from ... server).
-.4
Void
3GPP
$elease %%
/,
The TTG shall reject a tunnel establishment re@uest if all available '".P& values for this user in this GG"' have already been allocated. >owever- the TTG should not e(plicitly indicate the e(haustion of the '".P& values to the 32 in such a case. 'OT2F The mechanism above implies that it may not be possible to deploy distinct TTGs providin service for a sin le user for <?.P's which are then served from the same GG"'s. 7or a iven user- all tunnels towards <?.P's served from the same GG"'s should be directed to the same TTGG the method by which this will be done is 77".
3GPP
$elease %%
0*
Anne1 G/ Void
3GPP
$elease %%
0%
&222 9+*.,, <5.' .'s <i?7iTM .lliance$s <MM uidelines provide a mappin from &222 9+*.,,e Do" priority cate ories to 9+*.,: priority levels. This mechanism is shown in 7i ure >.,. "ee .nne( > for further details on these specifications.
A4$
Assi#nin# different priorities to pac ets from different Aueues for transmission over the air
1i#ure 5'%2 9oS 3appin# Once the Do" provisionin has been accomplished durin the authentication phase- based on the information included in Table , and Table * of .nne( >- it is possible to map different types of traffic from the home networ# to :iff"erv 1ode Points (:"1Ps) and then onwards to &222 9+*.,,e classes and &222 9+*.,: ta s in the <5.' .'. "imilarly the <5.' 32 can appropriately mar# the traffic in the reverse direction. The provisioned <5.' Do" profile may include for e(ample information on bandwidth and ma(imum :"1P allowed for the user. The point of enforcement of bandwidth and ma(imum :"1P policies within the 3GPP system is the P:G. The <5.' .ccess Gateway in the <5.' .' can implement similar enforcement. The entities responsible for proper :"1P mar#in are the end points of the tunnel (namely the <5.' 32 and the P:G). &f there is an inconsistent mar#in of Do" re@uest from the <5.' 32 between layer * and layer 3 (for fraudulent reasons or due to error)- the inconsistency is resolved in the favour of layer 3 mar#in . once the pac#et enters the 3GPP system.
3GPP
$elease %%
0&
<.2
<MM defined by <i?7iTM .lliance- is a profile based on &222 9+*.,,e draft specifications. <MM provides support for multimedia applications by definin four access cate ories derived from 9+*.,: specifications. These access cate ories as shown in the followin table >.,- map to priority levels in 9+*.,: specifications of &222. Ta;le 5'%2 3appin# of W33 access cate#ories and 0*&'%d ta#s
Access =ate#ory :MM Voi(e Priorit7 :MM Video Priorit7 :MM Ae't E44ort Priorit7 :MM Aa(!"ro&nd Priorit7 0*&'%d Ta#s 2,# $,4 0,3 2,1
<.3
The &222 9+*.,: specification is the &222 standard for brid es that also addresses how to prioritise different classes of user traffic at layer *. "ection A.; of 9+*.,: specifications provide the followin definition of user priorityF
!T"#
The default user_priority value is 0. $alues % through 7 form an ordered sequence of user_priorities& 'ith % being the lo'est value and 7 the highest. (ee 7.7.) and *nne+ G ,informative- for further e+planation of the use of user_priority values."
.nne( > in 9+*.,: specifications provide traffic class mappin as shown in the followin table >.*F Ta;le 5'&2 Traffic class mappin# accordin# to the num;er of Aueues
Num;er of Aueues in the system 1 2 3 4 Types@classes of traffic supported ;y the Aueues EAe't E44ort, E1(e))ent e44ort, Aa(!"ro&nd, Voi(e, .ontro))ed Load, Video, Net or! .ontro)F EAe't E44ort, E1(e))ent e44ort, Aa(!"ro&ndF EVoi(e, .ontro))ed Load, Video, Net or! .ontro)F EAe't E44ort, E1(e))ent e44ort, Aa(!"ro&ndF E.ontro))ed Load, VideoF EVoi(e, Net or! .ontro)F EAa(!"ro&ndF EAe't E44ort, E1(e))ent e44ortF E.ontro))ed Load, VideoF EVoi(e, Net or! .ontro)F EAa(!"ro&ndF EAe't E44ort, E1(e))ent e44ortF E.ontro))ed LoadF EVideoF EVoi(e, Net or! .ontro)F EAa(!"ro&ndF EAe't E44ortF EE1(e))ent e44ortF E.ontro))ed LoadF EVideoF EVoi(e, Net or! .ontro)F EAa(!"ro&ndF EAe't E44ortF EE1(e))ent e44ortF E.ontro))ed LoadF EVideoF EVoi(eF ENet or! .ontro)F
3GPP
$elease %%
03
<.4
G"M.$s &/2G 3; is a specification for the G/L. &t also describes how :iff"erv$s bits are interpreted by the inter P5M' bac#bone (G/L). Table >.3 shows this mappin .
3GPP 9oS 4nformation Traffic =lass =onversational Streamin# 4nteractive T5P N3A N3A 1 2 Cac #round 3 N3A
:iffserv P5C
:S=P
9oS $eAuirement on G$B 3a? :elay 3a? Ditter $8' $8' N3A N3A N3A N3A Pac et Loss 0.$G 0.$G 0.1G 0.1G 0.1G 0.1G S:6 7rror $atio 10-# 10-# 10-? 10-? 10-? 10-?
Service 7?ample
Vo;P, Video .on4eren(in" A&dio3Video Strea8in" Tran'a(tiona) Ser9i(e' :e, Aro 'in" Te)net E-8ai) 6o n)oad
3GPP
$elease %%
0(
SP-0#0$29 01#0 SP-0#0?32 01#2 SP-020099 01#$ SP-020?0$ 01## SP-0?0390 0121 -
3GPP