Wireless Data Roaming Network Requirements and Implementation

CDG Document 79 Version 1.1 3 May 2005

CDMA Development Group 575 Anton Boulevard, Suite 560 Costa Mesa, California 92626 PHONE +1 888 800-CDMA +1 714 545-5211 FAX +1 714 545-4601 http://www.cdg.org cdg@cdg.org

Notice
Each CDG member acknowledges that CDG does not review the disclosures or contributions of any CDG member nor does CDG verify the status of the ownership of any of the intellectual property rights associated with any such disclosures or contributions. Accordingly, each CDG member should consider all disclosures and contributions as being made solely on an as-is basis. If any CDG member makes any use of any disclosure or contribution, then such use is at such CDG member's sole risk. Each CDG member agrees that CDG shall not be liable to any person or entity (including any CDG member) arising out of any use of any disclosure or contribution, including any liability arising out of infringement of intellectual property rights.

Contents
1. Overview ..................................................................................................................................... 1 1.1 Introduction......................................................................................................................... 1 1.2 Acronyms and Abbreviations ............................................................................................. 1 2. Service Types ............................................................................................................................. 4 2.1 Server-Based Applications................................................................................................. 4 2.2 Internet Access Service ..................................................................................................... 4 2.2.1 Legacy Internet Access ....................................................................................... 4 2.3 Corporate VPN Access ...................................................................................................... 5 3. General Recommendations ...................................................................................................... 6 3.1 Call Flow............................................................................................................................. 6 3.2 Authentication and Accounting........................................................................................... 6 3.3 Public IP Address Assignment ........................................................................................... 7 3.4 VPN Connections ............................................................................................................... 8 4. Network Recommendations...................................................................................................... 9 4.1 Simple IP ............................................................................................................................ 9 4.2 Mobile IP .......................................................................................................................... 11 4.3 L2TP................................................................................................................................. 13

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

19

Ref Doc 79, Ver 1.1

3 May 2005

ii

Wireless Data Roaming Requirements and Implementation

Contents

Figures
Figure 4-1: Simple IP .................................................................................................................... 9 Figure 4-2: Simple IP Call Flow Example ................................................................................... 11 Figure 4-3: Mobile IP .................................................................................................................. 11 Figure 4-4: Mobile IP Call Flow Example ................................................................................... 13 Figure 4-5: L2TP......................................................................................................................... 13 Figure 4-6: L2TP Call Flow Example.......................................................................................... 15

2 3 4 5 6 7

Tables
Table 1-1: Acronyms and Abbreviations....................................................................................... 1 Table 2-1: Relationship Between Packet Routing and Connection Mode.................................... 5 Table 3-1: Public IP Address Assignment .................................................................................... 7

10 11 12

13

Ref Doc 79, Ver 1.1

3 May 2005

iii

Wireless Data Roaming Requirements and Implementation

Contents

Revision History
Date 14 July 1999 1 April 2004 15 November 2004 3 May 2005 Version 9.4 9.5 1.0 1.1 Initial CDG release Document revisions added Reformat only Significant revision. Document is network only. Description

Ref Doc 79, Ver 1.1

3 May 2005

iv

1. Overview
1.1 Introduction
This document presents technical recommendations for implementing CDMA packet data roaming. The International Roaming Team has developed this implementation guide through the CDMA Development Group (CDG). Topics discussed include service descriptions and detailed network configuration recommendations. These implementation recommendations apply to both 1xRTT and EV-DO roaming. Recommendations that are relevant to only 1xRTT or EV-DO are noted. The scope of this document is defining the services available in a roaming scenario, and making recommendations for network architectures for implementing these services. It is recognized that there are many ways in which data roaming between two operators may be implemented; however, it is in the interest of operators to limit the possible number of configurations to avoid having to accommodate several approaches. As such, this document is limited to only describing recommended approaches. Issues and recommendations related to billing, reconciliation, and inter-carrier settlement are outside the scope of this document. These are addressed in the Packet Data Billing Implementation Guide. It is expected that the technical capability and handset features (i.e., R-UIM, Multi-Band Multi-Protocol handsets) will be developed in the future to provide roaming capability between the various American, Asian and European Cellular standards. At this time, inter-standard roaming recommendations are outside of the scope of this document. In general, these recommendations are based on IETF and 3GPP2 standards. However, some technology deemed necessary to provide required configurations currently falls outside standards. These instances are noted.

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

25

1.2 Acronyms and Abbreviations

Table 1-1: Acronyms and Abbreviations
Acronym / Abbreviation 1X-RTT 3GPP2 AAA Description One Times Radio Transmission Technology 3rd Generation Partnership Program Authentication, Authorization, Accounting

26

Ref Doc 79, Ver 1.1

3 May 2005

Wireless Data Roaming Requirements and Implementation

Acronyms and Abbreviations

Acronym / Abbreviation AN-AAA ATM BGP CDG CHAP CoA CRX DES DNS ESP EV-DO FA HA IKE IP L2TP LAC LAN LNS MIP MS MSID NAT PAP PDSN PPP QoS RADIUS RRQ R-UIM SIP Ref Doc 79, Ver 1.1 Access Network AAA

Description

Asynchronous Transfer Mode Border Gateway Protocol CDMA Development Group Challenge Handshake Authentication Protocol Care of Address CDMA Roaming eXchange Data Encrypted Standard Domain Name Server Encapsulating Security Payload Evolution-Data Only Foreign Agent Home Agent Internet Key Exchange Internet Protocol Layer 2 Tunnelling Protocol L2TP Access Concentrator Local Area Network L2TP Network Server Mobile IP Mobile Station Mobile Station ID Network Address Translation Password Authentication Protocol Packet Data Serving Node Point-to-Point Protocol Quality of Service Remote Authentication Dial-In User Service Registration Message Removable User Identity Module Simple IP 3 May 2005 2

Wireless Data Roaming Requirements and Implementation

Acronyms and Abbreviations

Acronym / Abbreviation VPN VSA WAP Virtual Private Network Vendor Specific Attribute

Description

Wireless Application Protocol

Ref Doc 79, Ver 1.1

3 May 2005

2. Service Types
This section presents an overview of the categories of data services a roaming subscriber may access. These services fall into three basic categories: server-based applications, Internet access, and Corporate VPN services.

2 3 4

5 6 7 8 9 10 11

2.1 Server-Based Applications

These services require that the MS, using specialized internal applications, establish data connections with remote servers to access content and functionality. Examples of such services include WAP, BREW, i-mode, and Java-based applications. When accessing application servers in the home network, there are advantages to the roaming MS being tunneled back to the home network via L2TP or Mobile IP. These advantages are described in the Network Recommendations section.

12 13 14 15 16

2.2 Internet Access Service

This service simply implies that the user has access to the Internet, including all public web sites and services normally available. It is more efficient for the roaming MS to access these services directly from the visited network, but the MS may tunnel back to the home network before accessing the Internet.

17 18 19 20 21 22 23 24

2.2.1 Legacy Internet Access

Legacy Internet Access is a service where a publicly available username and password are shared among users. The MSID of the MS may be used as part of the authentication process. The use of MSID ranges for routing AAA messages is not standardized in IS835. Legacy Internet access should be available in the home network and while roaming. See Table 2-1 for a summary of authentication, accounting and data routing path, and a reference of the scenarios in which each routing may happen.

Ref Doc 79, Ver 1.1

3 May 2005

Wireless Data Roaming Requirements and Implementation

Corporate VPN Access

Table 2-1: Relationship Between Packet Routing and Connection Mode

Routing User Data via Home NW Via Serving NW via Home NW Via Serving NW MIP/SIP L2TP (w/VPN) Connection Mode Reference

Authentication

Accounting

Home Server Access

in Home NW

in Home NW

SIP

Legacy Internet Access

in Home NW (homes publicly available User ID and password)

MIP/SIP L2TP (w/VPN)

in Home NW

SIP

2 3 4 5 6 7

2.3 Corporate VPN Access

Corporate VPN access service requires the cellular network to provide subscribers remote access to secure corporate intranets. This is different than a subscriber simply using a VPN client to establish a secure data connection with a corporate VPN switch. Tunneling technologies such as L2TP or Mobile IP are used to provide access to the corporate LAN from the visited network via the home network.

Ref Doc 79, Ver 1.1

3 May 2005

3. General Recommendations
The following are general configuration recommendations for roaming that should apply to all roaming scenarios.

2 3

4 5 6 7 8 9 10 11

3.1 Call Flow

1. The roaming MS should establish a 1xRTT (SO33) or EV-DO (SO59) call with the visited network. 2. Call establishment should proceed in accordance with IS-835 standards. 3. The MS could request Simple IP or Mobile IP from the visited PDSN. 4. If feasible, the visited PDSN should be capable of performing as a Foreign Agent (FA) even if the visited operator doesnt normally offer Mobile IP to its own subscribers.

12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

3.2 Authentication and Accounting

1. Authentication and accounting should proceed in accordance with IS-835 standards. 2. For EV-DO (SO59) calls, the visited network should require authentication and authorization with the AN-AAA (A12 interface). 3. The visited AAA server should route all the RADIUS packets to the subscribers home AAA based on the realm portion of the NAI, per IS-835 requirements. 4. The visited operator may route RADIUS packets to the home AAA based on the MSID (a1) attribute of the MS received in the airlink record. This will require that the visited operators AAA be capable of translating MSID ranges into the IP address of the home operators AAA server or appropriate RADIUS proxy server. The use of MSID ranges for routing AAA messages is not standardized in IS-835. The visited operator may use a DNS service to resolve the MSID of the mobile to determine the IP address its home operators AAA. At present, this service does not yet exist, but may be supported in the future. 5. The visited AAA server should support all the RADIUS attributes defined by IS-835-A.

Ref Doc 79, Ver 1.1

3 May 2005

Wireless Data Roaming Requirements and Implementation

Public IP Address Assignment

1 2 3 4 5 6 7 8

6. The visited AAA server should route RADIUS packets to the home AAA server using a secure, established data connection with the home network, e.g., a VPN connection. If a VPN connection between the home and visited operators is used, information exchanged between the two servers will be protected outside the operators networks. 7. The home and visited AAA servers should mutually authenticate each other by shared key or other means. At a minimum, the home AAA server should have a table of IP addresses of valid visited AAA servers.

9 10 11 12

3.3 Public IP Address Assignment

The following table summarizes the public IP address assignment requirements for the MS and infrastructure elements in each of the three roaming architectures. Public addresses should be made routable to and from the home and visited operators. Table 3-1: Public IP Address Assignment
Public IP Address Assignment Element Visited/Home AAA LNS HA Application Servers PDSN/LAC/FA MS Simple IP Required ----Required Recommended Optional Mobile IP Required --Required Recommended Required Optional L2TP Required Required --Recommended Recommended Optional

13

14 15 16 17 18 19 20 21 22 23 24 25

Required implies that a public IP address assigned to the element is necessary in order for the particular roaming architecture to function. Recommended implies that if an operator has sufficient public IP address resources available, it should assign a public IP address to the element even though it is not required for the particular roaming architecture. Assigning a public IP address in these cases will prepare the operator for supporting other roaming architectures. Optional implies a public or private address assignment wont affect any of the three roaming architectures. Using public addressing implies that each element has a unique address officially reserved from the Internet addressing authority. However, these roaming service elements should remain invisible and inaccessible from the public Internet.

Ref Doc 79, Ver 1.1

3 May 2005

Wireless Data Roaming Requirements and Implementation

VPN Connections

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

3.4 VPN Connections

1. The visited and home networks should have a bilateral Layer 3 IPSec VPN connection over the public Internet as a minimum for security. 2. The visited and home network may create separate VPN tunnels for AAA/management traffic and MS traffic. 3. The operators may choose to leverage the services of 3rd party service provider hubs, or CRX (CDMA Roaming eXchange) providers, for interconnection and mediation services. The CDMA Packet Data Roaming eXchange Guidelines document provides detailed implementation recommendations on how to incorporate a CRX into a roaming configuration, and should be consulted if this approach is preferred. 4. Other than Layer 3 VPNs, the following options are recommended: Layer 1 connection (i.e., leased line or fiber) Layer 2 connection (ATM, LAN, Frame Relay) 5. The VPN connection should use IPSec and its implementation should meet the following requirements: The IPSec encryption algorithm is DES by default. It is recommended that the operator use 3DES, which is stronger than DES. The IPSec packet format should be ESP in tunnel mode. The IPSec implementation should exchange encryption keys either manually or by IKE. 6. The visited and home operators should use BGP-4 as the IP routing protocol between networks, although static routing may be used. 7. If BGP-4 is used, it is recommended that the operator follow with the BGP advertisement rules below: No host specific route (no mask /32 advertisement) should be advertised between the Border Gateway of the home and visited networks. The IP route advertisement should be aggregated as much as possible. Each operator should only advertise its own core public IP address range to the other operator. For example, only the aggregated IP route address range containing the IP addresses of the PDSN, LNS, FA, HA, and AAA should be announced. The IP route address range advertised by operators should only contain the IP routes that originate from its own Autonomous System (AS) number, owned by the operator.

Ref Doc 79, Ver 1.1

3 May 2005

4. Network Recommendations
Following are three recommended network configurations for establishing data roaming between two operators: Simple IP, Mobile IP, and L2TP. The order in which these are presented does not imply a recommendation of one implementation over another; however, pros and cons of each approach are provided. The management of IP addressing is a primary differentiator among the implementation approaches, and the address management advantages and disadvantages of each are provided in addition to other pros and cons. Following this, other general pros and cons of each implementation are cited and configuration recommendations are provided.

2 3 4 5 6 7 8 9

10

4.1 Simple IP
Simple IP access refers to the MS accessing the public Internet directly from the visited operators network. Also, if the MS needs to access services in the home network, it must create a data session from the visited network to the application server in the home network. This approach is different from L2TP and Mobile IP in that the visited operator assigns the roaming MS its IP address, and no tunneling technology is used to place the roaming subscriber inside the home operator network.

11 12 13 14 15 16

Visited -A A A

VPN

H om e -A A A

R oam ing M S (SIP)

PD SN
Visited

GW

GW

Internet
GW
GW

H om e
A pplication

17

A uthentication A ccounting A ddress A ssignm ent Server A ccess Internet H om e A ccess

Server

18 19

Figure 4-1: Simple IP

Ref Doc 79, Ver 1.1

3 May 2005

Wireless Data Roaming Requirements and Implementation

Simple IP

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

The advantages and disadvantages of Simple IP for data roaming are listed below: Advantages:

+ There is no tunneling performance overhead. + The roaming MS may directly access the public Internet without tunneling to the
home operators network.

+ The roaming MS may directly access application servers in the visited network
without tunneling to the home operators network. Disadvantages: The visited operator must assign the roaming MS its IP address. The roaming MS may not be assigned a static IP address. If the MS is provisioned with private, hard coded DNS server addresses, it will not be able to access DNS services while roaming. If the MS is assigned a private IP address by the visited operator, NAT must be employed for the MS to access applications servers in the home network. The IP addresses of application servers must be made visible to the visited network. Security is compromised since other inbound roamers in the visited operators network will be able to access the home operators network. To avoid this, the visited operator may need to maintain separate IP address pools for each roaming partner. The following are recommendations for implementing Simple IP service: 1. The visited operator should assign the roaming MS an IP address. This may be a public or private IP address. 2. The roaming MS may be assigned an IP address that can be routed over a secure connection to the home network. This IP address should not be routable or visible to the Internet. This provides security of visited network elements from Internet attacks. 3. The roaming MS should access the public Internet directly from the visited operators network. 4. The home operators firewalls must be configured to accommodate application server access by the roaming MS in the visited operators network. 5. The visited operator should only assign the roaming MS an IP address from a pool specifically associated with the operator of the MS. This will prevent a roaming MS from another roaming partner of the visited operator from accessing the network of the home operator.

Ref Doc 79, Ver 1.1

3 May 2005

10

Wireless Data Roaming Requirements and Implementation

Mobile IP

Serving NW (SIP) Roamer MS PDSN

L Phas CP e t PAP/CHAP Reques

Home NW (SIP) Local GW Int. GW Int. GW Home AAA WAP Server Home GW

Visited AAA
Acces -Reques s t Acces -Accept s Acct ar -St t Acct -Res pons e

Acces -Reques s t Acces -Accept s

PAP/CHAP-Ack I Phas PCP e

Acct ar -St t Acct -Res pons e

Ser er Acces v s

VPN

I er L nt net ocalAcces s

L T mi i CP er naton

Acct op -St Acct -Res pons e

Acct op -St Acct -Res pons e

2 3

Figure 4-2: Simple IP Call Flow Example

4 5 6 7 8

4.2 Mobile IP
Mobile IP service is a standards compliant capability that is useful in providing packet data roaming. In addition to providing the mobility function, it allows the home operator to assign a roaming MS an IP address and provide transparent access to the home network.

Visited -A A A

VPN

H om e -A A A

R oam ing M S (M IP)

PD SN
FA

GW M IP Tunnel

GW

HA
H om e

Visited
GW

Internet
GW

A pplication

A uthentication A ccounting A ddress A ssignm ent Server A ccess Internet H om e A ccess

Server

10 11

Figure 4-3: Mobile IP The advantages and disadvantages of Mobile IP for data roaming are listed below: Advantages:

12 13 14 15

+ The home operator assigns the roaming MS its IP address. + The home operator may assign a static IP address to the roaming MS.
Ref Doc 79, Ver 1.1 3 May 2005 11

Wireless Data Roaming Requirements and Implementation

Mobile IP

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

+ The home operator may assign a private IP address to the roaming MS without the
need to employ NAT for home network access.

+ The roaming MS may transparently access servers in the home network. + Security is improved since other inbound roamers in the visited operators network will
not be able to access the home operators network. To achieve this without Mobile IP (or L2TP), the visited operator will need to maintain separate IP address pools for each roaming partner.

+ The use of Mobile IP allows for network layer mobility across PDSNs.
Disadvantages: There is a performance overhead for Mobile IP. Reverse tunneling is required for Mobile IP roaming. When the roaming MS is accessing the public Internet, tunneling back to the home network is not efficient. If the roaming MS requires access to an application server in the visited network, it will be required to tunnel back to the home operator and then route back to the visited operator. The following are recommendations for the implementation of roaming using Mobile IP: 1. Mobile IP service should be provided in accordance with IS-835. 2. If feasible, the visited PDSN should support FA capabilities, but the visited operator doesnt normally need to offer Mobile IP service to its home subscribers. Consequently, roaming mobiles should be able to receive Mobile IP service. 3. The home operator should normally provide Mobile IP service to subscribers, and should have an HA accessible by the visited operator. 4. The home operators HA should be assigned a public IP address. 5. The home operator may assign a private or a public IP address to the MS, depending on the preference of the home operator. The FA CoA provided by the visited operator should be a public IP address. 6. The home operator may assign the roaming MS the IP addresses of a primary and secondary DNS server through the Mobile IP registration process. 7. The roaming MS should be configured to send the registration message (RRQ) with the T bit set so that reverse tunneling is requested. 8. To protect user data, the visited FA and home HA should exchange packet data through the secure data connection between operators (VPN, CRX, etc.). Since there will be a VPN connection between the home and visited operators, information exchanged between the FA and HA will be protected outside the operators network, and it should not be necessary to specifically encrypt user data between them. 9. The FA and HA should mutually authenticate each other. Without mutual authentication, it is possible that a node may attempt to impersonate an FA. At a minimum, the HA should have a table of IP addresses of valid visited operator FAs.

Ref Doc 79, Ver 1.1

3 May 2005

12

Wireless Data Roaming Requirements and Implementation

L2TP

Serving NW (MIP) Visited AAA

Home NW (MIP)

Roamer MS

PDSN

HA

Local GW

Int. GW

Int. GW

Home AAA

HA

App Server

Home GW

LCP Phase IPCP Phase MIP Registration

Access-Request Access-Accept MIP Registration MIP Reply Acct-Start Acct-Response

Access-Request Access-Accept

Acct-Start Acct-Response

MIP Tunnel

Server Access Internet Home Access

MIP Registration MIP Reply

Acct-Stop Acct-Response LCP Termination Acct-Stop Acct-Response

2 3

Figure 4-4: Mobile IP Call Flow Example

4 5 6 7 8

4.3 L2TP
L2TP tunnels are a recommended approach for providing Simple IP roaming service to a MS. Also, L2TP tunnels should be used to implement corporate VPN services for Simple IP. In this case, the subscriber is assigned an IP address by the corporate network and placed securely inside the corporate network.

Visited -AAA

VPN

Home -AAA

Roaming MS (MIP)

PDSN
LAC

L2TP GW Tunnel

GW

LNS

Visited
GW

Internet
GW

Home
Application

Authentication Accounting Address Assignment Server Access Internet Home Access

Server

10 11

Figure 4-5: L2TP The advantages and disadvantages of L2TP for data roaming are listed below: Advantages:

12 13 14

+ The home operator assigns the roaming MS its IP address.

Ref Doc 79, Ver 1.1 3 May 2005 13

Wireless Data Roaming Requirements and Implementation

L2TP

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

+ The home operator may assign a static IP address to the roaming MS. + The home operator may assign a private IP address to the roaming MS without the
need for employing NAT for home network access.

+ The roaming MS may transparently access servers in the home network. + The service plane may be made more secure since application servers may be
hidden from the visited network.

+ Security is improved since other inbound roamers in the visited operators network will
not be able to access the home operators network. To achieve this without L2TP (or Mobile IP), the visited operator will need to maintain separate IP address pools for each roaming partner. Disadvantages: The use of L2TP is not yet defined by IS-835 standards, although it is an IETF standard and is commonly used. There is a performance overhead for L2TP transport and management. IS-835 QOS mechanisms and L2TP are not compatible. When the roaming MS is accessing the public Internet, tunneling back to the home network is not efficient. If the roaming MS requires access to an application server in the visited network, it will be required to tunnel back to the home operator and then route back to the visited operator. The following are recommendations for implementing L2TP tunnels: 1. The home and visited operator should agree upon whether L2TP will be used to tunnel roaming subscribers back to the home network. 2. A roaming MS that is expected to use L2TP to reach its home operator should not request Mobile IP service. 3. The home operator may include the IP address of the LNS as an attribute. If the visited operator receives this attribute, it should construct an L2TP tunnel to this end point. The IP address of the visited operators AAA will indicate to the home operator of the location of the roaming MS so that the home AAA may determine whether or not L2TP is required. 4. Alternatively, a roaming MS that requires L2TP tunneling may assigned a unique realm for this purpose. Such realms should be shared between the home and visited operators in advance. The visited AAA may ascertain from the realm of the roaming MS that it should receive L2TP service. If L2TP is required, it is recommended that the Home network return the IP address of the LNS in the Access-Accept message; however, the visited operators AAA may insert the IP address of the home operators LNS as an attribute in the Access-Accept message before forwarding to the PDSN. 5. If the IP address of an LNS is received by the PDSN in the Access-Accept message, the PDSN should act as a LAC and establish an L2TP tunnel with the LNS of the home operator. 6. As there should be a VPN connection between the visited and home operator, there is not a need to encrypt user data between the PDSN/LAC and LNS.

Ref Doc 79, Ver 1.1

3 May 2005

14

Wireless Data Roaming Requirements and Implementation

L2TP

1 2 3 4 5 6 7 8 9 10

7. In addition to the PDSN/LAC authenticating the MS, the LNS in the home operators network should also authenticate the MS with the home AAA. 8. PPP is negotiated between the roaming MS and the LNS. The LNS in the home operator should assign the MS an IP address, which may be public or private depending on the preference of the home operator. 9. The PDSN/LAC and LNS should mutually authenticate each other. Without mutual authentication, it is possible that a node may attempt to impersonate a LAC. At a minimum, the LNS should have a table of IP addresses of valid LACs in visited operator networks. 10. LCP Forwarding should be enabled on the visited network PDSN's.
Serving NW Roamer MS
LCP Phase PAP Request

Home NW Local GW Int. GW Int. GW LNS Home AAA App Server Home GW

PDSN

Visited AAA

Access-Request Access-Accept

Access-Request Access-Accept
L2TP Negotiation PAP-Ack IPCP Phase

Access-Request Access-Accept

Acct-Start Acct-Response

Acct-Start Acct-Response

L2TP Tunnel

Server Access Internet Home Access

LCP Termination

Acct-Stop Acct-Response

Acct-Stop Acct-Response

11

12 13

Figure 4-6: L2TP Call Flow Example

Ref Doc 79, Ver 1.1

3 May 2005

15