DIAMETER in the Evolved Packet Core
Download DIAMETER in the Evolved Packet Core...
DIAMETER in the Evolved Packet Core A Whitepaper November 2009
By Yogesh V. Ranade
DIAMETER in the Evolved Packet Core Page 2
DIAMETER in the Evolved Packet Core Mobile broadband is becoming a reality, as the Internet generation grows accustomed to having broadband access wherever they go and not just at home or in the office. Of the estimated 3.4 billion people who will have broadband by 2014, about 80 percent will be mobile broadband subscribers – and the majority will be served by High Speed Packet Access (HSPA) and Long Term Evolution (LTE) networks. LTE is the next major step in mobile radio communications and is introduced in 3GPP Release 8. LTE uses Orthogonal Frequency Division Multiplexing (OFDM) as its radio access technology, together with advanced antenna technologies. In addition to LTE, the 3GPP has also defined an IP-based flat network architecture. This architecture is defined as part of th e System Architecture Evolution (SAE) effort.
The EPC is an allIP, end-to-end architecture for supporting mobile access networks
The key components of the Evolved Packet Core (EPC) are the evolved Universal Mobile Telecommunications Service (UMTS) terrestrial Radio Access Network (RAN), abbreviated as E-UTRAN, and the Evolved Packet Core (EPC). The E-UTRAN is also known as LTE (the long-term evolution of 3G) and is based on Orthogonal Frequency Division Multiple Access (OFDMA) radio access technology that has been highly optimized for packet traffic. The EPC is an all-IP, end-to-end architecture for supporting mobile access networks. The E-UTRAN consists of eNodeBs, which provide the radio interface toward the user equipment. The eNodeBs are interconnected with each other via the IP-based X2 interface and towards the Evolved Packet Core (EPC) via the IP-based S1 interfaces. The EPC (shown in Figure 1) can be broadly described as an evolution of the legacy core network functions and procedures defined for UTRAN access with a clear separation between control plane and user plane funct ions.
S12 S4 Serving Gateway
Gx PDN Gateway
Operator's IP Services (e.g. IMS, PSS etc.)
Figure 1: Non-roaming architecture for 3GPP accesses
The EPC is comprised of three core functional elements: • Serving Gateway (SGW): From a functional perspective, the Serving GW is the termination point of the packet data interface towards E-UTRAN. When terminals move across eNodeB in E-UTRAN, the Serving GW serves as a local mobility anchor, meaning that packets are routed through this point for intra E-UTRAN mobility and mobility with other 3GPP technologies, such as 2G/GSM and 3G/UMTS. • Mobility Management Entity (MME): The MME is the control-plane function for EUTRAN access. It is responsible for authentication and critical management for
DIAMETER in the Evolved Packet Core Page 3
mobile devices as well as for tracking and paging procedures for mobiles in idle mode. The MME authorizes bearer activation/deactivation including SGW and Packet Data Network (PDN) gateway selection. The MME is in charge of all the Control plane functions related to subscriber and session management. The MME is linked through the S6 interface to the HSS which supports the database containing all the user subscription information. The S6 interface to the HSS is based on the Diameter protocol. • Packet Data Network Gateway (PDN GW): The PDN GW is the permanent IP point-of-attachment for access via the E-UTRAN. The PDN GW performs IP policy and charging enforcement on packet flows to and from mobile devices. The same access point name (APN) concepts from the UTRAN PS core network apply, allowing a mobile device to have simultaneous connectivity to multiple PDNs. Similarly to the Serving GW, the PDN gateway is the termination point of the packet data interface towards the Packet Data Network. As an anchor point for sessions towards the external Packet Data Networks, the PDN GW also supports Policy Enforcement features (which apply operator-defined rules for resource allocation and usage) as well as packet filtering (like deep packet inspection for virus signature detection) and evolved charging support (like per URL charging).
Rx hPCRF Gx
Operator's IP Services (e.g. IMS, PSS 3GPP AAA Server
3GPP AAA Proxy SWm
VPLMN Non-3GPP Networks
Trusted Non-3GPP IP Access
Untrusted Non-3GPP IP Access
Figure 2: Roaming architecture Since this is an all-IP system, authentication and authorization based on legacy Mobile Application Part/ Signaling System 7 (MAP/SS7) has been replaced with an S6a interface based on the Diameter Protocol. In other words, the Home Subscriber Server (HSS) connects to the packet core through an interface based on Diameter and not SS7, as used in previous GSM and WCDMA networks. Network signaling for
DIAMETER in the Evolved Packet Core Page 4
policy control and charging is already based on Diameter. This means all interfaces in the architecture are IP interfaces.
Let us look at Diameter in more detail Diameter is defined in terms of an Authorization, Authentication and Accounting (AAA) base protocol and a set of applications. The base protocol provides basic mechanisms for reliable transport, message delivery and error handling. It must be used along with a Diameter application. A Diameter application uses the services of base protocol in order to support a specific type of network access. These applications include:
The Diameter Base Protocol provides basic mechanisms for reliable transport, message delivery and error handling
NASREQ Application - AAA services for Dial-in PPP users (RADIUS replacement) Mobile IPv4 Application - AAA support for Mobile IP networks as specified in CDMA2000 requirements (rfc3141) and MobileIP AAA (rfc2977) EAP Application - Security support for Extensible Authentication protocol (rfc4072) Credit Control Application - Charging support as specified in rfc4006 3GPP Applications IMS supported applications for AAA functions WLAN extensions to 3GPP.
The Diameter Base Protocol defines basic and standard behavior of Diameter nodes as well-defined state machines and also provides an extensible messaging mechanism that allows information exchange among Diameter Nodes. Diameter Applications augment the Base Protocol state machines with application-specific behavior to provide new AAA capabilities. The following figure depicts the different features of the Diameter Base Pro tocol.
Figure 3 Diameter Base Protocol
A Diameter Base Protocol Network consists of the following Diameter nodes, each of which is a host process that implements the Diameter protocol:
Diameter Client - A device at the edge of the network that performs access control. An example of a Diameter client is a Network Access Server (NAS) or a Foreign Agent (FA). Diameter Agent - A Diameter node that provides relay, proxy, redirect or translation services. Diameter Server - Handles authentication, authorization and accounting requests for a particular realm. By its nature, Diameter Server must support Diameter applications in addition to the base protocol.
Figure 4 below depicts the different kinds of Diameter entities. The Client and Server are applicable from the IMS and LTE/EPC perspective.
DIAMETER in the Evolved Packet Core Page 5
Network Edge Device Performing Access Control. Eg NAS, Foreign Agent
Controlling Entity of AAA functions for a particular domain Eg. HSS
Routes Diameter messages within known peers in supported realms. May modify routing information (only)
Also routes messages, but can modify message content to enable policy, resource usage, admission and provisioning Enables Routing to other domains within roaming agreements
Redirect Agent by notify the requesting peer with the routing information Translation Agent
Protocol translation function such as RADIUS-Diameter conversion
The Diameter base protocol provides following f unctionalities:
Interfaces supporting AAA functions are defined by 3GPP Standards
Delivery of Attribute Value Pairs (AVP) Capabilities negotiation Error notification Extensibility through addition of new commands and AVPs Basic services necessary for applications such as handling of user sessions or accounting.
The base protocol defines the basic Diameter message format. Data is carried within a Diameter message as a collection of Attribute Value Pairs (AVP). An AVP consists of multiple fields: an AVP Code, a Length, Flags, and Data. Some AVPs are used by the Diameter base protocol; other AVPs are intended for the Diameter application. The 3GPP standards defined the applications for the various interfaces supporting the AAA functions in the IMS and the EPS network. In the IMS and the EPS reference architecture, the HSS holds all the information about the subscriber and subscription. Access to any information regarding this profile needs to be queried from the HSS such as the location, authorization for conferencing etc. These messages are defined in terms of a command set identified by the various reference points, which are the S6a, Cx/Dx, Sh, Rf/Ro, Gq, Wx. So on the subscriber related interfaces Cx, Sh, you are likely to see requests to access and update the subscriber profile. On the Rf/Ro charging interfaces, the requests cover the accounting aspects, credit control etc. In addition to defining these message sets, 3GPP also mandated the use of SCTP for reliable transport and using methods of IPSec/TLS to secure the sensitive data flowing on this network.
Interfaces in the EPS based on the Diameter protocol S6a enables transfer of subscription and authentication data for authenticating/authorizing user access to the evolved system (AAA interface) between MME and HSS. This interface is defined between MME and HSS for authentication and authorization. It is defined in TS 23.401.
DIAMETER in the Evolved Packet Core Page 6
S6b is the reference point between PDN Gateway and 3GPP AAA server/proxy for mobility related authentication if needed. This reference point may also be used to retrieve and request storage of mobility parameters. This reference point may also be used to retrieve static QoS profile for a UE for non-3GPP access in case dynamic PCC is not supported. Gx provides transfer of (QoS) policy and charging rules from PCRF to Policy and Charging Enforcement Function (PCEF) in the PDN GW. Gxa provides transfer of (QoS) policy information from PCRF to the Trusted Non3GPP accesses. Gxc provides transfer of (QoS) policy information from PCRF to the Serving Gateway S9 provides transfer of (QoS) policy and charging control information between the Home PCRF and the Visited PCRF in order to support local breakout function. In all other roaming scenarios, S9 has functionality to provide dynamic QoS control policies from the HPLMN. SWa connects the untrusted non-3GPP IP Access with the 3GPP AAA Server/Proxy and transports access authentication, authorization and charging-related information in a secure manner. STa connects the trusted non-3GPP IP Access with the 3GPP AAA Server/Proxy and transports access authentication, authorization, mobility parameters and chargingrelated information in a secure manner.
LTE/EPS is well positioned to meet the requirements of next generation networks
SWd connects the 3GPP AAA Proxy, possibly via intermediate networks, to the 3GPP AAA Server. SWm is the reference point located between 3GPP AAA Server/Proxy and ePDG and is used for AAA signalling (transport of mobility parameters, tunnel authentication and authorization data). This reference point also includes the MAG-AAA interface functionality, IETF Internet-Draft, draft-ietf-dime-pmip6-01 and Mobile IPv6 NASAAA interface functionality, RFC 5447. SWx is the reference point located between 3GPP AAA Server and HSS and is used for transport of authentication, subscription and PDN connection related data. In conclusion, LTE/EPS is well positioned to meet the requirements of nextgeneration mobile networks. It will enable operators to offer high-performance, mass market mobile broadband services, through a combination of high bit-rates and system throughput, in both the uplink and downlink and with low latency. LTE infrastructure is designed to be simple to deploy and operate, through flexible technology that will also inter-operate with GSM, WCDMA/HSPA, TD-SCDMA and CDMA networks. Diameter has been identified as the protocol for AAA services in both the EPS and the IMS networks and will continue to play its part as more and more deployments start happening.
References 3GPP TS 23.401: General Packet Radio Service (GPRS) enhancements for Evolved Universal Terrestrial Radio Access Network (E-UTRAN) access 3GPP TS 23.402: Architecture enhancements for non -3GPP accesses 3GPP TS 29.230: Diameter applications; 3GPP specific codes and identifiers 3GPP TS 29.272: Evolved Packet System (EPS); Mobility Management Entity (MME) and Serving GPRS Support Node (SGSN) related interfaces based on Diameter protocol 3GPP TS 29.273: Evolved Packet System (EPS); 3GPP EPS AAA interfaces
DIAMETER in the Evolved Packet Core Page 7
About IntelliNet Technologies Headquartered in Melbourne, Florida with offices in Bangalore, India, IntelliNet Technologies is a leading provider of next-generation network convergence and application development solutions for PSTN, cellular, wireless and IP Multimedia Subsystem (IMS) networks. Major equipment vendors, application developers and global operators currently use IntelliNet’s products for prepaid, location services, messaging and fixed mobile convergence. Additional solutions include: mobility, fraud management, and network bridging applications including SS7/IN, SIGTRAN, DIAMETER, SUPL, SIP and other emerging signaling protocols. For more information please visit: http://www.intellinet-tech.com
AAA Home eNodeB EPC EPS E-UTRAN GSM Home Node B HSPA HSS IMS LTE MAP/SS7 MME OFDM PDN PDN GW RAN SAE SGW UMTS
3 Generation Universal Mobile Telecommunication System Authorization, Authentication and Accounting
3GPP term for an LTE femtocell Evolved Packet Core Evolved Packet System Evolved Universal Mobile Telecommunications Service (UMTS) terrestrial Radio Access Network (RAN) nd 2 Generation Groupe System for Mobile Communications
3GPP term for a 3G femtocell High Speed Packet Access Home Subscriber Server IP Multimedia Subsystem Long Term Evolution Mobile Application Part/ Signaling System 7 Mobility Management Entity Orthogonal Frequency Division Multiplexing Packet Data Network Packet Data Network Gateway Radio Access Network System Architecture Evolution Serving Gateway Universal Mobile Telecommunications Service