AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA

SOLUTIONBRIEF

1

How,WhenandWi-Fi:WeavingWi-FiintoYourNetworkExperiencethroughVirtualizationTHEWI-FIOPPORTUNITYWhile4GandLTEhavecapturedmuchofthemediaattention,Wi-Fihasquietlybecomethewirelessnetworkofchoiceformanysubscribers.Today,morethanhalfofallmobiletraffic(60%)iscarriedoverWi-Finetworksinhomes,officesandpublicplacesfromcoffeeshopstoshoppingmalls.WiththenumberofWi-Fihotspotsexpectedtoquadruplegloballyto5.8millionoverthenextfewyears,analystspredictthatsoonasmuchas80%ofallmobilevoiceanddatatrafficwillbeWi-Fibased.

Afteryearsofbuildingouttheirnetworks,fixedandmobileserviceprovidersnowrecognizethestrategicnecessityofbringingWi-Fiaccessintotheirnetworkexperience.ExtendingtheirnetworkcoveragethroughWi-Fiaccessenablestoday’sserviceproviderstosolvesomeoftheirmostpressingchallenges:

§ ItenablesnetworkproviderstomonetizeWi-Ficommunicationsthroughvalue-addedservices(e.g.security,quality,persistentidentity);

§ Itallowsserviceproviderstocompetemoreeffectivelywithover-the-top(OTT)providerssuchasSkypeandWhatsApp;

§ Itgivesmobileprovidersacost-effectivealternativetoextendingtheirwirelessnetworkcoverageinto“difficult”areas(e.g.,in-buildingcoverage);

§ Itprovidesaninexpensivebackhaulsolutiontooffloadthegrowingamountofvideoanddatatrafficonthemacrocellularnetwork

THEWI-FICHALLENGE:SEAMLESSINTEGRATIONThechallengeforfixedandmobileserviceprovidersistoseamlesslyintegrateWi-FivoiceanddatacommunicationsintotheirnetworksandeffectivelymonetizeWi-Fiaccessthroughvalue-addedservicesthatincludebetterqualityofexperienceandseamlesssessionhandoffbetweennetworks.Therearefourkeyareasinwhichserviceproviderscanprovidevaluethroughnetworkintegration:

1. Security2. Sessioncontinuity

AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 2

3. Policy/qualityenforcement4. Servicessuchascontentfiltering,webandvideooptimization5. Accesstooperatorcontentie.video,musicetc

Tosupportthisintegration,thetelecommunicationsindustryhasdefinedtwonetworkelementstoserveasasecuregatewaybetweenaserviceprovider’scorenetwork—anevolvedpacketcore(EPC)inthecaseofmobileserviceproviders—andbothtrustedanduntrustedWi-Finetworks.ForaccesstotrustedWi-Finetworkssuchasthosedeployedbyorinpartnershipwiththeserviceprovider,theindustryhasdefinedtheTrustedWLANAccessGateway/Proxy(TWAG/TWAP)asthissecureentrypoint.ForaccesstountrustedWi-Finetworkssuchasthoseoperatedindependentlyorinconnectionwithanotherserviceprovider,theappropriatenetworkelementtosecureWi-FiaccesswouldbetheevolvedPacketDataGateway(ePDG).

Currently,serviceprovidershavetwooptionsfordeployingtheseelementsintheirnetwork:eitherasastandalone,hardware-basedlegacydevice(thetraditionalapproach)orasavirtualized,software-basedsolution.Networkfunctionsvirtualization(NFV)isfastbecomingthenewstandardfornetworkevolutionasserviceproviderslooktoscaletheirnetworksquicklywhilereducingcomplexityandcost.Tomeetthisnewdemand,manylegacynetworkgatewayvendorsarenowadaptingtheirhardware-basedsolutionsforvirtualizedenvironments.YetthesesolutionsrarelyofferthesamerobustperformanceandeconomicbenefitsthatnativelydevelopedNFVsolutionspresent.

FIGURE1:AFFIRMEDMOBILECONTENTCLOUD

AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 3

THEAFFIRMEDWI-FIGATEWAYSOLUTIONAsaleaderintheNFVnetworkevolution,AffirmedNetworksishelpingfixedandmobileserviceprovidersbuildthenext-generationofnetworksusingcarrier-class,nativelyvirtualizedsolutions.Affirmed’sgroundbreakingvirtualEPC(vEPC)solution,dubbedtheMobileContentCloud(MCC),iscurrentlydeployedinsomeoftheworld’slargestmobileserviceprovidernetworks.TheAffirmedWi-FigatewayhasbeendevelopedontopoftheMCCfromwhichitinheritsawiderangeofmobilegatewayfunctionssuchasGGSN,SAE-GW,SP/DPI/Heuristicsapplicationdetection,PCEFwithGxandGyinterfacesforQoSandoffline/onlinecharging,LawfulInterception,aswellasitsrichsetofcontentservicessuchasHTTP(S)Proxy,webandvideocontentoptimizationandadaptation,contentcaching,contentfiltering/parentalcontrol,subscriberfirewall,NAT/ALGandmore.TheAffirmedWi-FigatewaysolutionfeaturescompleteTWAG/TWAPandePDGfunctionsthatcanbedeployedoncommercialoff-the-shelf(COTS)serversorwithinthevEPConvirtuallymanagedhardware.

FIGURE2:AFFIRMEDWI-FIGATEWAY

Recommended Partner or 3rd Party

User Experience Content

3G/4G

3G/4G

3G/4GAccess

3G/4GRoaming

Trusted WiFi

Trusted

Untrusted

SGSN/SGW

SGSN/SGW

HLR/HSS AAA OCS PCRF

Untrusted WiFi

AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 4

Affirmed’sWi-Figatewaysolutionisdesignedtoprovidethemostrobust,reliableandflexiblesolutiononthemarkettoday,featuring:

§ Ultra-highperformanceoncommercialx86serversandblades;§ OpensupportforpopularhypervisorsfromVMware,KVMandOpenStack;§ FullcompliancewithETSINFVstandards;§ EasyintegrationwiththeAffirmedvEPCorthird-partyEPCsolutions;§ AuniquelyengineeredvirtualePDGthatdelivers5Glevelsofperformanceforhighvolumesof

encryptedtraffic;§ Seamlessdeliveryofcorenetworkservicesincludingpolicy/charging,packetinspection,value-added

service/contentoptimizationandworkfloworchestration.

TheWi-FiGatewayinAction:FourExamplesThereareseveralwaysthatserviceproviderscanleverageWi-Fiaccesstoenhancetheirservicesandimprovenetworkperformance.TheseincludeoffloadingtrafficontotrustedWi-Finetworks,extendingcorenetworkservicesthroughtrusted(anduntrusted)Wi-FinetworksandprovidingVoWiFiorWiFicallingserviceswhichincludesseamlesssessionhandoffbetweenWi-Fiandmacrocellularnetworks.We’lltakealookateachofthesecasesbelowandexplainhowtheAffirmedWi-Figatewaysolutionthenecessaryintegrationtosupporttheseservices.OffloadingTrafficontoTrustedWi-FiNetworksUsingWi-Finetworkstoextendnetworkcoverageandreducetrafficonthemacrocellularnetworkhasclearcostadvantagesforserviceproviders.AtrustedWi-Finetworkcanbeeitherahotspotthattheserviceprovidermaintains(e.g.,ahostedhotspotatanairport)oronedeployedinpartnershipwiththeprovider.Theserviceproviderinthiscasemaybeamobileorafixednetworkoperator.CableproviderComcast,forexample,currentlyoffersbothwirelessvoiceanddataservicesthroughthousandsofwirelesshotspotsthatithasdeployedintheU.S.Byatrustednetwork,wemeanoneinwhichtheserviceprovidercanverifybasicuserinformationandexertsomelevelofcontrolovertheaccesspoint.Intheexampleabove,Wi-Fiuserswouldbeauthenticatedbytheserviceprovider’sAuthentication,AuthorizationandAccounting(AAA)systemviatheTWAP,whilethevoice/datatrafficitselfwouldpassthroughtheTWAGanbeoffloadedontothedatanetworkforbackhaul.AnaddedvaluethatAffirmed’ssolutionbringstothisscenarioistheabilitytoapplyGiservicestothesubscriber.Theseservicesinclude:Policyenforcement(includingQoSpolicies),contentfiltering,web/videooptimizationandsecurityservicessuchasNAT,FirewallandIPS.

AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 5

FIGURE3:TRUSTEDOFFLOADTrustedWi-FiAccessIntegrationtoEPCExtendingthesubscriber’snetworkexperience—includingvalue-addedservicesandseamlesssessionhandoff—totrustedWi-Finetworksrequirestightintegrationwiththeserviceprovider’scorenetwork.AnexampleoftrustedWi-Fiaccesswouldbewirelessroamingatalargeshoppingmall,wheremobilesubscriberswouldseamlesslymovefromthemacrocellularnetworkoutsidethemalltothewirelessLAN(WLAN)onceinsidethemall.Insuchascenario,subscriberswouldenjoybetterwirelessreceptionindoorswithoutrequiringthemtologontothenetworkorinterruptexistingsessions.Asintheexampleabove,theTWAPwouldsecurecommunicationswiththeAAAserverforauthentication/authorization,whiletheTWAGwouldoffloadvoice/datatraffic(andenforcepoliciesonthattraffic)ontothepacketdatanetwork.However,notalltrafficmayberouteddirectlytotheInternetdirectly.CertaintrafficmayberoutedthroughtheTWAGtothepacketcorenetwork.Operatorswoulddothisiftheywanttoserveuphostedcontentsuchasvideoormusic.TheAffirmedTWAGsupportstheindustry-standardS2ainterface,whichenablestheTWAGtocommunicatedirectlywithanyindustry-standardEPCgateway,whetherit’spartofAffirmed’svirtualEPCsolutionoranexistingthird-partyEPCsolution.

Radius

Radius/ Diameter

Gx Gy

SGi

GRE

UE Connected

via WiFi

AAA PCRF OCS

TWAG/ Gi Svcs

Trusted WiFi

Trusted AP/AC

Packet Data Network

Extending services from trusted networksAuthen!ca!on done locally or through TWAP to AAATransparent to the UENo IPSec or client required on the UEGRE tunnel from Trusted WiFi as opposed to UEValue-add of applying Gi Services to traffic i.e. policy, Qos, Service differen!a!on

- - ----

Capabili!es

AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 6

FIGURE4:TRUSTEDvEPCINTEGRATIONUntrustedWi-FiAccessIntegrationInaworldwithmillionsofWi-Fiaccesspoints,untrustedWi-Finetworksareacommonoccurrence.Byanuntrustednetwork,wemeanoneinwhichtheserviceprovidercannotauthenticateusersorcontroltheflowoftrafficoverthenetwork.AnexampleofanuntrustednetworkcouldbeaWi-Finetworkinacoffeeshoporonehostedbyacompetitiveprovider.InordertosafelybringuntrustedWi-Finetworksintothecorenetwork,serviceprovidersmustdeployadifferentelement:anevolvedPacketDataGateway(ePDG).CommunicationsoveruntrustednetworksrequireanaddedlevelofsecurityknownasIPsecencryption.IndustrystandardsmandatethatallmobiledevicesmustfeatureanIPsecclientonthedevice.Inthiscase,voiceanddatasessionspasssecurelythroughanIPsectunnel.Thesetunnelsoftenneedtoremainopeninanticipationofincomingoroutgoingcalls,sothatatanygiventimemillionsofIPsectunnelsmayneedtoremainopeninthenetwork.Hardware-basedePDGsaredesignedtohandlethishighdemandforopenIPsectunnels,butthesesamehighencryptionrequirementshavehistoricallyprovenproblematicforvirtualizedePDGinstances.TheAffirmedePDGistheexceptiontothatrule:aremarkablyrobustvirtualePDGthatcandeliver5GlevelsofIPsec-encryptedcommunicationsonasingleserver.

Radius

Radius/ Diameter Gx Gy

SGi

SGi

GRE

S2a

S5

UE Connected

via WiFi

AAA PCRF OCS

TWAG/ Gi Svcs

TWAG/ Gi Svcs

Trusted WiFi

Trusted AP/AC

UE Connected via 3G/4G

3G/4G

SGW

Packet Data Network

Affirmed or 3rd party PGW/GGSN

Select traffic routed through TWAG and then to the packet core for addi"onal operator specific services i.e. music, video, etc.Seamless 3G/4G - WiFi mobilityIntegra"on with Affirmed Gateway and 3rd party Gateway

-

--

Capabili!es

AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 7

FIGURE5:UNTRUSTEDWI-FIvEPCINTEGRATIONVoiceOverWi-FiMuchlikeVoiceoverLTE(VoLTE),VoiceoverWi-Fi(VoWiFi)seekstocreateseamlesshandoffbetweennetworksduringalivevoicecall.Considerourearlierexampleoftheshoppingmall;inthiscase,serviceproviderswouldbeconcernedwithmovingthesessionfromthemacrocellularnetworkoutsidethemalltotheWi-Finetworkinsidethemallwithoutdroppingthesessionorrequiringtheusertologintoadifferentnetwork.Infact,thegoalwithVoWiFi(aswithVoLTE)istomakethistransitioncompletelyinvisibletousers.Althoughrelativelynew,VoWiFiisexpectedtogaintractioninthecomingyearsasmobileserviceproviderslooktoaddressoneoftheirgreatestchallenges:weakin-buildingcoverage.Theaddition,forthefirsttime,ofbuilt-inVoWiFifeaturesintothenewAppleiPhone6isexpectedtoacceleratetheadoptionofVoWiFi.TheePDGprovidesthenecessarysupportforencryptedVoWiFicallswhilebringingthesessionintotheIMS/LTEcoreforpersistentsessioncontrolandpolicyenforcement.Hereagain,theAffirmedePDGprovidesasuperiorlevelofperformanceonencryptedcommunicationsinascalable,flexiblevirtualizedplatform.

IPSec

Radius/ Diameter

Gx Gy Gz

SGi

SGi

S2b

S5

UE Connected

via WiFi

AAA PCRF OCS OFCS

ePDG

GGSN/ PGW/Gi

Untrusted WiFi

UE Connected via 3G/4G

3G/4G SGW

Packet Data Network

High performance ePDGAllows WiFi access to the Operator’s servicesTransparent to the Untrusted WiFi OperatorNo arrangement with WiFi operator requiredNo interworking with the AP/ACLocal breakout or integrated with PGW for seamless mobility

------

Capabili!es

Client

AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 8

FIGURE6:VOICEOVERWIFIMakingtheWi-FiFutureaRealityTodayWi-Fiaccessiscriticallyimportanttothefutureoffixedandmobileserviceproviders—asimportantasradioaccessnetworksandpotentiallymoreimportantthanVoLTE.YetserviceprovidersneedtosolidifytheirWi-Fiaccessstrategiessoon,asthekeymarketplayersarealreadyjockeyingforpositioninthisnewmarket,asevidencedbyearlyWi-FiservicerolloutsfromT-MobileandComcast.Networkfunctionsvirtualizationprovidesthequickestandmostcost-effectivepathforthistransformation,providedthatthesolutiondeliverscarrier-classsecurity,seamlesssessionhandoffandtightintegrationwithcoresubscribersservicessuchaspolicyenforcement,identityandaccounting.VirtualizationandWi-Fiaccesspresentthenextgenerationofnetworkedcommunications.Bybringingthetwotechnologiestogetherinarobustandhighlyscalablesolution,Affirmedenablesserviceproviderstodeliverabettercommunicationsexperiencefortheirsubscribersthroughinnovationandsmarterefficiency.

IPSec

Radius/ Diameter

Gx Gy Gz

SGi

SGi

S2b

S5

UE Connected

via WiFi

AAA PCRF OCS OFCS

ePDG

GGSN/ PGW/Gi

Untrusted WiFi

UE Connected via 3G/4G

3G/4G SGW

Packet Data Network

Be!er in building coverage and voice experienceTraffic offload to help with RAN capacity constraintsCapitalize on exis$ng WiFiCompete with OTT and reduce churnSupport of SIM and non-SIM devices

-----

Capabili!es

Client

IMS

AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 9

APPENDIXWi-FiInterfaces

LI GW

GyGx

vWAG / vWAP / vePDG

SPR

UE

Untrusted AC/AP

Trusted AC/AP

PCRF OCSOFCS

AAAAAA Proxy

GGSN

EMS

PGW