AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA
SOLUTIONBRIEF
1
How,WhenandWi-Fi:WeavingWi-FiintoYourNetworkExperiencethroughVirtualizationTHEWI-FIOPPORTUNITYWhile4GandLTEhavecapturedmuchofthemediaattention,Wi-Fihasquietlybecomethewirelessnetworkofchoiceformanysubscribers.Today,morethanhalfofallmobiletraffic(60%)iscarriedoverWi-Finetworksinhomes,officesandpublicplacesfromcoffeeshopstoshoppingmalls.WiththenumberofWi-Fihotspotsexpectedtoquadruplegloballyto5.8millionoverthenextfewyears,analystspredictthatsoonasmuchas80%ofallmobilevoiceanddatatrafficwillbeWi-Fibased.
Afteryearsofbuildingouttheirnetworks,fixedandmobileserviceprovidersnowrecognizethestrategicnecessityofbringingWi-Fiaccessintotheirnetworkexperience.ExtendingtheirnetworkcoveragethroughWi-Fiaccessenablestoday’sserviceproviderstosolvesomeoftheirmostpressingchallenges:
§ ItenablesnetworkproviderstomonetizeWi-Ficommunicationsthroughvalue-addedservices(e.g.security,quality,persistentidentity);
§ Itallowsserviceproviderstocompetemoreeffectivelywithover-the-top(OTT)providerssuchasSkypeandWhatsApp;
§ Itgivesmobileprovidersacost-effectivealternativetoextendingtheirwirelessnetworkcoverageinto“difficult”areas(e.g.,in-buildingcoverage);
§ Itprovidesaninexpensivebackhaulsolutiontooffloadthegrowingamountofvideoanddatatrafficonthemacrocellularnetwork
THEWI-FICHALLENGE:SEAMLESSINTEGRATIONThechallengeforfixedandmobileserviceprovidersistoseamlesslyintegrateWi-FivoiceanddatacommunicationsintotheirnetworksandeffectivelymonetizeWi-Fiaccessthroughvalue-addedservicesthatincludebetterqualityofexperienceandseamlesssessionhandoffbetweennetworks.Therearefourkeyareasinwhichserviceproviderscanprovidevaluethroughnetworkintegration:
1. Security2. Sessioncontinuity
AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 2
3. Policy/qualityenforcement4. Servicessuchascontentfiltering,webandvideooptimization5. Accesstooperatorcontentie.video,musicetc
Tosupportthisintegration,thetelecommunicationsindustryhasdefinedtwonetworkelementstoserveasasecuregatewaybetweenaserviceprovider’scorenetwork—anevolvedpacketcore(EPC)inthecaseofmobileserviceproviders—andbothtrustedanduntrustedWi-Finetworks.ForaccesstotrustedWi-Finetworkssuchasthosedeployedbyorinpartnershipwiththeserviceprovider,theindustryhasdefinedtheTrustedWLANAccessGateway/Proxy(TWAG/TWAP)asthissecureentrypoint.ForaccesstountrustedWi-Finetworkssuchasthoseoperatedindependentlyorinconnectionwithanotherserviceprovider,theappropriatenetworkelementtosecureWi-FiaccesswouldbetheevolvedPacketDataGateway(ePDG).
Currently,serviceprovidershavetwooptionsfordeployingtheseelementsintheirnetwork:eitherasastandalone,hardware-basedlegacydevice(thetraditionalapproach)orasavirtualized,software-basedsolution.Networkfunctionsvirtualization(NFV)isfastbecomingthenewstandardfornetworkevolutionasserviceproviderslooktoscaletheirnetworksquicklywhilereducingcomplexityandcost.Tomeetthisnewdemand,manylegacynetworkgatewayvendorsarenowadaptingtheirhardware-basedsolutionsforvirtualizedenvironments.YetthesesolutionsrarelyofferthesamerobustperformanceandeconomicbenefitsthatnativelydevelopedNFVsolutionspresent.
FIGURE1:AFFIRMEDMOBILECONTENTCLOUD
AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 3
THEAFFIRMEDWI-FIGATEWAYSOLUTIONAsaleaderintheNFVnetworkevolution,AffirmedNetworksishelpingfixedandmobileserviceprovidersbuildthenext-generationofnetworksusingcarrier-class,nativelyvirtualizedsolutions.Affirmed’sgroundbreakingvirtualEPC(vEPC)solution,dubbedtheMobileContentCloud(MCC),iscurrentlydeployedinsomeoftheworld’slargestmobileserviceprovidernetworks.TheAffirmedWi-FigatewayhasbeendevelopedontopoftheMCCfromwhichitinheritsawiderangeofmobilegatewayfunctionssuchasGGSN,SAE-GW,SP/DPI/Heuristicsapplicationdetection,PCEFwithGxandGyinterfacesforQoSandoffline/onlinecharging,LawfulInterception,aswellasitsrichsetofcontentservicessuchasHTTP(S)Proxy,webandvideocontentoptimizationandadaptation,contentcaching,contentfiltering/parentalcontrol,subscriberfirewall,NAT/ALGandmore.TheAffirmedWi-FigatewaysolutionfeaturescompleteTWAG/TWAPandePDGfunctionsthatcanbedeployedoncommercialoff-the-shelf(COTS)serversorwithinthevEPConvirtuallymanagedhardware.
FIGURE2:AFFIRMEDWI-FIGATEWAY
Recommended Partner or 3rd Party
User Experience Content
3G/4G
3G/4G
3G/4GAccess
3G/4GRoaming
Trusted WiFi
Trusted
Untrusted
SGSN/SGW
SGSN/SGW
HLR/HSS AAA OCS PCRF
Untrusted WiFi
AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 4
Affirmed’sWi-Figatewaysolutionisdesignedtoprovidethemostrobust,reliableandflexiblesolutiononthemarkettoday,featuring:
§ Ultra-highperformanceoncommercialx86serversandblades;§ OpensupportforpopularhypervisorsfromVMware,KVMandOpenStack;§ FullcompliancewithETSINFVstandards;§ EasyintegrationwiththeAffirmedvEPCorthird-partyEPCsolutions;§ AuniquelyengineeredvirtualePDGthatdelivers5Glevelsofperformanceforhighvolumesof
encryptedtraffic;§ Seamlessdeliveryofcorenetworkservicesincludingpolicy/charging,packetinspection,value-added
service/contentoptimizationandworkfloworchestration.
TheWi-FiGatewayinAction:FourExamplesThereareseveralwaysthatserviceproviderscanleverageWi-Fiaccesstoenhancetheirservicesandimprovenetworkperformance.TheseincludeoffloadingtrafficontotrustedWi-Finetworks,extendingcorenetworkservicesthroughtrusted(anduntrusted)Wi-FinetworksandprovidingVoWiFiorWiFicallingserviceswhichincludesseamlesssessionhandoffbetweenWi-Fiandmacrocellularnetworks.We’lltakealookateachofthesecasesbelowandexplainhowtheAffirmedWi-Figatewaysolutionthenecessaryintegrationtosupporttheseservices.OffloadingTrafficontoTrustedWi-FiNetworksUsingWi-Finetworkstoextendnetworkcoverageandreducetrafficonthemacrocellularnetworkhasclearcostadvantagesforserviceproviders.AtrustedWi-Finetworkcanbeeitherahotspotthattheserviceprovidermaintains(e.g.,ahostedhotspotatanairport)oronedeployedinpartnershipwiththeprovider.Theserviceproviderinthiscasemaybeamobileorafixednetworkoperator.CableproviderComcast,forexample,currentlyoffersbothwirelessvoiceanddataservicesthroughthousandsofwirelesshotspotsthatithasdeployedintheU.S.Byatrustednetwork,wemeanoneinwhichtheserviceprovidercanverifybasicuserinformationandexertsomelevelofcontrolovertheaccesspoint.Intheexampleabove,Wi-Fiuserswouldbeauthenticatedbytheserviceprovider’sAuthentication,AuthorizationandAccounting(AAA)systemviatheTWAP,whilethevoice/datatrafficitselfwouldpassthroughtheTWAGanbeoffloadedontothedatanetworkforbackhaul.AnaddedvaluethatAffirmed’ssolutionbringstothisscenarioistheabilitytoapplyGiservicestothesubscriber.Theseservicesinclude:Policyenforcement(includingQoSpolicies),contentfiltering,web/videooptimizationandsecurityservicessuchasNAT,FirewallandIPS.
AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 5
FIGURE3:TRUSTEDOFFLOADTrustedWi-FiAccessIntegrationtoEPCExtendingthesubscriber’snetworkexperience—includingvalue-addedservicesandseamlesssessionhandoff—totrustedWi-Finetworksrequirestightintegrationwiththeserviceprovider’scorenetwork.AnexampleoftrustedWi-Fiaccesswouldbewirelessroamingatalargeshoppingmall,wheremobilesubscriberswouldseamlesslymovefromthemacrocellularnetworkoutsidethemalltothewirelessLAN(WLAN)onceinsidethemall.Insuchascenario,subscriberswouldenjoybetterwirelessreceptionindoorswithoutrequiringthemtologontothenetworkorinterruptexistingsessions.Asintheexampleabove,theTWAPwouldsecurecommunicationswiththeAAAserverforauthentication/authorization,whiletheTWAGwouldoffloadvoice/datatraffic(andenforcepoliciesonthattraffic)ontothepacketdatanetwork.However,notalltrafficmayberouteddirectlytotheInternetdirectly.CertaintrafficmayberoutedthroughtheTWAGtothepacketcorenetwork.Operatorswoulddothisiftheywanttoserveuphostedcontentsuchasvideoormusic.TheAffirmedTWAGsupportstheindustry-standardS2ainterface,whichenablestheTWAGtocommunicatedirectlywithanyindustry-standardEPCgateway,whetherit’spartofAffirmed’svirtualEPCsolutionoranexistingthird-partyEPCsolution.
Radius
Radius/ Diameter
Gx Gy
SGi
GRE
UE Connected
via WiFi
AAA PCRF OCS
TWAG/ Gi Svcs
Trusted WiFi
Trusted AP/AC
Packet Data Network
Extending services from trusted networksAuthen!ca!on done locally or through TWAP to AAATransparent to the UENo IPSec or client required on the UEGRE tunnel from Trusted WiFi as opposed to UEValue-add of applying Gi Services to traffic i.e. policy, Qos, Service differen!a!on
- - ----
Capabili!es
AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 6
FIGURE4:TRUSTEDvEPCINTEGRATIONUntrustedWi-FiAccessIntegrationInaworldwithmillionsofWi-Fiaccesspoints,untrustedWi-Finetworksareacommonoccurrence.Byanuntrustednetwork,wemeanoneinwhichtheserviceprovidercannotauthenticateusersorcontroltheflowoftrafficoverthenetwork.AnexampleofanuntrustednetworkcouldbeaWi-Finetworkinacoffeeshoporonehostedbyacompetitiveprovider.InordertosafelybringuntrustedWi-Finetworksintothecorenetwork,serviceprovidersmustdeployadifferentelement:anevolvedPacketDataGateway(ePDG).CommunicationsoveruntrustednetworksrequireanaddedlevelofsecurityknownasIPsecencryption.IndustrystandardsmandatethatallmobiledevicesmustfeatureanIPsecclientonthedevice.Inthiscase,voiceanddatasessionspasssecurelythroughanIPsectunnel.Thesetunnelsoftenneedtoremainopeninanticipationofincomingoroutgoingcalls,sothatatanygiventimemillionsofIPsectunnelsmayneedtoremainopeninthenetwork.Hardware-basedePDGsaredesignedtohandlethishighdemandforopenIPsectunnels,butthesesamehighencryptionrequirementshavehistoricallyprovenproblematicforvirtualizedePDGinstances.TheAffirmedePDGistheexceptiontothatrule:aremarkablyrobustvirtualePDGthatcandeliver5GlevelsofIPsec-encryptedcommunicationsonasingleserver.
Radius
Radius/ Diameter Gx Gy
SGi
SGi
GRE
S2a
S5
UE Connected
via WiFi
AAA PCRF OCS
TWAG/ Gi Svcs
TWAG/ Gi Svcs
Trusted WiFi
Trusted AP/AC
UE Connected via 3G/4G
3G/4G
SGW
Packet Data Network
Affirmed or 3rd party PGW/GGSN
Select traffic routed through TWAG and then to the packet core for addi"onal operator specific services i.e. music, video, etc.Seamless 3G/4G - WiFi mobilityIntegra"on with Affirmed Gateway and 3rd party Gateway
-
--
Capabili!es
AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 7
FIGURE5:UNTRUSTEDWI-FIvEPCINTEGRATIONVoiceOverWi-FiMuchlikeVoiceoverLTE(VoLTE),VoiceoverWi-Fi(VoWiFi)seekstocreateseamlesshandoffbetweennetworksduringalivevoicecall.Considerourearlierexampleoftheshoppingmall;inthiscase,serviceproviderswouldbeconcernedwithmovingthesessionfromthemacrocellularnetworkoutsidethemalltotheWi-Finetworkinsidethemallwithoutdroppingthesessionorrequiringtheusertologintoadifferentnetwork.Infact,thegoalwithVoWiFi(aswithVoLTE)istomakethistransitioncompletelyinvisibletousers.Althoughrelativelynew,VoWiFiisexpectedtogaintractioninthecomingyearsasmobileserviceproviderslooktoaddressoneoftheirgreatestchallenges:weakin-buildingcoverage.Theaddition,forthefirsttime,ofbuilt-inVoWiFifeaturesintothenewAppleiPhone6isexpectedtoacceleratetheadoptionofVoWiFi.TheePDGprovidesthenecessarysupportforencryptedVoWiFicallswhilebringingthesessionintotheIMS/LTEcoreforpersistentsessioncontrolandpolicyenforcement.Hereagain,theAffirmedePDGprovidesasuperiorlevelofperformanceonencryptedcommunicationsinascalable,flexiblevirtualizedplatform.
IPSec
Radius/ Diameter
Gx Gy Gz
SGi
SGi
S2b
S5
UE Connected
via WiFi
AAA PCRF OCS OFCS
ePDG
GGSN/ PGW/Gi
Untrusted WiFi
UE Connected via 3G/4G
3G/4G SGW
Packet Data Network
High performance ePDGAllows WiFi access to the Operator’s servicesTransparent to the Untrusted WiFi OperatorNo arrangement with WiFi operator requiredNo interworking with the AP/ACLocal breakout or integrated with PGW for seamless mobility
------
Capabili!es
Client
AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 8
FIGURE6:VOICEOVERWIFIMakingtheWi-FiFutureaRealityTodayWi-Fiaccessiscriticallyimportanttothefutureoffixedandmobileserviceproviders—asimportantasradioaccessnetworksandpotentiallymoreimportantthanVoLTE.YetserviceprovidersneedtosolidifytheirWi-Fiaccessstrategiessoon,asthekeymarketplayersarealreadyjockeyingforpositioninthisnewmarket,asevidencedbyearlyWi-FiservicerolloutsfromT-MobileandComcast.Networkfunctionsvirtualizationprovidesthequickestandmostcost-effectivepathforthistransformation,providedthatthesolutiondeliverscarrier-classsecurity,seamlesssessionhandoffandtightintegrationwithcoresubscribersservicessuchaspolicyenforcement,identityandaccounting.VirtualizationandWi-Fiaccesspresentthenextgenerationofnetworkedcommunications.Bybringingthetwotechnologiestogetherinarobustandhighlyscalablesolution,Affirmedenablesserviceproviderstodeliverabettercommunicationsexperiencefortheirsubscribersthroughinnovationandsmarterefficiency.
IPSec
Radius/ Diameter
Gx Gy Gz
SGi
SGi
S2b
S5
UE Connected
via WiFi
AAA PCRF OCS OFCS
ePDG
GGSN/ PGW/Gi
Untrusted WiFi
UE Connected via 3G/4G
3G/4G SGW
Packet Data Network
Be!er in building coverage and voice experienceTraffic offload to help with RAN capacity constraintsCapitalize on exis$ng WiFiCompete with OTT and reduce churnSupport of SIM and non-SIM devices
-----
Capabili!es
Client
IMS
AffirmedNetworks,Inc.,35NagogPark,Acton,MA01720USA 9
APPENDIXWi-FiInterfaces
LI GW
GyGx
vWAG / vWAP / vePDG
SPR
UE
Untrusted AC/AP
Trusted AC/AP
PCRF OCSOFCS
AAAAAA Proxy
GGSN
EMS
PGW
Recommended
