Internet DRAFT - draft-gundavelli-netext-pmipv6-wlan-applicability

draft-gundavelli-netext-pmipv6-wlan-applicability






NETEXT WG                                                  S. Gundavelli
Internet-Draft                                             B. Pularikkal
Intended status: Standards Track                               R. Koodli
Expires: April 24, 2014                                            Cisco
                                                        October 21, 2013


     Applicability of Proxy Mobile IPv6  for Service Provider Wi-Fi
                              Deployments
        draft-gundavelli-netext-pmipv6-wlan-applicability-06.txt

Abstract

   Proxy Mobile IPv6 is a network-based mobility management protocol.
   The protocol is designed for providing mobility management support to
   a mobile node, without requiring its participation in any IP mobility
   related signaling.  The base protocol is defined in an access
   technology independent manner, it identifies the general requirements
   from the link-layer for supporting the protocol operation.  However,
   it does not provide any specific details on how it can be supported
   on a specific access technology.  This specification identifies the
   key considerations for supporting Proxy Mobile IPv6 protocol on the
   widely deployed wireless LAN access architectures, based on IEEE
   802.11 standards.  It explores the current dominant wireless LAN
   deployment models and provides the needed interworking details.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 24, 2014.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.




Gundavelli, et al.       Expires April 24, 2014                 [Page 1]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4

   2.  Conventions & Terminology  . . . . . . . . . . . . . . . . . .  5
     2.1.  Conventions  . . . . . . . . . . . . . . . . . . . . . . .  5
     2.2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  5

   3.  WLAN as an access technology and the related considerations  .  6
     3.1.  Controller based WLAN Access Network - Central Switched  .  6
     3.2.  Controller based WLAN Access Network - Local Switched  . .  7
     3.3.  WLAN Access Network with Autonomous APs  . . . . . . . . .  7
     3.4.  Comparison between WLAN Access Network Models  . . . . . .  8

   4.  Deployment Models  . . . . . . . . . . . . . . . . . . . . . .  9
     4.1.  Flat Model Deployments (Single PMPv6 Domains)  . . . . . .  9
       4.1.1.  Flat Model with LMA on WAG . . . . . . . . . . . . . .  9
       4.1.2.  Flat Model with LMA on P-GW  . . . . . . . . . . . . . 10
     4.2.  Hierarchical Deployments with Domain Chaining  . . . . . . 11
       4.2.1.  PMIPv6 to PMIPv6 chaining with RFC compatible
               Level-1 and Level-2 MAG and LMA functions  . . . . . . 12
       4.2.2.  PMIPv6 to S2a Chaining with RFC compatible Level-1
               LMA & s2a (PMIPv6 or GTPv2) towards 3GPP EPC . . . . . 13

   5.  Deployment Considerations  . . . . . . . . . . . . . . . . . . 15
     5.1.  IP addressing Considerations . . . . . . . . . . . . . . . 15
     5.2.  Access Authentication & User Identity  . . . . . . . . . . 15
     5.3.  Policy Provisioning & Enforcement  . . . . . . . . . . . . 16
     5.4.  Charging Considerations  . . . . . . . . . . . . . . . . . 16
     5.5.  Legal Intercept  . . . . . . . . . . . . . . . . . . . . . 17
     5.6.  SIPTO Considerations . . . . . . . . . . . . . . . . . . . 17

   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 19

   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 20

   8.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 21



Gundavelli, et al.       Expires April 24, 2014                 [Page 2]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 22
     9.1.  Normative References . . . . . . . . . . . . . . . . . . . 22
     9.2.  Informative References . . . . . . . . . . . . . . . . . . 22

   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 24














































Gundavelli, et al.       Expires April 24, 2014                 [Page 3]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


1.  Introduction

   Proxy Mobile IPv6 is a network-based mobility management protocol
   specified in [RFC5213].  The protocol can be used for providing
   mobility management support to a mobile node within a localized
   domain, without requiring its participation in any IP mobility
   related signaling.

   The core functional entities in the Proxy Mobile IPv6 domain are the
   local mobility anchor (LMA) and the mobile access gateway (MAG).  The
   local mobility anchor is responsible for maintaining the mobile
   node's reachability state and is the topological anchor point for the
   mobile node's home network.  The mobile access gateway is the entity
   that performs the mobility management on behalf of a mobile node, and
   it resides on the access link where the mobile node is anchored.  The
   mobile access gateway is responsible for detecting the mobile node's
   movements to and from the access link and for initiating binding
   registrations to the mobile node's local mobility anchor.

   There are numerous protocol extensions defined to Proxy Mobile IPv6
   protocol, for supporting various features.  These features include
   support for IPv4 transport and addressing support [RFC5844], GRE Key
   negotiation support [RFC5845], Binding Revocation support [RFC5846].
   Diameter support [RFC5779], RADIUS support
   [I-D.draft-ietf-netext-radius-pmip6] and Proxy Mobile IPv6 MIB
   [I-D.draft-ietf-netlmm-pmipv6-mib].  All of these features give the
   protocol a completeness for being adopted as a network-based mobility
   management protocol within a micro-mobility domains, based on WLAN
   access architectures.

   This specification identifies the key considerations for supporting
   Proxy Mobile IPv6 protocol in micro-mobility domains, such as in
   wireless LAN access architectures, based on IEEE 802.11 standards.


















Gundavelli, et al.       Expires April 24, 2014                 [Page 4]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


2.  Conventions & Terminology

2.1.  Conventions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

2.2.  Terminology

   All the mobility related terms used in this document are to be
   interpreted as defined in the Proxy Mobile IPv6 specifications
   [RFC5213], [RFC5844], [RFC5845] and [RFC5846].  Additionally, this
   document uses the following abbreviations:

   o  WLAN (Wireless Local Area Network) - A wireless network.

   o  WTP (Wireless Termination Point): The entity that functions as the
      termination point for the network-end of the IEEE 802.11 based air
      interface from the mobile node.  It is also knows as the Wireless
      Access Point.

   o  WLC (Wireless LAN Controller): The entity that provides the
      centralized forwarding, routing function for the user traffic.
      All the user traffic from the mobile nodes attached to the WTP's
      is typically tunneled to this centralized WLAN access controller.

























Gundavelli, et al.       Expires April 24, 2014                 [Page 5]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


3.  WLAN as an access technology and the related considerations

   WLAN as wireless access technology has experienced significant
   adoption in both Enterprise and Service Provider Deployments.
   Enterprises leverage WLAN networks to provide Mobile access to their
   employees and partners to the enterprise network resources.  Service
   Providers leverage WLAN for providing wireless Access to their
   subscribers by deploying indoor and outdoor Wi-Fi hotspots.  These
   PWLAN deployments allow the service providers with additional revenue
   generation opportunities through the deployment of various use cases,
   which leverage the WLAN access.  PWLAN networks typically deploy two
   types of SSIDs, Open and Secured.  Open SSIDs are typically used
   along with some web portal based authentication and provides
   complimentary, pre-paid or subscription based Wi-Fi access to
   Internet.  Secure SSIDs are typically used for Mobile Data Offload
   scenarios, which will use SIM card based authentication for the
   Mobile subscribers.

   For the WLAN access network deployment, three models are available-
   a) Controller based WLAN Access Network with Converged CP-DP, b)
   Controller based WLAN Access Network with Split CP-DP & c) WLAN
   Access Network with Autonomous APs.  Since these two options can be
   applied to various models, the Access Network section will be covered
   first followed by the detailed overview of various Deployment Models.

3.1.  Controller based WLAN Access Network - Central Switched

   This is a split MAC model with CAPWAP where 802.11 control plane
   functions are divided between AP and the WLC.  WLC also handles AP
   provisioning, management and RRM.  In this model, end user data
   traffic is always switched through the WLC via a CAPWAP data plane
   tunnel.  From the PMIPv6 implementation perspective, the MAG
   functionality resides on the controller.  This WLAN access network
   model is illustrated in Figure 1 below.


      +-------+    CAPWAP CNTRL     +-------------+
      |       +---------------------+             |  PMIPv6 towards LMA
      |  AP   |                     |   WLC + MAG |+------------------>
      |       +---------------------+             |
      +-------+    CAPWAP DATA      +-------------+


                 Figure 1: WLAN Access - Central Switched







Gundavelli, et al.       Expires April 24, 2014                 [Page 6]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


3.2.  Controller based WLAN Access Network - Local Switched

   This is a split MAC model with CAPWAP where 802.11 control plane
   functions are divided between AP and the WLC.  WLC also handles AP
   provisioning, management and RRM.  In this model, end user data
   traffic locally switched by the AP and does not reach the WLC.  From
   the PMIPv6 implementation perspective, the MAG functionality resides
   on the AP.  WLC does not play a role in the end user data traffic
   forwarding.  This WLAN access network model is illustrated in Figure
   2 below.



                                  +----------+
             CAPWAP CNTRL         |          |
          +-----------------------+   WLC    |
          |                       |          |
          |                       +----------+
          |
          |
          |
     +----+------+
     |           |     PMIPv6 towards LMA
     | AP + MAG  +--------------------------->
     |           |
     +-----------+


                  Figure 2: WLAN Access - Local Switched

3.3.  WLAN Access Network with Autonomous APs

   In this Access network model, WLCs will not be used.  APs will
   perform all aspects of the 802.11 control plane and signaling.  From
   the PMIPv6 implementation perspective, the MAG functionality will
   reside on the AP.  This WLAN access model is illustrated in Figure 3
   below.




      +------------+
      |            |   PMIPv6 towards LMA
      |  AP + MAG  |------------------------->
      |            |
      +------------+





Gundavelli, et al.       Expires April 24, 2014                 [Page 7]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


                Figure 3: WLAN Access - with Autonomous APs

3.4.  Comparison between WLAN Access Network Models

   In general a controller-based architecture brings several advantages
   over autonomous AP deployments.  The standards based split-mac model
   where many 802.11 functions are offloaded to the controller from the
   AP allows more lightweight and hence cost effective access point
   implementation.  Also controller based architecture offers more
   flexible and scalable provisioning and operational management of the
   APs.  Controllers may also support sophisticated Wi-Fi Radio Resource
   Management.  No effective RRM implementation options are available in
   autonomous AP deployments.  Another advantage of the controller based
   implementation model is the ability to localize the mobility events
   between the APs at the controller.

   For the controller-based models, whether to use central switched or
   local switched depends up on the particular deployment models and the
   AP, Controller capabilities.  In the central switched model, the
   mobility events between the APs are masked from the Wi-Fi aggregation
   gateway.  However it will require the controller to handle all the
   end user data traffic, which may not scale in some cases.  This will
   also put restrictions on the location of the controllers in a
   network, since the controllers will always need to be installed
   closer to the APs to ensure optimized forwarding path for the Wi-Fi
   end user traffic.  Local switched mode may be suited in deployments
   where Wi-Fi gateways can handle high rate of mobility events and it
   is desirable to place controllers in a centralized location.























Gundavelli, et al.       Expires April 24, 2014                 [Page 8]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


4.  Deployment Models

   There are numerous "field of use" cases around Service Provider Wi-Fi
   deployments; some of the key use cases are listed below:

   Metro Wi-Fi model indoor and outdoor Wi-Fi deployments

   Mobile Data Offload

   Hospitality Wi-Fi

   Community Wi-Fi

   Whole Sale Deployment Model

   Municipal Wi-Fi

   PMIPv6 can be leveraged as the underlying architecture for any of
   these deployment use cases.  The built in Network Based Mobility
   Management support available on PMIPv6 along with the rich set of
   protocol extensions make it a well suited standards based protocol of
   choice for SP Wi-Fi deployments.

   Various "field of use cases" in Service Provider Wi-Fi can be mapped
   to one of the deployment models described in the section.  For all of
   these deployment models, any of the WLAN access network
   implementation options described earlier in section 3 can be
   leveraged.  For the sake of simplicity, discussions in this section
   will use the Controller based central switched option on the access
   network side for illustrative purposes.

4.1.  Flat Model Deployments (Single PMPv6 Domains)

   In this deployment model, PMIPv6 MAG functionality resides on the
   access network element (typically on AP or WLC) and the PMIPv6 LMA
   functionality resides either on a Wi-Fi Subscriber Aggregation
   Gateway (WAG) or a PDN Gateway.  LMA on WAG will be used for the
   deployment scenarios, which does not require Mobile data offload.
   LMA function on PDN Gateway will be used for the packet core
   integration use cases where one or more SSIDs on the WLAN access
   network side are enabled for Mobile Data Offload.  Flat model
   deployments are described in detail in the next two sub-sections.

4.1.1.  Flat Model with LMA on WAG

   This model is illustrated below in Figure 4.  In this model, the
   Wi-Fi access network may leverage open SSIDs or secured SSIDs.  If
   the open SSID is in use, subscriber access will always be controlled



Gundavelli, et al.       Expires April 24, 2014                 [Page 9]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


   by some sort of Web portal based authentication or MAC address based
   automatic login or a combination of both.  Secured SSID may leverage
   non-SIM based authentication scenarios such as EAP-TLS or EAP-TTLS.
   WAG is the subscriber management element, which acts as the policy
   enforcement point for the Wi-Fi subscribers.  WAG works in
   conjunction with an external PCRF.  Interconnect between the PCRF and
   WAG in this model use either RADIUS or Diameter and in some cases may
   rely on some proprietary protocol.  WAG uses either a RADIUS or
   diameter interface to forward the billing related information to an
   external billing entity.  Two common subscriber billing options are
   pre-paid and post paid.



                     +-------+           +-----+
                     |BILLING+----+      |PCRF |
                     +-------+    |      +--+--+
                                  |         |
                             RADIUS/      RADIUS/
                             DIAMETER     DIAMETER
                                  |         |
                                  |         |
                                  +         |
                +----+       +------+       |
    +---+ CAPWAP|WLC | PMIPv6| LMA  |       |
    |AP |+------+ +  +-------+  +   +-------+
    +---+       |MAG |       | WAG  |
                +----+       +--+---+
                                |
                                |
                                |
                              _----_
                            _(      )_
                           ( Internet )
                                    (_      _)
                              '----'

                   Figure 4: Flat Model with LMA on WAG

4.1.2.  Flat Model with LMA on P-GW

   This model is illustrated below in figure 5.  In this model, LMA
   resides on a P-GW, which is part of a 3GPP Evolved Packet Core.  S2a
   Mobility over PMIPv6 is part of 3GPP standard and allows trusted WLAN
   to EPC integration.  Since the Wi-Fi access network is considered
   trusted, the solution always assumes the SSID is secured.  SSID will
   be typically enabled for one of the SIM based authentication options
   such as EAP-SIM, EAP-AKA or EAP-AKA'.  In this model, P-GW handles



Gundavelli, et al.       Expires April 24, 2014                [Page 10]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


   the subscriber policy enforcement.  P-GW acts as a PCEF and talks to
   an external PCRF over diameter interface.  P-GW supports diameter
   based billing interface for offline and or online charging.  Two
   common subscriber-billing options are pre-paid and post paid.

   From an authentication perspective the WLAN will have a diameter or
   RADIUS interface to a 3GPP AAA server.  This interface may be
   directly between the AP/WLC or in some cases with a proxy AAA server
   in the WLAN network side.


                      +                  +--------+
    WLAN Access NW    |   Packet Core +--+BILLING |
                      |               |  +--------+
                      |  +------+     |
                      |  | 3GPP |     |          +----+
                  ++-----+ AAA  |   DIAMETER     |PCRF|
                  |   |  +------+     |          +-+--+
               DIAMETER/              |            |
                RADIUS|               |            |
                  |   |               +            |
               +--+--+|           +--------+  DIAMETER
   +---+ CAPWAP| WLC ||  PMIPv6   |  LMA   |       |
   |AP +-------+  +  +------------+   +    +-------+
   +---+       | MAG ||           |  P-GW  |
               +-----+|           +----+---+
                      |                |
                      |                |
                                     _----_
                                   _(      )_
                                  ( Internet )
                                           (_      _)
                                     '----'


                   Figure 5: Flat Model with LMA on P-GW

4.2.  Hierarchical Deployments with Domain Chaining

   Domain chaining may be suited for some large scale SP Wi-Fi
   deployments and hybrid solutions which supports which supports open
   and secured SSIDs with or without Seamless Data Offload for Mobile
   operators.  Domain chaining allows localization of mobility events at
   the chaining point for the first level domain.  This is model is
   suited for inter-operator roaming scenarios as well.

   There are two types of chaining models, both of which are described
   in the following sub-sections.



Gundavelli, et al.       Expires April 24, 2014                [Page 11]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


4.2.1.  PMIPv6 to PMIPv6 chaining with RFC compatible Level-1 and
        Level-2 MAG and LMA functions

   This model assumes that there are no requirements for packet core
   integration.  The primary motivation behind chaining would be to
   introduce simplicity and scalability though the two level domain
   hierarchy.  The chaining point not only allows for the localization
   of mobility events in a particular region, but can act as the SIPTO
   offload point for traffic which need to be selectively offloaded.
   SIPTO may happen at per subscriber level or per traffic flow level
   for a given subscriber.  Another advantage, the chaining model
   introduces is the reduced scaling requirements around data plane
   tunnels.  For example, with hierarchical model, simultaneous number
   of data plane tunnels need to be supported at a level LMA or level 2
   LMA would be significantly lower compared the requirements on the LMA
   function in a flat deployment model.  This model is illustrated in
   Figure 6.


                             +------+      +---------+
                             |PCRF  |      |BILLING  |
                             +---+--+      +-----+---+
                                 |               |
                                 |               |
                                 |               |
                                 +----------+    |
                                            |    |          x xxxxx
                                            |    |        xx      xxx
                                            |    |       xx         xx
                +----+      +------+       ++----+-+     x           xx
    +--+ CAPWAP |WLC |PMIPv6|L1-LMA|PMIPv6 |       |    xx            x
    |AP+--------+ +  +------|  +   +-------+L2-LMA +---+x CENTRALIZED xx
    +--+        |MAG |      |L2-MAG|       |       |    x              x
                +----+      +---+--+       +---+---+    x  SERVICES    x
                          SIPTO |                       x              x
                             xxx+xxxxx                  x             x
                            xx       xx                  xx          x
                           xx          x                     xxxxxx
                           x           xx
                          xx            x
                          x LOCALIZED  xx
                          x SERVICES   xx
                          x             x
                          xx            x
                           xxx       xxx
                             xxxxxxxxx





Gundavelli, et al.       Expires April 24, 2014                [Page 12]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


                    Figure 6: PMIPv6 to PMIPv6 Chaining

   In this model per subscriber policy enforcement is expected to happen
   at level-1 LMA and level-2 LMA.  Depending up on the deployment use
   case, interaction between PCRF may be done either just at the level-2
   LMA or at both the chaining point as well as level-2 LMA.  Charging
   support may or may not be a requirement at the chaining point and
   will depend up on whether SIPTO is enabled.

4.2.2.  PMIPv6 to S2a Chaining with RFC compatible Level-1 LMA & s2a
        (PMIPv6 or GTPv2) towards 3GPP EPC

   In this model, the chaining point provides a 3GPP complaint S2a
   interface towards the packet core for trusted WLAN to EPC
   integration.  S2a interface may use either PMIPv6 or GTPv2 protocol.
   In the model, for the secured WLANs (SSIDs), which are configured for
   SIM, based authentication for Mobile offload, the level-1 gateway,
   which performs the chaining, may act as the 3GPP AAA proxy as well.
   Alternatively some deployments may use an out of band authentication
   model and the intermediate gateway does not perform and AAA proxy
   functions.  The ability for the intermediate gateway to perform AAA
   proxy functions are more relevant when diameter based authentication
   support is required for packet core integration.  For this scenario,
   the WLC will be forwarding EAP messages over RADIUS and the
   intermediate gateway will provide a diameter AAA interface towards a
   3GPP AAA server.  This model is illustrated in Figure 7.  This model
   can simultaneously support a combination of mobile data offload and
   non-offload scenarios as described below:

   Open SSID and Web Portal based authentication: Intermediate gateway,
   which will also be the WAG, will have an interface towards a local
   PCRF and may use RADIUS or DIAMETER interface.  IP address assignment
   will be managed by the intermediate gateway.

   Secured SSID and NSWO: For this use case, Mobile operator's
   subscribers will get authenticated using one of the SIM based
   authentication methods, but UE data will not be offloaded to the
   packet core.  Instead the intermediate gateway will perform SIPTO of
   all the subscriber traffic.  UE address assignment will be managed by
   the intermediate gateway.

   Secured SSID and Packet Core Integration: For this use case, Mobile
   operator's subscribers will get authenticated using one of the SIM
   based authentication methods and S2a (over PMIPv6 or GTPv2) will be
   used to tunnel the UE traffic towards a P-GW in the packet core.
   Some deployments also may implement flow based SIPTO for the UE
   traffic at the intermediate gateway.  UE address assignment will be
   managed by the P-GW.



Gundavelli, et al.       Expires April 24, 2014                [Page 13]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


                                 +----+     +-------+
                                 |PCRF|     |BILLING|
                                 +-+--+     +--+----+
                                   |           |
                                   |           |
                                   |           |            xxx
                                   +---------+ |          xx  xxx
                                             | |         xx     xx
                                             | |       xx         xx
                                             | |       x           xx
               +------+      +---+          ++++-+     x            x
   +--+ CAPWAP | WLC  |PMIPv6|LMA| S2a      |    |    xx  MOBILE    x
   |AP+--------+  +   +------+ + +---------+|P-GW+----+     NW      x
   +--+        | MAG  |      |MAG| PMIPv6 / |    |    xx            x
               +------+      +-+-+  GTPv2   +----+     x  RESOURCES x
                               |                       xx           x
                             NSWO/                      xxx        x
                             SIPTO                       xxxx  xxx
                               |                             xxx
                            xxx+xxxxx
                           xx       xxx
                          xx          x
                          x           xx
                          x LOCALIZED  x
                          x  SERVICES  x
                          x            x
                          xx          xx
                           xxxx     xxx
                              xxxxxxx

                     Figure 7: PMIPv6 to S2a Chaining




















Gundavelli, et al.       Expires April 24, 2014                [Page 14]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


5.  Deployment Considerations

   This section covers deployment considerations for PMIPv6 based SP
   Wi-Fi Architecture Models.  Key areas are covered in the following
   sub-sections.

5.1.  IP addressing Considerations

   PMIPv6 supports IPv4, IPv6 and dual stack addressing for UEs.  For
   all deployment models, LMA manages the address assignment for the
   UEs.  For the chaining scenarios, depending up on the deployment use
   cases, the address assignment may be handled by the intermediate
   gateways (level 1 LMAs) or the level-2 gateway (LMA and or P-GW).
   LMA may either use a locally defined pool or it works with an
   external DHCP server for address assignment.

   For IPv4 addressing, the MAG acts as a DHCP server and completes the
   LMA assigned IP address to the UE via DHCP messages.  It is important
   to provide protocol configuration options (PCOs) such as domain name,
   DNS server address etc. to the UE.  LMA can provide these PCOs in the
   PBA message and MAG in turn can pass the same to the UE via DHCP
   message along with the client IP address.

   For IPv6 addressing, it is a general practice in SP Wi-Fi deployments
   to assign a dedicated prefix per UE.  In order for this dedicated
   prefix assignment to work, MAG must support unicast RA as defined in
   RFC 6085.  MAG may use either DHCPv6 or SLAAC for prefix assignment.
   SLAAC is the preferred option since it is universally supported by
   various UEs compared to DHCPv6.  If SLAAC is the option used for
   prefix assignment, MAG should use "Recursive DNS Server" Option and
   "DNS Search List" Options, specified in RFC 6106 for providing the
   DNS configuration using IPv6 messages.

5.2.  Access Authentication & User Identity

   As briefly mentioned in the previous section, the access
   authentication mechanisms depend up on the particular deployment use
   case.  For metro Wi-Fi model deployments and other indoor / outdoor
   Wi-Fi deployments, web portal based authentication is very commonly
   used.  A common web portal based authentication scenario is an
   existing subscriber presenting the user id and the password
   credential to a web login page before he can access the Internet.
   There are various to this model out there such as new user accessing
   the network and signing up for subscription based or one time usage
   services, or users leveraging vouchers for access which will impose
   time and or quota limit etc.

   Another common user authentication scenario implemented in many metro



Gundavelli, et al.       Expires April 24, 2014                [Page 15]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


   Wi-Fi deployments is automatic authentication based up on mac
   address.  This model allows an existing subscriber to register one or
   more mac-addresses for automatic access When the subscriber tries
   access the Wi-Fi network for the first time from a UE device
   subscriber will have to go through a portal based authentication and
   the system captures the mac-address of the device at that time so
   that the subsequent access will allow automatic access from that UE
   device.

   For secured SSIDs an 802.1X based authentication mechanism will be in
   place.  Even though most of the Wi-Fi deployments out there rely on
   open SSIDs except for Mobile data offload use cases, it is the intent
   of the industry to move towards secured SSIDs and implement some EAP
   based authentication mechanisms. 802.1x based authentication will be
   requirement for Hotspot 2.0 compliance.  For mobile data offload
   scenarios, secure SSIDs with SIM card based authentication will be in
   use.

   PMIPv6 protocol allows the access network to pass the user identity
   such as mac-address, NAI, IMSI etc. towards the network side GW (LMA/
   WAG or LMA/P-GW) through the PMIPv6 control messages.  With this
   standardized user identity presentation, there is no need to rely on
   alternative proprietary options.

5.3.  Policy Provisioning & Enforcement

   Policy provisioning systems referred to as PCRF in the 3GPP
   terminology is the entity which decides what kind of services a
   specific subscriber can get and for what duration, what kind of
   charging polices are applicable to the subscriber etc.  Depending up
   on the deployment model, the gateways talk to the PCRF entity either
   using diameter interface (typically Gx) or RADIUS interface.  RADIUS
   interface is more common in WAG deployments, which do not handle 3GPP
   packet core integration, and diameter is typically used in 3GPP
   packet core elements such as P-GW.  Use of diameter for PCRF
   integration in non-3GPP deployments is also possible even though not
   common.  WAG/LMA or P-GW acts as the policy enforcement point and
   works in conjunction with PCRF.

5.4.  Charging Considerations

   Accounting and Charging in service provider Wi-Fi deployments fall
   under two broad categories a) Diameter based and b) RADIUS based.
   Diameter based charging will be leveraged for Architecture models,
   which use one or more 3GPP, network elements.  RADIUS based charging
   will be leveraged for the deployment models, which typically does not
   involve packet core integration.




Gundavelli, et al.       Expires April 24, 2014                [Page 16]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


   Diameter based charging leverages diameter protocol for the charging
   interfaces.  Diameter based charging architecture and the associated
   interfaces are defined in 3GPP standards.  Charging in 3GPP can be
   broadly classified into two categories a) Offline Charging and b)
   Online Charging.  In offline charging, resource usage is reported by
   the network element to the billing system after the resource usage
   has occurred.  For online charging, authorization for the network
   resource usage, must be obtained by the network prior to the actual
   resource usage will be allowed.

   Online charging maps to pre-paid charging use cases and offline
   charging maps to post-paid charging use cases.  Pre-paid and post-
   paid charging is supported by RADIUS based charging models as well.
   Charging information can be collected from various points in the
   Wi-Fi network such as WLAN access network, MAG, chaining point LMA/
   P-GW etc.  The type of charging and the required charging interfaces
   will depend up on the particular use case model.

5.5.  Legal Intercept

   Legal Intercept stands for legally authorized capture & delivery of
   subscriber communications data by a communications provider to a law
   enforcement agency (LEA).  The communications data, which the LEA
   will intercept as part of the target subscriber surveillance, is
   classified into two types, Communication Content (CC) and Intercept
   Related Information (IRI).  CC is the bearer data exchanged to and
   from the subscriber.  IRI provides the relevant context information
   for the CC.  IRI is a loosely defined term and the scope varies for
   different end user applications.

   In most of the countries, there are legal obligations for Service
   Providers to facilitate the intercept of any subscriber's
   communication, if requested by law enforcement agencies.
   Communications Assistance for Law Enforcement Act (CALEA), the United
   States wiretapping law passed in 1994 is an example for such legal
   mandates.

   For various SP Wi-Fi deployment models covered in this document,
   legal intercept will be a requirement and one or more network
   elements in the system should support the Intercept and forwarding or
   IRI, CC or both to the LI mediation systems which in turn will
   provide the intercepted information to law enforcement agencies

5.6.  SIPTO Considerations

   Depending up on the deployment use case, SIPTO may be desirable use
   case for flat as well as hierarchical models.  For the flat models,
   SIPTO can be implemented at the MAG itself.  With chaining model



Gundavelli, et al.       Expires April 24, 2014                [Page 17]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


   SIPTO can be done either at the level-1MAG or the intermediate
   gateway doing the chaining.

















































Gundavelli, et al.       Expires April 24, 2014                [Page 18]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


6.  IANA Considerations

   This specification does not require any IANA actions.
















































Gundavelli, et al.       Expires April 24, 2014                [Page 19]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


7.  Security Considerations

   All the security considerations from the base Proxy Mobile IPv6
   specifications, [RFC5213] and [RFC5844], apply equally well to Proxy
   Mobile IPv6 domains supporting IEEE 802.11-based access networks.
   The support for IEEE 802.11-based access networks does not require
   any new security considerations and does not introduce any new
   security vulnerabilities known at this time.











































Gundavelli, et al.       Expires April 24, 2014                [Page 20]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


8.  Acknowledgements

   The author of this document thanks the members of the NETLMM working
   group for all the discussions related to this topic.















































Gundavelli, et al.       Expires April 24, 2014                [Page 21]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


9.  References

9.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC5213]  Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K.,
              and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008.

   [RFC5779]  Korhonen, J., Bournelle, J., Chowdhury, K., Muhanna, A.,
              and U. Meyer, "Diameter Proxy Mobile IPv6: Mobile Access
              Gateway and Local Mobility Anchor Interaction with
              Diameter Server", RFC 5779, February 2010.

   [RFC5844]  Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy
              Mobile IPv6", RFC 5844, May 2010.

   [RFC6085]  Gundavelli, S., Townsley, M., Troan, O., and W. Dec,
              "Address Mapping of IPv6 Multicast Packets on Ethernet",
              RFC 6085, January 2011.

9.2.  Informative References

   [I-D.liebsch-netext-pmip6-authiwk]
              Gundavelli, S., Liebsch, M., and P. Seite, "PMIPv6 inter-
              working with WiFi access authentication",
              draft-liebsch-netext-pmip6-authiwk-05 (work in progress),
              September 2012.

   [RFC4861]  Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
              "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
              September 2007.

   [RFC5415]  Calhoun, P., Montemurro, M., and D. Stanley, "Control And
              Provisioning of Wireless Access Points (CAPWAP) Protocol
              Specification", RFC 5415, March 2009.

   [RFC5845]  Muhanna, A., Khalil, M., Gundavelli, S., and K. Leung,
              "Generic Routing Encapsulation (GRE) Key Option for Proxy
              Mobile IPv6", RFC 5845, June 2010.

   [RFC5846]  Muhanna, A., Khalil, M., Gundavelli, S., Chowdhury, K.,
              and P. Yegani, "Binding Revocation for IPv6 Mobility",
              RFC 5846, June 2010.

   [RFC6224]  Schmidt, T., Waehlisch, M., and S. Krishnan, "Base
              Deployment for Multicast Listener Support in Proxy Mobile



Gundavelli, et al.       Expires April 24, 2014                [Page 22]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


              IPv6 (PMIPv6) Domains", RFC 6224, April 2011.

   [RFC6475]  Keeni, G., Koide, K., Gundavelli, S., and R. Wakikawa,
              "Proxy Mobile IPv6 Management Information Base", RFC 6475,
              May 2012.

   [RFC6572]  Xia, F., Sarikaya, B., Korhonen, J., Gundavelli, S., and
              D. Damic, "RADIUS Support for Proxy Mobile IPv6",
              RFC 6572, June 2012.










































Gundavelli, et al.       Expires April 24, 2014                [Page 23]

Internet-Draft     Proxy Mobile IPv6 for WLAN Networks      October 2013


Authors' Addresses

   Sri Gundavelli
   Cisco
   170 West Tasman Drive
   San Jose, CA  95134
   USA

   Email: sgundave@cisco.com


   Byju Pularikkal
   Cisco
   170 West Tasman Drive
   San Jose, CA  95134
   USA

   Email: byjupg@cisco.com


   Rajeev Koodli
   Cisco
   170 West Tasman Drive
   San Jose, CA  95134
   USA

   Email: rcoodli@cisco.com
























Gundavelli, et al.       Expires April 24, 2014                [Page 24]