6 Policy and QoS interworking

23.1393GPP3GPP system - fixed broadband access network interworkingRelease 17Stage 2TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

6.1 General

6.1.1 Principles for EPC-routed traffic

Policy control for EPC routed traffic is provided when either 3GPP access authentication or tunnel based authentication is performed.

Multi Access PDN Connectivity for WLAN access located in a Fixed Broadband Access Network implies that a 3GPP UE with multi access PDN connectivity capabilities can connect to WLAN access located in a Fixed Broadband Access Network as described in TS 23.401 [2] and TS 23 402 [3].

Integrity and confidentiality protection for S2c trusted scenarios can be optionally activated by the UE or the PDN GW as defined in TS 23 402 [3]. In the case of confidentiality protection the Fixed Broadband Access Network does not have visibility of the inner header, similarly to what happens to the untrusted S2c case. However, given that DSCP of the outer header is used for packet differentiation, the procedures to support interworking with Fixed Broadband Access Network do not need to change due to the activation of confidentiality protection.

If the H(e)NB is located behind a NATed RG the H(e)NB local IP address is provided to the H(e)NB by the SeGW as part of the set up of the security tunnel with the SeGW using IKEv2 signalling.

A new HNB local IP address is provided by the SeGW to the HNB then included in Iu signalling (refer to the definition of INITIAL UE MESSAGE message, RELOCATION COMPLETE message and ENHANCED RELOCATION COMPLETE REQUEST message in TS 25.413 [28]) to the SGSN.

A new HeNB local IP address is provided by the SeGW to the H(e)NB then included in S1 signalling (refer to the definition of INITIAL UE MESSAGE message, HANDOVER NOTIFY message and PATH SWITCH REQUEST message in TS 36.413 [29]) to the MME.

6.1.2 Principles for Non-seamless WLAN-offload traffic

Policy control for NS-WLAN offloaded traffic is provided only if 3GPP access authentication is performed.

Policies for a UE’s NS-WLAN offloaded traffic are sent from the EPC Network to the Fixed Broadband access network via S9a.

Policy interworking via S9a for NS-WLAN offloaded traffic in this release is supported for scenarios without NAT in the BBF domain,

For architecture scenario A in clause 4.2.4, the PCRF shall bind the request from AF with an existing IP-CAN session established over S9a using the UE local IP address received from AF and if available the subscriber ID (e.g. IMSI).

For architecture variant B in clause 4.2.4, it is assumed that BPCF binds the request from AF with an existing IP-CAN Session established over S9a using the UE local IP address received from AF and if available the subscriber ID (e.g. IMSI).

For architecture variant C in clause 4.2.4, in solicited application reporting mode, the PCRF shall start the Sd session with the TDF when an indication of IP-CAN session establishment is received over S9a for the UE local IP address. In unsolicited application reporting mode, the TDF notifies the PCRF of the detected service using the Sd interface.

The UE may simultaneously have one or more connection(s) to the EPC and a connection to NS-WLAN using the same local IP address. In order to allow the BNG to distinguish and to enforce separated QoS control for EPC routed traffic (tunnelled using SWu, S2c) and for NSWO traffic, the PCRF shall send the destination IP address of the IPSec outer IP header, i.e. the ePDG IP address (for S2b and untrusted S2c access), and PDN GW IP address(es) (for trusted S2c) and the UDP source port number (for used by IPSec tunnel traffic) to the BPCF.

6.2 Application of PCC to Fixed Broadband Access interworking

Fixed Broadband Access networks that support BBF Policy Framework and EPC network that supports the PCC interworked via procedures specified in TS 23.203 [4], Annex P.

6.3 QoS solution for 3GPP and Fixed Broadband Access Interworking

6.3.1 Generic

This clause describes how to detect and classify IP packets for the purpose of QoS treatment in the Fixed Broadband Access network. The solution is based on DSCP marking of packets traversing the Fixed Broadband Access network. The Fixed Broadband Access network (e.g. BNG) makes packet classification based on the DSCP of the incoming packets. The solution assumes functionality in the BBF domain, all these functions are out-of-scope for 3GPP; also, these functions may or may not be implemented depending on the agreement between 3GPP and Fixed Broadband Access operator, these functions are described for information only.

Fixed Broadband Access network currently supports the DSCP marking as specified in BBF TR-092 [20] for BRAS, in BBF TR‑101 [8] for Access Nodes and Aggregation Nodes and in BBF TR-124 Issues 2 [21] for the RG.

Figure 6.3.1-1: Packet classification and packet forwarding treatment in a 3GPP-Fixed Broadband Access interworking scenario for traffic routed to EPC

Figure 6.3.1-2: Packet classification and packet forwarding treatment in a 3GPP-Fixed Broadband Access interworking scenario for NS-WLAN offload traffic

The figure 6.3.1-1 and the figure 6.3.1-2 are simplified and the intermediate transport network entities in both figures are not shown. The details of traffic handling in the Fixed Broadband Access domain are out of 3GPP scope.

In order to support QoS in Fixed Broadband Access:

– The BPCF needs to map the QoS information (QCI, bit rates, ARP) received over S9a to access-specific parameters applicable in the Fixed Broadband Access network as specified in TR-203 [6].

– The BRAS/BNG can perform QoS treatment and QoS remapping based on DSCP value of the outer IP header as specified in BBF TR-059 [26]. For NS-WLAN offload traffic, the BRAS/BNG can support per-flow DSCP marking on each packet based on the QoS information received via R interface.

– The RG can perform QoS treatment and QoS remapping based on DSCP value of the outer IP header based on pre-provisioned rules in the RG as specified in BBF TR-059 [26].

– For both EPC routed traffic and NS-WLAN offload traffic cases, if the UE implements reflective QoS and the Fixed Broadband Access network needs to be protected from a misbehaving UE, Fixed Broadband Access needs to implement protective measures (e.g. per-UE bandwidth limitation in the RG or in the BNG).

– The decision to apply Reflective QoS is performed as part of the AAA signalling for UE authentication. The 3GPP AAA takes the decision to apply Reflective QoS based on the capabilities of the UE, the type of access and local policies then informs the UE.

– If the UE supports Reflective QoS then the UE shall indicate support of reflective QoS to the 3GPP AAA server during the authentication procedure using EAP-AKA signalling.

– In response to the UE indication, the 3GPP AAA may provide an indication to the UE on whether Reflective QoS shall be applied during the UE authentication procedure using EAP-AKA signalling.

– When access authentication is performed the BBF AAA informs the 3GPP AAA that the UE is attached via BBF-defined Fixed Broadband access network in over STa/SWa and the UE shall perform UE reflective QoS on all traffic of the attached network. The UE shall disable the reflective QoS if the UE is detached or moves away from the attached Fixed Broadband access network.

– When authentication is performed as part of IKEv2 signalling the 3GPP AAA determines if the UE is connected via a BBF-defined WLAN access based on UE Local IP address received in EAP-AKA signalling over SWm or S6b and the UE shall perform UE reflective QoS on the tunnelled traffic of the attached network. The UE shall disable the reflective QoS if the tunnel established by using the IKEv2 signalling is released.

NOTE: In this Release there is no procedure defined to support activation and deactivation of Reflective QoS towards the UE when moving from one BBF defined Fixed Broadband Access network into another BBF defined Fixed Broadband Access network.

6.3.2 Downlink

6.3.2.1 EPC routed traffic

For the WLAN case, the P-GW in the 3GPP domain sets a per-flow DSCP marking on each packet outer header, as defined in TS 23 402 [3]. In un-trusted scenarios where traffic is sent in an IPSec tunnel from ePDG to the UE, the ePDG shall copy that marking to the new outer header unless DSCP remapping is performed as defined in clause 6.3.4.

For the H(e)NB case, the P-GW in the 3GPP domain sets a per-flow DSCP marking on each packet outer header, as defined in TS 23.401 [2]. The SeGW shall copy that marking to the new outer header.

NOTE 1: DSCP remapping performed as defined in clause 6.3.4 may apply.

The BRAS/BNG located in between the H(e)NB and the SeGW/H(e)NB GW and between the UE and ePDG/PDN GW, may perform QoS treatment and QoS remapping based on DSCP value of the outer IP header.

For the control plane in the H(e)NB case, the QoS associated with control plane traffic (e.g. H(e)NB management traffic, Iu/S1 messages) could be preconfigured in the relevant network entity (e.g. H(e)MS, MME/SGSN) for downlink. The relevant message traffic thus may be marked with the appropriate DSCP according to the preconfigured QoS. The SeGW shall copy this DSCP if it exists from the inner header to the outer header.

NOTE 2: It is assumed that the MME/SGSN set the DSCP value of signalling traffic independently whether there is H(e)NB or not.

6.3.2.2 NS-WLAN offloaded traffic

The BNG/BRAS in the BBF domain may set a per-flow DSCP marking on each packet header. Alternatively, for operator deployments when the BNG is not at the network edge, the BNG may perform QoS treatment based on the DSCP value of the packet IP header.

6.3.3 Uplink

For the WLAN case, including EPC-routed traffic and NS-WLAN offload traffic, DSCP marking may be performed by the UE by means of reflective QoS. The UE creates a 5-tuple rule from the corresponding downlink 5-tuple derived from the downlink IP traffic. It associates that uplink rule with the DSCP received in corresponding downlink 5-tuple. Each uplink packet matching that uplink rule is marked with the associated DSCP.

For IP flows initiated from the UE, uplink packets will not be marked until a marked downlink packet is received with the downlink n-tuple that matches the received uplink n-tuple.

Some clarifications to the function of reflective QoS in the UE (this describes only the logical function for the reflective QoS marking, the implementation might be differently):

– For each incoming downlink IP packet the UE checks if a DSCP marking rule for the n-tuple of this IP packet exists. If the rule does not exist, then a new marking rule is added. Otherwise, the DSCP value and the time stamp for this marking rule are set.

– The uplink n-tuple in each marking rule is made from the downlink n-tuple of that rule by swapping address (and port) destination and source.

– For each outgoing IP packet the UE checks if a marking rule for this IP packet exists. If the n-tuple of the packet matches the uplink n-tuple of a marking rule, then the DSCP value of the packet is set to the DSCP value of that marking rule. The time stamp for that rule is set.

– For tunnelled scenarios, the n-tuples correspond to the n-tuples of the inner header of the packet. In all scenarios, the DSCP value of the marking rule is the DSCP value of the outer header of the packet. This in both downlink and uplink direction.

– A marking rule is removed when a certain period of time has passed since the time stamp.

– The function of reflective QoS will overwrite DSCP markings set by the UE application.

The Fixed Broadband Access implements bandwidth limitation on a per-line granularity. However, at this point in time, Fixed Broadband Access does not implement per-device bandwidth limitation in the RG. Therefore, the UE may take more uplink resources between RG and PDN GW then it was entitled to by S9a admission control (e.g. the UE might set the DSCP incorrectly). Fixed Broadband Access might implement a number of mechanisms to protect the Fixed Broadband Access network from a misbehaving UE :

– The RG might have pre-configured rules to allow only 3GPP UEs to set DSCP. Distinguishing 3GPP UE from other devices might for example be based on authentication (always EAP-AKA for 3GPP UEs) or from packet destination address (always ePDG/P-GW for S2b/S2c).

– The BNG may enforce UE bandwidth limitation based on the information (including QoS rules) received over S9a via the BPCF. These rules may have a different granularity as determined suitable for the Fixed Broadband Access network (e.g. in a scenario with user place confidentiality protection). The granularity may be on a per UE and DSCP or per UE and IP flow basis.

For the H(e)NB case, DSCP marking is performed by the H(e)NB according to the QoS information of the EPS bearer/PDP context. The H(e)NB shall copy the marking to the outer header. Based on H(e)NB configuration either the QCI mapping or the Reflective QoS may be used.

The RG and BNG located in between the H(e)NB and the SeGW/H(e)NB GW and between the UE and ePDG/PDN GW may perform QoS treatment and QoS remapping based on DSCP value of the outer IP header.

For the control plane in the H(e)NB case, the QoS associated with control plane traffic (e.g. H(e)NB management traffic, Iu/S1 messages) could be preconfigured in the H(e)NB for uplink. The H(e)NB marks the relevant message traffic with the appropriate DSCP according to the preconfigured QoS. It then copies the DSCP from the inner header to the outer header to ensure the correct QoS treatment in the tunnel before it gets into it.

6.3.4 DSCP remapping

This clause is only applied to EPC routed traffic case.

Since different domains and operators might use different DSCP values, the scheme above only works if there are agreed re-mappings of the DSCP values. E.g., there might be an edge router in inter-operator domain boundaries that re-maps the DSCPs.

It is assumed that there are appropriate inter-operator agreements (e.g. SLAs) in place to ensure that such re-mapping is consistent and predictable. If there is no such inter-operator agreement, the DSCP re-mapping may not be consistent and predictable.

6.3.5 Correlating admission control with DSCP marking

NOTE: This clause is applied to both EPC routed case and NS WLAN-offload traffic case.

In Fixed Broadband Access the admission control decision may be performed by the BPCF or be delegated by the BPCF to another Fixed Broadband Access node. Based on the admission control decision, the BPCF accepts or rejects the request received over S9a. The Fixed Broadband Access operator may also want to ensure that the traffic for a specific UE is not exceeding the traffic agreed by admission control and communicated over S9a. In order to do so, the BPCF may provide policies to the BNG. These policies are based on the QoS Rules received over S9a but may have a different granularity as determined suitable for the Fixed Broadband Access network.

Regardless of the access method used, the BPCF shall be able to translate QCI received in QoS Rules on S9a into the DSCP that the BNG will see. To do this, the BPCF shall know the relation between QCIs and DSCPs for the traffic that enters the Fixed Broadband Access domain. The QCI to DSCP mapping used in BBF access network in under BBF responsibility.

The correlation function mentioned above is Fixed Broadband Access-internal and therefore out-of-scope for 3GPP.

6.3.6 Multiple IPSec Child SAs support

This clause is only applied to EPC-routed case.

RFC 4301 [27] clarifies that if different classes of traffic (distinguished by DSCP bits) are sent on the same IPSec Security Association (SA) and if the receiver is employing the optional anti-replay feature available in both AH and ESP; this could result in inappropriate discarding of lower priority packets due to the windowing mechanism used by this feature. If this anti-replay feature is implemented then the ePDG/SeGW (downlink) and UE/H(e)NB (uplink) should map IP flows of different DSCP to different child SA to avoid this problem.

When the UE initial access through S2b, or s2c with extended security enabled or when H(e)NB power on, depending on the operator’s policy, multiple IPSec child SAs with or without different DSCP are established between UE and ePDG or between H(e)NB and the SeGW. Both the uplink and downlink IP flows should be encapsulated and transferred within the appropriate child SA identified by the DSCP, if security association for different DSCP values are established, as described in RFC 4301 [27].

When a right child SA is not found a new child SA shall be created by the ePDG/SeGW (downlink) and UE/H(e)NB (uplink).

The increase of the anti-replay window size can also be used but it does not guarantee that packets will not be discarded.

6.4 Authentication and Security procedures for 3GPP and Fixed Broadband access interworking

The following procedures are defined for authentication of a 3GPP UE via a Fixed Broadband Access network as specified in TS 33.402 [23]:

– 3GPP-based access authentication. This assumes that the Fixed Broadband Access network supports 3GPP EAP-based access authentication and forwards EAP signalling messages between the UE and EPC.

– Tunnel authentication procedures for SWu. This authentication is transparent to the Fixed Broadband Access network.

– Authentication for S2c (DSMIPv6). This authentication is transparent to the Fixed Broadband Access network.

In procedure 1, the permanent user identity (i.e. an IMSI in EPC root NAI format as defined by TS 23.003 [24]) shall be provided upon successful authentication in the reply from 3GPP AAA to Fixed Broadband Access AAA, for both STa and SWa. The BPCF shall initiate an IP-CAN Session over S9a towards the PCRF for the UE as defined in clauses 7 and 8 and in TS 23.203 [4].

In procedure 2 and 3, a Gateway Control Session over S9a for this UE shall be triggered by the PCRF as defined in clauses 7 and 8 and in TS 23.203 [4].

Translation between RADIUS and Diameter is performed in the Fixed Broadband Access as described in TR-203 [6].