16.2.1 Initial Attach in WLAN on GTP S2a
23.4023GPPArchitecture enhancements for non-3GPP accessesRelease 18TS
Figure 16.2.1-1: Initial attachment in WLAN on GTP S2a for roaming, LBO and non-roaming scenarios
The home routed roaming, LBO and non-roaming scenarios are depicted in the figure 16.2.1-1:
– In the LBO case, the 3GPP AAA Proxy acts as an intermediary, forwarding messages from the 3GPP AAA Server in the HPLMN to the PDN GW in the VPLMN and vice versa. Messages between the PDN GW in the VPLMN and the hPCRF in the HPLMN are forwarded by the vPCRF in the VPLMN.
– In the home routed roaming and non-roaming cases, the vPCRF is not involved. In the non-roaming cases, the 3GPP AAA Proxy is not involved. In home routed roaming case, the 3GPP AAA Proxy is not involved in steps 5 and 12.
This procedure is also used to establish the first PDN connection over a trusted WLAN with S2a when the UE already has active PDN connections only over a 3GPP access and wishes to establish simultaneous PDN connections to different APNs over multiple accesses.
Either scenario (A) or scenario (B) is performed:
– Scenario (A) is defined as the TWAP sending the layer 2 attach trigger to the TWAG. This is done at successful EAP authentication (step 2). Completion of EAP authentication with the TWAP informing the UE of EAP success is deferred until step 8 after the tunnel was established (steps 3-7). The attach trigger signal sent from TWAP to TWAG includes MAC address and subscription data (including IMSI) of the UE. Steps 10-14 are omitted in scenario (A). Scenario (A) is applicable for all existing PDN Types (IPv4, IPv6, IPv4v6) and is the recommended way. Scenario (A) is only applicable for single-connection mode and transparent single-connection mode.
– Scenario (B) is defined as the TWAG using the layer 3 attach request (i.e. a DHCPv4 message) sent by the UE as the attach trigger. In this scenario steps 3-7 are omitted. Step 9 triggers the TWAG to establish the tunnel (steps 10-14). Between step 2 and step 10, the TWAG obtains subscription data (including IMSI) for the UE from the TWAP, based on the MAC address of the UE. How this is performed is out-of-scope for 3GPP. Scenario (B) is only applicable for transparent single-connection mode with PDN Type IPv4.
The steps below only refer to TWAN, not to specific functions internal to TWAN (i.e. TWAG, TWAP and WLAN AN).
1. The initial TWAN specific L2 procedures are performed. These procedures are TWAN specific and are outside the scope of 3GPP.
2. The EAP authentication procedure is initiated and performed involving the UE, the TWAN and the 3GPP AAA Server. In the roaming case, there may be several AAA proxies involved. When receiving the first EAP message from the UE, the TWAN transfers it to the AAA server with an indication of the modes of operation that it supports and, if TWAN supports multi-connection mode, with the supported TWAG IPv4, IPv6 or both control plane addresses for WLCP transport. Subscription data is provided to the TWAN by the HSS/AAA in this step. The list of all the authorized APNs, including additional PDN GW selection information is returned to the TWAN as part of the reply from the 3GPP AAA Server to the TWAN as described in clause 4.5.1. The Subscription data may also include a default APN for WLAN that, in case of transparent single-connection mode, may be different from the default APN for other accesses. The 3GPP AAA Server also returns to the TWAN the User Identity to be used to identify the UE in the Create Session Request (step 3 or 10).
During the EAP authentication procedure, the UE may negotiate with the AAA Server a connection mode (e.g. single-connection or multi-connection mode) as described in clause 16.1.4A. In addition, the UE may provide connectivity parameters during EAP authentication, as described below.
During the EAP authentication procedure the 3GPP AAA Server may request the UE to provide its IMEI(SV). In that case the UE shall signal its IMEI(SV) to the 3GPP AAA Server. The 3GPP AAA Server forwards IMEI(SV) received from the UE to the TWAN (over STa).
If the UE requests single-connection mode, the UE provides a connectivity parameter indicating the type of requested connectivity, i.e. whether it requests EPC access or non-seamless WLAN offload. If the UE requests EPC access, it may provide additional connectivity parameters such as the PDN type, attach type (initial attach), the requested APN and Protocol Configuration Options. These connectivity parameters are sent to the 3GPP AAA Server during the EAP-AKA’ authentication procedure. The 3GPP AAA Server sends these connectivity parameters to the TWAN.
If the UE requests multi-connection mode and, if this request is accepted by the network, the UE is also made aware if non-seamless WLAN offload is authorized. If non-seamless WLAN offload is authorized, then the UE receives the address or prefix of the non-seamless WLAN offload connection as part of steps 9 and 15. In multi-connection mode, steps 3-7 and steps 10-14 are skipped. If the UE requests multi-connection mode and this request is accepted by the network, the AAA server using EAP-AKA’ procedure provides the UE with the supported TWAG control plane address(es), among which the UE selects a single address to be used for WLCP.
If the 3GPP AAA server does not provide network connection mode capabilities or, if the 3GPP AAA server does not receive a connection mode request from the UE, then the transparent single-connection mode is used.
NOTE 1: If the transparent single-connection mode is used, then it is recommended that the default APN for TWAN is different from any APN that the UE may use on the 3GPP side. Nevertheless, for an UE the default APN for TWAN may be used on other access technologies. In that case:
– The TWAN may select a single or different PDN GWs for PDN connections to this APN that are active at the same time via the 3GPP access network and the TWAN. If a single PDN GW is selected then the APN-AMBR is enforced for all PDN connections for that APN. If different PDN GWs are selected then the APN-AMBR is enforced separately in the respective PDN GW for the PDN connection, i.e. the UE will receive double amount of bandwidth for the APN;
– The PDN GW identity provided by the 3GPP AAA server to HSS as part of the Initial Attach on TWAN may be different from and overwrite the PDN GW identity provided, for the same APN, by the MME/SGSN or by another PDN GW. Therefore, to avoid interfering with the PDN Connections over 3GPP access, the HSS should not be updated with the selected PDN GW identity for Trusted WLAN access. The 3GPP AAA Server could be configured to not provide the PDN GW identity selected as part of the Initial Attach on TWAN to HSS. This applies to step 5 and step 12 of this procedure. Depending on operator deployment there may also be proprietary means in the HPLMN to ensure that the HSS is not updated with the selected PDN GW identity for Trusted WLAN access.
– The PDN GW identity provided by the MME/SGSN to HSS as part of the Initial Attach on 3GPP may be different from the PDN GW identity selected for the same APN by the TWAN. As there is no mobility support, no action from the TWAN is expected when the TWAN is updated with the selected PDN GW identity for 3GPP access;
– PMIP-based S5/S8 with dynamic PCC can not be deployed since it will result in wrong session linking between Gateway Control Session and Gx session in the PCRF.
IEEE Std 802.1X-2004 [65] is used over the WLAN air link to carry EAP as defined by IEEE Std 802.11-2012 [64].
The TWAN may provide to the 3GPP AAA server via STa the SSID selected by the UE to access the TWAN and an indication whether it supports S2a, non-seamless offload, or both.
If the transparent single-connection mode is used, then the HSS/AAA may indicate via STa whether access to EPC via S2a or the use of NSWO or both are allowed for this subscriber. The HSS/AAA decision to allow EPC access or NSWO or both could be based on information elements such as subscriber profile, access network, and/or SSID selected. If the HSS/AAA decides to allow both EPC access and NSWO, the TWAN determines based on pre-configured information whether or not to establish S2a. If the TWAN determined that S2a shall not be used steps 3-7 and 10-14 are skipped. Instead, if it is authorized, the TWAN performs NSWO for the subscriber.
NOTE 2: For transparent single-connection mode, the authorization of both NSWO and EPC routed traffic by the 3GPP AAA is only applicable in non-roaming scenarios.
If the UE requests single-connection mode, the HSS/AAA indicates via STa its decision to accept the single-connection mode with either EPC access or NSWO. The TWAN determines based on the indication from HSS/AAA whether or not to perform PDN GW selection and S2a connection establishment. If the UE requested NSWO and it was accepted by the network, steps 3-7 and 10-14 are skipped.
2a) If IMEI check is required by operator policy and if the TWAN is in the HPLMN, the IMEI check shall be performed by the EIR in the home country. The 3GPP AAA server shall request the EIR to perform the IMEI check by sending the ME Identity Check Request (ME Identity, IMSI) to the EIR. Upon receiving the ME Identity Check Ack (Result) from the EIR, the 3GPP AAA server shall determine whether to continue or to stop the authentication and authorization procedure. If the 3GPP AAA server determines that the authentication and authorization procedure shall be stopped, it shall notify the UE with an appropriate cause value.
2b) If IMEI check is required by operator policy and if the TWAN is in the visited PLMN, the IMEI check shall be performed by the EIR in the visited country. In order to retrieve the IMEI(SV) from the UE, the 3GPP AAA proxy shall send a request to the 3GPP AAA server, which contains a parameter "IMEI check request in VPLMN" that indicates that the IMEI(SV) shall be retrieved by the 3GPP AAA server and shall be checked by the visited country EIR. The absence of this parameter indicates that IMEI check should not be performed.
If "IMEI check request in VPLMN" is set, the AAA server shall retrieve the IMEI(SV) from the UE and return it to the TWAN with the "IMEI check request in VPLMN". If the TWAN receives the "IMEI check request in VPLMN" together with the IMEI(SV), it shall forward the IMEI(SV) to the 3GPP AAA proxy, which shall request the EIR to perform the IMEI check by sending the ME Identity Check Request (ME Identity, IMSI) to the EIR. Upon receiving the ME Identity Check Ack (Result) from the EIR, the 3GPP AAA proxy shall determine whether to continue or to stop the authentication and authorization procedure. If the 3GPP AAA proxy determines that the authentication and authorization procedure shall be stopped, it shall forward the TWAN message together with the indication that the procedure shall be stopped. In this case, the AAA server shall notify the UE with an appropriate cause value.
The following steps 3-7 are only performed in scenario (A):
3. The TWAN selects the S2a protocol variant (either GTP or PMIP; GTP in this case). The TWAN may be configured with the S2a protocol variant(s) on a per HPLMN granularity, or may retrieve information regarding the S2a protocol variants supported by the PDN GW (PMIP or/and GTP) from the Domain Name Service function.
The TWAN selects the PGW as per the PGW selection procedure in clause 4.5.1; if the TWAN receives a PGW Identity under the form of a FQDN, it shall derive from the FQDN an IP address of a PGW for the selected mobility management protocol (GTP in this case).
NOTE 3: As for existing principles, to support separate PDN GW addresses at a PDN GW for different mobility protocols (e.g. PMIP or GTPv2), when deriving a PDN GW address with the Domain Name Service function, the PDN GW Selection function takes into account the mobility protocol type.
If the UE did not provide a requested APN in step 2, the TWAN selects the default APN according to the subscription data received in step 2. If the UE requested EPC access and indicated an APN in step 2, the TWAN verifies that it is allowed by subscription and selects that APN. The TWAN sends a Create Session Request (IMSI, APN, RAT type, TWAN TEID of the control plane, PDN Type, PDN Address, EPS Bearer Identity, Default EPS Bearer QoS, TWAN Address for the user plane, TWAN TEID of the user plane, APN-AMBR, Selection Mode, Dual Address Bearer Flag, Trace Information, Charging Characteristics, Serving Network, Additional parameters, Initial Attach Indication, IMEI(SV)) message to the PDN GW. The RAT type indicates the non-3GPP IP access technology type. The PDN Type shall be set based on the result of step 2. The TWAN shall set the Dual Address Bearer Flag when the PDN type is set to IPv4v6. The TWAN shall include Trace Information if PDN GW trace is activated. The Serving Network parameter identifies the selected PLMN used for 3GPP-based access authentication i.e. the VPLMN in roaming case, and the HPLMN in non-roaming case. The optional Additional Parameters may contain information, for example, Protocol Configuration Options. Additionally, the Create Session Request includes the current TWAN Identifier as described in clause 16.1.7 and the UE Time Zone. The IMEI(SV) shall be provided to the PDN GW if received from the AAA server.
The PDN GW creates a new entry in its bearer context table and generates a Charging Id. The new entry allows the PDN GW to route user plane PDUs between the TWAN and the packet data network and to start charging.
NOTE 4: The EPS Bearer Identity and Default EPS Bearer QoS parameters convey the S2a bearer identity and the default S2a bearer QoS.
4. The PDN GW initiates the IP‑CAN Session Establishment Procedure with the PCRF, as specified in TS 23.203 [19]. The PDN GW provides information to the PCRF used to identify the session. The PCRF creates IP‑CAN session related information and responds to the PDN GW with PCC rules and event triggers. The PCRF may modify the APN-AMBR and send the APN-AMBR to the PDN GW in the response message.
5. The selected PDN GW informs the 3GPP AAA Server of its PDN GW identity and the APN corresponding to the UE’s PDN Connection. The message includes information that identifies the PLMN in which the PDN GW is located. This information is registered in the HSS as described in clause 12.
When informing the 3GPP AAA Server of the PDN GW identity, the selected PDN GW also indicates the selected S2a protocol variant (GTP in this case); this allows the option for the 3GPP AAA Server or 3GPP AAA Proxy not to return to the PDN GW PMIP specific parameters (e.g. static QoS Profile, Trace Information, APN-AMBR) if GTP is used over S2a; the PDN GW shall ignore those parameters if received from the 3GPP AAA Server or 3GPP AAA Proxy.
6. The PDN GW returns a Create Session Response (PDN GW Address for the user plane, PDN GW TEID of the user plane, PDN GW TEID of the control plane, PDN Type, PDN Address, EPS Bearer Identity, EPS Bearer QoS, APN-AMBR, Additional parameters possibly including Protocol Configuration Options, Cause) message to the TWAN, including the IP address(es) allocated for the UE.
The PDN GW may initiate the creation of dedicated bearers on GTP based S2a (as it does on GTP based S5/S8 for an Attach on 3GPP access).
7. The GTP tunnel is set up between the TWAN and the PDN GW as described in step 3.
8. In single-connection mode, the TWAN informs the 3GPP AAA Server of the result of the tunnel setup, including APN, TWAG User Plane MAC address, accepted PDN Type, PDN Address and Additional Parameters received from the PGW. The UE is made aware if the requested connectivity type (non-seamless WLAN offload, EPC access with a requested APN) is accepted by the 3GPP AAA server. The TWAG User Plane MAC address is the MAC address of the TWAN which is used by the UE and the TWAN for encapsulating user plane packets. The 3GPP AAA server also indicates to the UE the TWAG User Plane MAC address, accepted PDN type, PDN Address, Additional Parameters. Also, if the UE requested EPC access without indicating a requested APN, then the network indicates the selected (default) APN. If the requested connectivity feature is not possible, the 3GPP AAA server rejects the request with a relevant authorization failure cause code.
In multi-connection mode, the TWAN shall be configured to accept WLCP traffic from the UE; otherwise the TWAN shall discard WLCP traffic from the UE.
TWAN sends EAP success to the UE thus completing EAP authentication.
After EAP authentication, UE traffic over the WLAN air link may be confidentiality and integrity protected as defined by IEEE Std 802.11-2012 [64].
NOTE 5: In transparent single-connection mode, it is implementation dependent if step 8 is performed before, after or in parallel to steps 3-7.
9. In transparent single-connection mode, the UE may send layer 3 attach request, (e.g. a DHCPv4 request as per IETF RFC 2131 [28]). In multi-connection mode, if UE uses IPv4, the UE obtains an IPv4 address to be used for WLCP transport and NSWO (if authorized) at this step.
NOTE 6: The UE may send IPv6 Router Solicitation at any time after step 8.
NOTE 7: It is assumed that, to identify the UE, the L3 attach request is transported in an L2 frame that contains the UE L2 address (MAC address).
10-14. These steps are equal to step 3-7.
NOTE 8: These steps are only performed for scenario (B), which is only possible in the case of transparent single-connection mode when the PDN type is IPv4 and a DHCPv4 request was sent in step 9.
15. In transparent single connection mode and in multi-connection mode, a DHCPv4 message with allocated IPv4 address and/or Router Advertisement with IPv6 prefix is sent to the UE. The UE may perform additional IP layer configuration with the TWAN as per standard IETF procedures, e.g. IPv6 Stateless Address Autoconfiguration as per IETF RFC 4862 [58], and Stateless DHCPv6 as per IETF RFC 3736 [30].
For single-connection mode, a Router Advertisement with IPv6 prefix may be sent to the UE. The UE may perform additional IP layer configuration as per standard IETF procedures, e.g. IPv6 Stateless Address Autoconfiguration as per IETF RFC 4862 [58], and Stateless DHCPv6 as per IETF RFC 3736 [30].
NOTE 9: For transparent single connection mode, a UE may request to get some IP configuration parameters (e.g. DNS server) by means of DHCP. These parameters sent by TWAN (acting as a DHCP server) to the UE in a DHCP reply. These parameters are retrieved by the TWAN from the PGW within Create Session Response.
NOTE 10: For scenario (A), after step 8, the TWAN may send unsolicited IP layer configuration signalling, e.g. RA, over the point-to-point link towards the UE.
16. In multi-connection mode, the procedure "UE initiated PDN connectivity request procedure in WLAN on S2a" in clause 16.8 may be performed to establish a PDN connection.