6 Tunnel Management

29.1393GPP3GPP system - fixed broadband access network interworkingHome (e)Node B - security gateway interfaceRelease 17TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

6.1 General

The tunnel is an IPsec tunnel established via an IKEv2 protocol exchange IETF RFC 5996 [5] between the H(e)NB and the SeGW which is through the Fixed Broadband Access Network.

In an IPv4 Fixed Broadband Access Network, NAT can be deployed between the H(e)NB and the SeGW, e.g. in a Residence Gateway. A H(e)NB behind the NAT shall invoke the NAT traversal procedure for IKEv2. The IPsec tunnel is encapsulated over UDP in the Tunnel-Mode as specified in IETF RFC 5996 [5].

6.2 H(e)NB procedures

6.2.1 Tunnel establishment

6.2.1.1 IP address allocation

The SeGW shall provide the IP address to the H(e)NB for the communication with the EPC network.

For dynamic IP address allocation, the H(e)NB shall include the requested IP address type (IPv4 address or IPv6 address) that needs to be configured in an IKEv2 CFG_REQUEST Configuration Payload in the IKE_AUTH request message as defined in IETF RFC 5996 [5] after reception of the IKE_SA_INIT response from the SeGW.

6.2.1.2 NAT Traversal

NAT can be deployed in an IPv4 Fixed Broadband Access Network. IKEv2 NAT Traversal specified in section 2.23 of IETF RFC 5996 [5] shall be supported by H(e)NB.

If NAT is detected between the H(e)NB and SeGW, the following procedures shall be performed:

– UDP-Encapsulated ESP as defined in IETF RFC 5996 [5];

– sending the NAT-keepalive packet to keep NAT mapping alive if no other packet to the SeGW has been sent in M seconds as defined in the IETF RFC 3948 [6];

NOTE: M is a locally configurable parameter with a default value of 20 seconds as defined in the IETF RFC 3948 [6].

6.2.1.3 H(e)NB NATed Tunnel-IP address discovery

If NAT is detected between the H(e)NB and SeGW, the H(e)NB shall request the SeGW to return the H(e)NB local IP address information by including the EXTERNAL_SOURCE_IP4_NAT_INFO attribute as defined in subclause 7.1.1.1 in the CFG_REQUEST Configuration Payload within the IKE_AUTH request message. The length field of the attribute shall be set to zero. The NATed IPv4 Address field and UDP Port number field shall be absent.

If the H(e)NB subsequently receives the EXTERNAL_SOURCE_IP4_NAT_INFO attribute in the CFG_REPLY configuration payload from the SeGW, the H(e)NB shall report the IP address received in EXTERNAL_SOURCE_IP4_NAT_INFO attribute as the H(e)NB local IP address to the MME/SGSN.

6.2.2 Tunnel modification

NAT mappings can change when the UDP port number is reassigned by the NAT, and/or H(e)NB local IP address is reallocated due to NAT restart.

Upon NAT remapping, the SeGW initiates the tunnel disconnection procedure as specified in subclause 6.3.3. Then the H(e)NB shall re-initiate the tunnel establishment procedure as specified in sub-clause 6.2.1.

6.2.3 Tunnel disconnection

The H(e)NB shall use the procedures defined in IETF RFC 5996 [5] to disconnect an IPsec tunnel to the SeGW.

6.3 SeGW procedures

6.3.1 Tunnel establishment

6.3.1.1 IP address allocation

For dynamic IP address allocation, upon receipt of an IKE_AUTH request message from the H(e)NB requesting the IP address, the SeGW shall include the remote IP address information in the IKEv2 Configuration Payload (CFG_REPLY) of the final IKE_AUTH response message to the H(e)NB. The SeGW shall assign either an IPv4 or an IPv6 address to the H(e)NB via a single CFG_REPLY Configuration Payload.

6.3.1.2 NAT Traversal

NAT can be deployed in an IPv4 Fixed Broadband Access Network. IKEv2 NAT Traversal specified in section 2.23 of IETF RFC 5996 [5] shall be supported by SeGW.

If NAT is detected between the H(e)NB and SeGW, the SeGW shall use UDP-Encapsulated ESP as defined in IETF RFC 5996 [5].

6.3.1.3 H(e)NB NATed Tunnel-IP address discovery

If the SeGW receives the EXTERNAL_SOURCE_IP4_NAT_INFO attribute as defined in subclause 7.1.1.1 in the CFG_REQUEST configuration payload within IKE_AUTH request message, the SeGW shall provide the H(e)NB local IP address information (i.e. NATed IPv4 address and UDP port number) to the H(e)NB by including the EXTERNAL_SOURCE_IP4_NAT_INFO attribute in the CFG_REPLY configuration payload within the IKE_AUTH response message.

6.3.2 Tunnel modification

NAT mappings can change when the UDP port number is reassigned by the NAT, and/or H(e)NB local IP address is reallocated due to NAT restart.

If NAT remapping is detected by the SeGW, the SeGW shall initiate the tunnel disconnection procedure (see subclause 6.3.3).

NOTE: No procedures are defined in current release of specification to enable the SeGW to send the modified H(e)NB local IP address information to the H(e)NB during the lifetime of IKEv2 security association.

6.3.3 Tunnel disconnection

The SeGW shall use the procedures defined in IETF RFC 5996 [5] to disconnect an IPsec tunnel to the H(e)NB.