210 likes | 452 Views
The WiMAX Ecosystem & Juniper AAA for WiMAX. The WiMAX Ecosystem. Application Service Network. Access Service Network. Connectivity Service Network. WiMAX Reference Model. There are four main functional areas in the WiMAX reference model
E N D
The WiMAX Ecosystem
Application Service Network Access Service Network Connectivity Service Network WiMAX Reference Model There are four main functional areas in the WiMAX reference model • Mobile Station: The device used by the subscriber to get on the network • Network Access Provider (NAP) : Provides the radio access functionality • Network Service Provider (NSP) : Provides IP connectivity services • Application Service Provider (ASP): Can provide value added services through relationships with the NSP • This architecture is expected to enable a rich delivery of networking, services and business opportunities to the WiMAX community • A network operator may provide one or more of these roles as they extend their service offering to encompass WiMAX Mobile Station
WiMAX Functional Components • Mobile Station • Is the device used by the end user to access the network • Access Service Network Gateway (ASN GW) • Located at the Network Access Provider the ASN GW provides radio resource management, access control, mobility management services • Mobile IP Home Agent (MIP-HA) • Located at the Connectivity Service Provider the MIP-HA acts as mobility anchor, provides access to ip based services and acts as policy enforcement point for policy management applications • AAA Server • Located at the Connectivity Service Provider the AAA server provides authentication and authorization of subscribers, devices (or both) as well as mobility management
Internet WiMAX Reference Architecture NAP Network Access Provider NSP Network Service Provider V-AAA H-AAA Application Service Provider Steel-Belted Radius Steel-Belted Radius ASN GW MIP-HA Connectivity Service Provider Network Access Provider Mobile Core MS
RADIUS RAN RAN IP Network Home Agent FA FA RADIUS RADIUS RADIUS Mobile IP in WiMAX H-AAA V-AAA IP Address a.b.c.d FAHA IP Tunnel IP Edge Access MS IP Edge IP Edge Access NAP Network Access Provider NSP Network Service Provider
AAA functions in a WiMAX network • Network Attachment: Securely attach a user/device (or both to the network), and manage its authentication keys throughout the session lifetime • Mobility Management: Manage a user’s mobility throughout the session lifetime. • Resource Management: Assign and manage a user’s network resources • User IP-Addresses • Home Agent assignment • Quality of Service: Manage and assign a user’s WiMAX QoS flows and authorize their activation • Billing: Provide user/session and QoS flow (service session) based accounting and reconciliation • Roaming: Act as a Visited or Home AAA in roaming scenario’s. Ensure proper authentication and billing
The protocol: EAP • The Extensible Authentication Protocol (EAP) is an IETF standard initially designed for use within the PPP Protocol • The purpose of EAP is to provide a framework for credential exchange that enables innovation of credential exchange protocols • EAP-Types are the specific credential exchange protocols carrier by EAP • The EAP-Types utilized by WiMAX are • EAP-TTLS (Tunneled TLS) • EAP-AKA • EAP-TLS
What Credentials go with what EAP-Type? • EAP-Types have been typically designed for specific purposes, usually based upon the credential type they transport • The EAP-Types specified for WiMAX serve to handle a specific authentication type the leverages a certain form of credential • The three types of authentication for WiMAX again are • User Authentication • Device Authentication • Both user and device authentication
Mobility Management • Along with user authentication the AAA server must be capable of determining and configuring a Mobile IP Session for the subscriber. • To setup this Mobile IP Session the AAA server must be capable of the following • Mobile IP key derivation: • Derive mobile keys and store them for re-authentication or handover • Mobile IP key distribution: • Distribute Mobile IP keys to Foreign Agent (ASN-GW) • Distribute Mobile IP keys to Home Agent • Mobile IP resource assignment: • Manage Home Agent resources • HoA (Home Address) Assignment
Internet How AAA Authenticates a WiMAX Session NAP Network Access Provider NSP Network Service Provider RADIUS Application Service Provider Steel-Belted Radius Steel-Belted Radius V-AAA H-AAA RADIUS RADIUS Mobile IP Tunnel EAP Mobile Core ASN GW MIP-HA MS Network Access Provider Connectivity Service Provider
Juniper AAA for WiMAX
Standard Attachment methods supported with WiMAX mobility key generation EAP/TTLS SQL LDAP EAP/TLS PKI SBR/Carrier EAP/SIM-AKA SS7 HLR SIGTRAN • EAP methods support WiMAX mobility key generation • EAP-TTLS implementation from the pioneer of the protocol (Funk) • EAP-SIM/AKA implementation proven in countless PWLAN/UMA solutions • Support for other EAP protocols: MD5, LEAP, GTC, POTP, PEAP,FAST
WiMAX Mobility Management • Mobile IP key derivation: • Derive mobile keys and store them for re-authentication or handover • When Implementing SBR Carrier in clustered configuration, these keys are available to ALL of the SBR Carrier frontend servers in subsequent transactions • Mobile IP key distribution: • Distribute Mobile IP keys to Foreign Agent (ASN-GW) • Distribute Mobile IP keys to Home Agent • Mobile IP resource assignment: • Manage Home Agent resources • HoA (Home Address) Assignment RADIUS EAP RADIUS ASN CSN EAP Access [ Aggregation ] ASN-GW HA
Home Agent Management and Assignment • Simple Home Agent Assignment: • Fixed HA is assigned to the ASN on authentication • Dynamic Home Agent Assignment: • Primary-backup HA assignment • Home Agent Load Balancing • Round Robin HA assignment • Weighted Round Robin HA assignment • Smart Dynamic Home Agent Assignment: • SBR Carrier monitors Home Agent load and health and adapts Dynamic Home Agent assignment algorithm according to HA feedback Dynamic HA Assigment Smart Dynamic HA Assigment Load, health? 70% load HA Assignment Access Accept HA Assignment Access Accept Load, health? HA HA 30% load HA ASN-GW HA
Home Address (IP-Address) assignment SBR Carrier Standalone SBR Carrier with HA Session Cluster • Static IP-Address assignment: • From a user profile • From an LDAP or SQL database • Dynamic IP-Address assignment (IP-Pools): • Support for multiple address ranges per pool • Support overlapping address ranges in different pools (virtualization scenario) • Pools can be associated with: • A user profile in the native database or an external database • A NAS device • A virtual realm • Per service • Per organization • Hosting ScalableDB Cluster • Centralized IP-pool management • All AAA nodes have access to the same address pools • Splitting of address pools no longer required: the full address space can be attributed “Stateless”SBR Servers
FA SBR Carrier roaming features • Act as Home AAA • Network attachment, mobility management, resource management, billing, QoS, Service delivery, … • Act as a Visited AAA • Mobility management, resource management, billing, QoS, … • Advanced proxy features: • Support for multiple proxy realms • Proxy load balancing • Proxy fast fail groups • Advanced filtering and scripting: • Inbound and Outbound • Remove, add and change attributes • Scripting allows custom attribute manipulation and DB access Home Network 1 Realm1 Realm1 Realm2 V-AAA Home Network 2 AAA server in Fastfail Outbound filter SBR as H-AAA SBR as V-AAA Home Network Inbound filter Visited Network
WiMAX access network QoS • Access network QoS profile transmitted to ASN-GW: • Access network QoS • Subscriber and Service QoS • Uplink/downlink rate limiting • QoS AAA modes: • HAAA: subscriber based QoS • VAAA: roaming peer based: Enforce visited network QoS over home network provided QoS • Types of QoS profiles: • HAAA: Subscriber/group based • Home network QoS • Roaming QoS • VAAA: Ability to rewrite QoS profile attributed by HAAA LDAP SQL QoS Profile ASN CSN Access ASN-GW HA