ePDG Changes in Release 21 - · PDF fileePDG Changes in Release 21.1 ... Configuring Use MCC...

ePDG Changes in Release 21.1

This chapter identifies features and functionality added to, modified for, or deprecated from ePDG in theStarOS 21.1 software release.

The following identifies all of the ePDG enhancements included in this release:

Feature Changes - new or modified features or behavior changes. For details, refer to the ePDGAdministration Guide for this release.

Command Changes - changes to any of the CLI command syntax. For details, refer to the ASR 5x00Command Line Interface Reference for this release.

Performance Indicator Changes - new, modified, and deprecated bulk statistics, disconnect reasons,counters and/or fields in new or modified schema and/or show command output. For detailed informationon the show commands, refer to the Statistics and Counters Reference for this release. For detailed informationon the counters and disconnect reasons, refer to the BulkstatStatistics_documentation.xls spreadsheet thatis included as part of the software companion package for this release

This release includes enhancements that are applicable to multiple products. The following lists the variousmulti-product enhancements sections, some of which might include content applicable to your ePDG.

Important

• AAA Changes

• CF Changes

• ECS Changes

• Firewall Changes

• GTPP Changes

• IPSec Changes

• NAT Changes

• SNMP MIB Changes

• System and Platform Changes

ePDG changes for 21.1 include:

• 3GPP R13 Emergency Call Support on the ePDG and P-GW, page 2

Release Change Reference, StarOS Release 21.1 1

• Sending SWm 3GPP AAA FQDN Address in CSReq, page 8

• Rel 13 based Emergency APN Support, page 10

• ePDG International Roaming - Redirection Based on Outer IP , page 12

• Send User location info to PGW, page 14

• Network Provided User Location Information reporting extensions over S2b interface , page 17

• EAP-MD5 Unable to send 2nd DER messages to diameter, page 21

• ePDG uses 3GPP Charging Characteristics Received Outside of APN Info, page 22

• IKEv2 DSCP Marking, page 22

• IKEv2 - Protection Against Distributed Denial of Service, page 22

• Operator-policy Instead of aaa-unreachable Disc Reason for IMSI Based Admission Control, page 22

• User Equipment Identity in IKE_AUTH Message, page 23

• LTE to Wifi Handoff bulkstats added to epdg-schema, page 23

3GPP R13 Emergency Call Support on the ePDG and P-GWCSCvb76292 - Emergency call support as per 3GPP R13 on ePDG & PGW

Feature Default: Enabled

Applicable Products: ePDG, P-GW

Feature DescriptionThe ePDG and P-GW support emergency call establishment over untrusted WiFi for the P-GW as per 3GPPRelease 13. Emergency bearer services are provided to support IMS emergency sessions. Emergency bearerservices are functionalities provided by the serving network when the network is configured to supportemergency services. Emergency bearer services are provided to normal attached UEs and, depending on localregulation, to UEs that are in limited service state. Receiving emergency services in a limited service statedoes not require a subscription.

Authentication Authorization Requests (AAA) to Diameter now carry the new Emergency-Indication AVPfor Untrusted WiFi emergency calls. Diameter requests related to PDN connections for emergency serviceshave the highest priority. Depending on regional/national requirements and network operator policy, theseDiameter requests are the last to be throttled, in the event that the 3GPP AAA Server has to apply trafficreduction.

Supported Functionality

3GPP Release 13 Emergency Call Support on the ePDG and P-GW includes the following functionality:

• Emergency call establishment over untrusted WiFi for the P-GW. The P-GW includes the newEmergency-Indication AVP over the AAA s6b interface only during Emergency PDN connectionestablishment.

• Lawful Intercept is supported for Emergency PDNs over the s2b interface.

Release Change Reference, StarOS Release 21.12

ePDG Changes in Release 21.13GPP R13 Emergency Call Support on the ePDG and P-GW

• Various Create Session Request message IEs have been modified to support all four different behaviorsof emergency bearer establishment.

• Intra- and Inter-chassis recovery are supported for emergency call over the s2b interface.

• Network initiated dedicated bearer creation is supported for emergency calls over the s2b interface.

• The maximum APN restriction is ignored for emergency APN.

• Multiple PDNs are supported for emergency calls over the s2b interface.

• Context replacement for emergency calls over the s2b interface without IMSI with same IMEI issupported.

• P-GW emergency related statistics and bulkstats are available.

• Graceful shutdown of s2b emergency calls is supported.

Previous Behavior: Emergency calls were not supported for the s2b interface. Also, handoff between thes2b interface and LTE was not supported for emergency calls.

New Behavior: Emergency calls are now supported on the s2b interface and handover is also supported foremergency calls from the s2b interface to LTE and vice-versa for "authenticated imsi" only.

How it WorksThe ePDG sends a Create Session Request (CSReq) message to the P-GW. The P-GW deduces the emergencyrelated policies to apply from the Access Point Name (APN) received in the CSReq message. For emergencyattached User Equipment (UE), if the International Mobile Station Identifier (IMSI) cannot be authenticated


ePDG Changes in Release 21.1How it Works

or the UE has not provided it, then the International Mobile Equipment Identifier (IMEI) is used as UEidentifier.

Figure 1: Call Flow: 3GPP R13 Emergency Call Support on the ePDG and P-GW

The P-GW sends the Emergency-Indication AVP over the s6b interface so that the 3GPP AAA server onlyapplies specific policies for emergency services. For an unauthenticated UE, the 3GPP AAA server does notupdate the Home Subscriber Server (HSS) with the identity of the P-GW. For an authenticated UE, thisindication is sent together with the "PDN GW currently in use for emergency services" message, whichcomprises the PDN GW address and the indication that the PDN connection is for emergency services to theHSS, which stores it as part of the UE context for emergency services.

Support is available for all four different behaviors of emergency bearer establishment:

• Valid UEs only.

• Only UEs that are authenticated are allowed.

• IMSI required, authentication optional.

• All UEs are allowed.

This section describes the new Attribute Value Pair (AVP) and modified Information Elements that supportthe feature.



Emergency-Indication AVP

A new Emergency-Indication AVP is defined in the Authentication and Authorization Request to signal arequest to establish a PDN connection for emergency services.

The P-GW signals a new Emergency-Indication AVP to the 3GPP AAA Server in the Authorization Requestover the S6b interface. In this case, the 3GPP AAA Server does not check the APN received from the P-GW(which contains an emergency APN) against the APNs authorized in the user subscription. This AVP issupported in the standard S6b dictionary aaa-custom21.

Information Elements

This section describes other important elements in a Create Session Request that have been modified to workproperly with the feature.

Table 1: Information Elements in a Create Session Request

Ins.IE TypeCondition/CommentPInformationElements

0IMSIThe IMSI is included in the message on the S4/S11interface, and on the S5/S8 interface if provided by theMME/SGSN, except for the case:

- If the UE is emergency attached and the UE is UICCless.

The IMSI shall be included in the message on the S4/S11interface, and on the S5/S8 interface if provided by theMME/SGSN, but not used as an identifier.

- If UE is emergency attached but IMSI is not authenticated.

The IMSI is included in the message on the S2a/S2binterface.

CIMSI




0MSISDNFor an E-UTRAN Initial Attach and a Handover fromTrusted or Untrusted Non-3GPP IP Access to E-UTRANthe IE is included when used on the S11 interface, ifprovided in the subscription data from the HSS. For a PDPContext Activation procedure and a Handover fromTrustedor Untrusted Non-3GPP IP Access to UTRAN/GERANthe IE is includedwhen used on the S4 interface, if providedin the subscription data from the HSS.

The IE is included for the case of a UE Requested PDNConnectivity, if the MME has it stored for that UE. It isincluded when used on the S5/S8 interfaces if provided bythe MME/SGSN.

The ePDG includes this IE on the S2b interface during anAttach with GTP on S2b , UE initiated Connectivity toAdditional PDN with GTP on S2b and a Handover toUntrusted Non-3GPP IP Access with GTP on S2b, InitialAttach for emergency session (GTP on S2b), if providedby the HSS/AAA.

The TWAN includes this IE on the S2a interface during anInitial Attach in WLAN on GTP S2a, UE initiatedConnectivity to Additional PDN with GTP on S2a and aHandover to TWAN with GTP on S2a, if provided by theHSS/AAA.

CMSISDN

0MEIThe MME/SGSN includes the ME Identity (MEI) IE onthe S11/S4 interface:

- If the UE is emergency attached and the UE is UICCless.

- If the UE is emergency attached and the IMSI is notauthenticated.

For all other cases the MME/SGSN includes the MEIdentity (MEI) IE on the S11/S4 interface if it is available.

CME Identity(MEI)

The TWAN/ePDG shall include the ME Identity (MEI) IEon the S2a/S2b interface, if it is available.

CO

0ServingNetwork

This IE is included on the S4/S11, S5/S8 and S2b interfacesfor an E-UTRAN initial attach, a Handover from Trustedor Untrusted Non-3GPP IP Access to E-UTRAN, a PDPContext Activation, a Handover from Trusted or UntrustedNon-3GPP IPAccess toUTRAN/GERAN, aUE requestedPDN connectivity, an Attach with GTP on S2b, a UEinitiated Connectivity to Additional PDNwith GTP on S2b,a Handover to Untrusted Non-3GPP IP Access with GTPon S2b and an Initial Attach for emergency session (GTPon S2b).

CServingNetwork




0IndicationThis IE shall be included if any one of the applicable flagsis set to 1.

Applicable flags are:

- Unauthenticated IMSI: This flag is set to 1 on the S4/S11and S5/S8 interfaces if the IMSI present in the message isnot authenticated and is for an emergency attached UE.

CIndicationFlags

0SelectionMode

This IE is included on the S4/S11 and S5/S8 interfaces foran E-UTRAN initial attach, a Handover from Trusted orUntrusted Non-3GPP IP Access to E-UTRAN, a PDPContext Activation, a Handover from Trusted or UntrustedNon-3GPP IP Access to UTRAN/GERAN and a UErequested PDN connectivity

This IE is included on the S2b interface for an Initial Attachwith GTP on S2b, a Handover to Untrusted Non-3GPP IPAccess with GTP on S2b, a UE initiated Connectivity toAdditional PDNwith GTP on S2b and an Initial Attach foremergency session (GTP on S2b)

The IE indicates whether a subscribed APN or anon-subscribed APN chosen by theUE/MME/SGSN/ePDG/TWAN was selected.

This IE is included on the S2a interface for an Initial Attachin WLAN on GTP S2a, a Handover to TWAN with GTPon S2a and a UE initiated Connectivity to Additional PDNwith GTP on S2a. The value is set to "MS or networkprovided APN, subscription verified".

CSelectionMode

When available, this IE is sent by the MME/SGSN on theS11/S4 interface during TAU/RAU/HO with S-GWrelocation.

CO

0IP AddressThe ePDG includes this IE on the S2b interface during anInitial Attach for emergency session (GTP on S2b).Otherwise the ePDG shall include this IE on the S2binterface based on local policy.

COUE Local IPAddress

0PortNumber

The ePDG includes this IE on the S2b interface if NAT isdetected and the UE Local IP Address is present.

COUE PDP Port

1TWANIdentifier

This IE is included on the S2b interface if the WLANLocation Information is available.

COWLANLocationInformation

0TWANIdentifierTimestamp

This IE is included on the S2b interface, if the WLANLocation Timestamp is available.

COWLANLocationTimestamp



Emergency Handover Support

Two types of emergency call handovers are supported:

• Handover of Emergency Calls from Untrusted WiFi to LTE: Handover of s2b emergency calls toLTE is supported. Since an emergency call in LTE does not have s6b interface authorization enabled,handover of emergency calls from untrustedWiFi to LTE triggers a Session Termination Request (STR)to the s6b server.

• Handover of Emergency Calls from LTE to S2b: Handovers from LTE to S2b are supported. Whilethe UE moves from LTE to untrusted WiFi, LTE triggers an Authentication Authorization Request(AAR) to the s6b server with the AVPEmergency-Indication sent in that Authentication andAuthorizationRequest (AAR). Also, an STR is sent when a WiFi (s2b) call is cleared.

Configuring AAA Failure Handling for s2b Emergency CallsEmergency calls over the s2b interface should not be rejected due to a failure from the S6b server. To ensurethis, failure handling must be configured in the APN which is used for emergency calls .

Handling is configured in the aaa group so that emergency calls continue regardless of failures as indicatedby the result code.

To configure AAA failure handling for s2b emergency calls:configure

context ingress_context_nameaaa group default

diameter authentication failure-handling authorization-request result-code 3000to 5999 action continue

diameter authentication failure-handling authorization-request request-timeoutaction continue

endNote the following assumptions:

• If an IP-CAN Session Modification Request triggered by the PCRF removes all PCC rules with a QCIother than the default bearer QCI and the QCI used for IMS signaling, then the PCEF starts a configurableemergency inactivity timer. When the configured period of time expires, the P-GW initiates an IP-CANSession Termination Request for the IP-CAN session serving the IMS Emergency session

• If the Gx/S6b interface returns a Virtual APN, which is not configured as an emergency APN, then thecall is rejected with the cause code "APN_DENIED_NO_SUBSCRIPTION

Sending SWm 3GPP AAA FQDN Address in CSReqCSCva48468 - ePDG to send 3GPP AAA FQDN in CSR

Feature Default: Disabled


ePDG Changes in Release 21.1Configuring AAA Failure Handling for s2b Emergency Calls

Feature Description

Overview

• ePDG sends AAA origin-host and origin-realm to PGW in Create Session Request, so that PGW cancontact same AAA server for a particular UE for S6b interface. Origin-host and origin-realm are receivedfrom AAA server in Diameter-EAP-Answer and Authorization-Authentication-Answer with AVPOrigin-Host and Origin-Realm

• These values are sent in optional GTPv2 IE named "3GPP AAA Server Identifier", which is of type"Node Identifier" as defined in TS 29.274

Configuring Sending SWm 3GPP AAA IP Address in CSreqUse the following configuration to configure Sending SWm 3GPP AAA IP Address in CSreq.

configcontext context_name

call-control-profile ccp1remove epdg-s2b-gtpv2 send aaa-server-idend

Performance Indicator ChangesBelow are the show commands outputs added as part of NPLI e2e for VoWiFi on ePDG and PGW feature.

show subscribers full epdg-service service_name

WLAN Location:

• SSID:

• BSSID:

• Civic Address:

• Operator PLMNID:

• RelayAgent Id:

• Circuit Id:

• Timestamp:

show epdg-service statistics

• S2B Context Not Found:

show config

• epdg-s2b-gtpv2 send ue-local-ip-port

• epdg-s2b-gtpv2 send wlan-location-info-timestamp


ePDG Changes in Release 21.1Feature Description

• epdg-s2b-gtpv2 send message mbr trigger mobike

• epdg-swm send message aar trigger location-retrieval

show call-control-profile full all

ePDG S2b GTPv2 IE Options:

• Sending UE Local IP and UDP Port

• Sending WLAN Location Information/TimeStamp

ePDG S2B GTPv2 Message Options:

Modify Bearer Request:

• Triggers

• Mobike

ePDG s2b Swm Message Options:

Authorization and Authenticate Request

• TriggersLocation-retrieval

Rel 13 based Emergency APN SupportCSCva48460 - ePDG Release 13 emergency PDN support


Feature Description

Release 13 Emergency PDN Support features

• ePDG will take incoming call as emergency based on presence of "EMERGENCY" in IDr payload inIKE_AUTH_REQUEST message

• ePDG supports Emergency NAI on SWu interface as defined in 3GPP. i.e presence of SOS instead ofnai keyword, though whether call is emergency or not is decided by presence of IDr "emergency"

• ePDG blocks all other procedures those are not applicable to emergency sessions

• ePDG provides configuration option for Emergency data of APN name, PGW identity (address/FQDN),default QoS and APN-AMBR

• UE deletes previous IKE sessions when an emergency call is setup and ePDG ensures that no other PDNconnections from UE are present when emergency call is setup

• Service Selection AVP will be absent if the UE indicates the establishment of an emergency sessionduring the IKEv2 tunnel establishment


ePDG Changes in Release 21.1Rel 13 based Emergency APN Support

Emergency-Indication AVP in DER and DEA

ePDG which supports emergency services will include Emergency-Indication AVP information element ifthe UE indicated the establishment of an emergency session during the IKEv2 tunnel establishment.

The 3GPP AAA Server interprets the receipt of the Emergency-Indication AVP as an indication that the UErequests to access the EPC for emergency services.

Introduction of new DPD timer explicit to Emergency Calls

New DPD timer controlled by CLI for emergency calls is introduced. UE may send non-emergency call afteremergency call without sending delete for emergency call. With this feature new timer will clear emergencycall, post which new non-emergency call will be handled.

With this timer, emergency call gets deleted after sometime if the response is not received. Ideally this timerwill be kept low to identify stale session as early as possible. Normal call will be rejected when emergencycall is still there.

Assumptions and Limitations

• Ideally UE initiating emergency session deletes the current IKE session

• ePDG will delete previous IKE sessions if any present when emergency call is setup

• The ePDG does not consider HSS provided information to setup a connection, rather uses locallyconfigured PGW and APN information to setup the PDN connection.

Configuring Release 13 Based Emergency APN SupportUse the following configuration to configure Sending SWm 3GPP AAA IP Address in CSreq.


crypto template crypto_templet_name ikev2-dynamicikev2-ikesa emergency keepalive interval keepalive_interval timeout timeout num-retry

endThis feature requires the below existing CLI for configuring Release 13 Based Emergency APN Support:

• lte-policy - lte-emergency-profile profile_name

• lte-policy - apn

• lte-policy - qos qci

• lte-policy - apn-ambr

• lte-policy - pgw

• epdg-service - associate

Performance Indicator ChangesBelow are the show commands outputs added as part of Release 13 Emergency PDN Support:

show epdg-service service_name


ePDG Changes in Release 21.1Configuring Release 13 Based Emergency APN Support

LTE Emergency Profile: <name>/None

• Timeout Idle

show epdg-service statistics

Emergency Sessions:Non UICC Sessions:UICC Sessions:

Active:Active:

Setup:Setup:

Attempts:Attempts:

ePDG International Roaming - Redirection Based on Outer IPCSCva35590 - Support for International Roaming redirection


Feature DescriptionOnly one or some explicit ePDG will be handling International Roaming users, not all. When UE attaches toWIFI, public DNS server can be initially route to any ePDG randomly. If initial ePDG finds out that it is aninternational user, it will route it using IKEv2 redirect mechanism to corresponding ePDG which handlesInternational Roaming Users.

Basic Ikev2-Redirect support on ePDG is already present, this feature will use existing Staros Ikev2redirect framework to redirect all International Roaming users to specific ePDG.

Note

Assumptions and Limitations:

• Zone matching done by matching zone configured with MIP6 AVP removing configured/default striplevels as per requirement

• Initial ePDG will expect that AAA responce with PGW FQDN in DEA message for all InternationalRoaming users to be redirected to specific configured ePDG

• International roaming user will be redirected to proper ePDG, PGW FQDN comes from AAA andmatching zone configured under gateway-selection-profile

Configuring ePDG International Roaming Redirection Based on Outer IPUse the following configuration to ePDG International Roaming Redirection Based on Outer IP.


ePDG Changes in Release 21.1ePDG International Roaming - Redirection Based on Outer IP

Below are the newly introduced commands for the ePDG International Roaming Redirection Based on OuterIP

gateway selection profileconfig

gateway-selection-profile profile_nameremove epdg-s2b-gtpv2 send aaa-server-idend

description


gateway-selection-profile profile_namedescription descriptive_stringend

zone


gateway-selection-profile profile_namezone zone_fqdn action { ignore | mandatory }end

associate gateway-selection-profile

configgateway-selection-profile profile_name

associate gateway-selection-profile profile_nameend

Performance Indicator ChangesBelow are the show commands outputs added as part of this feature to support ePDG InternationalRoaming-Redirection based on outer IP.

show apn-profile full all

• Associated Gateway Selection Profile

show gateway-selection-profile all

• epdg_gwsel_profile1

show gateway-selection-profile full all

• Gateway Selection Profile Name

• Details of zones configured

• zone <yyyy> action ignore

• zone <zzzz> action mandate

• Total 2 zones configured

show epdg statistics

• Zone Action Ignore Configured:


ePDG Changes in Release 21.1Performance Indicator Changes

Zone Matching stats:

• Mandatory:

Session Disconnect reason:

• Roaming Mandatory:

show sessctrl config-reconciliation statisticsConfig-typeTask

gw-selection profileSessmgr

show session disconnect-reasonsPercentageNum DiscDisconnect Reason

ePDG-roaming-mandatory

Bulkstats

Below are the new bulkstats introduced in ePDG Schema as part of ePDG International Roaming-Redirectionbased on outer IP.

• sess-disconnect-roaming-mandatory

• alt-epdg-selection-mandatory

• redirect-zone-action-ignored

Send User location info to PGWCSCvb74398 - sending ULI on s2b.


Feature DescriptionThis feature enables 3gpp-user-location-info AVP from SWm interface for constructing ULI andMCCC/MNCof Serving-Network IEs on S2b.


• If ULI configuration is enabled and 3GPP-User-Location-Info is not received from AAA, ePDG willnot send the same in S2b CSR

• If theMCC/MNC on ServingNetwork is enabled using only CLI, on receiving 3GPP-User-Location-Info,MCC/MNC of Serving Network will be updated and sent on S2b CSR


ePDG Changes in Release 21.1Send User location info to PGW

On receiving 3gpp-user-location-info AVP on SWm interface, ePDG provides ULI IE with TAI or ECGI orTAI-ECGI information on CreateSession Request on S2b

3GPP-User-Location-Info Support on SWm Interface

SWm is existing interface between AAA Server and ePDG which is used to authenticate and authorize UE.There are various procedures between AAA server and ePDG which are used to provide many existinginformation to two entities.

3GPP-User-Location-Info AVP will be provided to ePDG in DEA/AAA messages at the time Sessionestablishment.

Authenticate and Authorize Procedure: DER/DEA

This information is provided to ePDG first during Authentication and Authorization request procedure i.eDER/DEA or AAR/AAA(for non UICC) exchange which happens during session establishment.

AVP info in Authenticate and Authorization Answer procedure.Procedureexchange

DescriptionCatMapping to DiameterAVP

Information ElementName

DEA/AAAIf present, this IE willcontain the locationinformation of theTAI/ECGI/TAI-ECGIinfo

O3GPP-User-Location-InfoUser LocationInformation

DEA/AAAThis IE will containMCC and MNCreceived on3GPP-User-Location-Info

C3GPP-User-Location-InfoServing Network

AAA behavior: If 3GPP-User-Location-Info (that contains last attached LTE location of UE) is present onAAA, it will be provided to ePDG over SWm interface during session establishment in both UICC andnon-UICC case.

ePDG Behaviour: On receiving 3GPP-User-Location-Info ePDG stores this information and sendsTAI/ECGI/TAI-ECGI information on ULI IE and MCC/MNC information on Serving Network IE over S2b.In case absence of this AVP, ULI will not sent andMCC/MNC values on Serving Network IE will be populatedas earlier.

Support on S2b Interface

Information on 3GPP-User-Location-Info received by ePDG will be sent by ePDG to PGW on ULI andServing Network IE. This feature is CLI controlled under "call-control-profile".


ePDG Changes in Release 21.1Feature Description

Ins.IE TypeCondition / CommentPInformation ElementName

0ULIThe ePDG includes thisIE on the S2b interfaceif the3GPP-User-Location-InfoAVP is available.

COUser LocationInformation (ULI)

0ServingNetwork

The ePDG shall includeMCC/MNC on this IE,derived from ULI

COServing Network

Configuring Use MCC MNC Value Provided by NetworkUse the following configuration to configure Use MCC MNC Value Provided by Network.

configcall-control-profile ccp1

[ remove ] epdg-s2b-gtpv2 send serving-network valueend


[ remove ] epdg-s2b-gtpv2 send uliend

Performance Indicator ChangesBelow are the show commands outputs added as part of this feature to support MCC MNC Value Providedby Network show

call-control-profile full

ePDG S2b GTPv2 IE Options:

• Sending ULI

• Sending ServingNetwork[Value ULI]

show configuration:

• epdg-s2b-gtpv2 send uli

• epdg-s2b-gtpv2 send serving-network value uli

show configuration verbose:

• remove epdg-s2b-gtpv2 send uli

• remove epdg-s2b-gtpv2 send serving-network value uli


ePDG Changes in Release 21.1Configuring Use MCC MNC Value Provided by Network

Network Provided User Location Information reportingextensions over S2b interface

CSCuz87415 - NPLI support.


Feature DeceptionP-CSCF receives location information from the network when an IMS session is set-up, media is added /modified / removed within a session and when the session is released. This applies to emergency sessions andalso to regular sessions set-up over an Untrusted access to EPC.The following IEs are added to the CreateSession Request, Create Bearer Response, Update Bearer Response, Modify bearer Request, Delete SessionRequest and Delete Bearer Response messages over the S2b interface:

• WLAN Location Information

• WLAN Location Timestamp

• UE Local IP address

• UE UDP Port

The Retrieve Location Information flag is also added to the Update Bearer Request message over the S2binterface.

User location Information reporting extensions over S2b interface Supports the following features:

• ePDG providesWLANLocation Information andWLANLocation Timestamp in Create Session request,Create Bearer response, Delete Session request, Delete Bearer response, Update bearer response to PGWon S2b interface.

• ePDG provides UE Local IP/Port in Create Session request, Create Bearer response, Modify Bearerrequest, Delete Session request, Delete Bearer response, Update bearer response to PGW over S2binterface. UE Port will be included only if NAT is detected between UE and ePDG.

• ePDG processes WLAN Location Information and WLAN Location Timestamp sent by AAA overSWm interface in DEA/AAA messages.

• ePDG deletes stored WLAN Location Information/Timestamp if it doesn't receive same in AAA whenAAR was sent with bit set for location retrieval.

• ePDG can trigger AAR towards AAA over SWm interface when it needs updated WLAN locationinformation to be sent towards PGW.

The NPLI (Network Provided Location Information) of an UE in case of a TWAN access

The TWAN reports over S2a TWAN related Access Network Information at PDN connection establishment,at bearer creation / modification / release and at PDN connection release. Such TWAN related Access NetworkInformation may correspond to a "TWAN Identifier" and/or to a UE Time Zone. Same is applicable on S2binterface for WLAN access in untrusted UE attachment on EPC.


ePDG Changes in Release 21.1Network Provided User Location Information reporting extensions over S2b interface

When as part of procedures for Authentication andAuthorization on anAccess Point based onUSIM credentials,the WLANAccess Network provides WLAN Access Network location information to the 3GPP AAA serverthat it considers as network provided location, the 3GPP AAA server stores this information and provides itto the ePDG at the SWm Authentication and or Authorization procedure or upon request of the ePDG.

This location information is called WLAN Location Information and contains the same information as iscontained in the TWAN Identifier. The Age of the WLAN Location information is provided in conjunctionwith the WLAN Location information.

The ePDG storesWLANLocation Information associatedwith anUEwhen it receivesWLANAccess Networklocation information from the 3GPPAAA server. The ePDG removes the storedWLANLocation Informationassociated with an UE when it receives from the 3GPP AAA server an indication that no WLAN AccessNetwork location information is available for this UE.

The WLAN Location Information information and its Age, when available, are propagated by the ePDG tothe PDN(Config driven). This takes place at the UE-initiated connectivity to an initial PDN connection (AttachProcedure), at the UE-initiated connectivity to an additional PDN connection or, as described below, whenthe ePDG needs to send Network Provided User Location Information about an already established PDNconnection.

When the AAA server has sent WLAN Location Information at the UE-initiated connectivity to an initial(Attach Procedure) or additional PDN connection, and when later the ePDG needs to send Network ProvidedUser Location Information towards the PDN GW over S2b, the ePDG may initiate a WLAN LocationInformation Request to fetch the most up to date WLAN Location Information in conjunction with the ageof this Information(CLI controlled).

0. When the 3GPP AAA server detects that the UE has moved between WLAN AN, it locally updates orremoves the WLAN Location information and its Age it stores for the UE.

1 A procedure is triggered that requires the ePDG to provide Network Provided User Location Informationover S2b for an already established PDN connection. The corresponding procedures are:

• UE/ePDG-initiated Detach Procedure and UE-Requested PDN Disconnection with GTP onS2b.<Delete Session Request>

• PDN GW initiated Resource Allocation Deactivation with GTP on S2b.<Delete Bearer Response>

• Dedicated S2b bearer activation with GTP on S2b.<Create Bearer Response>

• S2b bearer modification with GTP on S2b.<Update Bearer Response>


ePDG Changes in Release 21.1Feature Deception

2 When the AAA server has sentWLANLocation Information at the set-up of a SWm session and the ePDGhas detected a change of the outer IP address of the UE, the ePDG initiates aWLAN Location InformationRequest towards the 3GPP AAA server by sending AAR message with “WLAN-Location-Info-Request”bit set.

3 The 3GPPAAA server provides aWLANLocation Information Answer that may containWLAN locationinformation and WLAN location information Age or an indication that no WLAN location informationis available. The ePDG replaces any WLAN location information and WLAN location information Ageit may have stored beforehand by the information received from the 3GPP AAA server. When the WLANLocation Information Answer contains an indication that no WLAN location information is available, theePDG removes anyWLAN location information andWLAN location information Age it may have storedbeforehand about the UE.

4 The ePDG issues S2b signalling with Network Provided User Location Information. The Network ProvidedUser Location Information includes UE local IP address and optionally UDP source port number (if NATis detected). The Network Provided User Location Information includes WLAN Location Information(and its age) only when the ePDG has such information currently available about the UE. When the PDNGW receives no WLAN Location Information from the ePDG it will delete any such information it mayhave stored for the PDN connection.

5 If requested by the PCRF the PDN GW forwards to the PCRF following information extracted fromNetwork Provided User Location Information it may have received from the ePDG:

• The UE local IP address

• WLAN location information in conjunction with the Age of this information

When the PCRF receives noWLAN location information from the PDNGWwithinNetwork ProvidedUser Location Information the WLAN location information is considered as not any longer valid.

WLAN location support in initial attach: Create Session Request

If NPLI configuration enabled and AAA has provided, WLAN information in DEA during initial attach,ePDG will update same in CSR towards ePDG.

WLAN location support during other S2b procedure

This section describes producers like Create Bearer Response, Delete Bearer Response, Delete Session Request.

There are three scenarios:

1 If WLAN Location Information/Timestamp is available at ePDG, it will send the same in this messages.If the last updated WLAN info received from AAA is still present and there is no change in UE IP/Port,ePDGwill send last receivedWLAN info towards PGW in procedure like Create Bearer Response, DeleteBearer Response, Delete Session Response if NPLI config is enabled.

2 If there is a change in UE Local IP/Port (Mobike triggered procedure) from last updated WLAN info andthe NPLI configuration is enabled and the configuration to take the latest WLAN info from AAA is alsoenabled, ePDG will trigger AAR and get the updated WLAN info from 3GPP-AAA-Server and now thisnew updated info will be sent in any of above message (Create Bearer Response, Delete Bearer Response,Delete Session Request) on S2b interface.

3 If no WLAN information present, none will sent in any of above message.


ePDG Changes in Release 21.1Feature Deception

WLAN location support during Update bearer request/response

Update bearer response will have Location information. If request has " Retrieve Location bi t " set, it willbe treated as specific request for getting WLAN Location information and ePDG. If it doesn't have same, itwill still send UE Local IP/Port.

Exchange will be treated as success even if no WLAN info is available from AAA Server. With respect totriggering AAR towards AAA, ePDGwill check if bit is set andMobike has happened before triggering AAR.In case either bit is not set or Mobike has not happened, AAR will not be triggered.

UE local IP change(Mobike)

When ePDG detects UE IP/Port change in case of Mobike, it will trigger Modify Bearer request (MBR) withupdated UE IP/port included. Triggering MBR on UE IP change will be driven by a new configuration undercall-control-profile.

Refer section 7.2.7 of 3gpp specs 29.274 d50 for additional information.Note

Modify Bearer Request will be triggered only if Mobike is enabled. i.e. IP address/ port is being updatedby Update SA address request. IP address change with NAT reboot will not triggerModify Bearer Request.

Important

Following two IEs are sent in Modify Bearer request.IE TypeInformation elements

IP AddressUE Local IP Address

Port NumberUE UDP Port


• If NPLI configuration is enabled and WLAN Location Information not received from AAA, ePDG willnot send the same in S2b messages.

• If UBR has bit set, ePDG will respond with UE Local IP/Port and WLAN info. In case WLAN info isnot available, ePDG will still respond IP/Port and treat exchange as sucess.

Configuring NPLI e2e VoWiFi on ePDG and PGWA new keyword " wlan-location-info-timestamp " introduced as part of PLI e2e for VoWiFi on ePDG andPGW. Use the following configuration to configure PLI e2e for VoWiFi on ePDG and PGW.


epdg-s2b-gtpv2 send wlan-location-info-timestampend


ePDG Changes in Release 21.1Configuring NPLI e2e VoWiFi on ePDG and PGW

A new keyword "message " introduced as part of PLI e2e for VoWiFi on ePDG and PGW. Use the followingconfiguration to configure PLI e2e for VoWiFi on ePDG and PGW.


epdg-swm send message aar trigger location-retrievalend

A new keyword "mobike " introduced as part of PLI e2e for VoWiFi on ePDG and PGW. Use the followingconfiguration to configure PLI e2e for VoWiFi on ePDG and PGW.


epdg-s2b-gtpv2 send message mbr trigger mobikeend

Performance Indicator ChangesBelow are the show commands outputs added as part of this feature to support Sending SWm 3GPP AAAFQDN Address in CSReq

Show Configuration

call-control-profile ccp_name

• epdg-s2b-gtpv2 send aaa-server-id

When CLI is disabled, with "remove epdg-s2b-gtpv2 send aaa-server-id" Show commands outputs added aspart of this feature for "show configuration verbose":

• remove epdg-s2b-gtpv2 send aaa-server-id

Show commands outputs added for "show call-control-profile full {all | name <>}" if enabled :

• Sending AAA Origin-host and origin-realm

Show commands outputs added for "show call-control-profile full {all | name <>}" if disabled:

• Sending AAA Origin-host and origin-realm

EAP-MD5 Unable to send 2nd DER messages to diameterCSCvc23634 - EAP-MD5 Unable to send 2nd DER messages to diameter

Applicable Products: ePDG

Feature ChangesNew Behavior

If MSK is not received in final DEA with EAP/Diameter success, then disconnect reason will be :ePDG-Auth-failed(522) instad of Invalid-AAA-attr-in-auth-response(15).



ePDG uses 3GPP Charging Characteristics Received Outsideof APN Info

CSCvb98961 - ePDG should use 3gpp charging characteristics received outside of apn info.



• Sends 3gpp charging characteristics on S2b, if it is received outside of APN info APV of final DiameterEAP Answer

• If the 3gpp charging char is received under apn-info avp, and outside of apn-info, then the value receivedunder apn-info will be sent to PGW.

• If the CLI cc behavior-bit no-records <value> is configured under call-control-profile, and the samebehavior bit is set in the 3GPP charging characteristics value received from AAA (under APN-info oroutside), the value will not be sent to PGW.

IKEv2 DSCP MarkingCSCva23852 - [ePDG] to support DSCP marking for IKEv2 Packets

Refer IKEv2 DSCP Marking of this guide for more information.

IKEv2 - Protection Against Distributed Denial of ServiceCSCva98067 - [ePDG] IKEv2 Security Enhancements

Refer IKEv2 - Protection Against Distributed Denial of Service of this guide for more information.

Operator-policy Instead of aaa-unreachable Disc Reason forIMSI Based Admission Control

CSCvc29714 - operator-policy instead of aaa-unreachable Disc Reason for imsi based admission control inePDG.




ePDG Changes in Release 21.1ePDG uses 3GPP Charging Characteristics Received Outside of APN Info

21-1-Change-Reference_chapter_0100.pdf#unique_111


• Disconnect reason "operator-policy" instead of "aaa-unreachable" if suitable operator policy does notpresent for a user.

• For the above scenario, "NETWORKPERMANENTERROR (11002)" is sent instead of AUTHFAILED,if custom SWm to SWu is enabled.

Impact on customer:They will observe different disconnect reason as mentioned above. Also, in the samescenario different error notification will be sent to UE if custom SWm to SWu is enabled.

User Equipment Identity in IKE_AUTH MessageCSCvc01164 - [ePDG] to add standard based support to obtain the IMEI of a UE

Refer User Equipment Identity in IKE_AUTH Message of this guide for more information.

LTE to Wifi Handoff bulkstats added to epdg-schemaCSCvc04519 - LTE to Wifi Handoff bulkstats not there in epdg-schema

Performance Indicator ChangesBelow are the new Bulkstats introduced in this release to know Handoff Attempts and Number of VoLTESessions present in the system.

ePDG schema

• tot-handoff-attempts

• tot-curr-volte-calls

ePDG-apn schema

• tot-curr-volte-calls


ePDG Changes in Release 21.1User Equipment Identity in IKE_AUTH Message


ePDG Changes in Release 21 - · PDF fileePDG Changes in Release 21.1 ... Configuring Use MCC...

Documents

Transcript of ePDG Changes in Release 21 - · PDF fileePDG Changes in Release 21.1 ... Configuring Use MCC...