GAN (Generic Access Network)-based RAN Gateway

way

One other proposal for femtocell integration to the core network is generally referred as RAN Gateway solution which is based on a new network controller- RAN Gateway that operates between the IP access network and the operators core network. The RAN Gateway aggregates the traffic of a large number of femtocells coming from the internet that use the new Iu-over-Ip interface and passes this traffic to the core network by using the Iu-CS and Iu-PS interfaces. Flat-ip architecture is used by the RAN Gateway that allocates a number of RNC functionalities to the femtocell making it more intelligent and autonomous while dealing this way with the scalability issues as well. Specifically, the HNB is responsible for the radio aspects and the HNBGW (Home NodeB Gateway) is responsible for CN (Core Network) connectivity. Figure 2, illustrates the GAN Iu mode architecture as described in [7].

In general the GAN architecture is an established solution for uncoordi- nated HNB integration to the CN through unmanaged IP networks. It provides mutual authentication, confidentiality and integrity protection by using IP sec tunnels between the access device and the operators network. It can help the HNB to discover the correct default serving gateway in the initial set-up and thus provides a flexibility to the network to scale up as the HNB will automat- ically find the corresponding gateway. It can register a UE for services as only registered UE are served by the HNBGW. Furthermore, it promotes QoS by not only establishing RTP connections for redundancy of VoIP call across the Internet but also by monitoring the Uplink quality for any necessary handover to the macro layer. The main components of this architecture are:

I User Equipment: A 3G capable handset

II Home Node-B: A CPE (Customer Premises Equipment) that enables stan- dard radio Uu connectivity to the UE and the necessary extensions to connect to the HNBGW as defined in 3GPP TS 43.318 [8].

III Home Node-B Gateway: Same as the GANC (Generic Access Network Controller) functionality defined for GANC Iu mode and allows different CPE devices to connect to the generic IP network. This entity works mostly between the Iu interface and the GAN Iu mode Up interface using the control plane functionality and the user plane functionality.

IV Control Plane functionality: Responsible for encapsulation and encryption of Up interface control plane packets by setting up an IPsec tunnel between SeGw and HNB

V User Plane functionality: Responsible for the interconnection of circuit switched data and the Up interface.

VI Coexistence with UTRAN and interconnection with the CN via standard interfaces

3.1. Access Network Architecture 13 VII Generic ip access network that provides IP connectivity among HNB and

HNB-GW

VIII Use of AAA (Authentication, Authorization and Access) server on Wm interface according to the 3GPP TS 29.234 [9] specifications and is used to authenticate the HNB when there is a secure channel setup.

IX HNB management System that uses a standard CPE devices management interface in order to manage in a scalable way the configuration of HNB.

Figure 3.1: Architecture of GAN-based HNB

The SeGW and the AAA server components will be further explained and analysed as are of importance for the scope of this thesis, while components like RAN network controller, MGC (Media Gateway Controller), signalling gateway and access point management system will not.

3.1.3.1 Security Gateway

The SeGW is a scalable 3GPP based product that connects securely the RAN GW to the core network by authenticating and terminating FBS originating IPsec tunnels. It executes Authentication, Authorization and Accounting pro- cedures as it interfaces with the AAA server via the Wm. It can ensure a secure access for GTP (GPRS Tunnel Protocol) tunnels that terminate on the CN by using IP as a transport method for the GPRS tunnels. In addition, SeGW can maintain for each femtocell a high capacity IP sec tunnel termination with integrity and encryption as required and distribute and manage IP addresses to remote FBS. It can also serve multiple RAN network controller and media

14 Chapter 3. Background gateways at the same time and manage the authentication process by handling the IKE (Internet Key Exchange) for SA (Security Association) purposes. The SeGW is compatible with the 2, 3, 8, 10-14 3GPP standards.

3.1.3.2 Authentication Authorization and Accounting Server

The AAA server improves the security the RAN GW provides as by a set of services it supports. It has an SS7 MAP-D interface with which an IMSI (Inter- national Mobile Subscriber Identity) can securely register with a RAN GW and can support EAP-SIM/EAP-AKA authentication services between a FBS and a HLR (Home Location Registry). The AAA server is incorporated in the SeGW by using the diameter Wm interface on the SeGW site and the S1 Radius inter- face on the RAN network controller and is capable of handling multiple SeGW and RAN-GW requests per server. Additionally, the AAA server can be used for Service Access Controls, UE session parameters and logging of UE registration events when required by the operator.

3.1.3.3 Internal and External Interfaces

According to [1]1 there are three types of interfaces used: 1. Interfaces between FBS and RAN GW

• Up/Iu-h is now known as Iu-h. Iu-h interface is the standard Iu mode protocol for the transport of 3G UMTS protocols and services over the IP access network.

• RTP (Real Time Transport) is the protocol for circuit switched bearer traffic over the public Internet between the FAP and the MGW. • GTP-U is the protocol for packet switched bearer traffic between the

FBS and the SGSN.

• IPsec is the protocol for integrity and encryption of all traffic between the FBS and the RAN GW.

• TR-069 is the management protocol for managing the FBS commu- nity from the RAN GW.

2. Interface between RAN GW and Core Network

• Interface D: Supports the authentication services between the access network and the HLR[1].

• Iu-CS Control and User Plane Iu-CS traffic transports messages over ATM towards core network.

• Iu-CS user plane traffic transports over IP from RAN GW towards core network.

3. Interfaces within RAN GW

• H.248 H.248 is the MGW control protocol to enable the RAN network controller to manage the MGW bearer paths.

3.2. Air-interface technologies 15 • SIGTRAN is the Iu-CS/PS control plane over a standard SIGTRAN transport between the RAN network controller and the signaling gateway. The signaling gateway is embedded within the MGW and performs the protocol translation between the RAN GW and the core network for the Iu control plane.

• SNMP (Simple Network Management Protocol) is the protocol for EMS (Enhanced Messaging Service).

• Wm is the protocol for Extensible Authentication Protocol (EAP)- SIM/Authentication and Key Agreement (AKA) authentication be- tween the SeGW and the AAA server. RADIUS (Remote Authenti- cation Dial-In user Services) is the protocol for access controls and authorization between the RAN network controller and the AAA server.