1 / 19

KDDI August, 21st 2002

Proposal for International Data Roaming <<IP Network Routing>>. KDDI August, 21st 2002. Anete Hashimoto (a-hashimoto@kddi.com) Masaaki Koga (koga@kddi.com) Masaru Fukumitsu (ma-fukumitsu@kddi.com) Masaru Umekawa (umekawa@kddi.com).

ciqala
Download Presentation

KDDI August, 21st 2002

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Proposal for International Data Roaming<<IP Network Routing>> KDDI August, 21st 2002 Anete Hashimoto (a-hashimoto@kddi.com) Masaaki Koga (koga@kddi.com) Masaru Fukumitsu (ma-fukumitsu@kddi.com) Masaru Umekawa (umekawa@kddi.com)

  2. For the WAP access service and Internet Local Access, there should be only the following two routing methods as for authentication, accounting, and IP packets: • Via dedicated link routing • Via Internet routing KDDI Corporation

  3. Auth Acct Data WAP Access: All packet route via dedicated link Serving-Network IP address assignment at HA in mobile IP handset case Packet-NW HA 1x RAN PDSN Proxy AAA IP address assign from serving NW (Serving NW’s address range) Int'l_GW Dedicated link Int'l_GW Home Network Packet-NW Proxy AAA GW WAP Server 1x RAN PDSN AAA KDDI Corporation

  4. WAP Access: All packet route via dedicated link • Authorization, accounting, and user data are transferred via dedicated link • Handset is assigned an IP address within the serving network address range at the serving network • In case of mobile IP, the HA responsible for assigning IP address is located at the serving network KDDI Corporation

  5. Packet-NW HA Proxy AAA WAP Access: All packet route via the internet Internet IP address assignment at HA in mobile IP handset case Serving Network GW 1x RAN PDSN IP address assign from serving NW (Serving NW’s address range) Home Network GW Auth Acct P-Radius Data Packet-NW 1x RAN GW WAP Server PDSN AAA KDDI Corporation

  6. WAP Access: All packet route via the internet • Authorization, accounting, and user data are transferred via public internet • Handset is assigned an IP address within the serving network address range at the serving network • In case of mobile IP, the HA responsible for assigning IP address is located at the serving network KDDI Corporation

  7. Auth Acct Data Internet Access: Radius packet route via dedicated link Internet Serving-Network IP address assignment at HA in mobile IP handset case Packet-NW HA 1x RAN PDSN GW Proxy AAA IP address assign from serving NW (Serving NW’s address range) Int'l_GW Dedicated link Int'l_GW Home Network Packet-NW Proxy AAA GW CN_Server 1x RAN PDSN AAA KDDI Corporation

  8. Internet Access: Radius packet route via dedicated link • Authorization and accounting are transferred via dedicated link • User gains access to the internet via local gateway KDDI Corporation

  9. Packet-NW HA Proxy AAA Internet Access: All packet route via the internet Internet IP address assignment at HA in mobile IP handset case Serving Network GW 1x RAN PDSN IP address assign from serving NW (Serving NW’s address range) Home Network GW Auth Acct P-Radius Data Packet-NW 1x RAN GW CN Server PDSN AAA KDDI Corporation

  10. Internet Access: All packet route via the internet • Authorization and accounting are transferred via the public internet • User gains access to the internet via local gateway KDDI Corporation

  11. Proposal for International Data Roaming<<General Issue>>

  12. General Proposal • Proposal 1: Division of roaming services in two stages • In order to carry out the International Packet Data Roaming as smooth as possible, we propose the provisioning of services to be done in two stages, as follows: - Phase 1: WAP Home Access and Internet Local Access • User data packet will be sent from the serving network to the home network via the public Internet or dedicated link. Authentication and accounting messages should also be delivered to the home network (via Internet or another form to be defined between the parties involved). - Phase 2: ISP and Corporate VPN Access • The source IP address assignment will be done at the home network. Therefore, the deployment of Mobile IP will be indispensable. KDDI Corporation

  13. Phase 1 Proposals • Proposal 2: Use of Global IP address for both Destination and Source addresses. <Destination IP Address> • In principle, the server (destination address) should have a global IP address assigned. If private IP address is to be used, then a tunnel protocol implementation like L2TP may be necessary to be negotiated between the carriers involved. <Source IP Address> • In principle, the Serving network should be responsible for assigning a global IP address to the mobile (source IP address). Since most of the countries belonging to the CDG use private IP addresses, NAT functionality (or similar mechanism) should be necessary in the boundaries. If private IP address is to be used, then a tunnel protocol implementation like L2TP may be necessary to be negotiated between the carriers involved. KDDI Corporation

  14. Proposal 3: IP address assignment at the Home Agent (HA) in case of Mobile IP. • As stated previously that the serving network is responsible for the IP address assignment, the serving network operator should also provide (operate and maintain) the Home Agent (HA). • The home operator does not need to deploy the HA • Proposal 4: The target for billing should be the payload of the PPP frame • Billing should be based on the payload of the PPP frame. Nor LCP, nor PAP/CHAP, nor IPCP messages should be billed. KDDI Corporation

  15. Proposal 5: Use of Radius attribute as per IETF standard. • In principle, the type and format of Radius attribute shall be compliant to the IETF standards. Serving operator may not send the 3GPP2 VSA. • Proposal 6: Routing based on domain name. • The Serving network shall be able to perform routing based on domain name (the portion after the @ mark). KDDI Corporation

  16. Proposal 7: Customer charge shall be collected at the Home network. • Since the Accounting information is forwarded to the home network, the customer charge shall be collected at the home network. KDDI Corporation

  17. Open Issues << IP Security Consideration >>

  18. Packet Data Roaming • WAP access • Need to consider the security of Radius authentication and accounting packets • Require a secure packet data routing in order to avoid improper user (e.g., spam mails) • Dedicated link • Internet VPN • Internet local access • Radius authentication and accounting security requirement KDDI Corporation

  19. Internet Roaming Implementation Examples • I-Pass • SSL encryption for Authentication and Accounting messages exchanged between the Home ISP and i-Pass server • GRIC • MD5 to encrypt user password Reference: 1. RFC 2194 Review of Roaming Implementations 2. http://www.ipass.com 3. http://www.gric.com KDDI Corporation

More Related