EPDG implementation plan » History » Revision 10
Revision 9 (pespin, 10/05/2023 04:44 PM) → Revision 10/27 (pespin, 10/05/2023 05:02 PM)
{{>toc}}
h1. EPDG implementation plan
h2. The big picture
Ideally, we want to reuse existing code whenever possible, rather than reinvent the wheel. Time will tell, if this works out or if we have to rewrite more of it.
* StrongSwan charon for handling IKEv2 and managing the IPsec SAs in the kernel IPsec
* Erlang DIAMETER application for all the related interfaces
* Erlang gtplib for S2b
This means we will have two major "applications" running:
* charon
* ePDG (likely in Erlang)
Between those two we will need some kind of non-standard, custom interface. For now I've called it "CEAI" for (Charon External AKA Interface)
h2. Control Plane
* *red* color indicates elements / interfaces to be implemented.
{{graphviz_link()
digraph G {
rankdir=LR;
subgraph cluster_swan {
label = "StrongSWAN domain";
charon;
}
subgraph cluster_erlang {
label = "Erlang domain";
ePDG [color=red];
AAA [label="3GPP AAA Server", color=red];
}
HSS;
PGW;
PCRF
UE;
charon -> ePDG [label="CEAI", color=red];
UE -> charon [label="IKEv2"];
ePDG -> AAA [label="SWm (DIAMETER)", color=red];
AAA -> HSS [label="SWx (DIAMETER)", color=red];
AAA -> PGW [label="S6b (DIAMETER)", color=red];
ePDG -> PGW [label="S2b (GTPv2C)", color=red];
ePDG -> PCRF [label="Gxb", color=red, style=dashed];
PGW -> PCRF [label="Gx (DIAMETER)"];
}
}}
h2. User Plane
* *red* color indicates elements / interfaces to be implemented.
* *blue* color indicates control-plane elements controlling the user plane
{{graphviz_link()
digraph G {
rankdir=LR;
subgraph cluster_swan {
label = "StrongSWAN domain";
{ rank=same;
ipsec [label="Linux kernel\nIPsec"];
charon [color=blue];
}
charon -> ipsec [label="netlink", color=blue];
}
subgraph cluster_erlang {
label = "Erlang domain";
{ rank=same
gtp [label="Linux kernel\nGTP"];
ePDG [color="blue"];
}
ePDG -> gtp [label="netlink", color=blue];
}
PGW;
UE;
UE -> ipsec [label="ESP/UDP"];
ipsec->gtp [label="kernel IP stack"];
gtp -> PGW [label="S2b (GTPv1U)", color=red];
}
}}
h2. Authentication
!ipsec_auth.png!
h2. 3GPP Interfaces and Procedures
h3. ePDG
h4. S2b to PGW (GTPv2C) [TS 29.274]
h5. Create Session Request / Response
h5. Delete Session Request / Response
h5. Modify Bearer Request / Respone (not needed?)
h5. Modify Bearere Command (not needed?)
h5. Bearer Resource Command (not needed?)
h5. Create Bearer Request / Response
h5. Update Bearer Request / Response (not needed?)
h4. SWm to AAA (DIAMETER) [3GPP TS 29.273]
h5. Diameter-EAP-Request (DER) / Diameter-EAP-Response (DEA)
h5. Diameter-AA-Request (AAR) / Diameter-AA-Response (AAA)
h5. Session-Termination-Request (STR) / Session-Termination-Answer (STA)
h5. Re-Auth-Requst (RAR) / Re-Auth-Answer (RAA)
h5. Abort-Session-Request (ASR) / Abort-Session-Answer (ASA)
h4. SWu to UE (IKEv2, ESP)
h4. Gxb to PCRF (not needed?)
h3. 3GPP AAA Server
h4. SWx to HSS (DIAMETER) [3GPP TS 29.273 sec 8, 3GPP TS 23.402 sec 12] 29.273]
h5. Push-Profile-Request (PPR) / Push-Profile-Answer (PPA)
h5. Registration-Termination-Request (RTR) / Registration-Termination-Answer (RTA)
h5. Multimedia-Auth-Request (MAR) / Multimedia-Auth-Answer (MAA)
* 3GPP TS 29.273 8.2.2.1
* https://www.etsi.org/deliver/etsi_ts/129200_129299/129273/17.06.00_60/ts_129273v170600p.pdf
* https://dstest.info/DiaDict/Dictionary/Multimedia-Auth-Request_SWx.html
h5. Server-Assignment-Request (SAR) / Server-Assignment-Answer (SAA)
h4. S6b to PGW (DIAMETER) [3GPP TS 29.273]
FIXME
h4. SWm to ePDG (DIAMETER)
see above.
h3. custom Interfaces / Procedures
h4. CEAI
FIXME
