Cellular Network Infrastructure » osmo-ePDG - VoWifi Evolved Packet Data Gateway

{{>toc}}

h1. EPDG implementation plan

h2. The big picture

Ideally, we want to reuse existing code whenever possible, rather than reinvent the wheel.  Time will tell, if this works out or if we have to rewrite more of it.

* StrongSwan charon for handling IKEv2 and managing the IPsec SAs in the kernel IPsec

* Erlang DIAMETER application for all the related interfaces

* Erlang gtplib for S2b

This means we will have two major "applications" running:

* charon

* ePDG (likely in Erlang)

Between those two we will need some kind of non-standard, custom interface.  For now I've called it "CEAI" for (Charon External AKA Interface)

h2. Control Plane

* *red* color indicates elements / interfaces to be implemented.

{{graphviz_link()

digraph G {

  rankdir=LR;

  subgraph cluster_swan {

    label = "StrongSWAN domain";

    charon;

  }

  subgraph cluster_erlang {

    label = "Erlang domain";

    ePDG [color=red];

    AAA [label="3GPP AAA Server", color=red];

  }

  HSS;

  PGW;

  PCRF

  UE;

  charon -> ePDG [label="CEAI", color=red];

  UE -> charon [label="IKEv2"];

  ePDG -> AAA [label="SWm (DIAMETER)", color=red];

  AAA -> HSS [label="SWx (DIAMETER)", color=red];

  AAA -> PGW [label="S6b (DIAMETER)", color=red];

  ePDG -> PGW [label="S2b (GTPv2C)", color=red];

  ePDG -> PCRF [label="Gxb", color=red, style=dashed];

  PGW -> PCRF [label="Gx (DIAMETER)"];

}

}}

h2. User Plane

* *red* color indicates elements / interfaces to be implemented.

* *blue* color indicates control-plane elements controlling the user plane

{{graphviz_link()

digraph G {

  rankdir=LR;

  subgraph cluster_swan {

    label = "StrongSWAN domain";

    { rank=same;

      ipsec [label="Linux kernel\nIPsec"];

      charon [color=blue];

    }

    charon -> ipsec [label="netlink", color=blue];

  }

  subgraph cluster_erlang {

    label = "Erlang domain";

    { rank=same

      gtp [label="Linux kernel\nGTP"];

      ePDG [color="blue"];

    }

    ePDG -> gtp [label="netlink", color=blue];

  }

  PGW;

  UE;

  UE -> ipsec [label="ESP/UDP"];

  ipsec->gtp [label="kernel IP stack"];

  gtp -> PGW [label="S2b (GTPv1U)", color=red];

}

}}

h2. Authentication

!ipsec_auth.png!

h2. 3GPP Interfaces and Procedures

h3. ePDG

h4. S2b to PGW (GTPv2C) [TS 29.274]

h5. Create Session Request / Response

h5. Delete Session Request / Response

h5. Modify Bearer Request /  Respone (not needed?)

h5. Modify Bearere Command (not needed?)

h5. Bearer Resource Command (not needed?)

h5. Create Bearer Request / Response

h5. Update Bearer Request / Response (not needed?)

h4. SWm to AAA (DIAMETER) [3GPP TS 29.273]

h5. Diameter-EAP-Request (DER) / Diameter-EAP-Response (DEA)

h5. Diameter-AA-Request (AAR) / Diameter-AA-Response (AAA)

h5. Session-Termination-Request (STR) / Session-Termination-Answer (STA)

h5. Re-Auth-Requst (RAR) / Re-Auth-Answer (RAA)

h5. Abort-Session-Request (ASR) / Abort-Session-Answer (ASA)

h4. SWu to UE (IKEv2, ESP) (3GPP TS 33.402)

* Related: https://fabricioapps.blogspot.com/2017/10/untrusted-non-3gpp-ip-access-swu-ikev2.html

h4. Gxb to PCRF (not needed?)

h3. 3GPP AAA Server

h4. SWx to HSS (DIAMETER) [3GPP TS 29.273 sec 8,  3GPP TS 23.402 sec 12]

h5. Push-Profile-Request (PPR) / Push-Profile-Answer (PPA)

h5. Registration-Termination-Request (RTR) / Registration-Termination-Answer (RTA)

h5. Multimedia-Auth-Request (MAR) / Multimedia-Auth-Answer (MAA)

* 3GPP TS 29.273 8.2.2.1

* https://www.etsi.org/deliver/etsi_ts/129200_129299/129273/17.06.00_60/ts_129273v170600p.pdf

* https://dstest.info/DiaDict/Dictionary/Multimedia-Auth-Request_SWx.html

h5. Server-Assignment-Request (SAR) / Server-Assignment-Answer (SAA)

h4. S6b to PGW (DIAMETER) [3GPP TS 29.273]

FIXME

h4. SWm to ePDG (DIAMETER)

see above.

h3. custom Interfaces / Procedures

h4. CEAI

FIXME