EPDG implementation plan » History » Version 5
lynxis, 01/29/2023 11:12 PM
| 1 | 2 | laforge | {{>toc}} |
|---|---|---|---|
| 2 | |||
| 3 | 1 | laforge | h1. EPDG implementation plan |
| 4 | 2 | laforge | |
| 5 | h2. The big picture |
||
| 6 | |||
| 7 | Ideally, we want to reuse existing code whenever possible, rather than reinvent the wheel. Time will tell, if this works out or if we have to rewrite more of it. |
||
| 8 | * StrongSwan charon for handling IKEv2 and managing the IPsec SAs in the kernel IPsec |
||
| 9 | * Erlang DIAMETER application for all the related interfaces |
||
| 10 | * Erlang gtplib for S2b |
||
| 11 | |||
| 12 | This means we will have two major "applications" running: |
||
| 13 | * charon |
||
| 14 | * ePDG (likely in Erlang) |
||
| 15 | |||
| 16 | Between those two we will need some kind of non-standard, custom interface. For now I've called it "CEAI" for (Charon External AKA Interface) |
||
| 17 | |||
| 18 | h2. Control Plane |
||
| 19 | |||
| 20 | * *red* color indicates elements / interfaces to be implemented. |
||
| 21 | |||
| 22 | {{graphviz_link() |
||
| 23 | digraph G { |
||
| 24 | rankdir=LR; |
||
| 25 | subgraph cluster_swan { |
||
| 26 | label = "StrongSWAN domain"; |
||
| 27 | charon; |
||
| 28 | } |
||
| 29 | subgraph cluster_erlang { |
||
| 30 | label = "Erlang domain"; |
||
| 31 | ePDG [color=red]; |
||
| 32 | AAA [label="3GPP AAA Server", color=red]; |
||
| 33 | } |
||
| 34 | HSS; |
||
| 35 | PGW; |
||
| 36 | PCRF |
||
| 37 | UE; |
||
| 38 | |||
| 39 | charon -> ePDG [label="CEAI", color=red]; |
||
| 40 | |||
| 41 | UE -> charon [label="IKEv2"]; |
||
| 42 | ePDG -> AAA [label="SWm (DIAMETER)", color=red]; |
||
| 43 | AAA -> HSS [label="SWx (DIAMETER)", color=red]; |
||
| 44 | AAA -> PGW [label="S6b (DIAMETER)", color=red]; |
||
| 45 | |||
| 46 | ePDG -> PGW [label="S2b (GTPv2C)", color=red]; |
||
| 47 | ePDG -> PCRF [label="Gxb", color=red, style=dashed]; |
||
| 48 | PGW -> PCRF [label="Gx (DIAMETER)"]; |
||
| 49 | } |
||
| 50 | }} |
||
| 51 | |||
| 52 | |||
| 53 | h2. User Plane |
||
| 54 | |||
| 55 | * *red* color indicates elements / interfaces to be implemented. |
||
| 56 | * *blue* color indicates control-plane elements controlling the user plane |
||
| 57 | |||
| 58 | {{graphviz_link() |
||
| 59 | digraph G { |
||
| 60 | rankdir=LR; |
||
| 61 | |||
| 62 | subgraph cluster_swan { |
||
| 63 | label = "StrongSWAN domain"; |
||
| 64 | { rank=same; |
||
| 65 | ipsec [label="Linux kernel\nIPsec"]; |
||
| 66 | charon [color=blue]; |
||
| 67 | } |
||
| 68 | charon -> ipsec [label="netlink", color=blue]; |
||
| 69 | } |
||
| 70 | subgraph cluster_erlang { |
||
| 71 | label = "Erlang domain"; |
||
| 72 | { rank=same |
||
| 73 | gtp [label="Linux kernel\nGTP"]; |
||
| 74 | ePDG [color="blue"]; |
||
| 75 | } |
||
| 76 | ePDG -> gtp [label="netlink", color=blue]; |
||
| 77 | } |
||
| 78 | PGW; |
||
| 79 | UE; |
||
| 80 | |||
| 81 | UE -> ipsec [label="ESP/UDP"]; |
||
| 82 | ipsec->gtp [label="kernel IP stack"]; |
||
| 83 | gtp -> PGW [label="S2b (GTPv1U)", color=red]; |
||
| 84 | } |
||
| 85 | }} |
||
| 86 | |||
| 87 | 5 | lynxis | |
| 88 | h2. Authentication |
||
| 89 | |||
| 90 | !ipsec_auth.png! |
||
| 91 | |||
| 92 | |||
| 93 | 3 | laforge | h2. 3GPP Interfaces and Procedures |
| 94 | 2 | laforge | |
| 95 | h3. ePDG |
||
| 96 | |||
| 97 | |||
| 98 | h4. S2b to PGW (GTPv2C) |
||
| 99 | |||
| 100 | h5. Create Session Request / Response |
||
| 101 | |||
| 102 | h5. Delete Session Request / Response |
||
| 103 | |||
| 104 | h5. Modify Bearer Request / Respone (not needed?) |
||
| 105 | |||
| 106 | h5. Modify Bearere Command (not needed?) |
||
| 107 | |||
| 108 | h5. Bearer Resource Command (not needed?) |
||
| 109 | |||
| 110 | h5. Create Bearer Request / Response |
||
| 111 | |||
| 112 | h5. Update Bearer Request / Response (not needed?) |
||
| 113 | |||
| 114 | |||
| 115 | h4. SWm to AAA (DIAMETER) |
||
| 116 | |||
| 117 | h5. Diameter-EAP-Request (DER) / Diameter-EAP-Response (DEA) |
||
| 118 | |||
| 119 | h5. Diameter-AA-Request (AAR) / Diameter-AA-Response (AAA) |
||
| 120 | |||
| 121 | h5. Session-Termination-Request (STR) / Session-Termination-Answer (STA) |
||
| 122 | |||
| 123 | h5. Re-Auth-Requst (RAR) / Re-Auth-Answer (RAA) |
||
| 124 | |||
| 125 | h5. Abort-Session-Request (ASR) / Abort-Session-Answer (ASA) |
||
| 126 | |||
| 127 | |||
| 128 | h4. SWu to UE (IKEv2, ESP) |
||
| 129 | |||
| 130 | |||
| 131 | h4. Gxb to PCRF (not needed?) |
||
| 132 | |||
| 133 | |||
| 134 | h3. 3GPP AAA Server |
||
| 135 | |||
| 136 | h4. SWx to HSS (DIAMETER) |
||
| 137 | |||
| 138 | h5. Push-Profile-Request (PPR) / Push-Profile-Answer (PPA) |
||
| 139 | |||
| 140 | h5. Registration-Termination-Request (RTR) / Registration-Termination-Answer (RTA) |
||
| 141 | |||
| 142 | h5. Multimedia-Auth-Request (MAR) / Multimedia-Auth-Answer (MAA) |
||
| 143 | |||
| 144 | h5. Server-Assignment-Request (SAR) / Server-Assignment-Answer (SAA) |
||
| 145 | |||
| 146 | |||
| 147 | h4. S6b to PGW (DIAMETER) |
||
| 148 | |||
| 149 | FIXME |
||
| 150 | |||
| 151 | h4. SWm to ePDG (DIAMETER) |
||
| 152 | |||
| 153 | 1 | laforge | see above. |
| 154 | 3 | laforge | |
| 155 | |||
| 156 | 4 | lynxis | h3. custom Interfaces / Procedures |
| 157 | |||
| 158 | h4. CEAI |
||
| 159 | |||
| 160 | FIXME |
