top of page
  • Writer's pictureVikas Shokeen

02 - VoWifi Architecture Overview (New)

Updated: Nov 7, 2020

- VoWiFi Architecture

  • VoWiFi Framework

  • VoWiFi Overview

- Various Architecture Options for Wifi Calling

  • Untrusted WLAN

  • Trusted WLAN

  • IMS Direct Access

- 3GPP Vs Non-3GPP Access

- VoWifi Nodes overview - New & Existing Ones

02 - VoWifi Architecture (PDF PPT)
Download PDF • 891KB
02 - VoWifi Architecture (PDF Word)
Download PDF • 2.34MB

Section # 1

In First Module, we are going to cover the basics of VoWifi & will see which all types of Wifi Access is supported for running Wifi Calling service

VoWiFi means the Wifi is used instead of 4G radio waves to transmit speech. It helps VoLTE users to connect to IMS network over Wifi Access. Here, Users can use IMS services and can make voice calls, SMS, and use other supplementary services. VoWiFi is required for Coverage Enhancement. VoWiFi is seamless and provide inbuilt handover to VoLTE.

VoWiFi has three options available: -

  1. Untrusted Wireless LAN Access Network

  2. Trusted Wireless LAN Access Network

  3. IMS Direct Access

VoWiFi Architecture – Basics

VoWiFi Architecture & Basics of Technology

Technically speaking, all Wifi networks – which are used to access the IMS infrastructure are part of VoWifi, for example Public Wifi access points are part of VoWifi. It extends to all unlicensed, untrusted and trusted networks. Okay, let's see which of the Specification covers VoWifi Service

  1. The 1st Document came from GSMS, The VoWifi Service is described in GSMAs permanent reference document IR.51 & IR.61, which covers IMS Profile for Voice, Video and SMS over untrusted Wi-Fi access

  2. The Second document, 3GPP’s TS 23.402 covers Architecture enhancements for non-3GPP [IP] accesses such as Wifi

These Specs are always available for you for further studies and taking your expertise to next level. Just Google them & download PDF Version

What is VoWiFi or Wifi Calling?

You can see the typical 4G VoLTE Network here. The users are attaching on 4G Radio network are connecting to IMS Network for using Telephony services such as Voice, SMS etc. Now, Let’s see how, VoWifi works

It uses IEEE 802.11 wireless LANs standard supporting Wifi network to make Voice calls over Wifi. This is very beneficial specially whenever you are in low 4G coverage like in house or indoors or in basement where Wifi is available. This feature will allow you to make normal calls using Wi-Fi. The technology is now available on all Leading Operators across Globe. All you need is latest Android and iOS smartphones to support this. VoWiFi is a complementary technology to VoLTE and utilizes IMS as parent Technology to provide a packet

voice service via Wi-Fi network. There is deep integration between 4G VoLTE & VoWifi where calls are seamlessly handed over between LTE and Wi-Fi and vice versa

Overview of VoWifi Solution

As you know, The UE is typically a smartphone which supports VoLTE & VoWifi. The UE is latched to a Wi-Fi access network. Here TWAG or ePDG gateway is used to integrate the Wireless LAN access network into the Mobile Network Packet Core - EPC Network. The P-GW acts as the common anchor for subscriber sessions irrespective of whether the UE is connected to Wi-Fi or LTE, which means both VoLTE & VoWifi streams terminate into PGW. There PGW enables the IP Session to be preserved during handover between VoLTE to VoWifi and vice versa. Ultimately this Sessions terminate into the IMS Network Node – SBC. Here IMS provides many functions related to SIP-based calling. On control plane signaling, it takes care of SIP authentication, takes care of basic telephony services, and interoperability with other CS & IMS Ecosystems. Other than voice, other multi-media functions such as video calling will also use and run on same IMS infrastructure

3GPP Access - Untrusted WLAN

3GPP supports multi-type of access. The idea was to offer single core network which supports multiple access technologies, and take benefits of numerous IP-based services

3GPP Access supports existing 3GPP radio access networks which are defined as part of 3GPP specifications, this includes

  • E-UTRAN (LTE and LTE-Advanced)

  • GERAN (GSM / GPRS radio access network)

  • UTRAN (UMTS-based WCDMA and HSPA radio access network)

The EPC Network also permits the interconnection of non-3GPP technologies between the UE and the EPC Core. There are many technologies and innovations which are not specified under 3GPP, these includes technologies such as Fixed networks, WiMAX, cdma2000, Wireless LAN, etc. Non-3GPP accesses can be classified into two categories: Trusted accesses and Untrusted accesses

Non-3GPP: Trusted Vs Untrusted Access

Let’s understand difference between Non-3GPP Access which are classified into Trusted Vs Untrusted Access

Trusted Access : As name suggests, These Wifi networks can be trusted End to End. They are allowed to communicate directly with the EPC via TWAG with less security as compared to Untrusted

Un-Trusted Access : Untrusted non-3GPP accesses the EPC (Which is our Mobile Core) through ePDG. Here ePDG act as gateway & provide security

Type of Non-3GPP Wireless LAN Access

There are 3 types of Access defined in Specs.

Untrusted Wireless LAN

The 1st one is Untrusted Wireless LAN where there is no trust of Operator in Wifi Network and Its - Access Path. The untrusted Wifi concept was first included in the 3GPP Release 6 (2005). Untrusted access involves any form of Wi-Fi connectivity that the provider has no control over, for example, public hotspots, home Wi-Fi and Open Wifi Hotspots. The VoWifi Access from Home Broadband or DSL is classic example of this type of Access. Here traffic goes from User to Internet & then it reaches Mobile Operator Network to which SIM Belongs. Here Traffic comes on Operator ePDG from Internet & further its terminated to Operator PGW. Since traffic is transiting via Internet here, there is no trust on Access Path & hence we call it as Untrusted Wireless LAN. In Untrusted Access, the network would require UE to go through an additional authentication and security process. Here since traffic is coming thru Internet using non-3GPP access, we use a special IP tunneling mechanism example IPsec for making it secure. The service is offered to SIM based mobiles & Tabs where Complete Authentication is done for users

Trusted Wireless LAN

This was launched in 3GPP Release 8 (2008) along with the LTE standard. Here Trusted Wireless LAN is directly linked to the Packet Gateway (PGW) via TWAG functionality. Here the Trusted Wireless LAN is managed directly by the operator and from a security point of view, the Wifi Network and Access can be trusted. As you know, 'Trust ‘means something which can be relied upon. Here in VoWifi, Trusted Wireless LAN is a Wifi Network and Access which to can be controlled in some way or other - such as Corporate Wifi Network. In case of trusted Networks, UE would get authenticated in different way which is bit relaxed as compared to Untrusted Wireless LAN Access

Here Below Security / Authentication may be added by Operator in Trusted Wireless LAN :-

• 802.1x-based authentication (Including RAN encryption)

• 3GPP-based network Access using the EAP authentication method

The UE is connected to the trusted access via the TWAG (Trusted Wireless Access Gateway) in the Wi-Fi core. The TWAG is then connected directly to the P-GW (Packet Gateway) in the Evolved Packet Core (EPC) through a secure tunnel (Ex GTP, MIP etc.)

Here communication is happening using IMSI of user, therefor this technique is Typically offered only to SIM based users

IMS Direct Access

In this Approach, User is directly connected to IMS Network using Direct Access. In this Scenario, App is installed in Handset which is responsible for Authentication and Access. Here Software on handset communicate with IMS Network for placing the voice over IP Calls and assess the Wifi Network. Here App provide various audio / video codecs and support for IMS adaptation.

Selection Criteria

All these three models come with some pros, cons, benefits & limitations. Let me take you thru the factors which affect the Model, which one should be used ?

  • Who Owns Wifi Access and Backhaul Network?

In case the Wifi Access or Backhaul belongs to 3rd Party Broadband service provider , There is no trust between Mobile Operator & Wifi Network . We have to go for Untrusted WLAN in such situations. Wherever Mobile Operator has deployed their own Wifi Hotspots for Offloading Voice and Data Traffic & Operator have their own Backhaul, we can always go for Trusted Wireless LAN as Operator have full control on this

  • Device Support

There are older devices in market which doesn’t support VoLTE and VoWifi. For such cases, we can always go for App based Calling using IMS Direct Access. Similarly, we can also plan to offer services for Non-SIM based devices for which such options can be explored

Other Aspects of VoWifi

Handover & Service Continuity

The handovers are crucial part of day to day scenario. For example, if you move out of Wifi coverage area, Ongoing call must continue on 4G / 3G Networks . There are 2 types of handovers which are used for Voice continuity in VoWifi :-

• DRVCC :- This handles Wi-Fi to 3G PS handovers

• ePDG / TWAG Continuity :- handover between Wi-Fi & LTE using ePDG or TWAG. This is applicable where 4G VoLTE coverage is widely available with Operator


In order to keep control in Wifi Selection done by Handset, we use this technology. Here, The UE is made aware of approved nearby Wifi access points with help of ANDSF – i.e. Access Network Detection and Selection Function (ANDSF) server. Operator can closely keep tap on the radio signal power and location of User. With help of ANDSF, Operators can influence UE to be offloaded onto Wifi Networks aggressively

Section # 2

Welcome to Second Module, we are going to cover the Untrusted Wireless LAN Access . Untrusted Wireless LAN Access is most widely used approach across the Globe as it can utilize any 3rd Party Wifi Network to provide VoWifi Services. This enforce UE to connect to the ePDG which further connect to the EPC network, and then register with the IMS network. Here ePDG and AAA server is a new one which we will discuss in coming Slides

VoWiFi Architecture – Untrusted Wireless LAN

Here we can see VoWiFi Architecture for Untrusted Wireless LAN. Traffic is originated from User Equipment which is latched on Home Wifi Broadband. This traffic terminates on VoWifi Core ePDG. Further ePDG handover this traffic to PGW of 4G LTE Network & Traffic reaches to IMS Network which is serving both VoLTE & VoWifi

There are 3 Networks elements which are added to EPC Network

  • ePDG : ePDG Provides secure Wireless LAN access to UEs to further reach out to the P-GW and form a PDN connection in the EPC network. Here ePDG is acting as Gateway for untrusted non-3gpp traffic. With help of Wifi Offload of Voice Traffic, the ePDG helps mobile operators to expand wireless service coverage, reduce the burden on the wireless network, and make use of existing infra to reduce Costs. ePDG carries both Payload and Signaling Traffic

  • AAA : As you know, AAA does 3 basic tasks such as Authentication, Authorization, and Accounting. This AAA Server provides UE authentication in VoWifi via the EAP Authentication method. EAP Stands for Extensible Authentication Protocol. Pls Note. AAA is used for Signaling & Authentication; it doesn’t carry Media such as Voice Call etc. We will see detailed call flows in coming slides

  • UE with VoWifi & IPSEC Tunnel Support : The VoWifi requires User Equipment or Handset with VoWifi Support. Here Traffic exchanged between ePDG is fully secured using IPSEC Tunnel which provides security. Here Security is of prime concern since traffic is transited via Internet which is prone to be exposed. Pls Note – The VoWifi capable UE must have pre-loaded with VoWifi enabled operator profile, i.e. Just like VoLTE Support, The Handset Manufacturer can enable or disable VoWifi support in their Software release or Binary, however all new handsets are coming with pre-enabled VoWifi in Software

New Nodes for VoWifi via Untrusted Wireless LAN

Let’s summarize the list of Nodes play critical role in VoWifi Architecture.

New Nodes

  • ePDG

  • 3GPP AAA

  • VoWifi & IPSEC capable UE

Re-Use Existing Nodes for VoWifi

Re-Use of Existing Nodes

  • PGW with s2b Support

  • HSS with SW Support

  • Re-use existing PCRF with VoWifi Support (NPLI etc.)

  • IMS Core infrastructure with support for Wifi Access type

  • TAS with support for Wifi Access type

Technology in Play – Untrusted Wireless LAN

Let’s review the technological interventions we have discussed so far, there are vital for VoWifi working using Untrusted Wireless LAN

  1. Wifi selection : This decides, how seamlessly your Mobile is latching to Wifi Networks for availing VoWifi Services, this can be controlled by both UE & Network. Using ANDSF Specs, Network can proactively tell handset to latch to respective Wifi SSID

  2. Authentication : For availing VoWifi services in Untrusted Wireless LAN, we use SIM Card based Authentication which includes EAP AKA, EAP Based Auth

  3. Quality of Service : As you traffic is coming via Shared Internet Path, End to End QOS can’t be offered in Untrusted Wireless LAN Access. If there is congestion in Wifi Access or Internet Pipe, or if there are Packet Loss or High Latency, VoWifi is prone to disruption

  4. Security : There is IPSEC tunnel between User and ePDG to protect security and privacy of User

  5. Handovers of VoWifi : There is handover between VoWifi & VoLTE, similarly there is way to define handovers with 3G PS Networks as well using DRVCC

Section # 3

Welcome to 3rd Module, we are going to cover the basics of Trusted Wireless LAN here . As compared to Untrusted Wireless LAN Access, this trusted Approach is not very popular. There are very few operators who have implemented this, so we will cover this only on high level without going into the depth

Trusted WLAN Access - via TWAG

Trusted Wireless LAN was referred in Specs during 3GPP Release 8, i.e. Year 2008. This is usually offered by Operator on their own Wifi Hotspots which makes it trusted. Operator can decide Authentication for Wifi Access using 802.1x based Auth, For User Authentication in Core, EAP Based Authentication is widely used. Here IPSEC is not used as its trusted Network

Role of TWAG

TWAG stands for Trusted Wireless Access Gateway. As name suggest, This act as Gateway for all trusted access. TWAG enabled interworking between Mobile EPC Core & Trusted Wifi Networks. There is secure tunnel created between TWAG & PGW using GTP, MIP or PMIP protocol.

TWAG is further connected to AAA using Sta link. This is used to carry access authentication, authorization and charging-related information. AAA further speaks to HSS to complete the process.

Future Reading & References

Well now we are at the end of this Module, you can refer to these documents for Future Reading & References . You need to simply type them in google & download PDF copy

3GPP TS 23.402

  • Architecture enhancements for non-3GPP accesses

  • Covers Complete Architecture in Detail, a Must Must Document for enhancing knowledge on VoWifi

3GPP TS 33.402

  • 3GPP System Architecture Evolution (SAE); Security aspects of non-3GPP accesses

  • Covers Security & Authentication related Call Flows


Recent Posts

See All


Os comentários foram desativados.
bottom of page