VoWifi Nodes
Role of ePDG , AAA & UE
Role of PGW , HSS , IMS , PCRF for VoWifi
KPI & Performance of VoWifi
Measure User Experience of VoWifi
Nodes Required for VoWifi Untrusted WLAN
We are going take deep dive on Untrusted Wireless LAN Architecture where we will review function of various nodes used to Offer VoWifi Service to users. Since traffic is coming via Internet in this Model, there is utmost need to protect & safeguard traffic from security point of view. We need to implement security with help of IPSec tunnel between the UE device and the Mobile Packet Core. The ePDG plays here vital role as this IPSEC tunnel coming from UE via Internet terminate on ePDG. This ePDG further pass this traffic to PGW via s2b Interface
There is new APN used by the name of IMS which ensures that Internet traffic is not mixing with VoWifi Traffic. Let’s summarize the list of Nodes play critical role in VoWifi Architecture.
New Nodes
ePDG
3GPP AAA
VoWifi & IPSEC capable UE
Re-Use Existing Nodes
PGW with s2b Support
HSS with SWx Support
Re-use existing PCRF with VoWifi Support (NPLI etc.)
IMS Core infrastructure with support for Wifi Access type
TAS with support for Wifi Access type
Section # 1, Role of UE
Welcome to Section-1 of this Module. Here We will go in depth of all the VoWifi Components & will understand their function. We will understand function of UE here
Role of User Equipment ( UE - Mobile Handset )
1. Have Operator 4G Supporting SIM: UE must have active 4G VoLTE Supporting SIM of Operator which is USIM or ISIM – Here 2G / 3G Old SIM will not work, Both USIM or ISIM should work based of Operator to Operator approach for VoLTE Adaptation
2. Hardware & Software Support for 4G, VoLTE & VoWifi Services: The handset must support 4G, VoLTE & VoWifi from both hardware & Software point of View. In many cases, Handset manufacturer releases new handsets & they keep the same hardware across the Globe which technically supports all of these. Based on SIM inserted, they detect the Operator and accordingly enable or disable services using Handset software binary. For example, Same handset may support VoWifi on Operator and may not support VoWifi on another Operator SIM. Technically speaking this Software Binary contains SWu IMS Client which is responsible for Maintaining VoWifi UE Connection and performs traffic steering/routing . There are few things are mandated as part of UE User Interface as per GSMA IR.51 such as.
Default setting for “VoWiFi calling” should be “ON” (Which means users’ needs not enable VoWifi once they purchase new handset)
VoWiFi Registration logo will be visible as “HD or VoWiFi or Operator Wifi” on Screen
There has to be VoWiFi toggle switch in handset to enable or disable VoWifi manually
3. Last one is support of Support of Profile based features, Authentication & Security used by Operator which usually comes with Software binary in Handset. These Includes: -
URI and FQDN addressing format as specified by Operator
APNs Configuration as specified by Operator
ePDG & IMS Security Configuration as specified by Operator
LTE/WiFi Radio Features
Media and SIP Settings
Network, Mobility, Handovers & Roaming Conditions as specified by Operator
Key Technical responsibilities of UE / Mobile Handset
Latching to Wifi Network & Ready to communicate to Internet
Discovering the ePDG using DNS Lookup methods (using static or dynamic FQDN of ePDG)
Establishing of IPSEC tunnel to ePDG (using IKEv2)
Get P-CSCF Details from Network
Performing SIP registration with SBC/PCSCF
Makes or receiving call via IMS/TAS
Decisions taken by UE / Mobile Handset
There is profile in UE in Compliance with respect to GSMA IR.51. Here, we will review, what all decisions UE needs to take. UE is pre-configured with operator profile/carrier bundle which defines a set of policies: -
- Default Preferred mode : VoWiFi Preferred ( Y / N )
- VoLTE to VoWiFi Handover Support and Vice versa : Y / N
- Criteria for RAT selection - These are whole set of decisions are taken by UE in order to provide best optimum experience to uses. In case there is problem with Wifi, UE can take call to Switchover call or Shift to VoLTE 4G Network. Few of these decisions are based on RSSI, RSSI, RTT, Jitter, etc..) and packet loss :-
RSSI thresholds for failover to VoLTE-4G Network
Jitter thresholds for failover to VoLTE-4G Network
Packet loss for failover to VoLTE-4G Network ~ >1 or 2%
Packet delay for failover to VoLTE-4G Network ~ Ideal Latency is less 75 MS with Tolerance upto 100 ms
Guard Timer xx Sec to avoid Ping pong between VoWifi and VoLTE ~ 2 Min
Data Speed for Voice call ~ 50 to 60 kbps using Wide Band Codecs. Further small signaling overheads will be there
- Carrier Bundle also specifies other Information to be used by UE while using VoWifi Service such as Encryption Algorithm & Key Life time, APN Details, ePDG Address etc.
These settings will vary from Handset to Handset and are configured by Handset Manufacturer in accordance with Operator. So, It’s Quite possible that Apple will have different experience than Samsung in VoWifi due to these decisions and variance in thresholds
Section # 2 , Role of ePDG
Welcome to Section-2 of this Module. Here We will go in depth of all the ePDG and understand it’s working. ePDG is key to VoWifi & it is one of most important nodes. Let’s understand its functions
ePDG Overview & 3GPP Specs
Well, Going by Specs, ePDG is defined in 3GPP Specs @ TS 23.402. This is VoWifi Reference architecture as per 3GPP Specs. Don’t worry looking at this diagram, we are going to simplify this
ePDG Provides a secure WLAN access to UE connecting to P-GW. It plays vital role in PDN connection from UE to EPC network. This Node is also responsible for connecting PGW & AAA for Authentication, Authorization and Accounting (AAA) purpose. ePDG is acting as gateway and is responsible for interconnecting the EPC with non-3GPP trusted networks such as WiFi. One of main task done by ePDG is to provide secure EPC access. Here the ePDG terminates IPSec tunnels which were established and initiated by UE. These tunnels are important for securing user traffic as User is sitting in untrusted WiFi network
ePDG Tasks - PGW Side
Now, Let’s understand main functions of ePDG
As you can see on Diagram, SWu link coming from Wifi UE is terminating on ePDG.
Here ePDG is landing point for all traffic coming from Internet. It has to facilitate support for the IPSec/IKEv2-based security & encryption
ePDG is responsible for Routing of packets between Wifi UE and the Mobile Core PGW
A Network will have many PGWs, here ePDG will help UE to reach appropriate PGW
ePDG also pass IPv4/IPv6 address allocated by P-GW for IMS APN to UE. As you know, Every UE needs a IMS Network Reachable IP to communicate to IMS Network such as SBC or P-CSCF. Pls Note: This IP is separate from Wifi Network IP Allocated to user
Net-Net, ePDG also map the bearers coming from PGW to IPSEC Tunnels towards UE
ePDG also does QoS mapping (DSCP Marking)
It is also used for Lawful Interception
ePDG Tasks - AAA Side
Now, Let’s see AAA related Tasks done by ePDG
ePDG is also required to talk to AAA for Authentication & Authorization of user
Handle handovers between WiFi and LTE by communicating with AAA and HSS to fetch PGW IP. We will discuss this concept in coming Videos where ePDG Retrieves PGW address from AAA during inter system Handover
ePDG Considerations
ePDG is the Bridge or Gateway between the Unsecure internet and the mobile core EPC Network. It takes care of many key functions such as Security, Authentication, Used for Roaming support, Handles Handovers and mobility
1. Security & Privacy: - Since ePDG is bringing in traffic from un-Secure Internet to Core EPC Network, Security becomes critical aspect for all Mobile Operators. There are various ways ePDG implement security by enabling Firewall functionality & Implementing Access List to ensure all Non-Legitimate access is blocked. ePDG is also capable of handling overloads and amplification-based attacks coming from Internet. ePDG also protects user privacy & ensure relevant security and encryption is in place so that no middle man can see your call or SMS exchanged over VoWifi
2. Service Parity: ePDG ensure that all services available on VoLTE are extended to VoWifi as well. For end user, there should not be any difference in End experience or ways and means to avail any feature functionality
3. Scalability & Capacity: Since ePDG is going to handle Millions of calls, it should be able to scale to that level & should provide Carrier Grade traffic handling at that Volume of Calls
4. Network Integration & Deployment: As per Traffic & Latency requirements, ePDG can co-exist with existing PGW or MME. Operators can dedicate some portion of MME or PGW hardware and create separate or virtualized ePDG instance. This will save Operator Cost and ePDG deployment time
ePDG Basics – Performance & KPIs
All the Mobile Operators must closely observe the performance & KPIs of ePDG to ensure quality of service offered to End Users. We will cover few basic KPIs which should be monitored closely: -
Session & Bearer Related KPIs: This includes all performance metrics related to Session & Bearer success rates. It needs to be monitor to detect any failure happening between ePDG to PGW which impact user for Calls & registration :-
• Initial Attach Sessions Success Rate
• Create Bearer Request Success Rate
• Delete Bearer Request Success Rate
• Delete Session Request Success Rate
Authentication & Authorization KPIs: ePDG should monitor Authentication & Authorization requests. Any deterioration in these KPIs will hint problem with AAA or HSS or Authentication Procedures with Handset / SIM. In case these KPIs are showing failures, Customer are finding it difficult to Register for VoWifi Service, they will stay on VoLTE :-
• ePDG EAP Success Rate
• Diameter ASR Success Rate
• Diameter EAP AKA Challenge Success Rate
• Diameter STR Success Rate
IPSEC Related KPIs: Within IPSEC. Version 2 of the Internet Key Exchange (IKEv2) Protocol dynamically creates and preserves a mutual state between the IP datagram endpoints. IKEv2 carries out two-party mutual authentication and creates the IKEv2 Security Association (SA). Any deterioration here specific that customers are facing issues in building IPSEC tunnels which restrict them to communicate with ePDG. These KPIs includes: -
• Internet Key Exchange IKEv2: Auth Request Success Rate
• Internet Key Exchange IKEv2: Init Request Success Rate
Service Continuity KPIs: This will tell if Handovers are happening seamlessly or not
• Handoff Sessions Success Rate
Volumetric KPIs: These KPI include.
• Peak Session Count
• Peak Simultaneous Attach User
• Total Session Count
• Total User Count
You must keep watch on Trending for these Volumetric KPIs, Any traffic or user dip points to problem. Finally, we should also monitor hardware and software utilization & capacity of ePDG to ensure its always have enough capacity to handle traffic
Section # 3, Role of AAA
Welcome to Section-3 of this Module. Here We will go in depth of all the AAA and understand its working
AAA Basics – Main Functions
Now, Let’s understand main functions of AAA
Well AAA is all about Authentication and Authorizing user. We need Authentication in order to ensure that Only Valid & Legitimate customer get VoWifi Service. AAA Speaks to HSS & get details of Subscriber Database which is further used for allowing service to user. AAA is part of Core Network which is vital for authenticating users in Non-3GPP domains. AAA uses USIM authentication along with HSS for a seamless authentication experience
Tasks of AAA
Authentication of User using EAP-AKA & Retrieves authentication information from HSS. Basically, EPC access authentication and authorization on SWm & SWx Interfaces
Retrieves Subscriber profile from HSS
Updating & Retrieval of P-GW IP Address in HSS using S6b and SWx (Required for VoLTE & VoWifi Handovers)
Communicate Authentication information back to ePDG
In case Customer profile gets modified in HSS, The HSS Communicates same to AAA & further it is enforced to UE by ePDG
Register itself in HSS for every authenticated and authorized user
Purge the User if Required as per Lifecycle or Profile changes
AAA have below interfaces with Other Network Elements, these interfaces are defined in 3GPP TS 29.273
SWx interface between AAA and HSS
SWm interfaces between AAA and ePDG
S6b interface between AAA and P-GW
AAA Basics – KPI & Performance
Now, Let’s understand, what all KPIs we should monitor in AAA to keep tap on health of VoWifi Service
Authentication & Authorization performance: As you know, AAA is all about Authentication & Authorization. We should monitor Diameter protocol success rates towards SWm, SWx & S6b interfaces.
• AAR Success Rate
• EAP request Success Rate
• MAR Success Rate
• RAR Success Rate
• STR Success Rate
Volumetric KPIs: - This includes KPIs like: -
• Failed Vs Authenticated Users
• Concurrent Session
• TPS
We should keep tap on Trending of traffic & usage. Basically, pattern needs to be tracked here to see what’s happening out there. Any dip tells us some issue
Section # 4, Role of PGW / HSS / IMS / PCRF
Welcome to Section-4 of this Module. Here We will understand role of other Ecosystem nodes which have adapted for VoWifi. Well, these are existing nodes which were deployed long back for 4G & VoLTE use, now they are re-used for VoWifi Service
Role of PGW for VoWifi
PGW is anchoring point for all VoLTE & VoWifi Traffic. It is used for both Payload and Signaling. Here PGW is performing many critical tasks such as: -
Allocating IMS IP Address to user
Works with ePDG for creating Bearers for SIP Signaling & VoWifi Call
It is responsible for P-CSCF server address discovery where UE is told IP Address of P-CSCF or SBC for Registration
PGW is also responsible for seamless handover of Voice or Video calls between VoLTE to VoWifi and vice versa
It can also be used to generate CDRs for QCI-5 (SIP Signaling) & QCI-1/2 (Voice and Video Calls), But these are data equivalent CDR which doesn’t contain A Party or B Party details, well few Operator uses PGW CDRs for analytics, Performance & Regulatory purpose. For Charging, we use TAS CDRs generated in IMS Network
Legal Interception purposes
VoWifi Interface terminating in PGW
S2b interface between ePDG and P-GW
S6b interface between AAA and P-GW
Role of HSS for VoWifi
Let’s quickly understand role of HSS as far as VoWifi is concerned
HSS is key component of the LTE and IMS networks. HSS Stands for Home Subscriber Server, this is master user database to store all customer related subscription details. User must be allowed for VoWifi facility in HSS for availing this service
Let’s Quickly understand role of HSS in VoWifi Architecture
HSS Should support VoLTE Features, i.e. Sh, Cx Interface, IMS 3th Party registration & Authentication, TADS Support, IP-SM-GW registration in case IP based SMS is used
HSS Should support below new features for VoWifi Support
• SWx interface support … Its between AAA & HSS
• TADS Support for VoWifi (i.e. For Incoming call, in case user is not found VoWifi, Call should be diverted in 2G / 3G or CS Network)
• Authentication Support for VoWifi
• Wifi RAT Type Support
• Subscription for VoWifi Service
Role of PCRF in VoWifi
Existing VoLTE PCRF will be used for handling all VoWifi Calls. In the Mobile Packet Core, PCRF performs classic policy implementation functions. For the Wi-Fi calling solution, it will trigger the setting up of default and dedicated bearers between the PGW and the ePDG on the S2b interfaces for SIP and RTP traffic
Role of PCRF in VoWifi
The PCRF handles Gx and Rx Protocol which is vital in Call Maturing and Location Tagging in CDRs
PCRF plays critical role in NPLI to extract the UE public IP address and port (For Location information in CDR. The User IP & Port will be written in TAS Voice / Video Call CDRs. In case of VoLTE, Actual 4G Cell Id was there). PCRF helps in carrying this information from PGW to IMS Network
The Wifi will come as new RAT Type which needs to be supported in PCRF
Role of IMS in VoWifi
Role of IMS in VoWifi
Existing VoLTE IMS network will be used for handling all VoWifi. IMS is parent technology for both VoLTE & VoWifi. VoWifi is just extension to existing VoLTE Service served by IMS Platform. IMS provides many functions related to SIP-based calling. On control plane signaling, it takes care of SIP authentication, takes care of basic telephony services, and interoperability with other CS & IMS Ecosystems. Other than voice, other multi-media functions such as video calling will also use and run on same IMS infrastructure
Let’s see the adaptations done in IMS for VoWifi
For IMS Network, The Wifi will come as new RAT Type which needs to be supported
For Example, TAS CDRs will be having Wifi as RAT Type for VoWifi Calls
Similarly, For Location information in CDR. The User IP & Port will be written in TAS Voice / Video Call CDRs. In case of VoLTE, Actual 4G Cell Id was there
TAS also needs to support VoWifi TADS & VoWifi Charging
ASBC Needs to support VoWifi/VoLTE handover notification
Section # 5, Improve Quality
Welcome to Section-5 of this Module. Here We will understand how you can keep close watch on VoWifi User experience & What steps you can take to improve same. Since VoWifi experience also depends upon Broadband Provider & Wifi Access Network, it’s important to maintain & view the KPI Metrics as per Public Source IPs of user wherever Possible
Measure VoWifi user experience
How to Measure VoWifi user experience
Well, I am going to covers ways and means to Improve Quality of VoWifi with Volumetric, CDRs & Analytics
You can measure host of things with help of Network KPIs, IMS KPIs & CDR Volumetric. If Possible, you need to maintain & prepare this data against Source IPs which will tell you how Individual Internet Service Provider or Wifi Provider or Broadband Provider is performing. In case KPIs are bad for all Broadband providers, this shows problem with Common element which could be ePDG or AAA. In case specific Broadband provider is having problem, this shows issue specific to that Broadband provider
Node KPIs: This are base KPIs are which are generated by our Network Nodes, you need to monitor: -
• ePDG KPIs
• AAA KPIs
• PGW KPIs for VoWifi
• HSS KPIs for VoWifi
• IMS – TAS, SBC KPIs for VoWifi
• Utilization % - Links, Nodes & Media for VoWifi
Any deviation in the KPIs is clear hint about some ongoing issue in network
Subs & Usage Data: These are Volumetric KPIs which helps you to understand how business is performing, Keep track on :-
• Unique Users on VoWifi
• Total Users on VoWifi
• Churned Users on VoWifi
• Total Traffic on VoWifi
• Total Incoming MOUs on VoWifi
• Total Outgoing MOUs on VoWifi
Per Subs Usage: This will tell you comparative & benchmarked data. Just compare these values between VoLTE & VoWifi
• mERL per Subs for VoWifi
• Avg Call Duration for VoWifi
• BHCA Per Subs for VoWifi
For Example, in case you are finding that Avg Call duration is very low for some ISP or Broadband provider. Or these are significantly low in VoWifi as compared to VoLTE. All these things hint to possible problem which needs immediate investigation
Other IMS KPIs: These are generic IMS KPIs which should be measured for VoWifi service separately & Tells clear insight on user experience
• Registration Success rate for VoWifi
• Avg call setup time for VoWifi
• Call Setup Success Rate for VoWifi
• RTP Loss for VoWifi
Future Reading & References
Well now we are at the end of this Module, you can refer to these documents for Future Reading & References
You need to simply type them in google & download PDF copy
3GPP TS 23.402
- Architecture enhancements for non-3GPP accesses
- Covers Complete Architecture in Detail, a Must Must Document for enhancing knowledge on VoWifi
3GPP TS 29.273
- 3GPP EPS AAA interfaces
- AAA Links, Descriptions, Format & Usage
#VoiceoverWifi #VoWiFiArchitecture #VoWiFi #VoWifiNodes #ePDG #AAA #Authentication #AAAAuthorization #AAAAccounting #EvolvedPacketDataGateway #VoWifiUE #VoWifiKPI #VoWifiPerformance #VoWifiUserExperience #VoWifihealth #VoWifiimprovement #ePDGArchitecture #ePDGKPI #AAAArchitecture #WifiCallingArchitecture #WifiCallingNodes #WifiCallingKPI #WifiCallingPerformance #VikasShokeen
Dev , ePDG have public IP & is reachable via Internet . The Wifi or broadband provider doesn't need to implement any changes at access Side , They simply route traffic towards Internet & it reaches ePDG . Its Handset job to resolve & find ePDG IP Address using DNS Query , We will cover this concept in coming Videos
Your videos have a great content and easily understandable... I have a question w.r.t untrusted WLAN VoWifi calling. In Trusted WLAN, there is a connection between WLAN (Operator "X") and IMS (Operator "X") via TWAG, this is understood. However, in Untrusted WLAN, how is the connection from WLAN to ePDG. Lets say I am using a Wifi managed by Operator "X" and the IMS is managed by Operator "Y". My question is how my Wifi Operator "X" is going to make connection towards ePDG of Operator "Y". There could be various such untrusted Wifi networks, so how they are going to reach the particular IMS network.