Mass migration (a.k.a., “mass toggling” or “mass switching”) of wireless communication devices between access points (APs) refers to a large number of wireless communication devices switching from one AP (e.g., a base station such as an LTE eNodeB or other base station) to another AP (e.g., a Wireless Local Area Network (WLAN) access point (AP)—a.k.a., “Wi-Fi AP”) within a relatively short window of time.
As used herein, the term wireless communication device refers to any device capable of communicating wirelessly with an access point. It is common to call to a wireless communication device (WCD) a “user equipment (UE).” Accordingly, in this document the terms WCD and UE are used interchangeably. That is, like a WCD, a UE is any device capable of communicating wirelessly with an access point.
Mobile operators (a.k.a., cellular operators) mainly use radio access technologies like GSM, cdma2000, WCDMA and LTE, but are increasingly using WLAN. Mobile operators are today using WLAN mainly to offload traffic from the mobile networks (a.k.a., cellular networks) they operate, but the opportunity to improve end user experience regarding performance is also becoming more important. Most current WLAN APs are totally separate from mobile networks, and are seen as non-integrated. The usage of WLAN is mainly driven due to the free and wide unlicensed spectrum, and the increased availability of WLAN in mobile terminals, like smartphones and tablets. The end users are also becoming more and more at ease with using WLAN, for example in offices and homes.
The different business segments for WLAN regarding integration possibilities can be divided into mobile operator hosted/controlled vs. 3rd party hosted/controlled WLAN access points (Aps) (here 3rd party is seen as anything else than mobile operator and that the 3rd party is not totally “trusted” by the mobile operator. 3rd party could be for example a WLAN operator or an end-user him/herself.). In both segments there exist public/hotspot, enterprise and residential deployments.
Different types of WLAN integration with mobile networks:
For simplicity we use the notation “3GPP” for typical cellular radio access technologies and use SAE/LTE nodes in the descriptions, but that doesn't restrict the methods used to the 3GPP-specified technologies (i.e. GSM, UTRAN, E-UTRAN).
WLAN integration with the mobile operators core network is emerging as a good way to improve end user experience. These solutions consist mainly of the components: common authentication between 3GPP and WLAN, and integration of WLAN user plane traffic to the mobile core network. The common authentication is based on automatic SIM-based authentication in both access types. The WLAN user plane integration provides the mobile operator the opportunity to provide the same services, like parental control and subscription based payment methods, for the end users when connected to the core network both via 3GPP and via WLAN. Different solutions are standardized in 3GPP: Overlay solutions (S2b, S2c) are specified since 3GPP Rel-8 while integration solutions (S2a) are currently work-in-progress (S2a, S2b, S2c indicating the 3GPP interface/reference point name towards the PDN-GW). These solutions are specified in 3GPP TS 23.402.
FIG. 1 shows the network architecture for E-UTRAN and EPC and how the eNodeB is connected via the S1-interfaces, S1-MME and S1-U to the MME and Serving GW respectively. It also shows how the WLAN access network is connected to the PDN-GW via the S2a interface and to the 3GPP AAA Server via the STa interface. The shown WLAN Access Network (AN) is just an example deployment and contains a WLAN Access Point (AP) (a.k.a., Wi-FI AP), WLAN Access Controller (AC) (a.k.a., Wi-FI AC), and a Broadband Network Gateway (BNG).
WLAN integration into Radio Access Network (RAN) is also emerging as an interesting study object. This has basically two different possible levels that could be implemented either separately or together. A first level of integration is to combine both 3GPP and WLAN in the small pico base stations to gain access to the WLAN sites with 3GPP technology and vice versa. The second level of integration is to integrate the WLAN access tighter into the RAN by introducing enhanced network controlled traffic steering between 3GPP and WLAN based on knowledge about the total situation on the different accesses. The driver for this second level of integration could be to avoid potential issues with UE controlled WLAN selection such as selecting WLAN when the WLAN connection is bad or when the UE is moving, thus giving better end user performance and better utilization of the combined WLAN and cellular radio network resources.
Access network discovery and selection function (ANDSF):
The UE determines whether to switch from 3GPP to WLAN and vice-versa (applicable for Idle mode or during traffic). That is, the UE selects which RAT to use. To enable the UE to do this selection, the UE is provisioned with an ANDSF policy (“Policy” for short) (or multiple Polices). In one example, a Policy includes: a) list of allowed WLAN cells (PLMN IDs) (this list may be stored in the SIM or in the I-WLAN management object (MO) (see 3GPP TS 24.235); and b) rules for selecting 3GPP or WLAN. See 3GPP TS 24.302, 24.312.
The ANDSF policy can be configured individually by the ANDSF server, based on the UE providing ‘location’ and ‘operating system’. However, it is quite costly to provide Policy updates per location. The signaling sequence is both time consuming and large in data volume.
The provisioning of ANDSF policies is a rather slow and signaling-intensive procedure. It uses OMA-DM procedures, where the UE is notified using SMS and then queries the server. The XTML-encoded ANDSF Managed Object is then downloaded. Hence ANDSF policies will not be frequently updated and will remain unchanged over rather large areas.
Introduction to WLAN concepts.
WLAN is the marketing name for IEEE standard 802.11. It is a standard for both Level 1 (physical) and Level 2 (data link) of a wireless data transmission protocol. 802.11 defines many Level 1 variants. 802.11g is one higher speed Level 1 standard compared to 802.11b that was the first generation WLAN. The radio frequency bands used are normally unlicensed bands and include ISM-bands in 2.4 GHz and 5.2 GHz. Lately also 5.8 GHz is being introduced and even 60 GHz is an active discussion topic in the research area.
Selected WLAN concepts are as follows:
1) A service set is all the devices associated with a local or enterprise IEEE 802.11 wireless local area network (WLAN).
2) The basic service set (BSS) is the basic building block of an 802.11 wireless LAN. In infrastructure mode, a single access point (AP) together with all associated UEs (STAB) is called a BSS. This is not to be confused with the coverage of an access point, which is called basic service area (BSA). An access point acts as a master to control the UEs within that BSS. Each BSS is identified by a basic service set identification (BSSID) that is normally the MAC address of the AP (i.e. 48 bits). The simplest BSS consists of one access point and one UE (a.k.a., “station”). The BSS is in many ways similar to a cell in mobile network.
3) An extended service set (ESS) is a set of one or more interconnected BSSs and integrated local area networks that appear as a single BSS to the logical link control layer at any UE associated with one of those BSSs. The set of interconnected BSSs must have a common SSID. They can work on the same channel, or work on different channels to boost aggregate throughput.
4) The Service Set Identifier (SSID) is the network Identifier, and so called friendly name for the service set (i.e. either BSS or ESS). The maximum length of the SSID is 32 octets
A beacon frame (see FIG. 2) is one of the management frames in IEEE 802.11 based WLANs. It contains all the information about the network. Beacon frames are transmitted periodically to announce the presence of a Wireless LAN network. Beacon frames are transmitted by the Access Point (AP) in an infrastructure BSS. A probe request frame is sent from a UE when it requires information from the access point and a probe response frame is sent from an access point containing capability information, supported data rates, etc., after receiving a probe request frame. In addition there are multiple different frame like data frames, control frames and other management frames related to the following procedures.
In an infrastructure network, UEs must associate with an access point to obtain network services. Association is the process by which UE joins an 802.11 network. Mobile UEs always initiate the association process, and access points may choose to grant or deny access based on the contents of an association request. When a mobile UE moves between basic service areas within a single extended service area, it must evaluate signal strength and perhaps switch the access point with which it is associated. Re-associations are initiated by UEs when signal conditions indicate that a different association would be beneficial; they are never initiated by the access point. To terminate an existing association, UEs may use the disassociation service. Once disassociation is complete, it is as if the UE is no longer attached to the network. Disassociation is a polite task to do during the UE shutdown process.
Authentication is a necessary prerequisite to association because only authenticated users are authorized to use the network. Deauthentication terminates an authenticated relationship. Because authentication is needed before network use is authorized, a side effect of deauthentication is termination of any current association.
FIG. 2 shows the above described association procedure at a high level.
FIG. 3 shows an example procedure for a WLAN UE connecting to a WLAN network with a WLAN Access Controller. Other procedure may also be used depending on implementation in the UE and network. The EAP signalling is in this procedure used to authenticate the UE towards the network. The UE uses IMSI or some other certificate to identify itself towards the network. Note that the 802.11 Authentication Response only opens limited ports to allow the EAP Authentication to proceed. Hence the 802.11 Layer 2 Association Response only provides a “pending association” and full association is granted upon successful completion of EAP Authentication.
When the UE accesses WLAN network it can be authenticated using EAP-SIM/AKA/AKA′ protocols. This may be the typical case of a combined UE/STA in the future. The UE can in these cases be identified by either the full authentication Network Access Identifier (NM) or by the fast re-authentication NAI. The full authentication NM contains the IMSI of the UE and the fast re-authentication NM is similar to the temporary identities used in LTE access in the sense that it is the 3GPP AAA Server that knows the relation between the fast re-authentication NAI and the full authentication NAI. Therefore it is the 3GPP AAA server that knows the relation between the fast re-authentication NM and the IMSI.
FIG. 4 shows a more detailed example of generic EAP-AKA/AKA′ signalling flow.
Different standards organizations have started to recognize the needs for an enhanced user experience for WLAN access, this process being driven by 3GPP operators. An example of this is the WLAN Alliance with the Hot-Spot 2.0 (HS2.0) initiative, now officially called PassPoint. HS2.0 is primarily geared toward WLAN networks. HS2.0 builds on IEEE 802.11u, and adds requirements on authentication mechanisms and auto-provisioning support.
The momentum of Hot-Spot 2.0 is due to its roaming support, its mandatory security requirements and for the level of control it provides over the terminal for network discovery and selection. Even if the current release of HS2.0 is not geared toward 3GPP interworking, 3GPP operators are trying to introduce additional traffic steering capabilities, leveraging HS2.0 802.11u mechanisms. Because of the high interest of 3GPP operators, there will be a second release of HS2.0 focusing on 3GPP interworking requirements.
The HS2.0 contains the following procedures:    1) Discovery: where the terminal discovers the WLAN network, and probes them for HS2.0 support, using 802.11u and HS 2.0 extensions.    2) Registration is performed by the terminal toward the WLAN Hot-spot network if there is no valid subscription for that network.    3) Provisioning: Policy related to the created account is pushed toward the terminal. This only takes place when a registration take place.    4) Access: cover the requirements and procedures to associate with a HS2.0 WLAN network.
HotSpot 2.0 uses Access Network Query Protocol (ANQP) as part of the network discovery and selection function. It provides a mechanism for the UE to request different information from AP before association. FIG. 5 shows the main principle for ANQP. ANQP is carried in the Generic Advertisement Services (GAS) protocol.