Since the advent of Mobile internet technologies, the users and their demand for the data access with high rate has been growing exponentially. The radio access technologies have evolved to support broadband accesses and the packet core network has evolved to cope with the packet data demands and the evolved radio access technologies. Long Term Evolution, LTE, specified by the third Generation Partnership Project, 3GPP is a broadband cellular IP access technology that provides increased speed and capacity. The 3GPP-specified Evolved Packet Core, EPC, is the packet core network specified for LTE access. Additionally, the EPC is becoming a common core network for packet switched services for 2G and 3G radio access networks as well as Wi-Fi local access network, WLAN, as specified in 3GPP technical specifications TS 23.401 and TS 23.402.
The EPC consists of a packet core domain and a user domain. The user domain provides the complete updated information of users on request. It maintains the database to support roaming mobility of the subscriber as well authentication, authorization and accounting. The user domain consists of multiple nodes comprising HSS, AAA and policy server. The packet core domain provides IP services over 2G (GSM), 3G (WCDMA/HSPA/CDMA), 4G (LTE) and Non-3GPP technologies such as Wi-Fi or Wimax.
To provide packet services to UEs attached through the LTE radio access network, the packet core domain uses the Mobility Management Equipment, MME, the Serving Gateway, SGW, and the Packet Data Network Gateway, PDN GW. The PDN GW is the demarcation point between the IP networks and the packet core domain and acts as the common anchor point for the PDN connections of UEs connecting or moving from one access network to a different access network while maintaining the same IP address.
Using LTE access technology, a UE attaches to the EPC to establish the first PDN connection. A PDN connection is characterized by a PDN type which indicates the type of connectivity requested for the PDN, i.e., Internet Protocol, IPv4, IPv6 or IPv4/IPv6 and an Access Point Name, APN. A default APN is used by the EPC when the UE does not signal the APN in the attach message, else the UE signals the APN in the attach message indicating the PDN it wants to connect to. One Evolved Packet System, EPS, bearer is established when the UE connects to a PDN, and that remains established throughout the lifetime of the PDN connection to provide the UE with always-on IP connectivity to that PDN. That EPS bearer is referred to as the default bearer and is assigned quality of service, QoS, parameters by the network, based on subscription data. The UE may establish additional EPS bearers for the same PDN connection if the applications in the UE require QoS that cannot be offered by the default bearer. The additional EPS bearers are known as dedicated bearers and consume radio resources; hence they are established on a need basis and released when the application no longer needs them.
In an EPC where GPRS tunneling protocol, GTP, is used, an EPS bearer consists of a GTP tunnel established between the PDN GW and the SGW, an S1 bearer between the SGW and the eNodeB, eNB, and a radio bearer between the eNB and the UE. If Proxy Mobile IP is used, the bearer is established between the UE and the gateway associated to the access network technology, i.e., SGW for LTE, HSGW for CDMA, etc.
The UE may establish multiple PDN connection with different APN or the same APN. Each PDN connection consists of a default EPS bearer and zero or more dedicated bearers.
For Voice over LTE, VoLTE, application using IP multimedia service, IMS, the IMS client application in the UE must use for the IMS signalling, the pre-configured IMS well-known APN as defined in GSMA PRD IR.88 “LTE Roaming guidelines”, when it attaches to the network or when it establishes an additional PDN connection. If the PDN connection established during the initial attach is to an APN other than the IMS well-known APN, then the UE must establish another PDN connection to the IMS well-known APN in order to register for VoLTE service with IMS. A default EPS bearer is created when the UE establishes the PDN connection to the IMS well-known APN. The default EPS bearer is used for IMS Session Initiation Protocol signaling used for VoLTE. The default EPS bearer is hence used to exchange SIP signaling with a terminating end point to establish a voice path between the UE and the terminating end point. Utilizing interaction of PDN GW with dynamic Policy Control and Charging server in the EPC, a dedicated EPS bearer between the PDN GW in the EPC and the UE is established to transport the conversational voice packets.
As EPC supports multiple radio access networks, a UE can connect to the EPC over an untrusted WLAN. In this scenario, the EPC network does not trust the WLAN which is typically the case when the UE connects to its EPC services through a public Wi-Fi hotspot or through a Wi-Fi hotspot that is not owned by the EPC operator. The packet core domain of the EPC includes an evolved Packet Data Gateway, ePDG, which is used as a gateway to the EPC and is responsible for establishing a secure packet data connection over the untrusted WLAN through the packet core domain to the PDN GW as described in 3GPP TS 23.402. The secure packet data connection consists of an IP security, IPsec, tunnel between the UE and the ePDG, also known as the SWu interface and the GPRS tunneling protocol, GTP, tunnel between the ePDG and the PDN GW, also known as the S2b interface.
In the SWu interface between the UE and the ePDG, the IPSec protocols comprising Internet Key Exchange version 2, IKEv2, Internet Engineering Task Force, IETF, RFC 5996 and IP Encapsulating Security Payload, ESP, IETF RFC 4303, of IPSec, IETF RFC 4301 are used. The IKEv2 protocol originally was designed by IETF to dynamically negotiate keys for IPSec tunnel. However, in the SWu interface, the IKEv2 protocol is specified by 3GPP to implement UE attach and PDN connection procedures. When IKEv2 initial exchanges (including IKE_SA_WIT and IKE_AUTH) are successfully setup, the UE attach procedure and PDN connection establishment is completed: the IPsec tunnel between ePDG and UE and the corresponding GTP tunnel, s2b, between the ePDG and the PDN GW are setup. The IKE_SA_INIT exchange is used to setup IKE_SA including IKE SPI assignment. The IKE_AUTH exchange is used for profile provisioning and user authentication, negotiation of IPSec Security Association, SA, including IPSec SPI assignment associated to an IPSec tunnel, and IP address assignment for the UE. Once the IKE_AUTH exchange is completed, the PDN connection is setup with the corresponding IPSec tunnel as the user plane tunnel over the SWu interface. To release the PDN connection, an IKEv2 INFORMATIONAL exchange is used to delete the IKE_SA and the IPsec SA. When a dedicated bearer is required, a dedicated GTP tunnel (i.e., S2b bearer) is established over the S2b interface which may be a result of interaction between the PDN GW and the Policy control and charging rule server in EPC. The PDN GW sends uplink packet filters to the ePDG as part of the dedicated GTP tunnel establishment procedure. The ePDG links the dedicated bearer to the default bearer and uses the uplink packet filter to determine the mapping of uplink traffic flows from the UE to the GTP tunnel. The IPsec tunnel between the ePDG aggregates IMS SIP signaling and the voice packets and connects to the default and dedicated GTP tunnels.
A UE may also request Voice over LTE service when connected to an untrusted WLAN access. The service is known as VoWi-Fi. The UE uses the same IMS client application and supports mobility between LTE and Wi-Fi networks, hence enabling seamless handover of a voice call when the user moves between the two access networks. To support VoWi-Fi, a PDN connection is established using the IMS well-known APN resulting in establishment of an IKE SA, an IPsec tunnel and a GTP tunnel as a default s2b bearer. Once the VoWi-Fi session is negotiated to establish a voice path, a dedicated GTP tunnel to carry the voice packets is established between the ePDG and the PDN GW. One IPSEC tunnel connects to the two GTP tunnels (default and dedicated).
During a VoWi-Fi session, UE may go out of the Wi-Fi coverage area or loses connection due to WLAN network issues. In these cases, IKE keep-alive mechanism can be used to detect whether the remote peer is still there, to perform IKE peer failover, and to reclaim unused resources. An alternative method called Dead Peer Detection, DPD, as specified in IETF RFC 3706 “A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers” can also be used to detect unreachable Internet Key Exchange (IKE) peers. Each peer (UE and ePDG) may have different requirements for detecting proof of liveliness. The purpose of DPD is to potentially kill the SAs or may force renegotiation of the SAs when a dead peer is detected. Unlike IKE keep-alive method, each peer can govern the DPD message exchange, for example when one peer (e.g., ePDG) is about to send IPsec packets to the other peer (e.g., UE) after a period of idleness, it starts the DPD exchange to detect if the other peer is still alive, or each peer can define its own DPD exchange interval that defines the urgency of the DPD exchange from each peers' perspective.
Real-time communication scenarios (e.g., VoWi-Fi) need frequent detection, which is not required in best effort scenario, but frequent detection would increase the signaling load. In current standard practice, reducing the network load and increasing the network efficiency do not balance quite well.