PMIPv6-based Session Creation

The following topics are discussed:

Feature Description

Overview

SaMOG supports Radius Access-Request, Radius Accounting-Request and DHCP messages as the triggers for session creation.

Based on the AP/WLC capabilities, SaMOG can support session establishment in the following ways:

  • When the AP/WLC is capable of RADIUS-based authentication, SaMOG acts as a AAA server and initiates session creation when it receives a RADIUS Access-Request from the AP/WLC.

  • When the AP/WLC is capable of only forwarding DHCP messages from the UE through an EoGRE tunnel, SaMOG initiates session creation on receiving DHCP Discover and DHCP Request messages from the AP/WLC.

  • When the AP/WLC is not capable of establishing EoGRE connections, is configured with a DHCP server, and the UE IP is allocated by the AP, SaMOG acts as an accounting server and allocates an IP. SaMOG then performs NAT between the IP allocated by the AP, and the IP allocated by SaMOG to establish a session for the subscriber.

With this feature, the SaMOG Gateway can also initiate session creation when it receives a PMIPv6 (PBU) message from the access point (AP). This feature integrates SaMOG as a gateway in deployment architectures where the AP/WLC can only initiate PMIPv6 messages, and not RADIUS or DHCP messages.

License Requirements

The following licenses are required for this feature:

  • SaMOG General license (3G and 4G)

  • SaMOG Local Breakout - Enhanced license to configure a local P-GW

Relationship to Other Features

DHCP-triggered and RADIUS-based Session Creation

DHCP-triggered and RADIUS (Access and Accounting) triggered sessions can co-exist with the PMIPv6-based sessions if the AP initiating the sessions are on different TWAN profiles. These TWAN profiles must have a corresponding session trigger configured.

Session Recovery

The PMIPv6-based sessions can be recovered for both unplanned failures and planned migrations.

How PMIPv6-based Session Creation Works

Architecture

The following is the sequence of events for a PMIP-based session creation deployment model:

  • The UE communicates with the AP/WLC over the 802.11 link for WiFi association and data transmission. The AP/WLC forms a PMIPv6 Proxy Binding Update (PBU) message with the UE MAC in the Username part of NAI or UE MAC as NAI (MAC@realm or MAC).

  • The AP/WLC sends the PBU message to SaMOG over the GRE (PMIPv6) tunnel.

  • On receiving the PBU message, SaMOG performs RADIUS-based authentication with the 3GPP AAA server.

  • The SaMOG Gateway then uses the Local Breakout (LBO) - Enhanced feature to allocate an IPv4 address and forwards it in the PBU message to the AP.

  • The AP forwards this message to the UE.

  • Any UE initiated traffic is then forwarded to a web authentication portal through the AP, SaMOG Gateway, and the local P-GW (LBO).

  • The UE is presented with a web portal for subscriber authentication. The web portal authenticates the subscriber credentials with the AAA server, and informs the PCRF.

  • The PCRF responds to the web portal with an RAR message on the Gx interface to remove the HTTP redirection rules.

  • All UE traffic is henceforth directed to the Internet.

Limitations

Architectural Limitations

  • This feature supports RADIUS-based authentication between SaMOG and the 3GPP AAA Server. Diameter-based authentication is currently not supported.

  • With this feature, the AP will not send the SSID or location information in the PBU message.

  • Only IPv4 address allocation is supported for the UE. IPv6 and IPv4v6 PDN types are currently not supported.

  • All interfaces towards all external nodes will be IPv4 address only. IPv6 transport on any interface with external nodes is currently not supported.

Flows

PMIPv6-based Session Establishment

The figure below shows the detailed session establishment flow for a PMIPv6-based session. The table that follows the figure describes each step in the flow.

Figure 1. PMIPv6-based Session Establishment Call Flow
Table 1. PMIPv6-based Session Establishment

Step

Description

01

UE performs 802.11 association with the AP.

02

AP forms a PBU and sends it to SaMOG. The message has the following parameter:

UE MAC address in the Username part of NAI, or NAI can be only UE MAC (MAC@realm or MAC).

03

SaMOG caches the PBU message and maps its contents to the Radius Access-Request message towards the AAA Server.

04

AAA server determines that the UE MAC is not authenticated and sends an Access-Accept message with an access point name (APN) and NAI in the MAC@realm format. These values are received using CS-AVPair attributes similar to DHCP/Radius Accounting triggered sessions.

05

SaMOG initiates a PMIPv6 Proxy Binding Update (PBU) message towards the Local Gateway (LGW) to setup the network side of the call. The MNID of the PBU is the NAI received from the AAA Server.

06

LGW sends CCR-I towards the PCRF, and includes the NAI/MNID received from SaMOG in the PBU.

07

PCRF determines that the subscriber is not authenticated and sends a CCA-I with Layer 7 (L7) redirection rulebase name.

08

LGW installs the L7 redirection rule and proceeds with session creation.

09

LGW allocates an IP address for the UE, and sends the same in Proxy Binding Answer (PBA) message towards SaMOG.

10

SaMOG completes the session creation by sending the PBA message to the AP.

11

UE attempts to access the HTTP page, and the HTTP packet reaches the LGW through SaMOG.

12

As the L7 redirection rule on the LGW is active, the LGW intercepts the HTTP packet.

13

LGW responds with a HTTP 302 response and provides the URL of the web authentication portal to the UE.

14

UE sends the HTTP GET request to the web portal through SaMOG and LGW.

15

The web portal presents the login page to the UE to enter the username and password.

16

Subscriber enters the username and password to perform web authentication.

17

The web portal invokes the PCRF API to share the username, password, and the source IP address of the packet.

18

PCRF validates the subscriber credentials and marks the UE MAC corresponding to the IP address as authenticated.

19

PCRF indicates authentication success to the web portal. The web portal then sends a HTTP 302 response to the UE with redirect to the originally accessed web page.

20

PCRF sends an RAR message on the Gx interface to indicate the removal of redirection rule.

21

LGW acknowledges with an RAA message.

22

LGW removes the L7 redirection rule for the UE session.

23

LGW sends a CCR-U message to PCRF to get quota information for the authenticated session.

24

PCRF sends the requested information in the CCA-U message.

25

UE attempts to connect to the originally accessed web page again. As the L7 rule is not present at the LGW this time, the packets are sent to the Internet.

Configuring PMIPv6-based Session Creation

Enabling PMIPv6-based Session Creation Trigger

Use the following configuration to enable PMIPv6-based session creation:

configure 
    context context_name 
        twan-profile profile_name 
            session-trigger pmipv6 
            end

Notes:

  • Use the default session-trigger command to reset the configuration to its default value.

  • Default: RADIUS (authentication)-based session trigger

Monitoring and Troubleshooting PMIPv6-based Session Creation

Show Command(s) and/or Outputs

show samog-service statistics

The following fields are available to the output of the show samog-service statistics command in support of this feature: 

PMIP Trigger Session Stats: 
  Total Attempted:                0 
  Total Setup:                    0 
  Total Current:                  0 
  Total Released:                 0 
  Total Aborted:                  0 
  Total Disconnected:             0
Table 2. show samog-service statistics Command Output Descriptions

Field

Description

PMIP Trigger Session Stats:

Total Attempted

Total number of PMIP-triggered MRME calls attempted.

Total Setup

Total number of PMIP-triggered MRME calls that were successfully established.

Total Current

Total number of PMIP-triggered MRME calls that are currently present in the system.

Total Released

Total number of PMIP-triggered MRME calls aborted/disconnected.

Total Aborted

Total number of PMIP-triggered MRME sessions aborted before call establishment.

Total Disconnected

Total number of PMIP-triggered MRME sessions disconnected after call establishment.

show subscribers samog-only full

The following fields are available to the output of the show subscribers samog-only full command in support of this feature: 

MRME Subscriber Info: 
 --------------------- 
    Session Trigger Type: pmip
Table 3. show subscribers samog-only full Command Output Descriptions

Field

Description

MRME Subscriber Info:

Session Trigger Type

The session trigger type applied for the subscriber.

Session Trigger type can be one of the following:

  • DHCP

  • Radius

  • Radius Acct

  • pmip

show twan-profile

The following fields are available to the output of the show twan-profile { all | name profile_name } command in support of this feature: 

TWAN Profile Name                     : twan6 
  Access-Type Client List 
    Default Access Type               : PMIP 
    Default Radius Dictionary         : custom70 
    Session Trigger Type              : pmip
Table 4. show twan-profile Command Output Descriptions

Field

Description

TWAN Profile Name

Name of the TWAN profile.

Access-Type Client List

Default Access Type

Default access type set for the TWAN profile. Access type for the TWAN profile for PMIPv6-based session trigger must be PMIP.

Default Radius Dictionary

Default RADIUS dictionary used for the TWAN profile.

The default RADIUS dictionary can be one of the following:

  • custom71 for Cisco WLC

  • custom70 for non-Cisco WLC

Session Trigger Type

The session trigger type set for the TWAN profile.

Session Trigger type can be one of the following:

  • DHCP

  • Radius

  • Radius Acct

  • pmip

PMIPv6-based Session Creation Bulk Statistics

The following bulk statistics in the SaMOG schema provide PMIPv6-based session creation related information:

Variable

Description

Data Type

mrme-pmip-trigger-total-attempted

Description: Total number of PMIP-triggered MRME calls attempted.

Triggers: Increments when an MRME call is attempted through PMIP-trigger.

Availability: Per SaMOG Service

Type: Counter

Int32

mrme-pmip-trigger-total-setup

Description: Total number of PMIP-triggered MRME calls that were successfully established.

Triggers: Increments upon successful MRME call setup through PMIP-trigger. This does not decrement when the call is disconnected.

Availability: Per SaMOG Service

Type: Counter

Int32

mrme-pmip-trigger-total-current

Description: Total number of PMIP-triggered MRME calls that are currently present in the system.

Triggers: Increments upon successful PMIP-triggered MRME call set up. Decrements upon successfuldisconnection of PMIP-triggered MRME call.

Availability: Per SaMOG Service

Type: Gauge

Int32

mrme-pmip-trigger-total-released

Description: Total number of PMIP-triggered MRME calls aborted/disconnected.

Triggers: Increments when the PMIP-triggered MRME call is successfully disconnected.

Availability: Per SaMOG Service

Type: Counter

Int32

mrme-pmip-trigger-total-aborted

Description: Total number of PMIP-triggered MRME sessions aborted before call establishment.

Triggers: Increments whenever PMIP-triggered MRME subscriber session is aborted by SaMOG due to various call setup failure such as authentication failure, pgw selection failure, and Session Setup Timeout.

Availability: Per SaMOG Service

Type: Counter

Int32

mrme-pmip-trigger-total-disconnected

Description: Total number of PMIP-triggered MRME sessions disconnected after call establishment.

Triggers: Increments when PMIP-triggered MRME session gets disconnected.

Availability: Per SaMOG Service

Type: Counter

Int32