Enabling S6b for IMS APN

This chapter describes the following topics:

Feature Summary and Revision History

Summary Data

Applicable Product(s) or Functional Area

  • GGSN

  • P-GW

  • SAEGW

Applicable Platform(s)

All

Feature Default

Disabled - Configuration Required

Related Changes in This Release

Not Applicable

Related Documentation

  • Command Line Interface Reference

  • GGSN Administration Guide

  • P-GW Administration Guide

  • SAEGW Administration Guide

Revision History


Important

Revision history details are not provided for features introduced before releases 21.2 and N5.1.

Revision Details

Release

In this release, S2a authorization is enabled to separate the authentication request for LTE and Wi-Fi interfaces using authorize-with-hss eGTP configuration. It enables s6b authentication in both APN and P-GW service for S2a interface only.

21.21

With this feature, S6b authorization is enabled for 3G access at the APN level to allows P-GW to update the new P-GW ID to HSS.

21.6

First introduced.

Pre 21.2

Feature Changes

Currently, P-GW supports enabling S6b authentication for 3G access on GGSN service level configuration.

For LTE or Wi-Fi access, S6b authentication is supported on both P-GW service level and APN level configuration. If the S6b authentication is enabled for particular APN, when the subscriber joined on LTE transfers to Wi-Fi then 3G, UE does re-registration of the IMS session on 3G. Different P-GW is selected. However, SGSN does not update the new P-GW. HSS has the history of the old P-GW. When the subscriber transfers back to LTE and then to Wi-Fi, it hands over to the old P-GW. However, the old P-GW does not have the new IMS session and this result in the handover failure. With this feature, S6b authorization is enabled for 3G access at the APN level to let P-GW update the new P-GW ID to HSS. This addresses the inconsistency. Following two authorize-with-hss CLI keywords are added at the APN level to enable S6b authentication for 3G access and GnGp handover.

  • gn-gp-enabled: Enables the S6b authentication for 3G access during the call connect and gn-gp handover.

  • gn-gp-disabled: Terminates S6b connection when the subscriber moves to 3G access. This is used to override the legacy handover behavior where the session was continued irrespective of the configuration.


Note

These new keywords are not configured by default when authorize-with-hss or authorize-with-hss egtp are configured. You have to explicitly enable this customized behavior by configuring the CLI commands introduced for this feature.

Enhancement to S6b Authentication: In StarOS 21.21 and later releases, S2a authorization is enabled to separate the authentication request for LTE and Wi-Fi interfaces using authorize-with-hss egtp configuration. It enables s6b authentication in both APN and P-GW service for S2a interface only.

Configuring Commands for Enabling S6b for IMS APN

S6b authentication can be enables at the APN level, two new keywords have been added to the authorize-with-hss CLI command.

To enable or disable S6b, execute the following command: 


configure 
   context context_name 
      apn apn_name 
         authorize-with-hss [ egtp [ gn-gp-enabled ] [ s2b [ gn-gp-enabled [ report-ipv6-addr ] ] ] [ s5-s8 [ gn-gp-disabled | gn-gp-enabled ] ] [ report-ipv6-addr ] | lma [ s6b-aaa-group aaa-group-name | report-ipv6-addr ] | report-ipv6-addr ] 
         [ default | no ] authorize-with-hss 
         exit
NOTES:

  • gn-gp-disabled: Disables S6b authorization for 3G initial attach and GNGP handover.

  • gn-gp-enabled: Enables S6b authorization for 3G initial attach and GNGP handover.

  • s2b: Enable S6b authorization for egtp-S2b.

  • s5-s8: Enable S6b authorization for egtp-S5S8.

  • report-ipv6-addr: Enables IPv6 reporting through AAR toward the S6b interface.

Enabling S6b Authentication for Trusted Wi-Fi

Enabling S6b Authentication for Trusted Wi-Fi

S6b authentication is enabled for all LTE and Wi-Fi interface using HSS authentication process. To separate this authentication request for LTE and Wi-Fi interfaces a new configuration is introduced. The parameter S2a is added to represent the trusted Wi-Fi interface in the configuration part of authorize-with-hss egtp and this enables the S6b authentication for S2A interface only and this is done in both APN and P-GW service configuration.

Use the following S2a configuration command to indicate Trusted Wi-FI at authorize-with-hss egtp:


configure 
   context context_name 
      apn apn_name| pgw-service service_name 
         authorize-with-hss [ egtp [s2a [gn-gp-enabled [report-ipv6-addr] ] ] ] 
         [ default | no ] authorize-with-hss 
         exit

Note

Enabling the S6b authentication is allowed with a combination of S2a and S2b, or S2a and S5-S8, or S2b and S5-S8.

Below are the examples to enable the s6b authentication for S2a interface alone in APN and P-GW Service.

Example for APN Service

apn intershat
      pdp-type ipv4 ipv6
      bearer-control-mode mixed
      selection-mode subscribed sent-by-ms chosen-by-sgsn
      authorize-with-hss egtp s2a
      ims-auth-service ims-ggsn-auth
      ip access-group acl4-1 in
      ip access-group acl4-1 out
      ip context-name egress
      ipv6 access-group acl6-1 in
      ipv6 access-group acl6-1 out
      active-charging rulebase prepaid
    exit

Example for P-GW Service

  pgw-service pgw_service
      authorize-with-hss egtp s2a
      associate ggsn-service ggsn-service
      associate egtp-service egtp_service
      associate peer-map map_pgw
      egtp create-session-rsp apn-ambr-always-include
    exit

Show Commands and Outputs

This section provides information regarding show commands and their outputs in support of the feature.

show apn name

This CLI command is modified to include the gn-gp enabled or disabled status:

  • Authorization with S6b : HSS-EGTP-S5S8 GN-GP-Disabled

  • Authorization with S6b : HSS-EGTP-S5S8 GN-GP-Enabled

show config apn intershat

The following new fields are added to the show command to indicate the gn-gp enabled or disabled status:

  • authorize-with-hss egtp s5-s8 gn-gp-enabled

  • authorize-with-hss egtp s5-s8 gn-gp-disabled