WiMAX Network Architecture 潘仁義國立中正大學通訊工程學系 [email protected]

WiMAX Network Architecture

潘仁義國立中正大學通訊工程學系

[email protected]

Outline

WiMAX Introduction WiMAX QoS & Flow Network Working Group (NWG) Network Reference Model Network Entry Authentication, Authorization, and Key Hierarchy IP Configuration Setup Mobility Management QoS Functional Model

Outline


WiMAX

Worldwide Interoperability for Microwave Access The Institute of Electrical and Electronics Engineers

(IEEE) 802 committee (802.16 ). Orthogonal Frequency Division Multiplexing (OFDM)

(carriers of width of 5MHz or greater can be used ) connectivity at speeds up to 70 Mbps provide high speed access to about 60 businesses

at T1 speeds. can serve up to a thousand homes in term of DSL

speed.

802.16 History

The initial 802.16 standard in 2002, operates in the 10-to-66-GHz frequency band and requires LOS towers.

The 802.16a extension, ratified in March 2003 allows use of 2 to 11 GHz frequency. It boasts a 50 km range and 74.7Mbit/sec. Data transfer rates and doesn't require LOS

transmission.

802.16 History

802.16b Quality of service

802.16c Interoperability, with

protocols and test-suite structures

802.16d Fixing things not covered

by 802.16c

802.16e Support for mobile as

well as fixed broadband (802.16e-2005)

802.16f MIB

802.16g System/resource/

handover Management Interoperability

802.16j Relay

Additional 802.16 standards :

Mobile WiMAX Mobile Technical Group (MTG) in WiMAX Forum develops the system

profile for Mobile WiMAX system

A Broadband wireless solution – Fix broadband network – Mobile broadband network

Signaling – Orthogonal Frequency Division Multiple Access (OFDMA) – Scalable OFDMA

Features High Data Rate Quality of Service Scalability Security Mobility

WiMAX entity

Two components Subscriber Stations (SSs)Subscriber Stations (SSs)

SS typically serves a building (business or residence)

Base Station (BS) Base Station (BS) connected to public networks BS serves Subscriber Stations provide SS with first-mile (or last mile) access to

public networks

Scenario

Outline


Introduction

QoS supporting is a fundamental part of the WiMAX MAC-layer design.

How does WiMAX support for QoS?

Connections

A connection-oriented MAC architecture all downlink and uplink connections are controlled

by the serving BS Each connection is identified by a connection

identifier (CID)

A service flow is a unidirectional flow of packets with a particular set of QoS parameters is identified by a service flow identifier (SFID)

The service flow characteristics of the connection provide the QoS for that packet

Service flows

Comparisons of SFID & CID

Service Flow ID (SFID) does not change upon HO across BSs belonging to a single NAP SFID shall be set just once when a layer 2 service

flow is originally established, and SHALL NOT be modified by HOs.

SFID shall be assigned when a new service flow is set up and shall be maintained as the same value at the Anchor Data Path Function in spite of HOs.

Connection ID (CID) is defined as temporary in a particular cell coverage area. CID shall be refreshed whenever MS moves into a

new cell. SFID identifies a particular Layer 2 session while CID

specifies a particular logical radio link.

Operation Object Model

Service Flow Management

Dynamic Service Change (DSC) Dynamic Service Delete (DSD) Dynamic Service Activate (DSA)

NULL

OPERATIONAL

DSD

DSA

DSC

Dynamic Service Flow Change

Classifier

A classifier is a set of matching criteria applied to each packet It consists of some protocol-specific packet

matching criteria (destination IP address, for example)

a classifier priority a reference to a CID.

Classifiers can be added by dynamic signaling

Scheduler

Associate packets into service flowDefine QoS parameter for each service flowDynamically establishing QoS-enabled service flowsAssociate QoS service flow with logical connections

Classifier

Scheduler

BS MAC Priority queues

MS1 MAC

MS2 MAC

QoS logical connections

Service flow over

QoS connections

Serviceflows

Quality of Service Support

Scheduling services Four services are supported in 802.16 802.16-2004

Unsolicited Grant Service (UGS), Real-time Polling Service (rtPS), Non-real-time Polling Service (nrtPS), and Best Effort (BE).

Five services are supported in 802.16e 802.16e-2005 UGS (Unsolicited Grant Service) RT-VR (Real-Time -Variable Rate Service) NRT-VR (Non-Real Time -Variable Rate service) BE (Best Efforts) ERT-VR (Extended Real-Time Variable Rate)

Unsolicited Grant Service (UGS)

support real-time data streams consisting of fixed-size data packets issued at periodic intervals Such as T1/E1 and Voice over IP without silence

suppression

INTERNET

VoIP

Real-time Polling Service (rtPS)

support real-time data streams consisting of variable-sized data packets that are issued at periodic intervals Such as moving pictures experts group (MPEG)

video.

Non-real-time Polling Service (nrtPS)

support delay-tolerant data streams consisting of variable-sized data packets for which a minimum data rate is required such as FTP

Best Effort (BE)

support data streams for which no minimum service level is required and therefore may be handled on a space-available basis.

Extended Real-Time Variable Rate (ERT-VR) service

support real-time applications with variable data-rates, which require guaranteed data and delay, for example VoIP with silence suppression.

Outline


WiMAX Forum

The WiMAX Forum is a nonprofit organization formed in 2001 to enhance the compatibility and interoperability of equipment based on the IEEE 802.16 family of standards

WiMAX Forum_Network Working Group (NWG) define

Stage 1: Use case scenarios and service requirements and defined along with Service Provider Working Group

Stage 2: Architecture Tenets, Reference Model and Reference Points

Stage 3: Detailed Protocols and Procedures

WiMAX Working Group

Application Working Group (AWG) Define applications over WiMAX that are necessary to meet core

competitive offerings

Certification Working Group (CWG) Handles the operational aspects of the WiMAX Forum Certified program.

Evolutionary Technical Working Group (ETWG) Maintains existing OFDM profiles, develops additional fixed OFDM profiles,

and develops technical specifications for the evolution of the WiMAX Forum's OFDM based networks from fixed to nomadic to portable, to mobile.

Global Roaming Working Group (GRWG) Assures the availability of global roaming service for WiMAX networks in a

timely manner as demanded by the marketplace.

Marketing Working Group (MWG) Promotes the WiMAX Forum, its brands and the standards which form the

basis for worldwide interoperability of BWA systems.

WiMAX Working Group

Network Working Group (NWG) Creates higher level networking specifications for fixed, nomadic, portable and

mobile WiMAX systems, beyond what is defined in the scope of 802.16.

Regulatory Working Group (RWG) Influences worldwide regulatory agencies to promote WiMAX-friendly, globally

harmonized spectrum allocations.

Service Provider Working Group (SPWG) Gives service providers a platform for influencing BWA product and spectrum

requirements to ensure that their individual market needs are fulfilled.

Technical Working Group (TWG) The main goal of the TWG is to develop technical product specifications and

certification test suites for the air interface based on the OFDMA PHY.

Relationship between the scopes of WiMAX NWG and 802.16

From IEEE 802.16 to WiMAX NWG build an interoperable broadband wireless

network. Interoperable networks involve end-to-end service

such as IP connectivity and session management, security, QoS, and mobility.

Tenets for WiMAX Network Systems Architecture

Based on …… a packet-switched framework IEEE 802.16 standard and IETF RFCs

Decoupling of access architecture from connectivity IP services

Specifying open, published and accepted standards SHALL NOT preclude inter-technology handover SHALL support seamless handovers at up to

vehicular speeds

All-IP Network !

Outline


WiMAX Network Reference Model

Decomposed ASN into BS and ASN GW entities

Entities of the WiMAX Network Reference Model (1/2)

ASN: Access Serving Network

Logical representation of the functions of a NAP, e.g. 802.16 interface network entry and handover Radio Resource Management & Admission ctrl. L2 Session/mobility management QoS and Policy Enforcement Foreign Agent (FA) Forwarding to selected CSN

Entities of the WiMAX Network Reference Model (2/2)

CSN: Connectivity Serving Network

Logical representation of the functions of a NSP, e.g. Connectivity to the Internet, ASPs Authentication, authorization and accounting IP address management L3 Mobility and roaming between ASNs Policy & QoS management based on a SLA

Network Reference point (1/2)

R1: Reference point between MS and BS: implements IEEE 802.16e-2005.

R2: Reference point between MS and ASN-GW or CSN: logical interface used

for authentication, authorization, IP host configuration and mobility management.

R3: Reference point between ASN and CSN: supports AAA, policy enforcement,

and mobility –management capabilities. Implements tunnel between ASN and CSN.

R4: Reference point between ASN and ASN: used for MS mobility across ASNs.

Reference point (2/2)

R5: Reference point between CSN and CSN: used for

internetworking between home and visited network. R6:

Reference point between BS and ASN: implements intra-ASN tunnels and used for control plane signaling.

R7: Reference point between data and control plane in ASN-

GW: used for coordination between data and control plane in ASN-GW.

R8: Reference point between BS and BS: used for fast and

seamless handover.

WiMAX Network Reference Model(2/2)

ASN Profile A Functional View

ASN-GW Reference model

Link model for Profiles A &C

Internetworking with 3GPP

Scope WiMAX-3GPP Interworking

refers to the integration of a WiMAX Access Network to an existing 3GPP core network.

3GPPCard

WiMAXCard

UE

Loosely-CoupledInternetworking

3GPP AccessNetwork

RNC

GCSN

SGSN

3GPP CoreNetwork

WAG

PDGBilling Server

Home AAA

Internet

Home Agent

WiMAX NetworkService Provider

Local AAA

WiMAX Base Stations

WiMAX ASN

Outline


802.16e network entry

In a WiMAX network, a full network entry includes four stages:a. Network Discovery and

Selection

b. Access Authentication

c. IP Configuration Setup

d. Data Transfer

IP Configuration Setup

Network entry A WiMAX subscriber station has to complete the

network entry process, in order to communicate on the network.

Steps: Scan for DL channel and establish synchronization with the BS Obtain transmit parameters (from UCD message) Perform initial ranging Negotiate basic capabilities Authorize MS and perform key exchange Establish IP connectivity Establish time of day Transfer operational parameters optional Set up connections

a)Downlink Channel Synchronization: When an SS wants to communicate on a WiMAX

network, it first scans for available channels in the defined frequency list. On finding a DL channel, it tries to synchronize at the PHY level using the periodic frame preamble. Information on modulation and other DL and UL parameters is obtained by observing the DL Channel Descriptor (DCD) and the UL channel descriptor (UCD) of the DL channel.

b) Initial Ranging: An SS starts an Initial ranging process by sending a ranging

request MAC message using the minimum transmission power. If no response is received from the BS, the SS resends the message on a subsequent frame using a higher transmission power. The response either indicates power and timing corrections that the SS must make or indicates success.

Purpose: The process by which the SS and BS maintain the quality of RF

communication link between them. When ranging finished, the BS would allocate Basic CID and Primary

management CID to SS

c) Exchanging Capabilities: After successful completion of the initial ranging step, the

SS sends capability request message indicating the supported modulation level, coding scheme and rates and duplexing methods.

The MS and ASN also SHALL negotiate the PKM version, PKMv2 security capabilities and authorization policy including requirements and support for Device Authentication.

d) Authentication: After capability negotiation, the BS authenticates the SS,

determines the ciphering algorithm to be used, and sends an authentication response to the SS.

e) Registration: After authentication, the SS sends a registration request

message to the BS and the BS sends a registration response, with a secondary management CID for IP configuration

f) IP Connectivity: After registration, the SS gets the IP address via DHCP.

The SS also downloads other operational parameters using TFTP.

g) Connection Creation: After completing the IP connectivity step, transport connections are

created. For preprovisioned service flows, the BS sends a dynamic service flow addition request message to the SS and SS confirms the creation of connection. For non-preprovisioned service flows, connection creation is initiated by the SS by sending a dynamic service flow addition request message to the BS. The BS responds with the confirmation.

Network Discovery and Selection

NAP discovery NSP Access discovery NSP Enumeration and selection ASN attachment based on NSP Selection

NAP and NSP Discovery“1” to indicate one or more NSPs

• As per “6.3.2.3.63 Service Identity Information (SII-ADV) message”, a BS may use the SII-ADV message to broadcast a list of Network Service Provider (NSP) Identifiers.

• The MS MAY include the Visited NSP ID TLV in the SBC-REQ message to solicit BS transmittal of the Visited NSP Realm TLV in the SBC-RSP message.

ASN Attachment based on NSP Selection

MS_1@NSP_1.com

NSP_4!MS_2@NSP_1.com

Outline


Why encryption?

Encryption a mechanism that

protects data confidentiality

and integrity

plaintext to ciphertext

Encryption

•Encryption is always applied to the MAC PDU payload; the generic MAC header is not encrypted; some management messages are not encrypted.

Encryption -- WiMAX

WiMAX uses the Advanced Encryption Standard (AES) to produce ciphertext.

Receiver of the ciphertext simply reverses the process to recover the plaintext.

Public key infrastructure

The WiMAX 802.16e-2005 standard uses the Privacy and Key Management Protocol version 2 (PKMv2) for securely transferring keying material between the base station and the mobile station.

PKMv2’s components X.509 digital certificates RSA public-key algorithm Strong encryption algorithm to perform key exchanges between SS

to BS. PKMv2 mechanism

Validates user identity and establishes an authorization key (AK) AK is used to derive the encryption keys, e.g. KEK, CMAC_KEY Supports device and user authentication between MS and home

CSN (PKMv1 only for device)

Public key infrastructure

PKMv2 supports the use of the Rivest-Shamir-Adlerman (RSA) public key cryptography exchange.

RSA public key exchange requires that the mobile station establish identity using either a

manufacturer-issued X.509 digital certificate (Device Credential, called Device-Cert) or an operator-issued credential such as a subscriber identity module (SIM) card (Subscriber Credential, called Subscriber Root Key, SUBC).

X.509 digital certificate contains the mobile station's Public-Key (PK) and its MAC address.

X.509版本號碼版本號碼

序列號碼

數位簽章

發行者

有效期限開始使用日期

結束使用日期

使用者名稱使用者的public key

Certificate

簽章演算法加密資料 (public key)

解密資料 (private key)

Authentication, Authorization and Accounting

The WiMAX AAA framework is based on IETF specifications. The term AAA is used to refer to the AAA protocols, Radius or Diameter.

The AAA framework provides the following services to WiMAX: Authentication Services

These include MS, user, or combined MS and user authentication. Authorization Services

These include the delivery of information to configure the session for access, mobility, QoS and other applications.

Accounting Services These include the delivery of information for the purpose of billing

(both prepaid and post paid billing) and information that can be used to audit session activity by both the home NSP and visited NSP.

ASN security architecture (1/2)

The mobile station transfers the X.509 digital certificate to the WiMAX network, which then forwards the certificate to a certificate authority. The certificate authority validates the certificate, thus validating the user identity.

ASN security architecture (2/2)

User/Device Authentication Protocol layering

Keys in 802.16 PKMv2

Master Session Key (MSK) 512 bits, generated in EAP process Known by AAA peer, AAA server,

and authenticator Pairwise Master Key (PMK)

160 bits, derived from MSK Known by authenticator and AAA

peer Authorization Key (AK)

160 bits, derived from PMK(1+2), SS MAC, BS ID

Key Encryption Key (KEK) 128 bits, derived from AK, SS MAC,

BS ID Traffic Encryption Key (TEK)

distributed by the BS refreshed periodically encrypted by KEK Traffic is encrypted / decrypted by

TEK

Device credential issued by manufacturer

Subscriber credential issued by operator

Extended Master Session Key (EMSK) 512 bits, generated in EAP known by AAA peer and server for generating Mobile IP Root

Key in CSN CMAC_*KEY_*

128 bits, derived from AK, SS MAC, BS ID

For Message Integrity Check

WiMAX Key Hierarchy and Distribution

for ASNfor CSN

PKMv2 Procedures

Link activation triggers EAP

Routing based on NAI realm

PKMv2 three-way handshakefor mutual authentication

CMAC for MAC management messages protection

KEK for encryption of TEK

Pairwise Key Management

Outline


IP Configuration Setup

Point of Attachment (PoA) address has to be routable in the CSN and ASN, and

SHALL be assigned from the CSN address space For portable and mobile access, the PoA SHALL

be assigned from either Home NSP or Visited NSP, corresponding to the Home address (HoA)

Fixed and nomadic access scenarios DHCP

Mobile access scenarios PMIP4 / CMIP4 / PMIP6 / CMIP6

H-AAA

H-AAA

HA

HA

IP Configuration Setup Procedure(Proxy Mobile IP)

Proxy Mobile IP

IP Configuration Setup Procedure(Client Mobile IPv4, CMIPv4 )

Foreign Agent (FA)

Home Agent (HA)

Corresponded Node (CN)

Mobile Node (MN)

Binding Update Data Transmission

Home Network

Foreign Network

Mobile IPv4 (MIP)

IP Configuration Setup Procedure(Client Mobile IPv6 ,CMIP6 )

Outline


Mobility Management

MAC layer handover procedures Handoff process Three levels of association Two optional modes of HO decision and initiation

Intra-ASN mobility ASN Anchored Mobility

inter-ASN mobility ASN Anchored Mobility (Profile A & C) CSN Anchored Mobility

Mobility scenario

Stages of Handoff Process

Cell reselection MS may use Neighbor BS information in MOB_NBR-ADV

or scan Neighbor BS for handing over to potential target BS.

HO Decision and Initiation A handover begins with a decision for an MS to handover

from a serving BS to a target BS. The decision may originate either at the MS, the serving BS, or on the network.

Termination with the Serving BS After the handover request/response handshake has

completed, the MS may begin the actual HO. During the HO process, the MS terminates service with the serving BS by sending a MOB_HO-IND message.

Network entry/re-entry

Three levels of association Association

an optional initial ranging procedure in scanning interval enables the MS to acquire service information for proper

selection of HO target and/or expediting a potential future handover to a target BS.

Level 0: Scan / Association without coordination The Serving BS allocates periodic intervals where the MS may range

neighboring BSs; the Target BS provides only contention-based ranging allocations.

Level 1: Association with coordination The Serving BS coordinates association between the MS and

neighboring BSs, with unique code and transmission opportunity to prevent collision.

Level 2: Network assisted association reporting The MS is required only to transmit the CDMA ranging code at the

neighbor BS. The Serving BS may aggregate all ranging related information (e.g. PHY offsets and CIDs from BSs) into a single MOB_ASC_REPORT message.

Two optional modes of HO decision and initiation

Diversity Set A list of BSs that are involved in handoff process with MS

Macro Diversity Handover (MDHO) MS may transmit to and receive from BSs in Diversity Set

at the same time

Fast BS Switching (FBSS) An Anchor BS is defined among the BSs in Diversity Set MS only communicates with the Anchor BS for UL and DL

messages including management and traffic connections. Transition from one Anchor BS to another (“switching”) in

Diversity Set is performed without invocating HO procedure

Two Mobility Levels in WiMAX ASN anchored mobility or micro mobility

The MS moves between Data Path Functions while maintaining the same anchor FA sitting at the northbound edge of the ASN network

The data flow between CSN and Data Path Functions pivots at the anchor FA.

CSN is unaware of any mobility that occurs between ASN Data Plane Functions

CSN Anchored Mobility Management or macro mobility The MS changes to a new anchor FA The new FA and CSN exchange signaling messages to establish

data forwarding path

ASN Anchored Mobility Management(1/3)

ASN Anchored Mobility Management is defined as mobility of an MS not involving a CoA update (MIP re-registration)

ASN anchor Mobility (2/3)

ASN anchored mobility (3/3)

CSN Anchored mobility

For CSN Anchored Mobility Management two variants of the MIP protocols are supported: Client MIP (CMIP)

CMIP is an IETF compliant MIP solution based on a Mobile IP enabled MS.

CSN Anchored Mobility Management will cover CMIP based mobility schemes for IPv4 and IPv6.

Proxy MIP (PMIP) Proxy MIP is an embodiment of the standard Mobile IP

framework in which an MN is transparently instanced in the access network on behalf of a client that is not MIP-aware or MIP-capable.

CSN Anchor mobility( R3-mobility )

Re-anchoring of the current FA to a new FA and the consequent binding updates to update the upstream and downstream data forwarding paths.

CSN to ASN Anchored Mobility Management Relationship (1/2)

CSN to ASN Anchored Mobility Management Relationship (2/2)

Outline


QoS Functional Elements

Service Flow Management (SFM) responsible for the creation,

admission, activation, modification and deletion of 802.16 service flows.

Service Flow Authorization (SFA) Evaluate any service request

against user QoS profile. AF: Application Function

e.g., SIP Proxy PF: Policy Function

Maintained information includes H-NSP's general policy rules

LPF: Local Policy Function enforce admission control

based on available resources

Pre-provisioned service flow

References

Applications for 802.16-2004 and 802.16e WiMAX Networks, WiMAX Forum.

Air Interface for Fixed Broadband Wireless Access Systems, IEEE Standard. (IEEE 802.16-2004)

Air Interface for Fixed and Mobile Broadband Wireless Access Systems, IEEE Standard. (IEEE 802.16e-2005)

Wimax forum WiMAX End-to-End Network Systems Architecture (Stage 2), Release 1, Version 1.3.0, September 21, 2008

Wimax forum WiMAX End-to-End Network Systems Architecture (Stage 3: Detailed Protocols and Procedures), Release 1, Version 1.3.0 September 21, 2008

Documents

WiMAX Network Architecture 潘仁義 國立中正大學通訊工程學系 [email protected]

WiMAX Network Architecture 潘仁義國立中正大學通訊工程學系 [email protected]