Moby Dick Consolidated System Integration Plan
Moby Dick Consolidated System Integration Plan
Moby Dick Consolidated System Integration Plan
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
IST-2000-25394 <strong>Moby</strong> <strong>Dick</strong><br />
D0103<br />
<strong>Moby</strong> <strong>Dick</strong> <strong>Consolidated</strong> <strong>System</strong> <strong>Integration</strong> <strong>Plan</strong><br />
Contractual Date of Delivery to the CEC: June 2003<br />
Actual Date of Delivery to the CEC: 30 th of June 2003<br />
Author:<br />
University of Stuttgart (P05) - Juergen Jaehnert (RUS)<br />
Participants: P01: Serge Tessier, Hans Einsiedler<br />
P02: Marco Liebsch, Amardeo Sarma, Ralf Schmitz<br />
P03: Jose Ignacio Moreno, Antonio Cuevas Casado<br />
P04: Hasan<br />
P06: Davinder Pal Singh<br />
P07: Rui Aguiar, Victor Marques<br />
P08: Eric Melin, Chrstophe Beaujean<br />
P09: Michelle Wetterwald<br />
P10: Piotr Pacyna<br />
P12: Parijat Mishra<br />
Workpackage:<br />
Est. person months:<br />
Security:<br />
Nature:<br />
WP1<br />
Version: 1.0<br />
Total number of pages:<br />
public<br />
Report<br />
168 pages<br />
Abs tract:<br />
This is the final Deliverable of workpackage (WP1) of the <strong>Moby</strong> <strong>Dick</strong> project. It describes the <strong>Moby</strong><br />
<strong>Dick</strong> overall architecture as defined and implemented during the first 30 months of the project.<br />
Since parts of this documentation are provided by the specific implementation workpackages it<br />
contain redundant information, especially with D020x (QoS part), D030x (Mobility part) and<br />
D040x (AAA part).<br />
Keyword list: UMTS, TD-CDMA, Mobile IP, QoS, Mobility, AAA, Charging
D0103v1.doc Version 1 6.7.2003<br />
Table of Contents<br />
ABBREVIATIONS.........................................................................................................7<br />
1 INTRODUCTION.....................................................................................................9<br />
2 OVERALL MOBY DICK OPERATION..............................................................10<br />
3 MOBY DICK ARCHITECTURE..........................................................................11<br />
3.1 Conceptual view.......................................................................................................................................... 11<br />
4 MOBY DICK PHYSICAL COMPONENTS........................................................14<br />
4.1 Mobile Terminal Software Specification.............................................................................................. 14<br />
4.1.1 Overview of the different components..............................................................................................15<br />
4.1.1.1 Networking Control Panel ..............................................................................................................15<br />
4.1.1.2 Mobile Terminal Networking Manager........................................................................................15<br />
4.1.1.3 Fast Handover module .....................................................................................................................15<br />
4.1.1.4 Registration module .........................................................................................................................16<br />
4.1.1.5 Paging module...................................................................................................................................16<br />
4.1.1.6 Enhanced IPv6 stack........................................................................................................................16<br />
4.1.1.7 Network Device Driver ...................................................................................................................16<br />
4.1.1.8 Access Stratum..................................................................................................................................17<br />
4.1.2 Detailed description of the components............................................................................................17<br />
4.1.2.1 Networking Control Panel ..............................................................................................................17<br />
4.1.2.2 Mobile Terminal Networking Manager........................................................................................19<br />
4.1.2.3 Radio Channel Manager..................................................................................................................27<br />
4.1.2.4 Radio Convergence Function.........................................................................................................31<br />
4.1.2.5 Fast Handover module .....................................................................................................................33<br />
4.1.2.6 Paging module...................................................................................................................................35<br />
4.1.2.7 Registration Module.........................................................................................................................36<br />
4.1.2.8 Enhanced IPv6 stack........................................................................................................................39<br />
4.1.2.9 DSCP Marking Software .................................................................................................................39<br />
4.1.2.10 Monitoring Extensions to Ethernet / WLAN driver...............................................................43<br />
4.2 Access Router Software Specification ................................................................................................... 44<br />
4.2.1 Overview of the different components..............................................................................................44<br />
4.2.1.1 Fast Handover Module / MIPL......................................................................................................44<br />
4.2.1.2 Paging Attendant..............................................................................................................................44<br />
4.2.1.3 Network Device Driver /WLAN....................................................................................................44<br />
4.2.1.4 Enhanced IPV6/IPSec/DiffServ packet Filter .............................................................................44<br />
4.2.1.5 AAAC Attendant..............................................................................................................................45<br />
4.2.1.6 Metering.............................................................................................................................................45<br />
4.2.1.7 QoS Manager.....................................................................................................................................45<br />
4.2.1.8 Logger ................................................................................................................................................45<br />
4.2.1.9 DSCP Marking Software (DMS) ...................................................................................................46<br />
4.2.2 Description of the different Components..........................................................................................46<br />
4.2.2.1 Network device drivers....................................................................................................................46<br />
4.2.2.2 Enhanced IPv6 stack/IPSec/DiffServ packet Filter ....................................................................46<br />
4.2.2.3 Fast Handover Module / MIPL......................................................................................................47<br />
4.2.2.4 Paging Attendant..............................................................................................................................49<br />
4.2.2.5 QoS Manager.....................................................................................................................................51<br />
4.2.2.6 AAAC Attendant..............................................................................................................................55<br />
4.2.2.7 DSCP Marking Software .................................................................................................................60<br />
4.2.3 Software implementation / interfaces ................................................................................................64<br />
D0103v1.doc 2 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.2.3.1 Interface between QoSManager and Fast Handover module ....................................................64<br />
4.2.3.2 Interface between QoSManager and DiffServ Logic .................................................................66<br />
4.2.3.3 Interface between the QoSManager and the Integrated Logger...............................................66<br />
4.2.3.4 Interface between the IPv6 enhanced stack and the Fast Handover module ..........................67<br />
4.2.3.5 Interface between the IPv6 enhanced stack and the IP paging attendant................................67<br />
4.2.3.6 Interface between AAAC Attendant and IPSec ..........................................................................68<br />
4.2.3.7 Interface between AAAC Attendant and metering.....................................................................70<br />
4.2.3.8 Interface between AAAC attendant and Fast Handover module .............................................70<br />
4.2.3.9 Interface between AAAC Client and Integrated Logger...........................................................72<br />
4.3 Radio Gateway Software Specification................................................................................................. 73<br />
4.3.1 Overview of the different components..............................................................................................73<br />
4.3.1.1 Radio Gateway Operating <strong>System</strong>.................................................................................................73<br />
4.3.1.2 Inter Working Function...................................................................................................................73<br />
4.3.1.3 IP stack...............................................................................................................................................74<br />
4.3.1.4 Radio Channel Manager (RCM)....................................................................................................74<br />
4.3.1.5 Radio Convergence Function (RCF).............................................................................................75<br />
4.3.1.6 Access Stratum..................................................................................................................................75<br />
4.3.1.7 Inter Working Function...................................................................................................................75<br />
4.3.1.8 Info Management block...................................................................................................................75<br />
4.3.1.9 IP to TD-CDMA relay block..........................................................................................................75<br />
4.3.1.10 QoS Attendant sub-block............................................................................................................78<br />
4.3.1.11 TD-CDMA to IP relay block......................................................................................................79<br />
4.3.1.12 IP stack...........................................................................................................................................80<br />
4.3.2 Radio Channel Manager......................................................................................................................81<br />
4.3.2.1 Radio Connection Manager block.................................................................................................81<br />
4.3.2.2 Packet Transmission block .............................................................................................................81<br />
4.3.2.3 Packet Reception block ...................................................................................................................82<br />
4.3.3 Radio Convergence Function..............................................................................................................83<br />
4.3.3.1 TD-CDMA Connection Manager block.......................................................................................83<br />
4.3.3.2 Control Channel Management block.............................................................................................84<br />
4.3.3.3 Data Channel Management block..................................................................................................84<br />
4.3.4 Access Stratum......................................................................................................................................85<br />
4.3.4.1 General architecture of the software platform.............................................................................87<br />
4.3.4.2 Physical Layer Software Architecture ..........................................................................................88<br />
4.3.4.3 MAC Services and Functions.........................................................................................................90<br />
4.3.4.4 RLC Services and Functions..........................................................................................................91<br />
4.3.4.5 PDCP Services and Functions........................................................................................................92<br />
4.3.4.6 RRC Specification............................................................................................................................92<br />
4.4 QoS Broker Software Specification....................................................................................................... 95<br />
4.4.1 General QoS Broker Positioning........................................................................................................95<br />
4.4.2 QoS Broker components......................................................................................................................96<br />
4.4.2.1 WebGUI.............................................................................................................................................97<br />
4.4.2.2 NetProbe.............................................................................................................................................97<br />
4.4.2.3 QBrokerEngine .................................................................................................................................97<br />
4.4.2.4 QoS Broker Interfaces .....................................................................................................................97<br />
4.4.3 Software Implementation ....................................................................................................................98<br />
4.4.3.1 Interfaces............................................................................................................................................98<br />
4.4.3.2 Data format interchanged between Radio Gateway and QoSBroker....................................102<br />
4.4.3.3 Databases .........................................................................................................................................103<br />
4.5 AAAC Server Software Specification .................................................................................................104<br />
4.5.1 User Profile ..........................................................................................................................................105<br />
4.5.1.1 User Profile Attributes...................................................................................................................105<br />
4.5.1.2 General View of User Profile .......................................................................................................106<br />
4.5.1.3 User Profile Distribution...............................................................................................................108<br />
4.5.1.4 User Profile Management .............................................................................................................108<br />
4.5.1.5 Network View of user Profile (NVUP) - Global SLAs ...........................................................108<br />
4.5.1.6 Test users – Profile Examples ......................................................................................................109<br />
4.5.2 Diameter Entities ................................................................................................................................109<br />
D0103v1.doc 3 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.5.2.1 User registration with a MN .........................................................................................................110<br />
4.5.2.2 Attendant..........................................................................................................................................111<br />
4.5.2.3 Registration Protocol Handler......................................................................................................112<br />
4.5.2.4 AAAC Protocol Handler...............................................................................................................112<br />
4.5.2.5 Fast handover..................................................................................................................................112<br />
4.5.2.6 Diameter / foreign server...............................................................................................................113<br />
4.5.2.7 AAAC.h ...........................................................................................................................................113<br />
4.5.2.8 Home Agent-AAA-Enabler..........................................................................................................113<br />
4.5.2.9 AAA message flow ........................................................................................................................114<br />
4.5.2.10 Attendant to MN (UDP message)...........................................................................................118<br />
4.5.3 Accounting DB....................................................................................................................................118<br />
4.5.3.1 AAAC Client...................................................................................................................................118<br />
4.5.3.2 Accounting Messages ....................................................................................................................119<br />
4.5.3.3 The Accounting Information ........................................................................................................120<br />
4.5.4 Charging Module ................................................................................................................................121<br />
4.5.4.1 DIAMETER Messages vs. Entries in the Accounting Database............................................122<br />
4.5.4.2 Sessions............................................................................................................................................122<br />
4.5.4.3 DSCP Values...................................................................................................................................124<br />
4.5.4.4 Overview of Databases ..................................................................................................................125<br />
4.5.4.5 Representation of Accounting Data in the MySQL database.................................................125<br />
4.5.4.6 Locking of Accounting Database................................................................................................129<br />
4.5.4.7 Charging Database.........................................................................................................................130<br />
4.5.4.8 User-profiles Database..................................................................................................................130<br />
4.5.4.9 Accounting Data Warehouse........................................................................................................130<br />
4.5.4.10 Error Handling and Failure .......................................................................................................130<br />
4.5.4.11 Implementation of the Charging Component........................................................................131<br />
4.5.5 QoS Interface.......................................................................................................................................131<br />
4.5.5.1 Purpose and architecture ...............................................................................................................131<br />
4.5.5.2 Description of the C API interface to the AAAC.f Server......................................................132<br />
4.5.5.3 Description of the COPS Client interface to the QoSB.f.........................................................133<br />
4.5.6 Auditing................................................................................................................................................135<br />
4.5.6.1 <strong>Moby</strong><strong>Dick</strong> SLG...............................................................................................................................135<br />
4.5.6.2 Requirements...................................................................................................................................136<br />
4.5.6.3 Architecture .....................................................................................................................................136<br />
4.5.6.4 Data Structures................................................................................................................................137<br />
4.5.6.5 Event Log Transfer.........................................................................................................................139<br />
4.5.6.6 Audit Report ....................................................................................................................................139<br />
4.6 Paging Agent Software Specification ..................................................................................................140<br />
4.6.1 Overview of the different functional components.........................................................................140<br />
4.6.2 Description of the different functional components .....................................................................140<br />
4.6.2.1 Dormant Monitoring Agent Functional Entity (DMA)............................................................140<br />
4.6.2.2 Tracking Agent Functional Entity (TA) .....................................................................................141<br />
4.6.2.3 Paging Agent Functional Entity (PA).........................................................................................141<br />
4.6.3 Softwarimplementation / interfaces .................................................................................................141<br />
4.6.3.1 Interface between the Mobile Terminal and the Paging Agent..............................................141<br />
4.6.4 Implementation specific information ..............................................................................................144<br />
4.6.4.1 Dormant Monitoring Agent Functional Entity ..........................................................................144<br />
4.6.4.2 Tracking Agent Functional Entity ...............................................................................................144<br />
4.6.4.3 Paging Agent Functional Entity...................................................................................................144<br />
4.7 Home Agent Software Specification....................................................................................................145<br />
4.7.1 Overview..............................................................................................................................................145<br />
4.7.2 Detailed description of the components..........................................................................................145<br />
4.7.2.1 Mobile IPv6 Module ......................................................................................................................145<br />
4.7.2.2 Alternate Care -of Address support..............................................................................................146<br />
5 MOBY DICK SIGNALLING FLOW SPECIFICATION ..................................147<br />
5.1 Assumptions ...............................................................................................................................................147<br />
5.1.1 Security Associations.........................................................................................................................147<br />
D0103v1.doc 4 / 168
D0103v1.doc Version 1 6.7.2003<br />
5.1.2 Distinction: Registration, fast intra-domain and inter-domain handover..................................147<br />
5.2 Signalling Scenarios .................................................................................................................................148<br />
5.2.1 Registration..........................................................................................................................................148<br />
5.2.2 Session setup and Service authorization.........................................................................................151<br />
5.2.3 Intra-domain handover.......................................................................................................................153<br />
5.2.4 Inter-domain handover.......................................................................................................................155<br />
5.2.5 Paging ...................................................................................................................................................155<br />
5.2.5.1 General information .......................................................................................................................155<br />
5.2.5.2 Service discovery and dormant mode regis tration....................................................................156<br />
5.2.5.3 Paging process.................................................................................................................................159<br />
5.2.5.4 Paging area update..........................................................................................................................160<br />
5.2.6 Charging ...............................................................................................................................................161<br />
5.2.6.1 Signalling Flow...............................................................................................................................161<br />
5.2.7 Logging and Auditing........................................................................................................................162<br />
5.2.8 Bearer Management ...........................................................................................................................164<br />
5.2.9 Interface AR and RG..........................................................................................................................165<br />
5.2.10 Paging ...................................................................................................................................................166<br />
5.2.10.1 Interface between Paging Attendant and Paging Module ...................................................166<br />
5.2.10.2 AR Paging Attendant & RG IWF............................................................................................166<br />
5.2.10.3 Interface between Paging Attendant and Paging Agent ......................................................167<br />
6 SUMMARY AND OUTLOOK ............................................................................168<br />
D0103v1.doc 5 / 168
D0103v1.doc Version 1 6.7.2003<br />
Executive Summary<br />
In recent years, two parallel developments could be observed in telecommunications. First, the<br />
tremendous success of the Internet and second, the success of the mobile telephones. UMTS is the<br />
technology which will integrate both developments. However, it is not clearly visible in the existing<br />
architecture which of the two network philosophies, connection oriented 2 G based architecture or packetoriented<br />
Internet compatible technology, will dominate. Currently researchers and marketing people from<br />
both, network provider and equipment vendor tend towards a long term All-IP based solution. Both<br />
technologies have their advantages and disadvantages and, since we have never seen a revolution in the<br />
network infrastructure, the transition process from a connection-oriented world to a packet-oriented world<br />
will be smooth and backward compatibility is a very important issue.<br />
Within the <strong>Moby</strong> <strong>Dick</strong> project, we took the opportunity to go straight forward towards an All-IP based<br />
solution without taking care of such backward compatibility issues to the connection-oriented “Telephone<br />
World”, however, to the currently deployed Internet. Based on this assumption, a wireless IP world<br />
replacing any connection-oriented elements of the network, the IST project <strong>Moby</strong> <strong>Dick</strong> develops and<br />
implements an architecture which substitutes all the network elements and mechanisms historically based<br />
on the GSM based network architecture and combines these with available IP based mechanisms and<br />
network elements to come to a scalable network architecture which would be a possible candidate for the<br />
3,5 G and beyond based wireless access network infrastructure. Within this context is should be clearly<br />
stated that the term ALL-IP is user in a various number of different flavours and is somehow not clear.<br />
Especially the approaches deriving from the circuit switched GSM based technology claim to be “ALL-<br />
IP” although having a significant part of circuit switched elements in their architecture. That’s why<br />
sometimes <strong>Moby</strong> <strong>Dick</strong> partner used either the term “real-ALL IP” or “pure-IP” indicating that the <strong>Moby</strong><br />
<strong>Dick</strong> approach is more in the “spirit” of the Internet compared to most other existing approaches.<br />
At the end of this project, which is due to 6 months (end 2003), the consortium should be able to give an<br />
answer to the question if the Internet Protocol is able to replace the existing connection-oriented<br />
infrastructure. The <strong>Moby</strong> <strong>Dick</strong> goal is to answer this question quantitatively as well as qualitatively. In<br />
order to achieve this, the <strong>Moby</strong> <strong>Dick</strong> architecture contains modifications and changes of existing<br />
protocols and IP-based mechanisms, mainly derived from the Internet standardization bodies, but do not<br />
target the development of fundamental new protocols. The requirement of such fundamental new protocol<br />
could be one potential outcome of the project.<br />
D0103v1.doc 6 / 168
D0103v1.doc Version 1 6.7.2003<br />
Abbreviations<br />
Abbreviation<br />
AAAC.h<br />
AAAC.f<br />
AG<br />
AR<br />
ARQ<br />
AS<br />
ASM<br />
BCCCH<br />
BU<br />
CCCH<br />
CN<br />
CTCH<br />
CoA<br />
DC<br />
DCCH<br />
DCF<br />
DSCP<br />
DSSS<br />
DTCH)<br />
FDD<br />
FHSS<br />
GC<br />
GGSN<br />
GPRS<br />
GTP<br />
HA<br />
HMIP<br />
IETF<br />
IRTF<br />
IMSI<br />
IP<br />
LAN<br />
LLA<br />
LDAP<br />
MAC<br />
MAQ<br />
MAP<br />
MIP<br />
MT<br />
MN<br />
MQA<br />
MRF<br />
NAI<br />
NAS<br />
NAR<br />
OAR<br />
ODMA<br />
ODBC<br />
ODTCH<br />
OCCCH<br />
ODCCH<br />
PA<br />
PCCH<br />
Full Name<br />
Home AAA server<br />
Foreign AAA server<br />
Access Gateway<br />
Access Router<br />
Automatic Repeat Request<br />
Access Stratum<br />
Application Specific Module<br />
Broadcast Control Channel<br />
Binding Update<br />
Common Control Channel<br />
Corresponding Node<br />
Common Traffic Channel<br />
Care -of Address<br />
Data Channel<br />
Dedicated Control Channel<br />
Distributed Co-ordination Function<br />
Differentiated Services Code Point<br />
Direct Sequence Spread Spectrum<br />
Dedicated Traffic Channel<br />
Frequency Duplex Division<br />
Frequency Hopping Spread Spectrum<br />
General Control<br />
Gateway GPRS Support Node<br />
General Packet Radio Service<br />
GPRS Tunnelling Protocol<br />
Home Agent<br />
Hierarchical Mobile IP<br />
Internet Engineering Task Force<br />
Internet Research Task Force<br />
International Mobile Subscriber ID<br />
Internet Protocol<br />
Local Area Network<br />
Local Link Acquirement<br />
Light-weight Directory Access Protocol<br />
Medium Access Control<br />
Sequence: Mobile Node, AAA Framework, QoS Framework<br />
Mobility Anchor Point<br />
Mobile IP<br />
Mobile Terminal<br />
Mobile Node<br />
Sequence: Mobile Node, QoS Framework, AAA Framework<br />
Media Resource Function<br />
Network Access Identifier<br />
Non Access Stratum<br />
New Access Router<br />
Old Access Router<br />
On Demand Multiple Access<br />
Open Data Base Connectivity<br />
ODMA Dedicated Traffic Channel<br />
ODMA Common Control Channel<br />
ODMA Dedicated Control Channel<br />
Paging Agent<br />
Paging Control Channel<br />
D0103v1.doc 7 / 168
D0103v1.doc Version 1 6.7.2003<br />
PCF<br />
PDCP<br />
PDU<br />
QoSB(domain)<br />
RBE<br />
RLC<br />
RNS(domain)<br />
RR(subnet)<br />
RRC<br />
SAP<br />
SHCCH<br />
SCM<br />
SGSN<br />
SLA<br />
SLS<br />
TD-CDMA<br />
TDD<br />
UE<br />
UMTS<br />
URP<br />
W-CDMA<br />
Point Coordination Function<br />
Packet Data Convergence Protocol<br />
Protocol Data Unit<br />
Quality of Server Broker including a policy server<br />
Rules Based Engine<br />
Radio Link Control<br />
Radio Network Server<br />
Radio Router for a specific sub network<br />
Radio Resource Control<br />
Service Access Point<br />
Shared Channel Control Channel<br />
Session Control Manager<br />
Serving GPRS Support Node<br />
Service Level Agreement<br />
Service Level Specification<br />
Time Division- Code Division Multiple Access<br />
Time Division Duplex<br />
User Equipment<br />
Universal Mobile Telecommunications <strong>System</strong><br />
User Registration Protocol<br />
Wideband-Code Division Multiple Access<br />
D0103v1.doc 8 / 168
D0103v1.doc Version 1 6.7.2003<br />
1 Introduction<br />
This deliverable describes the first version of the architecture of the <strong>Moby</strong> <strong>Dick</strong> network infrastructure.<br />
The goal is to provide QoS-enabled and AAA supported mobility on a heterogeneous network<br />
infrastructure. So <strong>Moby</strong> <strong>Dick</strong> merges mechanisms of three different research areas namely QoS, AAA,<br />
and Mobility management. This document should be regarded as baseline document throughout the whole<br />
duration of the project. <strong>Moby</strong> <strong>Dick</strong> targets a generic architecture supporting all kind of layer 2 access<br />
technology, however, the architectural considerations are restricted to Ethernet, Wireless LAN, and TD-<br />
CDMA technologies. Since the integration process of QoS, Mobility, and AAA issues to provide a M-<br />
commerce capable all-IP based wireless Internet infrastructure is quite complex it is quite supposable that<br />
the first trial of the architecture specification does not require further iteration processes towards an open,<br />
stable, and scalable platform for “3.5 G and beyond” based access networks.<br />
The big challenge within the architecture is to find an ideal mixture of QoS, Mobility, and AAA elements,<br />
mechanisms and functions which approach as far as possible to the optimised <strong>Moby</strong> <strong>Dick</strong> architecture.<br />
The definition of the <strong>Moby</strong> <strong>Dick</strong> architecture can be regarded as an optimisation problem since each of<br />
the three major research areas has already solutions for various problems, however, it is clear that first,<br />
the combination of these individual mechanisms can not be achieved from a technical point of view<br />
boundlessly and second, mechanisms and elements of one research area may have a negative impact on<br />
the mechanisms and elements of the other research area. For this reason, the <strong>Moby</strong> <strong>Dick</strong> architecture will<br />
be a best practice compromise between mechanisms, requirements, and solutions from the abovementioned<br />
three research areas.<br />
The structure of the document is as follows:<br />
Chapter 2 starts with an overall motivation for the project <strong>Moby</strong> <strong>Dick</strong>. Here the authors would like to<br />
summarise again the motivation for the overall project.<br />
Since <strong>Moby</strong> <strong>Dick</strong> is targeting a “3,5 G and beyond” wireless network infrastructure assumptions and<br />
requirements based on selected usage scenarios are required to have a realistic input to the architecture<br />
definition. Chapter 3 describes the key architecture from a more generic and conceptual user point of<br />
view. Chapter 4 points the detailed software architecture of the key modules and components developed<br />
within the project. Chapter 5 describes how these detailed modules are mapped first into a functional<br />
architecture by a detailed specification of the interaction flow between these components. In chapter 6, a<br />
conclusion is given.<br />
The overall structure of the project has the following nature: WP1 does define the overall <strong>Moby</strong> <strong>Dick</strong><br />
architecture. WP2, WP3, and WP4 are the so-called implementation workpackages. Here QoS issues<br />
(WP2), Mobility related issues (WP3) and AAAC related issues (WP4) are specified based on the overall<br />
architecture on a more detailed level. Since almost each component contains modules from each<br />
implementation workpackage, this horizontal interface contains major input from all workpackages. In<br />
the current project year all implementation workpackages officially provided an additional deliverable,<br />
this document contains some redundant information since it is of course reported in the Deliverables of<br />
the implementation workpackages. However, in order to increase the overall readability of this document,<br />
this overlap intended. So the reader of this document should get a clear view of the modules and<br />
components the project developed, specified and brought into the evaluation by means of the <strong>Moby</strong> <strong>Dick</strong><br />
field trial. Theoretical aspects with our close relevance to the implementation are kept outside.<br />
D0103v1.doc 9 / 168
D0103v1.doc Version 1 6.7.2003<br />
2 Overall <strong>Moby</strong> <strong>Dick</strong> Operation<br />
Within this chapter, a basic <strong>Moby</strong> <strong>Dick</strong> operational scenario is described. This scenario is based on the<br />
scenario described in the <strong>Moby</strong> <strong>Dick</strong> Deliverable D0101 which was submitted in October 2001 after a<br />
duration of 10 months.<br />
The generic <strong>Moby</strong> <strong>Dick</strong> overall scenario starts at first with the assumption that each user is from a<br />
contractual point of view somehow assigned to his home domain. Result of this assumption is that the<br />
Mobility notion is not that flexible that a vagabonding user has no fixed point of attachment where he/she<br />
can be located. Changing this assumption would be from a research point of view very interesting since it<br />
may require e.g. significant changes in the world-wide naming service concept, but within <strong>Moby</strong> <strong>Dick</strong> a<br />
hard mapping of a user to a valid, world-wide reachable home address is assumed. This static home<br />
domain could be from a technical point of view a homogeneous network infrastructure based on<br />
exclusively on network technology, or a heterogeneous network infrastructure comprising network<br />
segments of different technologies. In the latter, the network technologies are restricted to Ethernet<br />
according to 802.3 standard, a wireless LAN (802.11), and/or a <strong>Moby</strong> <strong>Dick</strong> specific TD-CDMA.<br />
Furthermore, each domain consists of at least one IP subnet. Each IP subnet corresponds to one lower<br />
layer network access cell which can be either one of the three above mentioned layer 2 technologies.<br />
Based on this key assumption the whole and overall <strong>Moby</strong> <strong>Dick</strong> scenario is build on. On top of this fixed<br />
home domain, it is further assumed that a user has a contract with the provider of the home network or<br />
home domain. This provider maintains an AAA entity (which is in the whole project called AAAC.h)<br />
which is further responsible for validating and verifying any credentials pertinent to the user. This kind of<br />
authority can be either located at the user premises or at any other location within the domain of the home<br />
network provider. Contract details of the contract between user and provider are agreed based on a<br />
Service Level Agreement (SLA) which is transformed into a User Profile which is stored on the AAAC.h.<br />
entity, or, being more precise, in a database where this AAAC.h entity has secured and exclusive access.<br />
Content of this profile is next to others, roaming permissions, QoS parameters and any further<br />
information which is required to provide a user with the capability to roam around – within and between<br />
administrative domains. Such a roaming user – or Mobile User - is allowed to connect itself using any<br />
mobile device in any location to the network. The provider of the foreign network (foreign means here<br />
that the use has no direct contract with the network the user wants to use) provides the user with network<br />
resources/service according to the SLA reflected in the profile of the home domain only, if there exists a<br />
contractual relationship between these two administrative domains. Here it might be the case that no<br />
roaming agreement exists between the provider of the home domain and the provider of the foreign<br />
domain (of course this is part of the profile) and in this case no service is delivered to the mobile user is<br />
provided.<br />
A user is allowed to move around and the required hand-over procedures enable the user to maintain any<br />
existing connection while moving is based on the agreed SLA with the provider of the home network.<br />
Furthermore, within <strong>Moby</strong> <strong>Dick</strong>, service consumption is metered to support the post-paid charging<br />
scheme and registration and service requests are logged to perform auditing.<br />
In the following, based on the above described high level scenarios, some more technology-specific<br />
considerations are summarised.<br />
Within a framework that integrates mobility, AAA, and QoS in heterogeneous networks, a wide range of<br />
ways in which the user perceives the “network” is possible. Obviously, some assumptions need to be<br />
made about how the <strong>Moby</strong> <strong>Dick</strong> network will be used as an aid to make design decisions. From a wide<br />
range of possible scenarios, we need to concentrate on a few to optimise the effort and therefore the cost<br />
of the network and the associated functions.<br />
The <strong>Moby</strong> <strong>Dick</strong> service provisioning process is user specific, this means that there is a decoupling from a<br />
user and an end-system foreseen. This de-coupling is done via the user profile. So the service<br />
provis ioning process is user-centric.<br />
D0103v1.doc 10 / 168
D0103v1.doc Version 1 6.7.2003<br />
3 <strong>Moby</strong> <strong>Dick</strong> Architecture<br />
3.1 Conceptual view<br />
In the wired-network infrastructure circuit-switched voice communications have dominated the<br />
telecommunications market since it’s beginning. Packet-switched voice and data communications are<br />
currently the key drivers for the development of new communication systems and technologies. This<br />
trend can be also observed in the wireless network segment. Also here, technologies like GPRS and of<br />
course UMTS are lower layer designs based on circuit switched principles, but a tendency towards packet<br />
based network design principles is evident.<br />
The emphasis on packet-data communications brings an outstanding opportunity for heterogeneous<br />
environments. Recent developments in the TCP/IP protocol are intended to support the development of a<br />
multi-technology network mainly independent of the underlying physical layers, where all relevant<br />
functions are performed at the IP level.<br />
The importance of IP communications has already been recognized in UMTS (as well as in EDGE/IMT-<br />
2000), which provides an IP packet service using a tunnelling mechanism but still employing all the<br />
mechanisms of 2 nd Generation Networks. Even with these facilities, several operators question the<br />
approach of bringing the concept of packet switching into the existing connection-oriented network<br />
environments, since it is considered an intermediate step towards a pure IP-based solution, which will be<br />
most probably be available in the fourth Generation mobile communication (4G) networks.<br />
The <strong>Moby</strong> <strong>Dick</strong> approach can be regarded as a more radical alternative. The <strong>Moby</strong> <strong>Dick</strong> architecture is<br />
being developed using three key design principles:<br />
• The network should implement as many functions as possible using standard IP-based protocols and<br />
technologies, by reusing as many commonalities in different access technologies as possible.<br />
• The network should be able to provide real-time services with quality comparable to traditional<br />
cellular networks.<br />
• The services should be generally accessible regardless of the access network and uninterrupted<br />
during handoff.<br />
The overall network architecture includes the following elements (Figure 1):<br />
Figure 1: General Network Architecture<br />
• Mobile end-systems running user applications. Each end-system can be equipped with interfaces of<br />
different technologies simultaneously. In particular, within the <strong>Moby</strong> <strong>Dick</strong> project, the interfaces to<br />
TD-CDMA (UMTS-TDD), wireless LANs (802.11), and fixed networks (Ethernet) are supported;<br />
• Access Routers, providing an interface between a wireless and a wired-network domain. It is<br />
assumed that these domains are different IP-subnets. These gateways are associated with the tra-<br />
D0103v1.doc 11 / 168
D0103v1.doc Version 1 6.7.2003<br />
ditional concept of a Base Station, the actual access point of the wireless technology to a wired infrastructure,<br />
but enriched with IP routing capabilities.<br />
• Network management servers in the fixed network for mobility management, AAA, QoS and paging<br />
issues<br />
The architectures’ flexibility and the use of IP for mobility management, QoS provisioning and AAAC as<br />
a convergence layer allows an easy and simple integration of any other access technology like UWB. In<br />
greater detail, the network management servers consist of an AAAC system, a Home Agent for IPv6<br />
mobility management, a QoS Broker and an IP Paging Agent. The mechanisms provided by these entities<br />
and its proper interworking provides an overall architecture, which supports an open, cheap, efficient and<br />
seamless network access.<br />
The TD-CDMA support is achieved by the direct connection of the base station to the IP network (eliminating<br />
several of the elements defined in the 3GPP UMTS architecture such as RNC, SGSN, GGSN, and thus,<br />
simplifying the overall protocol stack). The base station was developed using platform supporting TD-CDMA-<br />
TDD mode. Thus, the network access is provided by a radio access router which controls one radio cell. On IP<br />
layer one, the IP subnet is directly mapped to such a radio cell.<br />
To provide seamless mobility competitive to the one provided by existing cell networks, but with the advantage to<br />
increase the scope of mobility across cells based on different access technologies, Fast Handover with some<br />
enhancements and context transfer techniques are used. To increase the efficiency of both the mobile end systems<br />
and the resource usage of the still scarce access medium, and to overcome the tremendous power required, an IP<br />
paging concept was integrated into the overall architecture. For the provision of QoS the Diffserv model was<br />
adopted because of its higher scalability and reduced signalling overhead. For the overall end-to-end QoS<br />
provisioning, the association of Diffserv principles with the use of QoS Brokers controlling a QoS domain<br />
provided large-scale support for quality of service. The AAAC support is based on the IRTF AAA Architecture<br />
and enriched with Auditing and Charging mechanisms. This architecture covers the full integration between<br />
AAAC, QoS, and Mobility, which provides a large step towards an real All-IP 4G network architecture<br />
supporting TD-CDMA based access technologies as well as IEEE 802.11. The whole architecture is based on<br />
IPv6 exploiting all IPv6 specific support for IP based mobility management.<br />
Within <strong>Moby</strong> <strong>Dick</strong> it is foreseen, that one end-system is equipped with more that network interfaces –<br />
which might be based different technologies -, but only one interface will be user at the same time, except<br />
of a small period of time during a seamless handover procedure.<br />
Figure 2 shows a more specific figure of the overall <strong>Moby</strong> <strong>Dick</strong> architecture. Here there are different<br />
Administrative domains shown. These domains operate based on same or different access network<br />
technologies. E.g. in the figure Domain C is based all 3 network technologies considered within the<br />
project.<br />
The Correspondent Node (CN) is connected via an unknown QoS supporting access technology to the<br />
backbone and is located in the administrative Domain D.<br />
D0103v1.doc 12 / 168
D0103v1.doc Version 1 6.7.2003<br />
DomainD<br />
DomainE<br />
PA<br />
DomainB2<br />
AAAC.h<br />
QoSB.h<br />
CN<br />
PALa<br />
QoSBa<br />
AAAC.fa<br />
DomainA<br />
Rax<br />
QoS aware<br />
IP Backbone<br />
AAAC.fc<br />
QoSBc<br />
HA<br />
DomainB1<br />
DomainC<br />
Rcx<br />
RARa1 RARa2 RARc1<br />
IPsubnetA1<br />
W-CDMA<br />
IPsubnetA2<br />
W-CDMA<br />
IPsubnetC1<br />
802.11<br />
RARc2<br />
IPsubnetC2<br />
W-CDMA<br />
ARc3<br />
IPsubnetC3<br />
Ethernet<br />
MT<br />
Figure 2: Conceptual view of the <strong>Moby</strong> <strong>Dick</strong> architecture<br />
The Home Agent (HA), “home” QoS Broker (QoSB.h), and the Home AAAC server (AAAC.h) are<br />
placed currently in the same home domain – Domain B. However, this is not a must. Both, the HA and<br />
the QoS.h have to be placed in the same domain but the AAAC.h can be located somewhere else in a<br />
different domain. In this case, some additional AAA communication has to take place. Of course, each<br />
domain operated a Home Agent (HA), but for not giving the impression that a mobile user could establish<br />
dynamically relations to different Has, in the figure above only one HA is shown.<br />
The Paging Agent (PA) will be somewhere, connected as well through a QoS aware network technology<br />
to the backbone.<br />
For <strong>Moby</strong> <strong>Dick</strong> access networks the following components are necessary:<br />
• QoSB: QoS Broker for management of the QoS “requests” via profiles.<br />
• AAAC.f: Foreign AAAC server for handling Authentication, Authorisation, Accounting, and<br />
Charging issues.<br />
• (Radio) Access Routers: They are policy points in the access network. Each air interface TD-<br />
CDMA or wireless LAN (802.11) – will cover one IP sub-network. The Radio Access Router<br />
(RAR) will have at least one radio interface and one fixed line interface to the domain network.<br />
Access Router (AR) will have only interfaces to fixed lines and to each access interface a subnetwork<br />
will be assigned.<br />
• Routers (R): They are normal ingress (for incoming flows), egress (for leaving flows), and<br />
interior (inside a DS domain) DS routers.<br />
Optional for the access domains will be a local Paging Agent (PA). A local PA offers direct<br />
communication, if needed. This leads to less signalling through the backbone.<br />
The following components have to be Differentiated Services capable:<br />
• CN or the router next to this node: The CN is the source of the flow.<br />
D0103v1.doc 13 / 168
D0103v1.doc Version 1 6.7.2003<br />
• All routers: Since they have to forward the packets of QoS flows.<br />
• HA: In case, the CN does not know the location of the MT, the packets will be sent to the HA<br />
which has then to forward the traffic to the “new” location of the MT.<br />
• PA: If the MT is in idle state, the HA will forward the first few packets to the PA by using<br />
tunnelling. This tunnels have to be DS aware and will be probably implemented by mapping the<br />
respective DS code point from the tunnelled IP packet into the code point of the tunnelling IP<br />
packet.<br />
Connectivity to the QoS aware IP backbone: The different domains are connected via at least one DS<br />
egress/ingress router to the backbone. The same is valid for the inter-connection of the access networks to<br />
the domain’s “backbone”. These “sub-network” access routers can be fully mashed. However, they<br />
should have full IPsec, DS, and mobility support. These are the first and important policy points for<br />
incoming traffic (from the MT towards the backbone).<br />
4 <strong>Moby</strong> <strong>Dick</strong> Physical Components<br />
As a preparation for the implementation, the following types of physical elements were identified based<br />
on the logical and conceptual <strong>Moby</strong> <strong>Dick</strong> architecture:<br />
i) Mobile Terminal (MT)<br />
ii) Access Router (AR)<br />
iii) Radio Gateway (RG)<br />
iv) QoS broker (QoSB)<br />
v) AAAC Server<br />
vi) Paging Agent (PA)<br />
vii)Home Agent (HA)<br />
At least one set of functions has been identified for each of the physical element types, and these will be<br />
one or more software modules of the implemented system. The following sub-sections contain the<br />
complete list of functions that are associated with each physical element type. They represent the<br />
maximum list of functions, and some physical element instances may not need all of them. Each function<br />
includes handling the associated message flows.<br />
Mobile Terminal and Access Router are the two components which host logical modules of all three<br />
implementation workpackages. Paging Agent and Home Agent are modules which mostly fulfil functions<br />
for mobility management and thus are mainly derived from WP3 work. The QoS Bare mainly based ,<br />
Access Router is of course a component which is exclusively provided by <strong>Moby</strong> <strong>Dick</strong> WP2 and the<br />
AAAC Server is a WP4-exclusive component. Further, the Radio Gateway is a component for SC-TDMA<br />
specific radio access with high interaction and involvement of WP2.<br />
4.1 Mobile Terminal Software Specification<br />
This section gives the software specification of the different components of the Mobile Terminal. These<br />
include<br />
• Networking Control Panel (NCP, section 1.1.1): graphical user interface to specify user<br />
preferences and initiate manual handover execution.<br />
• Mobile Terminal Network Manager (MTNM, section 1.1.2): module to decide about handover<br />
execution.<br />
• Fast Handover module:…<br />
• Registration Module<br />
• Paging Module<br />
• Enhanced IPv6 Stack<br />
• Network Device Drivers<br />
Below is a high level integrated view of the different components.<br />
D0103v1.doc 14 / 168
D0103v1.doc Version 1 6.7.2003<br />
NCP<br />
AR<br />
Application 1<br />
Application 2<br />
MTNM<br />
Fast Handover<br />
module<br />
AR<br />
Registration<br />
module<br />
Paging<br />
module<br />
AR<br />
Enhanced IPv6 stack<br />
Standard IPv6 stack<br />
MIPL<br />
IPSec<br />
DSCP marking software<br />
Network device drivers<br />
TD-CDMA NDD on RG<br />
TD-CDMA:<br />
RCM / RCF<br />
WLAN<br />
Ethernet<br />
Internal interface<br />
Protocol<br />
communication<br />
AS on RG<br />
Access Stratum<br />
Kernel space<br />
User space<br />
Figure 3: Mobile Terminal Software Architecture<br />
4.1.1 Overview of the different components<br />
4.1.1.1 Networking Control Panel<br />
This module provides a graphical user interface, letting the user specify his preferences regarding<br />
Network Technologies (TD-CDMA, WLAN, Ethernet) and Handover execution (manual, automatic,<br />
both). The user uses it to request the beginning and the end of a network connection (AAAC registration /<br />
deregistration). The user also uses it to start a manual handover.<br />
This module also provides information about availability and quality of Network Technologies.<br />
It is implemented as a user space program, using gtk for the GUIs.<br />
4.1.1.2 Mobile Terminal Networking Manager<br />
This module will take the decision to execute handover (manual or automatic / fast or standard) and attach<br />
procedures; based on information received from the user (network preferences, handover preferences,<br />
manual handover request, explicit registration request) and information received from the networking<br />
devices (TD-CDMA, WLAN, Ethernet drivers).<br />
It will be implemented as a user space program (if needed, it will be implemented as a kernel module).<br />
The behaviour of the different sub-blocks of the MTNM will be detailed in the next section.<br />
4.1.1.3 Fast Handover module<br />
This Fast Handover Execution block is a stand-alone kernel module, implementing a fast handover<br />
mechanism, which follows the IETF Mobile IP WG Internet Draft ‘Fast Handovers for Mobile IPv6’. In<br />
order to obtain small handover interruption in combination with AAAC and QoS, Context Transfer is<br />
considered within this module.<br />
The behaviour of this Fast Handover Module, its components and the relations to previously presented<br />
<strong>Moby</strong> <strong>Dick</strong> architectural components will be detailed in the next section.<br />
D0103v1.doc 15 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.1.1.4 Registration module<br />
This module will take care of all the actions related to AAAC, mainly the registration phase. It will also<br />
be used when a handover is required, but the Fast Handover cannot be used (inter-domain mobility,<br />
unexpected network connectivity loss).<br />
The behaviour of these components will be detailed in the next section.<br />
4.1.1.5 Paging module<br />
The module basically implements the IP paging engine, which is responsible for maintenance of the<br />
signalling state machine as well as for keeping the mobile terminal’s state (active or dormant) updated.<br />
Furthermore, an interface to the enhanced IPv6 protocol stack should allow suppression of Mobile IPv6<br />
Binding Updates when being dormant as well as registration of the discovered Paging Agent with the<br />
mobile terminal’s Home Agent. Since no enhanced dormant mode and paging support comes from<br />
network device drivers within this project on IP paging specification yet, the basic functionality of the IP<br />
Paging engine during a paging process with regard to the reception of paging related messages is to<br />
handle reception of IP Paging Request messages through the different interfaces. Standard interaction<br />
between IPv6 and device driver level supports the registration of IPv6 Solicited Node Multicast<br />
Addresses, which is necessary for the reception of IP Paging messages through the shared medium<br />
interfaces. For TD-CDMA, the same mechanism will be deployed here, which is addressing the mobile<br />
terminal’s TD-CDMA Solicited Node Multicast Address from the AR/RG. This address is to be derived<br />
out of the mobile terminal’s TD-CDMA interface’s IMEI.<br />
The Dormant state watchdog is a function that should take the decision of when to enter the dormant<br />
mode. Furthermore, related signalling is initiated from this function, sending a notification to the paging<br />
engine when to enter dormant mode. For demonstration purposes, this function can be controlled<br />
manually via the NCP to allow for entering the dormant mode and active mode on request. An<br />
appropriate interface to the paging module will be implemented to allow for control from the NCP<br />
through the MTNM. Optionally, automatic dormant state and active state transition might be supported in<br />
the dormant state watchdog in future systems.<br />
The behaviour of this Paging Module, its components and the relations to previously presented <strong>Moby</strong><br />
<strong>Dick</strong> architectural components will be detailed in the next section.<br />
4.1.1.6 Enhanced IPv6 stack<br />
The enhanced IPv6 stack will be based on the IPv6 stack of the Linux kernel 2.4.16, with the following<br />
extensions:<br />
• MIPL will be the patch 0.9.1 to the IPv6 stack, providing mobility extensions.<br />
• SWAMP (Secure Wide-Area Mobility Package) combines IPSec and Mobile IPv6 implementations<br />
in the Linux kernel by providing kernel patches and user space programs.<br />
• DSCP marking software: will attribute a DSCP code to every outgoing IP packet, based on its type<br />
(signalling or data of type x, y, z …). It will be a patch to the IPv6 stack.<br />
• Fast handover functionality is provided by a ‘standalone’ kernel module (FHO module), including<br />
interface to the IPv6 stack of the kernel (e.g., sending of ICMPv6 packets) and to Mobile IPv6 (e.g.,<br />
Binding Update management in case of FHO). The first version includes a filtering functionality in<br />
the IPv6 part of the kernel, in order to filter out WLAN Router Advertisements, which are received,<br />
because the WLAN ad-hoc mode is deployed and all Access Routers are configured to the same<br />
frequency channel. In later releases, this filtering functionality is moved to the WLAN driver; i.e., the<br />
WLAN Device Driver is modified in order to provide this filtering functionality.<br />
DSCP Marking Software<br />
The DSCP marking software is composed of an application level module, which communicates with a<br />
kernel level module, to provide a table matching DSCP codes with applications types (recognised by port<br />
numbers, and any other pertinent information).<br />
Thus every packet leaving the IPV6 stack will be marked with a DSCP code.<br />
There will be one DSCP for the signalling packets (standard IPv6 signalling packets like ICMP, and<br />
specific signalling packets, if any, used by mobility, AAAC, QoS).<br />
There will be different DSCP for data packets, and the table provided by the application level module will<br />
be used to attribute them to the proper IPv6 packets<br />
The behaviour of these components will be detailed in the next section.<br />
4.1.1.7 Network Device Driver<br />
Radio Channel Manager<br />
This module will act as a generic radio driver, giving high level interfaces to open / close connections,<br />
send and receive IP packets, and get some feedback on the radio conditions.<br />
D0103v1.doc 16 / 168
D0103v1.doc Version 1 6.7.2003<br />
It will be implemented as a kernel module (RCM and RCF will be grouped in a same kernel module,<br />
namely a driver).<br />
The behaviour of the different sub-blocks of the RCM will be detailed in the next section.<br />
Radio Convergence Function<br />
This module will act as a specific TD-CDMA driver, giving low level interfaces to open / close<br />
connections, manage data channels, send and receive IP packets, get some feedback on the TD-CDMA<br />
conditions, handle the broadcasting and paging channels.<br />
It will be implemented as a kernel module (RCM and RCF will be grouped in a same kernel module,<br />
namely a driver).<br />
The behaviour of the different sub-blocks of the RCF will be detailed in the next section.<br />
Monitoring Extensions to Ethernet / WLAN driver<br />
For Ethernet, the purpose is to detect the presence of the Ethernet card, and to receive Router<br />
Advertisements.<br />
For WLAN, the purpose is to detect different Access Point, to retrieve the associated signal to noise<br />
ratios, and to receive Router Advertisements.<br />
These functions should be implemented at a L2 level. The behaviour of these components will be detailed<br />
in the next section.<br />
4.1.1.8 Access Stratum<br />
The Access Stratum provides services related to the transmission of data over the radio interface and the<br />
management of the radio interface.<br />
It includes the following Radio Interface protocols: the Physical layer, the data link layer, divided into 2<br />
sub-layers: Medium Access Control (MAC) and Radio Link Control (RLC). In the user-plane, an<br />
additional service dependant protocol exists: the Packet Data Convergence Protocol (PDCP). The lowest<br />
sub-layer of the network layer consists of one protocol, called Radio Resource Control (RRC), which<br />
belongs to the control plane.<br />
The functions and services provided by the Access Stratum will be detailed in next section.<br />
4.1.2 Detailed description of the components<br />
This section gives a detailed description of the sub-blocks of each component, and their interactions with<br />
other components .<br />
4.1.2.1 Networking Control Panel<br />
The NCP has interactions (only) with the user and the MTNM, as described in the figure below. It is split<br />
into the following sub-blocks.<br />
• Set Network Preference Sub-block<br />
• Set Handover Preference Sub-block<br />
• Manual Handover Sub-block<br />
• Network Environment Info Sub-block<br />
• Explicit Connectivity Request Sub-block<br />
4.1.2.1.1 Set Network Preferences block<br />
The user will set his/her preferences as follows: first choice x, second choice y, third choice z; with each<br />
x,y,z as one of the possible choices: Ethernet, TD-CDMA, WLAN. Each time the preferences change,<br />
they will be transmitted to the Set Network Preferences block of the MTNM (to be used for automatic<br />
handover decision), via the message SET_NETWORK_PREFERENCES. These preferences will be stored<br />
in a configuration file (one per user).<br />
Each time a user requests a connection via the Explicit Connectivity Request sub-block, the data from this<br />
configuration file will be loaded and used as the default preferences. In particular, they will be used to<br />
establish the initial connection.<br />
Each time a user requests a disconnection via the Explicit Connectivity Request sub-block, the data will<br />
be saved in the configuration file.<br />
4.1.2.1.2 Set Handover Preference block<br />
The user will set its preference as follows: automatic handover or manual handover or both. Each time the<br />
preference change, it will be transmitted to the Set Handover preference block of the MTNM, via the<br />
message SET_HANDOVER_PREFERENCE.<br />
This preference will be stored in a configuration file (one per user, same as previous one).<br />
Each time a user requests a disconnection via the Explicit Connectivity Request sub-block, the data from<br />
this configuration file will be loaded and used as the default preference.<br />
Each time a user requests a de-connection via the Explicit Connectivity Request sub-block, the data will<br />
be saved in the configuration file.<br />
D0103v1.doc 17 / 168
D0103v1.doc Version 1 6.7.2003<br />
NCP<br />
Set<br />
Network<br />
Preferences<br />
Set<br />
Handover<br />
Preference<br />
Manual<br />
Handover<br />
Network<br />
Environment<br />
Infos<br />
Explicit<br />
Connectivity<br />
Request<br />
MTNM<br />
Set<br />
Network<br />
Preferences<br />
Set<br />
Handover<br />
Preference<br />
Network<br />
Environment<br />
Infos<br />
Manual Handover<br />
Attach / Detach<br />
Procedure<br />
Figure 4: Networking Control Panel<br />
4.1.2.1.3 Network Environment Info block<br />
This block will give information to the user, about the network availability. The Ethernet will be either<br />
absent or present. The WLAN will have a certain signal to noise ratio and the TD-CDMA will have a<br />
certain signal level.<br />
These information will be transmitted by the Network Environment Info block of the MTNM, via the<br />
message NETWORK_ENVIRONMENT_INFOS.<br />
If more than one WLAN or TD-CDMA Access Point is available, only information about the one<br />
currently in use by the IP stack, or if another technology is in use by the IP stack, the one with the higher<br />
signal level; will be transmitted by the MTNM to the NCP. At the user level, we only want a choice<br />
between different network technologies, not a choice among the same network technology. We consider a<br />
choice between the same network technology for WLAN and TD-CDMA, to enable QoS driven handover<br />
for example, or to consider inter domain handover within the same technology.<br />
The information about network availability will be used during a manual handover, as explained in the<br />
associated block description.<br />
This block will also indicate which Network technology is currently being used. This information is also<br />
transmitted by the Network Environment Info block of the MTNM, via the message<br />
NETWORK_TECHNOLOGY_IN_USE (it will also contain the subnet prefix of the associated Access<br />
Router, to which we are currently attached). It will be updated when a change occurs, triggered by the<br />
Attach Procedure block, Manual Handover block, Automatic Handover block of the MTNM.<br />
This block will also enable the user to control the paging state. The message SET_PAGING_STATE sent<br />
to the MTNM will require entering the following paging state: either dormant or active. The MTNM will<br />
forward it to the paging module. This is the way the user is allowed to control paging state, for<br />
demonstration purpose.<br />
The message PAGING_STATE_INFO received from MTNM (originating from the Paging module) will<br />
indicate any change in the paging state, dormant or active.<br />
4.1.2.1.4 Manual Handover block<br />
If the Handover preference is set to manual or both, the user can execute a manual handover, selecting<br />
among the 3 network technologies (Ethernet, WLAN, TD-CDMA), one that is available (but not the<br />
D0103v1.doc 18 / 168
D0103v1.doc Version 1 6.7.2003<br />
currently in use one). The information about the availability will be retrieved from the Network<br />
Environment Infos block.<br />
The Ethernet will always be considered as available, if present.<br />
The WLAN will be considered as available if its signal to noise ratio is higher than a predefined threshold<br />
(WLAN_threshold).<br />
The TD-CDMA will be considered as available if its signal level is higher than a predefined threshold<br />
(TD-CDMA_threshold).<br />
The user will have this information: current signal level. In the first implementation stage, the user won’t<br />
be able to execute a manual handover within the same technology. If WLAN is selected, and if a better<br />
"Access Point" than the current one is available (better signal level), the MTNM may generate (this will<br />
be detailed in the description of the MTNM) a fast handover between the two "Access Points", that is not<br />
seen by the NCP (the NCP only sees the signal level of the currently used "Access Point", which is<br />
always the best choice for this technology). The same applies to TD-CDMA.<br />
The order to execute a manual handover will be transmitted to the Manual Handover block of the MTNM,<br />
via the message MANUAL_HANDOVER_REQ.<br />
An acknowledgement is expected from the MTNM, via message MANUAL_HANDOVER_ACK, with<br />
parameter status.<br />
As already stated, manual handover within the same technology for WLAN and TD-CDMA will be<br />
considered only as a research topic, and will not be implemented.<br />
In the case of automatic handover, a spontaneous acknowledgement will be sent by the MTNM, via<br />
message AUTOMATIC_HANDOVER_ACK, with parameter status. This will be used to make the user<br />
aware that an automatic handover has taken place.<br />
4.1.2.1.5 Explicit Connectivity Request block<br />
The effective connection to the network (AAAC procedures) will be explicitly triggered by the message<br />
START_NETWORK_CONNECTION , sent by the Explicit Connectivity Request block of the NCP to the<br />
Attach / Detach procedure block of the MTNM. The parameters will be the user login and password.<br />
An acknowledgement is expected from the MTNM , via message<br />
START_NETWORK_CONNECTION_ACK, with parameter status.<br />
The message TERMINATE_NETWORK_CONNECTION will be used to end the current network<br />
connection. It will also be sent by the Explicit Connectivity Request block to the Attach / Detach<br />
procedure block (the handling of this message will imply no AAAC action). No parameters will be<br />
needed.<br />
An acknowledgement is expected from the MTNM, via message<br />
TERMINATE_NETWORK_CONNECTION_ACK, with parameter status.<br />
4.1.2.2 Mobile Terminal Networking Manager<br />
The MTNM has interactions with the NCP, the different device drivers, the fast handover module, the<br />
registration module and the paging module. It is split into the following sub-blocks.<br />
MTNM<br />
Set<br />
Network<br />
Preferences<br />
Set<br />
Handover<br />
Preference<br />
Network<br />
Environment<br />
Infos<br />
Attach Procedure<br />
Manual<br />
Handover<br />
Automatic<br />
Handover<br />
Paging<br />
Figure 5: Mobile Terminal Networking Manager<br />
4.1.2.2.1 Set Network Preferences block<br />
The following schema can be used to illustrate the description of the 3 first sub-blocks.<br />
D0103v1.doc 19 / 168
D0103v1.doc Version 1 6.7.2003<br />
NCP<br />
Set<br />
Network<br />
Preferences<br />
Set<br />
Handover<br />
Preference<br />
Manual<br />
Handover<br />
Network<br />
Environment<br />
Infos<br />
Explicit<br />
Connectivity<br />
Request<br />
MTNM<br />
Set<br />
Network<br />
Preferences<br />
Set<br />
Handover<br />
Preference<br />
Network<br />
Environment<br />
Infos<br />
Network device drivers<br />
TDCDMA WLAN Ethernet<br />
Figure 6: Interactions between MTNM / NCP<br />
The MTNM will update its Network preferences each time it receives a request from the NCP, via the<br />
message SET_NETWORK_PREFERENCES. These preferences will be expressed as for the NCP: first<br />
choice x, second choice y, third choice z; with x,y,z in Ethernet, TD-CDMA, WLAN.<br />
4.1.2.2.2 Set Handover Preference block<br />
The MTNM will update the Handover preference each time it receives a request from the NCP, via the<br />
message SET_HANDOVER_PREFERENCE. This preference will be expressed as for the NCP:<br />
automatic, manual or both. This information will be used to authorize automatic handover, if the<br />
preference is automatic or both.<br />
4.1.2.2.3 Network Environment Info block<br />
This block will analyse information received from the Network device drivers, store them for use by the<br />
automatic handover decision algorithm, attach procedure; and transmit them to the NCP (as already<br />
explained in the description of the corresponding block in the NCP).<br />
The messages received from the device drivers will be ETHERNET_INFO, TD-CDMA_INFO and<br />
WLAN_INFO. The message sent to the NCP will be NETWORK_ENVIRONMENT_INFOS.<br />
First of all, we will not consider every router advertisement or signal level indications received by the<br />
different device drivers. Instead, we will limit ourselves to a “reasonable” time interval between two<br />
consecutive messages from the device drivers to the Network Environment Info block. This will avoid too<br />
frequent handover (backward and forward) if a user moves around the border of two radio coverage areas,<br />
in the case of WLAN or TD-CDMA.<br />
For the three possible network technologies, if we don’t receive an info message at the time we expect<br />
one, we will consider that the technology is not available.<br />
For Ethernet, the message INTERNET_INFO will contain the following information: absent or present,<br />
IPv6 address of the corresponding Access Router, which will be stored locally. The information absent or<br />
present will be transmitted to the NCP, if it changes, via message NETWORK_ENVIRONMENT_INFOS.<br />
For WLAN, the message WLAN_INFO will contain the following information: a list of [signal to noise<br />
ratio, IPv6 address of the corresponding Access Router, IPv6 subnet prefix of Access Router].<br />
Locally, we will keep up to two entries: the current WLAN “access point” if this technology is in use, and<br />
the best candidate for handover (which can be different from the currently used “access point”).<br />
First we will erase the current best candidate for handover, and the following algorithm will be applied to<br />
each element of the list:<br />
• If WLAN is the currently used Network technology and we receive from the WLAN device<br />
driver an update with the same identification and a different signal to noise ratio, we update the<br />
current signal to noise ratio in the MTNM and send an update message<br />
NETWORK_ENVIRONMENT_INFOS to the NCP, with the new signal level.<br />
D0103v1.doc 20 / 168
D0103v1.doc Version 1 6.7.2003<br />
• If WLA N is the currently used Network technology and we receive from the WLAN device<br />
driver an update with a different identification, we compare it to the best candidate for handover<br />
and keep the one with the highest signal to noise ratio.<br />
• If WLAN is not the currently used Network technology and we receive from the WLAN device<br />
driver an update, we compare it to the best candidate for handover and keep the one with the<br />
highest signal to noise ratio. In this case, when all candidate will have been considered, we will<br />
send an update message NETWORK_ENVIRONMENT_INFOS to the NCP, with the new signal<br />
level.<br />
For TD-CDMA, the message TD-CDMA_INFO will contain the following information: a list of [signal<br />
level, cell Id and IPv6 address of the corresponding Access Router]. We also keep up to two entries<br />
locally: current TD-CDMA “access point” if this technology is in use, and best candidate for handover.<br />
And the same algorithm as for WLAN applies.<br />
By construction, the TD-CDMA driver will have the capability to produce the information needed (cell id<br />
/ signal level / Access Router IPv6 address) and transmit them to the MTNM.<br />
An extension will be required for the WLAN driver, to retrieve the information needed (IPv6 address of<br />
Access Router - signal to noise ratio – IPv6 subnet prefix) and transmit them to the MTNM. This<br />
extension has been implemented on the Prism2 driver for the SMC WLAN cards.<br />
For Ethernet, an extension to the driver will also be needed, to monitor the Router Advertisements<br />
received on this interface (even when it is not connected to the IP stack). Here, we have two possible<br />
solutions. First one: use a specific tool to discover availability / unavailability of the Ethernet link, and<br />
retrieve router advertisements, although this facility might not be offered by all cards.<br />
Second one: connect to Ethernet driver from user space with a raw socket every N seconds, and wait until<br />
a Router Advertisement is received (with a timeout to declare the link unavailable).<br />
The specific tool proposed for the first solution has been evaluated and works fine. Therefore the first<br />
solution is implemented.<br />
The Network Environment Info block will also be aware of the current technology in use, and will warn<br />
the NCP when a change occurs (Attach Procedure, Manual Handover, and Automatic Handover), via the<br />
message NETWORK_TECHNOLOGY_IN_USE (this message will also contain the IPv6 subnet prefix of<br />
the currently used Access Router).<br />
This block will also have the responsibility, when possible, to detect that the layer two connectivity has<br />
been lost “unexpectedly”, for the network technology currently in use, or about to be used during a fast<br />
handover.<br />
• For TD-CMDA, it means receiving the message LOST_TD-CDMA_CONN from the RCM,<br />
indicating that the radio connection has been lost; or receiving a message TD-CDMA_INFO<br />
from the RCM, with a signal level lower than TD-CDMA_lower value.<br />
• For WLAN, it means receiving a message WLAN_INFO from the monitoring extension of the<br />
WLAN driver, with a signal level lower than WLAN_lower value.<br />
• For Ethernet, it means receiving the message ETHERNET_INFO, with information “Ethernet not<br />
present”.<br />
If the layer two connectivity has been lost for the currently in use network technology, the Automatic<br />
Handover procedure should be triggered to select a new Network Technology among those available (the<br />
current one will be marked as unavailable). But as we have lost connectivity with current Access Router,<br />
the Fast Handover procedure cannot be used. A “regular Handover” will have to be triggered, that is to<br />
say a registration procedure in a first implementation approach (see Handover Execution block for more<br />
details).<br />
If the layer 2 connectivity has been lost for the target technology during a Fast Handover procedure, this<br />
procedure should be aborted via a message ABORT_HANDOVER, sent to the Fast Handover module (see<br />
Handover Execution block for more details). This will not be implemented, because it complicates the<br />
whole process, and we expect the Fast Handover to be fast enough for the target technology to stay in<br />
acceptable L2 conditions.<br />
4.1.2.2.4 Attach Procedure block<br />
The “attach procedure” block can be triggered in these three first cases:<br />
• First case: the message START_NETWORK_CONNECTION has been received from the Explicit<br />
Connectivity Request block of the NCP, with parameters user login and user password. In this<br />
case, the message START_NETWORK_CONNECTION_ACK should be sent back to the NCP,<br />
after the attach procedure has been executed, with the status as parameter. This first case is the<br />
initial registration procedure, for a user that has not been authenticated and authorized yet.<br />
• Second case: a handover has been decided by the Manual or Automatic Handover sub-block, but<br />
it cannot be fast (inter domain handover), so an attach procedure is requested.<br />
D0103v1.doc 21 / 168
D0103v1.doc Version 1 6.7.2003<br />
• Third case: the layer two connectivity has been lost unexpectedly as explained in the Network<br />
Environment Info sub-block, and the Automatic Handover sub-block requests an attach<br />
procedure.<br />
NCP<br />
Set<br />
Network<br />
Preferences<br />
Set<br />
Handover<br />
Preference<br />
Manual<br />
Handover<br />
Network<br />
Environment<br />
Infos<br />
Explicit<br />
Connectivity<br />
Request<br />
MTNM<br />
Set<br />
Network<br />
Preferences<br />
Set<br />
Handover<br />
Preference<br />
Network<br />
Environment<br />
Infos<br />
Attach<br />
Procedure<br />
Registration module<br />
Network device drivers<br />
TDCDMA WLAN Ethernet<br />
Figure 7: Attach Procedure block<br />
In the first case, an initial step will be to wait until the Network Environment Info block has received<br />
information from the different device drivers. Then to select a network technology, using the information<br />
stored in the Set Network preferences block. The technology associated to each preference (from the first<br />
to the third) will be analysed, based on the information from the Network Environment Info block, and<br />
selected or rejected according to the following rules: Ethernet is selected if present, WLAN and TD-<br />
CDMA are selected if present and signal to noise ratio for WLAN, signal level for TD-CDMA, is higher<br />
than a predefined threshold (respectively WLAN_threshold and TD-CDMA_threshold).<br />
For example, if network preferences are first WLAN, second TD-CDMA and third Ethernet; and if<br />
WLAN signal to noise ratio is lower than WLAN_threshold, but TD-CDMA signal level higher than TD-<br />
CDMA_threshold and Ethernet is present: WLAN is examined first and rejected, TD-CDMA is examined<br />
second and selected.<br />
In the two other cases, the target network technology will already have been chosen, by the manual or<br />
automatic handover block.<br />
The next step is to assure the L2 connectivity via the device driver of the selected technology. This step<br />
will be detailed in section ‘Handover Execution’, for each of the 3 available technologies. One can refer<br />
to this section for the detailed procedure.<br />
Then link the IP stack to the device driver of the selected Network technology.<br />
The final step is to send the appropriate message to the Registration module, to trigger the AAAC<br />
mechanisms involved in the Attach Procedure:<br />
the message START_REGISTRATION will be used, with parameters: Home Address and CoA of MT,<br />
Access Router IP address, user login and user password. An acknowledgement message will be sent from<br />
the Registration module to the MTNM, REGISTRATION_ACK, to give the status of the attachment.<br />
If it is negative, the global procedure can be restarted after a certain timeout.<br />
The “attach procedure” block can also be triggered to end a user session, when the message<br />
TERMINATE_NETWORK_CONNECTION has been received from the Explicit Connectivity Request<br />
block of the NCP, with no parameter.<br />
D0103v1.doc 22 / 168
D0103v1.doc Version 1 6.7.2003<br />
No AAAC mechanism is involved in this case, so the registration module will not be involved in this<br />
case.<br />
The L2 resources of the current technology in use will be released if needed (see section ‘Handover<br />
Execution’). Then the message TERMINATE_NETWORK_CONNECTION_ACK should be sent back to<br />
the NCP, after the detach procedure has been executed, with the status as parameter.<br />
4.1.2.2.5 Manual Handover block<br />
NCP<br />
Set<br />
Network<br />
Preferences<br />
Set<br />
Handover<br />
Preference<br />
Manual<br />
Handover<br />
Network<br />
Environment<br />
Infos<br />
Explicit<br />
Connectivity<br />
Request<br />
MTNM<br />
Set<br />
Network<br />
Preferences<br />
Set<br />
Handover<br />
Preference<br />
Network<br />
Environment<br />
Infos<br />
Manual<br />
Handover<br />
Fast Handover module<br />
Network device drivers<br />
TDCDMA WLAN Ethernet<br />
Figure 8: Manual Handover block<br />
When the command MANUAL_HANDOVER_REQ is received from the Manual Handover block of the<br />
NCP (only when handover preference is set to manual and both mode), the decision to execute the<br />
Handover is taken immediately, because every necessary control have been done at the NCP level (in<br />
particular, the signal levels for WLAN and TD-CDMA are higher than the predefined thresholds<br />
WLAN_threshold and TD-CDMA_threshold).<br />
If the handover preference is set to manual, handover among two different “access point” of the same<br />
Network technology will also be automatically considered, for WLAN and TD-CDMA (as explained in<br />
the description of NCP).<br />
Every n milliseconds, the following actions will be taken, if the current Network Technology is WLAN or<br />
TD-CDMA, and only if the current signal level is lower to a predefined threshold (WLAN_threshold and<br />
TD-CDMA_threshold respectively: we don’t want to trigger handover too often if the current connection<br />
is good enough) :<br />
(we take the example of WLAN, but the same applies to TD-CDMA) we compare the information in<br />
Network Environment Infos block for the current WLAN “access point” and the WLAN “access point”<br />
best candidate for handover. If current WLAN signal to noise ratio + delta_WLAN < best candidate<br />
WLAN signal to noise ratio, a decision for handover is taken. We introduce delta_WLAN, because we<br />
don’t want to handover to a WLAN new “access point”, which signal level is not significantly better.<br />
(The same relation is introduced for TD-CDMA: TD-CDMA signal level + delta_TD-CDMA < best<br />
candidate TD-CDMA signal level).<br />
D0103v1.doc 23 / 168
D0103v1.doc Version 1 6.7.2003<br />
When the decision to execute a handover is taken, we enter in a phase common to manual and automatic<br />
handover, which we will call Handover Execution,.<br />
4.1.2.2.6 Automatic Handover block<br />
MTNM<br />
Set<br />
Network<br />
Preferences<br />
Set<br />
Handover<br />
Preference<br />
Network<br />
Environment<br />
Infos<br />
Automatic<br />
Handover<br />
Fast Handover module<br />
Network device drivers<br />
TDCDMA WLAN Ethernet<br />
Figure 9: Automatic Handover block<br />
Every n milliseconds, the following actions will be taken:<br />
The automatic handover will be considered if the handover preference, in the Set Handover preference<br />
block, is set to automatic or both.<br />
The automatic handover decision algorithm will consider the current Network technology used,<br />
information from the Set Network Preferences block and from the Network Environment Infos block; to<br />
decide if a handover should occur.<br />
The following table gives the different possibilities for the Network preferences, and it will be used to<br />
illustrate the decision algorithm.<br />
Network Preferences TD-CDMA 1 TD-CDMA 2 TD-CDMA 3<br />
WLA N 1 Ethernet 3 (case I) Ethernet 2 (case II)<br />
WLAN 2 Ethernet 3 (case III) Ethernet 1 (case IV)<br />
WLAN 3 Ethernet 2 (case V) Ethernet 1 (case VI)<br />
Table 1: Network Preferences<br />
Given the current technology in use, the Network technologies with a higher preference level will be<br />
considered from top to bottom; and if one is appropriate, the handover decision will be taken. For<br />
example, in case IV, if the current technology in use is WLAN, only Ethernet will be considered as a<br />
potential handover technology. And in case V, if the current technology in use is WLAN, TD-CDMA will<br />
be considered first, and Ethernet second, as a potential handover technology.<br />
In the case of WLAN and TD-CDMA, if no Network technology with a higher preference level is<br />
selected for handover, a handover within the same Network Technology will be considered, to a new subnetwork;<br />
but only if the signal level is lower than a predefined threshold (WLAN_threshold and TD-<br />
CDMA_threshold respectively).<br />
The 3 following situations can happen:<br />
• Ethernet is the current Network Technology: higher preference level Network technologies are<br />
considered.<br />
D0103v1.doc 24 / 168
D0103v1.doc Version 1 6.7.2003<br />
o For TD-CDMA, a decision for handover is taken if the signal level of best candidate for<br />
handover is higher than TD-CDMA_threshold.<br />
o For WLAN, a decision for handover is taken if the signal level of best candidate for<br />
handover is higher than WLAN_threshold.<br />
• WLAN is the current Network Technology: higher preference level Network technologies are<br />
considered.<br />
o For TD-CDMA, a decision for handover is taken if the signal level of best candidate for<br />
handover is higher than TD-CDMA_threshold.<br />
o For Ethernet, a decision for handover is taken if this technology is present.<br />
o If no higher preference Network technology is selected, current signal level is lower<br />
than WLAN_threshold, a best candidate for WLAN “access point” handover is present<br />
in the Network Environment Infos, and the signal levels follow this relation: current<br />
WLAN signal level + delta_WLAN < best candidate WLAN signal level, a decision for<br />
handover is taken. We introduce delta_WLAN, because we don’t want to handover to a<br />
WLAN new “access point”, which signal level is not significantly better.<br />
• TD-CDMA is the current Network Technology: higher preference level Network technologies<br />
are considered.<br />
o For WLAN, a decision for handover is taken if the signal level of best candidate for<br />
handover is higher than WLAN_threshold.<br />
o For Ethernet, a decision for handover is taken if this technology is present.<br />
o If no higher preference Network technology is selected, current signal level is lower<br />
than TD-CDMA_threshold, a best candidate for TD-CDMA “access point” handover is<br />
present in the Network Environment Infos, and the signal levels follow this relation:<br />
current TD-CDMA signal level + delta_TD-CDMA < best candidate TD-CDMA signal<br />
level, a decision for handover is taken. We introduce delta_TD-CDMA, because we<br />
don’t want to handover to a TD-CDMA new “access point”, which signal level is not<br />
significantly better.<br />
In the case of WLAN and TD-CDMA, if no higher or same preference level Network technology is<br />
selected, and if the current signal level is lower to the predefined threshold (respectively<br />
WLAN_threshold and TD-CDMA_threshold), lower preference level network technologies can be<br />
considered if we are in both mode, by executing a manual handover via the NCP (this case will not be<br />
considered in automatic mode, as it can lead to an uncontrolled succession of automatic handovers<br />
between different technologies). The same criteria per current technology in use will be considered, as<br />
when higher preference level Network technologies are considered.<br />
When a decision to execute handover is taken, we enter in a phase common to manual and automatic<br />
handover, which we will call Handover Execution, and that will be described later.<br />
4.1.2.2.7 Handover Execution<br />
This mechanism is a common part of the Manual and Automatic Handover blocks.<br />
The first thing is to decide whether we are about to execute an intra or inter domain handover. The<br />
solution proposed is to use the Router Advertisements to convey this information: two bits in the IP<br />
subnet prefix will identify the domain. The MTNM memorizes the current domain, and extracts the new<br />
domain from the IP address of the target Access Router, and makes the decision by comparing them.<br />
In case we are currently in Paging Dormant mode, we will only execute a L2 handover (no FHO or<br />
registration procedure). So we will only go through the procedure executing Layer 2 handover, which is<br />
detailed below in the fast handover description.<br />
First intra-domain handover is considered, which will result in a fast-handover.<br />
The MTNM sends the message START_FHO to the Fast Handover module, to request fast handover<br />
execution, with the IP address of the new Access Router, the IP address of the old Access Router, the new<br />
interface name, the old interface name, as parameters.<br />
The Fast Handover module will prepare the fast handover by contacting the old Access Router, and will<br />
receive an answer when everything is ready. For the moment, we consider the case where the FHO can be<br />
executed.<br />
The Fast Handover module will send the message L2_REQ, to request the MTNM to execute the layer 2<br />
handover. This will require:<br />
• If Ethernet is the new L2 technology, nothing needs to be done.<br />
• If WLAN is the new L2 technology, the message USE_WLAN_AR must be sent to the WLAN<br />
driver, with parameters IPv6 address of new Access Router and IPv6 subnet prefix of new Access<br />
D0103v1.doc 25 / 168
D0103v1.doc Version 1 6.7.2003<br />
Router. The acknowledge message USE_WLAN_AR_ACK will be received from the WLAN<br />
driver, with parameter status.<br />
• If TD-CDMA is the new L2 technology, the message OPEN_TD-CDMA_CONN must be sent<br />
to the TD-CDMA driver, with parameters cell Id of selected Radio Gateway, Home Address and<br />
CoA of MT. The acknowledge message OPEN_TD-CDMA_CONN_ACK will be received from<br />
the TD-CDMA driver, with parameters local_connection_reference and status.<br />
• If Ethernet is the old L2 technology, nothing needs to be done.<br />
• If WLAN is the old L2 technology, nothing needs to be done.<br />
• If TD-CDMA is the old L2 technology, the message CLOSE_TD-CDMA_CONN must be sent<br />
to the TD-CDMA driver, with parameter local_connection_reference. The acknowledge<br />
message CLOSE_TD-CDMA_CONN_ACK will be received from the TD-CDMA driver, with<br />
parameters local_connection_reference and status.<br />
• If WCMA is the old and new L2 technology, we will use only the message OPEN_TD-<br />
CDMA_CONN, with a specific parameter (fho_optimisation). The TD-CDMA driver will first<br />
close the old connection, then open the new one, and send the acknowledge message OPEN_TD-<br />
CDMA_CONN_ACK.<br />
If the L2 handover was successful, the MTNM will “link” the IP stack to the new L2 driver and send<br />
message L2_ACK to the FHO module, with status OK.<br />
If the L2 handover was not successful, the MTNM will send message L2_ACK to the FHO module, with<br />
status NOT OK; and will request an automatic handover (as we have lost L2 connectivity), that will be<br />
“slow” (new registration).<br />
If the L2 handover was successful, the MTNM will wait for the answer of the Fast Handover module,<br />
FHO_ACK, which will be either OK or NOT OK. If it is OK, we are done. If it is NOT OK, at this point,<br />
we cannot go back and the MTNM will request an automatic handover, that will be “slow” (new<br />
registration).<br />
We have to consider the case when the FHO module answers directly to message START_FHO with<br />
message START_FHO_ACK, with a negative status. This situation will happen when there are no<br />
available QoS resources on the new Access Router. In this case, we are still connected with the old<br />
Access Router, and we can try another Fast Handover manually or automatically, based on the current<br />
user preferences. For this, we will have to mark the Access Router that we have tried as unavailable for<br />
the next choice.<br />
Then we consider inter-domain handover or the case where the Fast Handover procedure cannot apply<br />
because the layer two connection has been lost, as explained in the section on Network Environment Infos<br />
block.<br />
In this case, a “slow” handover should be used, which for the moment is identical to the registration<br />
scenario.<br />
The attach procedure sub-block will take care of this handover procedure, which will basically consist of<br />
a registration procedure (one of the first thing to do will be to establish a L2 connection to the selected<br />
Access Router, as explained in details before, for the fast handover procedure).<br />
4.1.2.2.8 Paging block<br />
The Paging sub-block of the MTNM will basically perform the requests received from the Paging<br />
module.<br />
Upon reception of the message INFO_REQ from the Paging module, it will retrieve the appropriate<br />
information from the Network Environment Infos sub-block of the MTNM, and send them to the Paging<br />
module via message INFO_REPLY. These will be: the IPv6 address of the current Access Router, and the<br />
MAC address of the different available device drivers (Ethernet, WLAN, TD-CDMA upon availability).<br />
Upon reception of the message SET_STATE_INFO, with parameter state, it will:<br />
• If state is dormant, forward the information to the Network Environment Infos sub-block of MTNM,<br />
so that every time a handover is needed, it will be only a Layer 2 handover (no Fast Handover or<br />
Registration signalling will be involved).<br />
• If state is active, exit the paging dormant mode by contacting the Attach Procedure sub-block, to<br />
trigger a new Registration.<br />
This information will also be transmitted to the Network Environment Infos sub-block of NCP, via<br />
message PAGING_STATE_INFO.<br />
The Paging sub-block of the MTNM can also receive a request from the Network Environment Infos subblock<br />
of NCP, via message SET_PAGING_STATE, with parameter state (active or dormant). This is the<br />
way the user is allowed to control paging state, for demonstration purpose.<br />
This request will be transmitted to the paging module via message NOTIFY_MSG.<br />
D0103v1.doc 26 / 168
D0103v1.doc Version 1 6.7.2003<br />
NCP<br />
Set<br />
Network<br />
Preferences<br />
Set<br />
Handover<br />
Preference<br />
Manual<br />
Handover<br />
Network<br />
Environment<br />
Infos<br />
Explicit<br />
Connectivity<br />
Request<br />
MTNM<br />
Attach<br />
Procedure<br />
Network<br />
Environment<br />
Infos<br />
Paging<br />
Paging module<br />
Figure 10: Paging block<br />
4.1.2.3 Radio Channel Manager<br />
The Radio Channel Manager is the generic part of the Radio driver. It provides a generic interface to the<br />
MTNM and to the enhanced IPv6 stack. It provides also a generic interface to the lower layer of the<br />
Radio driver: the Radio Convergence Function. It is split into the following sub-blocks.<br />
RCM<br />
Radio Connection<br />
Radio<br />
Manager<br />
Connection Manager<br />
Radio<br />
Infos<br />
Open /<br />
Close<br />
Packet Transmission<br />
Control<br />
Data<br />
Packet<br />
Packet<br />
Packet Packet Reception Reception<br />
Control<br />
Data<br />
Packet<br />
Packet<br />
Conn<br />
Figure 11: Radio Channel Manager<br />
D0103v1.doc 27 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.1.2.3.1 Radio Connection Manager block<br />
Paging module<br />
MTNM<br />
Network<br />
Environment<br />
Infos<br />
Administration,<br />
reconfiguration,<br />
of drivers<br />
Enhanced IPv6 stack<br />
RCM<br />
Radio<br />
Connection Manager<br />
Radio<br />
Infos<br />
Open /<br />
Close<br />
Packet Transmission<br />
Control Data<br />
Packet Packet<br />
Packet Reception<br />
Control Data<br />
Packet Packet<br />
Conn<br />
RCF<br />
TD-CDMA<br />
Connection Manager<br />
TDcdma<br />
Infos<br />
Open /<br />
Close<br />
Paging<br />
Control Channel Mngt<br />
Send /<br />
Receive<br />
Data Channel Mngt<br />
Open / Send /<br />
Close Receive<br />
Conn<br />
Data<br />
Data<br />
Chanels<br />
Data<br />
AS<br />
4.1.2.3.2 Radio Infos sub-block<br />
Figure 12: Radio Connection Manager Block in the Mobile Terminal<br />
The Radio Infos sub-block transmits radio information received from the RCF to the Network<br />
Environment Infos block of the MTNM, via the message TD-CDMA_INFO.<br />
It could also transmit a request for radio information from the MTNM to the RCF, if this was needed (the<br />
Access Stratum provides this functionality: query proactively radio conditions). In our implementation,<br />
this service is not needed and will not be implemented.<br />
The precise format of the radio information is transparent to the RCM layer, but is defined between the<br />
RCF and the MTNM.<br />
4.1.2.3.3 Open / Close Connection sub-block<br />
The Open / Close Connection sub-block manages the Radio Connections. It transmits a request received<br />
from the MTNM, via message OPEN_TD-CDMA_CONN, to open a connection, to the RCF. There will<br />
be 4 parameters: cell id of the Radio Gateway we want to connect to, Home Address of the MT, CoA of<br />
the MT, Fast Handover optimisation flag (if we are performing a fast handover between two Radio<br />
Gateways).<br />
It transmits the report status from the RCF of the open connection command, via message OPEN_TD-<br />
CDMA_CONN_ACK, to the MTNM. There will be two parameters: local connection reference and status.<br />
It transmits a request received from the MTNM, via message CLOSE_TD-CDMA_CONN, to close a<br />
connection, to the RCF. There will be one parameter: local connection reference.<br />
It transmits the report status from the RCF of the close connection command, via message CLOSE_TD-<br />
CDMA_CONN_ACK, to the MTNM. There will be two parameters: local connection reference and status.<br />
It also transmits any report from the RCF that the connection has been lost, to the MTNM, via message<br />
LOST_TD-CDMA_CONN. There will be one parameter: local connection reference.<br />
D0103v1.doc 28 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.1.2.3.4 Paging<br />
There is no specific entity in the RCM module to handle paging. The paging entity in the RCF directly<br />
transmits the IP paging packets to the Control Packet sub-block, of the Packet Reception block, of the<br />
RCM. These IP paging packets will be passed to the IPv6 stack, and will automatically reach the Paging<br />
module.<br />
Enhanced IPv6 stack<br />
RCM<br />
Radio<br />
Connection Manager<br />
Radio<br />
Infos<br />
Open /<br />
Close<br />
Packet Transmission<br />
Control Data<br />
Packet Packet<br />
Packet Reception<br />
Control Data<br />
Packet Packet<br />
Conn<br />
RCF<br />
TD-cdma<br />
Infos<br />
TDCDMA<br />
Connection Manager<br />
Open /<br />
Close<br />
Conn<br />
Paging<br />
Control Channel Mngt<br />
Send /<br />
Receive<br />
Data<br />
Data Channel Mngt<br />
Open /<br />
Close<br />
Data<br />
Chanels<br />
Send /<br />
Receive<br />
Data<br />
AS<br />
4.1.2.3.5 Packet Transmission block<br />
Figure 13: Packet Transmission block<br />
The connection must have been opened by the Radio Connection Manager sub-block, before any IP<br />
packet can be transmitted (if it’s not the case, they will be dropped, but this should never happen as the<br />
TD-CDMA driver is “linked” to the IP stack only when the radio connection is established). An open<br />
connection means that the Access Stratum has established all the associated radio control channels, but<br />
that no radio bearer has been pre-established.<br />
In case of connection loss, we do not buffer the received IP packets, as it will take time to re-establish the<br />
connection (we will have to perform the whole registration process), and we do not even know if we will<br />
still be using the TD-CDMA, or if the MTNM will decide to use another technology (WLAN / Ethernet).<br />
The only case when we will probably want to buffer IP packets is during a fast handover between two<br />
Radio Gateways, during the phase between the closing of the old connection and the opening of the new<br />
connection; as the TD-CDMA driver is constantly “linked” to the IP stack and can receive packets at any<br />
time during this process.<br />
The Packet Transmission block receives IP packets from the enhanced IPv6 stack.<br />
It will determine if it is an IP signalling packet or an IP data packet, by analysing its DSCP code (the IP<br />
signalling packets will have a specific DSCP code).<br />
The IP signalling packets are transmitted directly to the Control Channel Management block of the RCF<br />
(with the local connection reference).<br />
The data packets are analysed to perform the mapping between IP QoS classes and radio bearers / radio<br />
QoS classes: based on the DSCP of the IP packet, a radio bearer is selected, with a radio QoS class<br />
associated to it. The RCM manages a fixed number of radio bearer, each one associated to one of the<br />
radio QoS class available. This mapping is performed on the Radio Gateway, not on the Mobile Terminal.<br />
If the radio bearer is not yet establis hed, a request is made to the Data Channel Management block of the<br />
D0103v1.doc 29 / 168
D0103v1.doc Version 1 6.7.2003<br />
RCF to establish it, with the local connection reference, the DSCP code, the source and destination<br />
address of the IP packet, as parameters.<br />
An answer is expected from the RCF, to give the status of this operation, upon which the radio bearer is<br />
declared established or not. The answer will contain the original DSCP code, the radio bearer Id and a<br />
SAP Id as parameters.<br />
If the bearer is established, the IP data packets can be transmitted to the Data Channel Management block<br />
of the RCF (with the radio bearer Id and SAP id), to be sent on the radio bearer by the AS.<br />
Two requests to open a radio bearer can be handled in parallel.<br />
While the request to open a radio bearer is handled, the corresponding IP packets will be stored to be sent<br />
when the bearer is effectively established.<br />
Important point: before the user has been authenticated and authorized, no IP data packet should be<br />
transferred (they should be buffered in the TD-CDMA driver); only signalling packets should be<br />
transferred. This means we should not attempt to open radio bearers until we are authenticated and<br />
authorized.<br />
In the current implementation, we will not buffer IP data packets, we will open radio bearers, and it will<br />
be up to the AAAC Attendant in the Access Router to control the IP packets received, and let them go<br />
further or not.<br />
In a more advanced implementation design, the MTNM could warn the RCM that we are authenticated<br />
and authorized via a specific control message. Before its reception, we buffer IP data packets and after its<br />
reception, we open radio bearers and send IP data packets. This will not be part of the <strong>Moby</strong> <strong>Dick</strong><br />
implementation.<br />
4.1.2.3.6 Packet Reception block<br />
Enhanced IPv6 stack<br />
RCM<br />
Radio Connection<br />
Manager<br />
Radio<br />
Infos<br />
Open /<br />
Close<br />
Packet Transmission<br />
Control Data<br />
Packet Packet<br />
Packet Reception<br />
Control Data<br />
Packet Packet<br />
Conn<br />
RCF<br />
TD-cdma<br />
Infos<br />
TD-CDMA<br />
Connection Manager<br />
Open /<br />
Close<br />
Conn<br />
Paging<br />
Control Channel Mngt<br />
Send /<br />
Receive<br />
Data<br />
Data Channel Mngt<br />
Open / Send /<br />
Close Receive<br />
Data Data<br />
Chanels<br />
AS<br />
Figure 14: Packet Reception block<br />
The IP signalling packets and the IP data packets received from the RCF are directly transmitted to the<br />
IPv6 stack. Some of the IP signalling packets are “pure” IP signalling and will be used by the IPv6 stack.<br />
The other IP signalling packets will be automatically directed to the appropriate module (fast handover,<br />
registration or paging) by the IPv6 stack.<br />
D0103v1.doc 30 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.1.2.4 Radio Convergence Function<br />
The Radio Convergence Function is the specific part of the Radio driver. It has a generic interface with<br />
the upper layer of the Radio driver: the Radio Channel Manager. It has a specific interface with the<br />
Access Stratum, to take into account the specificities of the TD-CDMA AS layer. It is split into the<br />
following sub-blocks.<br />
RCF<br />
TD-CDMA Connection WCDMA Manager<br />
Connection Manager<br />
TD-cdma Wcdma<br />
Infos<br />
Infos<br />
Open /<br />
Close<br />
Conn<br />
Paging<br />
Control<br />
Control<br />
Channel<br />
Channel<br />
Mngt<br />
Mngt<br />
Send /<br />
Receive<br />
Data<br />
Data<br />
Data<br />
Channel<br />
Channel<br />
Mngt<br />
Mngt<br />
Open /<br />
Send /<br />
Close<br />
Receive<br />
Data<br />
Data<br />
Channels<br />
Figure 15: Radio Convergence Function<br />
The schemas of the previous section on the RCM can be used to describe the interactions between the<br />
RCM / RCF / AS modules.<br />
4.1.2.4.1 TD-CDMA Connection Manager block<br />
TD-CDMA Infos sub-block<br />
The WCMDA Infos sub-block will receive the following messages from the AS:<br />
• INFORMATION_BROADCAST_IND, with the list of IP addresses of neighbouring Access<br />
Routers (connected to Radio Gateways) and an associated RG Identifier (the cell Id) for each of<br />
them.<br />
• MEASUREMENT_INDICATION, with a table containing a list of signal quality level for the<br />
neighbouring Radio Gateways and their associated cell Id.<br />
A table will be maintained and updated, with the 3 following information, if available: RG Identifier (cell<br />
Id), IP address of AR, signal level quality.<br />
Every time a new MEASUREMENT_INDICATION or INFORMATION_BROADCAST_IND will be<br />
received from the AS, the table will be updated.<br />
Every n milliseconds, the message TD-CDMA_INFO will be transmitted to the Radio Infos sub-block of<br />
the RCM, to be transferred to the Network Environment Infos block of the MTNM. It will contain a list<br />
with the following information: cell Id, signal level quality, IP address of AR (extracted from the<br />
previously described table).<br />
The MTNM could also proactively request the sending of the message TD-CDMA_INFO at any moment,<br />
as already explained in a previous section. It would trigger the sending of the message<br />
MEASUREMENT_REQ to the AS, to obtain updated information via the AS message<br />
MEASUREMENT_IND. This will not be implemented in <strong>Moby</strong> <strong>Dick</strong>, as we don’t need it.<br />
The WCMDA Infos sub-block will also receive the following messages from the AS:<br />
• INFORMATION_BROADCAST_IND, with a router advertisement from the Access Router<br />
associated to a neighbouring RG.<br />
These router advertisements from the Access Router, received via AS message<br />
INFORMATION_BROADCAST_IND, will be transferred to the Control Packet sub-block, of the Packet<br />
Reception block of the RCM. They will then be passed directly to the IPv6 stack.<br />
Open / Close Connection sub-block<br />
The Open / Close Connection sub-block manages the radio connections. Upon reception of a request to<br />
open a connection from the RCM, it will request the AS to execute it, via the message<br />
CONNECTION_ESTABLISHMENT_REQ, with a local connection reference (to be attributed locally) and<br />
the cell Id (if not provided, the best available RG is chosen by the AS) as parameters. It will wait for the<br />
answer of the AS, via message CONNECTION_ESTABLISHMENT_RESP, with the local connection<br />
reference and a status. The status and the local connection reference will be transmitted to the RCM, to be<br />
handled at the RCM level.<br />
D0103v1.doc 31 / 168
D0103v1.doc Version 1 6.7.2003<br />
Then some information about the connection will be transmitted to the Radio Gateway, via message<br />
DATA_TRANSFER_REQUEST. The parameter data will be a specific message type<br />
(NAS_CONNECTION_INFO), and the transmitted information will be the Home Address and the CoA of<br />
the Mobile Terminal.<br />
- Upon reception of a request to close the connection from the RCM, it will request the AS to execute it,<br />
via message CONNECTION_RELEASE_REQ. After this, it will notify the RCM, that the connection has<br />
been closed, passing the parameters local connection reference and status.<br />
The connection cannot be closed on the Radio Gateway initiative.<br />
- Upon reception of a notification from the AS, that the connection has been lost, via message<br />
CONNECTION_LOSS_IND, it will notify the RCM, with the local connection reference as parameter.<br />
Paging sub-block<br />
The paging sub-block directly transmits the IP paging packets received from the AS, via message<br />
NOTIFICATION_IND, to the Control Packet sub-block, of the Packet Reception block, of the RCM.<br />
These IP paging packets will be passed to the IPv6 stack, and will automatically reach the Paging module.<br />
TD-CDMA EUI-64 identifier<br />
The hardware identifier of the TD-CDMA driver will be based on the IMEI of the Mobile Terminal. By<br />
construction, we will not be able to use it directly as a MAC address (like for Ethernet or WLAN), as its<br />
format is different. Therefore, we will have to build the EUI-64 identifier by ourselves and register it to<br />
the TD-CDMA device driver. This will be used to build the IPv6 address.<br />
4.1.2.4.2 Control Channel Management block<br />
When the connection is established with the Radio Gateway, a radio control channel is automatically<br />
allocated. Therefore there is no need to open / close control channels.<br />
Any IP control packet received from the RCM (with the associated local connection reference) is<br />
transmitted to the AS, via message DATA_TRANSFER_REQ, to be transferred to the Radio Gateway on<br />
the radio control channel.<br />
Any radio control packet received from the AS, via message DATA_TRANSFER_IND, containing IP<br />
signalling, is transmitted to the RCM Packet Reception block.<br />
The parameter data of the DATA_TRANSFER_REQ and DATA_TRANSFER_IND will be a specific<br />
message type (NAS_IP_SIGNALLING), to identify the content of the AS message as IP signalling.<br />
This IP control packet can be pure IP protocol signalling, but also specific signalling for AAAC and<br />
mobility.<br />
Some signalling specific to the NAS can also be exchanged between the Mobile Terminal and the Radio<br />
Gateway, using a specific message type for the parameter data of the DATA_TRANSFER_REQ and<br />
DATA_TRANSFER_IND messages. This will not be addressed here, but directly in the sections where this<br />
signalling is used.<br />
4.1.2.4.3 Data Channel Management block<br />
Open / Close Data Channels sub-block<br />
When the connection is established with the Radio Gateway, no radio bearer is established.<br />
Upon reception of a request from the RCM to open a radio bearer, a DATA_TRANSFER_REQ is made to<br />
the AS, to transmit to the Radio Gateway the request for opening the radio bearer. The parameter data of<br />
the DATA_TRANSFER_REQ message will be of a specific type<br />
(NAS_RADIO_BEARER_ESTABLISHMENT_REQ), to recognize the radio bearer establishment request,<br />
with the DSCP code, the source and destination IPv6 address of the packet, as parameters.<br />
An answer is expected from the Radio Gateway, that will be received by the AS and transmitted to the<br />
RCF: RADIO_BEARER_ESTAB_IND, with the parameters: local connection reference, radio bearer id,<br />
SAP id, radio QoS class, DSCP code.<br />
A status is sent to the Packet Transmission block of the RCM, to confirm the opening of the radio bearer<br />
associated to the radio QoS class, with the parameters radio bearer id, SAP id, radio QoS class, DSCP<br />
code.<br />
A timer with a timeout will be started after the DATA_TRANSFER_REQ message has been sent, and if<br />
the RADIO_BEARER_ESTAB_IND is not received before the timeout, a negative confirmation will be<br />
sent to the RCM, indicating that the radio bearer is not opened.<br />
The requests to open radio bearers can be treated in parallel, as the message<br />
RADIO_BEARER_ESTAB_IND contains all the necessary information to identify two different requests.<br />
A RADIO_BEARER_ESTAB_IND message can be received spontaneously, if the opening of the radio<br />
bearer is on the Radio Gateway initiative. In this case again, the parameters of the message will enable its<br />
treatment.<br />
If a RADIO_BEARER_RELEASE_IND is received from the AS, parameters: local connection reference<br />
and radio bearer id, a message must be sent to the Packet Transmission block of the RCM, with the<br />
D0103v1.doc 32 / 168
D0103v1.doc Version 1 6.7.2003<br />
associated radio bearer Id, to warn it that the radio bearer is now closed and no data packet for the<br />
associated radio QoS class can be sent.<br />
Send / Receive Data sub-block<br />
The Send / Receive Data sub-block manages the sending and reception of data packets to and from the<br />
AS.<br />
When an IP data packet is received from the RCM, with the associated radio bearer id and SAP Id, the<br />
radio bearer is already opened (this has been taken care of in the RCM, before transmitting this packet).<br />
Therefore, the RCF directly makes a PDCP_DATA_REQ to the AS on the appropriate SAP, to transfer<br />
the data packet to the Radio Gateway, with parameters radio bearer id, data packet length and data packet.<br />
When an IP data packet sent by the Radio Gateway is received from the AS via the message<br />
PDCP_DATA_IND, with parameters: radio bearer id, data packet length and data packet; this IP data<br />
packet is directly transmitted to the Packet Reception block of the RCM.<br />
4.1.2.5 Fast Handover module<br />
MTNM<br />
Set<br />
Network<br />
Preferences<br />
Set<br />
Handover<br />
Preference<br />
Automatic / Manual<br />
Handover<br />
Network<br />
Environment<br />
Infos<br />
Fast RCF Handover Module<br />
Context<br />
Transfer<br />
WCDMA<br />
Connection Manager<br />
Wcdma<br />
Infos<br />
Fast Handover<br />
Execution<br />
Open /<br />
Close<br />
Enhanced IP stack and<br />
Mobile IP stack<br />
Network device drivers<br />
TDCDMA WLAN Ethernet<br />
Figure 16: FHO module and its interfaces<br />
The Fast Handover module must be installed on every Access Router and Mobile Node wanting to<br />
exchange FHO messages in the <strong>Moby</strong> <strong>Dick</strong> scenario. It provides the complete Fast Handover IP<br />
mechanism and signalling for fast intra-domain handover. The module must not be triggered for interdomain<br />
handover, since administrative domain distinction within the <strong>Moby</strong> <strong>Dick</strong> trial is provided in the<br />
MTNM by comparison of the last two bits of the IPv6 network-prefix. The inter-domain handover will be<br />
handled like a new registration, since this kind of handoff may not be fast, because the home domain must<br />
be contacted.<br />
The following figure sketches the relations of the Fast Handover Linux Kernel Module with the related<br />
<strong>Moby</strong> <strong>Dick</strong> components on the Mobile Terminal, i.e., the MTNM, IP/MIPL stack and the network device<br />
drivers.<br />
The Fast Handover module has been implemented as a Linux kernel module, because this provides most<br />
possible independence from the IPv6 and Mobile IPv6 stack and at the same time provides fast message<br />
processing. The fast handover signalling messages are sent via the enhanced IPv6 stack, i.e., deploy the<br />
sending functionality of this stack, and therefore this module does not require awareness of the current<br />
access technology.<br />
D0103v1.doc 33 / 168
D0103v1.doc Version 1 6.7.2003<br />
Since MTNM module is in user space and FHO module is in kernel space, as specified before, to<br />
exchange messages between them we deployed the character device technology. The character device is a<br />
special device which allows the communication between user space and kernel space; figure 17 depicts<br />
the behaviour of FHO module.<br />
USERSPACE<br />
MTNM<br />
KERNELSPACE<br />
FHO<br />
START_FHO<br />
L2_REQ<br />
-Sending Router Soll. Proxy<br />
-Receiving Proxy Router Adv<br />
-Sending Fast Binding Update<br />
-Receiving Fast Binding Ack<br />
Configuring<br />
Layer 2 handover<br />
L2_ACK<br />
-Fast Handover Execution<br />
FHO_ACK<br />
Figure 17: User space/Kernel space communication<br />
The Fast Handover Module waits for the START_FHO message from the MTNM in order to trigger the<br />
fast handover mechanism (independently if the handover was triggered automatically or manually). Once<br />
the fast handover trigger is received, the message flow depicted in figure 18 is executed.<br />
According to what is specified in previous sections, the module performs two main tasks:<br />
• on the oldAR when the Router Solicitation Proxy message is received FHO module recovers<br />
AAAC context from AAAC Attendant and sends it, as data attached in the Handover Initiate<br />
message, to the newAR. In parallel a request for QoS availability is send to QoS attendant.<br />
• on the newAR, once the Handover Initiate message has been handled, FHO module waits for a<br />
response from QoS attendant about resource availability: in case of positive answer it relies the<br />
AAAC context to the AAAC attendant, otherwise this step is just skipped. In both conditions an<br />
Handover Acknowledgement is send back to the oldAR in order to inform the MN (MTNM)<br />
about the possibility or not to perform handover.<br />
Mobile IPv6 messages exchanged between MN-oldAR-newAR are realized via new types of ICMP<br />
messages, which are created by the Fast Handover Module and sent via ‘standard’ IPv6 kernel functions<br />
(i.e., interface Fast Handover Module and IPv6 stack). .<br />
The “layer 2” handover is triggered via the interface with MTNM module (i.e. character device); the<br />
messages L2_req (layer 2 handover request) and L2_ack (layer 2 handover acknowledgement) are<br />
exchanged between MTNM module and FHO module after receiving the message Fast Binding<br />
Acknowledgement on the MN.<br />
The last message (FHO_ACK) informs MTNM module about the result of the handover: if all the steps<br />
described are well performed the returned status is safe, otherwise, if the handover is not possible, (e.g. a<br />
lack of resources on the new link) MTNM will try to use another technology (if available) or to access<br />
another link.<br />
D0103v1.doc 34 / 168
D0103v1.doc Version 1 6.7.2003<br />
Mobile<br />
Node<br />
STARTFAST_HANDOVER<br />
message from MTNM<br />
Old Access<br />
Router<br />
Router solicitation Proxy<br />
Proxy Router Advertisement<br />
create new CoA<br />
Handover Initate<br />
New Access<br />
Router<br />
ICMP message<br />
get the new CoA<br />
Fast Binding Update<br />
Handover Acknowledgement<br />
check new CoA<br />
Fast Binding Acknowledgement<br />
Fast Binding Acknowledgement<br />
Diconnect<br />
Connect<br />
Fast Neighbour advertisement<br />
disconnected time<br />
Figure 18: FHO exchange of messages<br />
4.1.2.6 Paging module<br />
IP Paging module<br />
Common ID<br />
handler<br />
IP Paging<br />
engine<br />
MT dormant<br />
state manager<br />
MTNM<br />
Dormant state<br />
watchdog<br />
Signaling<br />
state machine<br />
Enhanced IPv6 proto<br />
MIPv6<br />
IPv6<br />
Figure 19: Paging module<br />
4.1.2.6.1 Dormant state watchdog<br />
The dormant state watchdog block is responsible for taking the decision on when to enter the dormant<br />
mode. Basically, entering a dormant mode depends on the following parameters:<br />
• No session should be open.<br />
• No session should have been opened for some configurable amount of time.<br />
• All Binding Cache entries, maintained in remote Correspondent Nodes, should have been<br />
expired.<br />
To check the Binding Cache entries and respective timers indicating the individual entry’s validity, this<br />
block needs to communicate to the MIPv6 related binding cache block of the enhanced IPv6 protocol<br />
stack, which might be implemented as an option. Expiration of local binding cache entries can be a basic<br />
measure that no communication is active, hence, the binding of the mobile’s CoA hasn’t been updated on<br />
D0103v1.doc 35 / 168
D0103v1.doc Version 1 6.7.2003<br />
a remote CN. When a configurable amount of time has been expired after all remote bindings have been<br />
expired, the dormant state watchdog initiates dormant state transition, notifying the MT dormant state<br />
manager block. However, for demonstration purposes, the dormant state transition is triggered manually<br />
from the NCP and indicated to the paging module through the MTNM and the MT dormant state<br />
manager. This allows dormant registration without waiting for expiration of remote binding entries.<br />
Optionally, automatic dormant state transition might be supported in the dormant state watchdog, based<br />
on timers and remote CNs' binding cache entries' lifetime for the respective MN. Also, in case of mobile<br />
terminal initiated active registration with the network is to be shown, this is also done via the NCP for<br />
demonstration purposes. Optionally, detection of packets to be sent from an application and automatic<br />
active registration initiation might be supported.<br />
4.1.2.6.2 Common ID handler<br />
Independent of L2 identifiers for addressing or paging purposes, the IP paging concept deploys a common<br />
paging identifier, allowing the MT to be identified independent of access technology specifics. A<br />
structure for a common IP paging identifier has been proposed, allowing paging attendants implemented<br />
with ARs to map the generic IP paging request messages to access technology specific addressing and to<br />
build IPv6 Solicited Node Multicast Addresses for individual access technologies and their respective<br />
interface identifiers. On IP level, this common identifier is used to address and to identify mobile<br />
terminals on IP layer. According to the previous specifications, MAC address parts of each interface<br />
implemented in the mobile terminal are included in the common paging ID, which is to be built by the<br />
common ID handler block. To gather information on each interface’s MAC address, the common ID<br />
handler block requests a list of interface addresses from the respective MTNM entity. The derivation of<br />
the common paging ID is to be done on module loading time, assuming that the interfaces do not change<br />
afterwards. An enhanced mechanism could trigger the common ID handler to build a new ID when a new<br />
interface has been brought up in the mobile terminal. To take hot-plugging of networking interfaces into<br />
consideration for future systems, the Common ID handler requests MAC addresses of available access<br />
interfaces each time the mobile enters dormant mode. This allows always for updated and valid MAC<br />
addresses to be incorporated into the common paging identifier. In addition to MAC address info of<br />
implemented access interfaces, the MTNM provides the Common ID handler with information on the<br />
current Access Router, since this information is kept updated in the MTNM.<br />
4.1.2.6.3 MT dormant state manager<br />
The mobile terminal dormant state manager is the high-level entity for maintenance of dormant/active<br />
state as well as for initiation of the signalling procedure for state transition purposes. On receipt of a<br />
notification from the dormant mode watchdog to enter the dormant mode, the dormant state manager<br />
initiates the signalling procedure by contacting the signalling state machine block. After the Paging Agent<br />
discovery phase and the dormant registration procedure have been initiated, an intermediate state should<br />
be entered, indicating that the mobile is going to enter a dormant mode. Active or passive session<br />
initiation while being in this intermediate state would cause immediate re -establishment of active state<br />
behaviour. When the dormant registration has completed successfully, active session initiation would<br />
cause initiation of the normal dormant de-registration procedure. Incoming packets can reach a dormant<br />
mobile terminal, which has entered dormant state before, only after a successful paging and deregistration<br />
procedure, including re -establishment of system information.<br />
Furthermore, this block should store information on the discovered Paging Agent address.<br />
4.1.2.6.4 Signalling state machine<br />
The signalling state machine block has the responsibility to handle the PA discovery and the registration<br />
procedure, therefore representing an abstraction layer between the dormant state manager and the actual<br />
signalling procedure. High granularity states should be maintained within this block. To initiate the<br />
signalling procedure for dormant mode registration, the respective notification comes always from the<br />
‘high-level’ dormant state manager. In case of having entered the dormant mode before, an incoming<br />
paging request is directly to be processed from the signalling state machine, common paging ID matching<br />
is to be checked with the common paging ID block and high-level actions are to be requested from the<br />
dormant state manager.<br />
4.1.2.7 Registration Module<br />
D0103v1.doc 36 / 168
D0103v1.doc Version 1 6.7.2003<br />
WP4 UserSpace<br />
WP3 UserSpace<br />
Kernel Component<br />
Figure 20: Registration Module Legend<br />
MTNM<br />
Trigger Reg<br />
Trigger HO<br />
URP Client<br />
calls<br />
StartInterdomainHO<br />
IPSec<br />
Figure 21: Registration Overview<br />
URP Client<br />
MTNM<br />
Interface<br />
Registration<br />
Protocol Handler<br />
IPSec Interface<br />
[PF_KEY]<br />
Crypto<br />
Services<br />
Figure 22: Registration components of URP Client<br />
This module will take care of all the actions related to AAAC, mainly the registration phase. The<br />
registration module is also called URP Client. It will also be used when a handover is required, but the<br />
Fast Handover cannot be used (inter-domain mobility, unexpected network connectivity loss).<br />
Whenever a new registration takes place or an inter-domain handover is initiated, the MTNM triggers the<br />
registration process by sending the message StartInterdomainHO (message 1 in the diagram below). The<br />
MTMN reads in / stores the User-Name (== NAI) and passes it on to the URP for registration. Now the<br />
URP module sends a registration request to the Attendant on the AR, which in turn gets the user<br />
authenticated form the AAAC-h server. Upon receiving the response of the registration from the<br />
attendant, the URP sends it to the MTNM via the SendRegResponse message. The MT is allowed to send<br />
packets into the network only if the response received from the AAAC server is positive.<br />
The messages, which are exchanged between the URP and the MTNM modules are sketched below,<br />
including the respective parameters.<br />
Whenever a new registration takes place or an inter-domain handover is initiated, the MTMN sends the<br />
same message to URP_CLIENT.<br />
Step1<br />
This message is sent by the MTMN to the URP module when an Interdomain HO or a registration takes<br />
place.<br />
D0103v1.doc 37 / 168
D0103v1.doc Version 1 6.7.2003<br />
Message:<br />
Parameters:<br />
StartInterdomainHO<br />
MesgType<br />
MesgLen<br />
MN-info - stream of bytes of variable length<br />
The structure of MN-info is as follows:<br />
MN-info<br />
in6_addr MIPv6-Mobile-Node-Address (home address of the MT)<br />
in6_addr MIPv6-Home-Agent-Address<br />
in6_addr CoA-MN<br />
in6_addr AR-Addr<br />
MN-AAACh-Secret-Key<br />
Current Interface Name<br />
User-Name<br />
Step2<br />
In order to get authenticated from the AAAC server this message is sent out<br />
Message:<br />
MNA_Rq<br />
This message is not relevant for the URP-MTNM interface<br />
Step3<br />
The response the URP gets from the attendant<br />
Message:<br />
MNA_Rsp<br />
This message is not relevant for the URP-MTNM interface<br />
Step4<br />
Upon receiving a MNA_Rp from the AAAC-Attendant, the URP sends this message to MTMN)<br />
Message: SendRegResponse {<br />
Parameters: MesgType<br />
MesgLen<br />
RespCode (states whether the AAAC reg. was successful or not)<br />
Mobile Terminal<br />
Access Router<br />
User Space<br />
URP Module<br />
4. SendRegResp<br />
2. MNA_Rq<br />
3. MNA_Rp<br />
User Space<br />
AAA Att.<br />
1.<br />
Trigger<br />
StartIntDomHO<br />
NTNM Module<br />
Kernel<br />
Kernel<br />
Figure 23: Registration messages<br />
Also the following message is sent from MTNM to URP, after a successful Fast Handover:<br />
Message:<br />
StartFHO_REG<br />
D0103v1.doc 38 / 168
D0103v1.doc Version 1 6.7.2003<br />
Parameters:<br />
MesgType<br />
MesgLen<br />
MN-info - stream of bytes of variable length<br />
The structure of MN-info is as follows:<br />
MN-info<br />
in6_addr CoA-MN<br />
in6_addr AR-Addr<br />
Current Interface Name<br />
4.1.2.8 Enhanced IPv6 stack<br />
No further details are needed for this component.<br />
4.1.2.9 DSCP Marking Software<br />
Application 1 Application 2<br />
Application level module<br />
DSCP<br />
matching<br />
table<br />
Fast Handover<br />
module<br />
Enhanced IPv6 stack<br />
Standard IPv6 stack<br />
MIPL<br />
DSCP marking software<br />
Network device drivers<br />
TDCDMA WLAN Ethernet<br />
Figure 24: Location of the DSCP marking software in the IP stack<br />
The previous figure shows where the DMS (DiffServ Marking Software) will be located in the protocol<br />
stack. It ”intercepts” packets just before transmitting them to the lower layer. Thus, all the packets<br />
generated by both the IP stack and the upper layers can be filtered and marked.<br />
4.1.2.9.1 Operation<br />
When a new packet is ready to be transmitted to the layer two, the DMS inspects its header and consults a<br />
DSCP Matching Table. This table contains a set of filters to apply on the information extracted from the<br />
header, and the values of the associated DSCPs. Then, if one of the filters matches perfectly with this<br />
information, the packet is marked with the value of the DSCP associated with this filter.<br />
4.1.2.9.2 DMS Architecture<br />
The DMS contains five components, as in figure 23:<br />
• a DSCP Matching Table (DMT): this table contains the definition of every filter and the DSCP<br />
associated with it in the Linux kernel space,<br />
• a DSCP Marking Function (DMF): this is the DMS engine, which consults the fields in the different<br />
headers of each packet, compares it with the filters in the DMT, and decides to mark or not the<br />
packet with a new DSCP; it is located in the Linux kernel (in the IPv6 code),<br />
D0103v1.doc 39 / 168
D0103v1.doc Version 1 6.7.2003<br />
• a Filters Database (FD): this file (or set of files) contains the definitions of all the filters, in the user<br />
space,<br />
• a Table Update Module (TUM): this is a Linux module in charge of updating the DSCP Matching<br />
Table with the data stored in the Filters Database,<br />
• a Service Table (ST): this table, only used by the TUM, associates a DSCP with each service.<br />
4.1.2.9.3 DSCP Matching<br />
The packet marking process is based on the search of a table containing all the filters definitions<br />
whenever a packet is ready to be transmitted. In this section, we describe how these filters are introduced<br />
by a user, and how the DMT is built and updated.<br />
Kernel Space<br />
User Space<br />
DSCP Marking<br />
Function (IPv6)<br />
Table update<br />
Module<br />
Service<br />
Table<br />
DSCP<br />
Matching<br />
Table<br />
Filters<br />
Db<br />
Rules1.txt<br />
Rules2.txt<br />
Rules3.txt<br />
Figure 25: DMS Components<br />
4.1.2.9.4 Packet filtering<br />
The description of a filter is as follows:<br />
Filter<br />
Description<br />
TCPDestPort<br />
IP6SrcAddr<br />
CoS<br />
10<br />
FTPFilter<br />
21<br />
FEDC:BA98:7654:3210:FEDC:BA98:7654:3210<br />
S1<br />
Table 2: Filter Description<br />
The complete descriptions of the filters are stored in one or several files (the FD). Each file is loaded in<br />
the DMT with help of the TUM. Then, when a packet is ready to be delivered to the lower layer, the DMF<br />
consults the DMT, and marks the packet with the DSCP associated with the first filter that matches with<br />
the information of its header(s).<br />
A filter contains:<br />
• An identifier (the ‘Description’ field), which also represents its priority. Thus, if two filters<br />
match, only the first one, i.e. the one with the lowest identifier, is considered.<br />
• A description, i.e. a filter name.<br />
• A CoS: the value of this field can be either a service identifier (S1, S2, …) or a DSCP. If this<br />
value is a service identifier, then the DSCP associated with the filter will be found by the TUM<br />
in the ST.<br />
• A list of items, with their values. The number of items is not limited, and a list of items can be<br />
empty (then, all the packets are marked with the DSCP associated with the filter). Packets are<br />
marked with the DSCP associated with the filter only if all the items values are equal to the<br />
corresponding fields values in the different headers of the packet. On the previous example, a<br />
packet will be marked with the ‘101110’ DSCP (which is associated with the S1 service in the<br />
ST) only if, in the packet headers, the TCP Destination Port is set to ‘21’ and the IPv6 Source<br />
Address is set to ‘FEDC:…:3210’. If only one value doesn’t match, then the filter also doesn’t<br />
match.<br />
Typically, each description can use all the possible fields of the different headers added by the network<br />
and the transport layers. This software supports a large subset of these fields, in the following headers:<br />
IPv6 main header, TCP, UDP, Destination option (including the Binding Update, Binding<br />
D0103v1.doc 40 / 168
D0103v1.doc Version 1 6.7.2003<br />
Acknowledgment, Binding Request, and Home Address options), Routing option, Hop-by-hop option,<br />
Authentication option, Encapsulating Security Payload (ESP) option, Fragment option, IPv6 (tunnelling),<br />
and ICMPv6.<br />
The goal of this software is simple: the filtering rules will not be directly written in the XXX. In fact, the<br />
software offers the possibility to filter packets using a more or less complete subset of the different header<br />
fields. Only the user, and/or the network administrator, thanks to their good knowledge of the network<br />
protocols, is able to define precisely these rules. Thus, the code of the software is the same in all the<br />
different entities of the network using it, and in all the different QoS domains. Only the contents of the<br />
filters can change from an entity to another, or from a QoS domain to another.<br />
4.1.2.9.5 DSCP Matching Table<br />
When a user, or a network administrator, triggers a modification of the filters descriptions, the TUM<br />
modifies the DMT automatically. In this section, we describe how this table is organized.<br />
Filter number<br />
(= line number)<br />
0<br />
1<br />
2<br />
3<br />
4<br />
…<br />
N<br />
Filter Pointer<br />
Filter0Ptr<br />
NULL<br />
Filter2Ptr<br />
Filter3Ptr<br />
NULL<br />
…<br />
FilterNPtr<br />
Table 3: Format of the DMT<br />
Each line of the table only contains a pointer to a complete description of a filter loaded in the memory<br />
(see Table 3).<br />
Each filter is a simple structure containing a description, the DSCP (CoS) used to mark each packet that<br />
matches this filter, a set of bits identifying the different headers to examine, and a pointer to a list of items<br />
representing the different fields of the packet header that are to be inspected (see figure 26). Thus, the<br />
number of fields in a filter is variable. The bits identifying the different headers to examine accelerate the<br />
filtering process. Indeed, if a filter contains items related to TCP fields, and if the packet does not contain<br />
a TCP header, the filter doesn’t match, and browsing its items list and the header fields’ values becomes<br />
useless. The use of these bits avoids useless treatments in the DMF.<br />
Every item of this list contains an identification of the field to inspect, i.e. a value identifying the name of<br />
the field in the kernel (IP6_SRC_ADDR is equivalent to the IP6SrcAddr field in the FD,<br />
TCP_SRC_PORT is equivalent to the TCPSrcPort field, etc.), the expected value of this field, and a<br />
pointer to the next item.<br />
Desc .: ANiceFilter<br />
Headers: IP6, TCP<br />
CoS: 101101<br />
Items list: item1<br />
Ident.: IP6_SRC_ADDR<br />
Value: FEC0::1<br />
Next: item2<br />
Ident.: IP6_DSCP<br />
Value: 010110<br />
Next: item3<br />
Ident .: TCP_SRC_PORT<br />
Value: 21<br />
Next: NULL<br />
Figure 26: Representation of a filter in the Linux kernel<br />
It is possible that the information extracted from the packet header matches with several filters. Only the<br />
first filter is taken into account. Thus, the number of the filter, which is the range of the filter in the table,<br />
represents its priority. The lower is this number, the greater is the priority of the filter. So, it is important<br />
to sort the filters from the more detailed to the less detailed.<br />
Table updates<br />
The TUM modifies the DMT each time the user, or the network administrator, modifies the FD and<br />
communicates it to the module (figure 27). The modified FD – which is a single text file – is forwarded to<br />
the module over a simple Linux character device (/dev/dscp). This solution is the simplest way to<br />
D0103v1.doc 41 / 168
D0103v1.doc Version 1 6.7.2003<br />
communicate information from the user space (here, the FD) to the kernel space where the DMT is<br />
located.<br />
Thus, the user only has to write on this device with the contents of the FD (by the ‘cat filters_database.txt<br />
> /dev/dscp’ command for ex.). Then, the TUM automatically reads the text written on the device, and<br />
updates the DMT in the Linux kernel. Note that it is not necessary to write the entire FD on the device to<br />
update properly the DMT: only a file containing new filters, or a subset of modified filters can be<br />
communicated to the TUM.<br />
User<br />
AAAC<br />
Table update<br />
Module<br />
3b<br />
Filtering Rules & DSCP<br />
1 2 3a<br />
Service<br />
Table<br />
Character device<br />
/dev/ dscp<br />
1: Filters writing<br />
2: Filters reading<br />
DSCP<br />
Matching<br />
Table<br />
3a: DSCP update<br />
3b: Filters update<br />
Figure 27: DMT and SC update process<br />
For the moment, the table update process is triggered manually, by writing on the /dev/dscp character<br />
device. However, it is possible to make the AAAC system update the FD, in the same way than the DSCP<br />
update (see section 4.1.2.9.8) or triggering automatic updates regularly, in the user space.<br />
4.1.2.9.6 DSCP marking<br />
DSCP marking is done thanks to a modification of the Traffic Class and Flow Label fields in the IPv6<br />
header. When the information of the packet header matches with a filter, the corresponding DSCP is<br />
marked in the header of the packet: the four first bits of the DSCP are stored in the last four bits of the<br />
Traffic Class field, and the last two bits, plus two bits set to ‘0’, are stored in the four first bits of the Flow<br />
Label field.<br />
DSCP<br />
Vers<br />
TC<br />
…..<br />
Flow Label<br />
Figure 28: DSCP bits in the IPv6 main header<br />
4.1.2.9.7 Packet re-marking<br />
This operation is supported by the DMT, if the DMS is installed in a Linux router. To re-mark packets,<br />
the network administrator has just to add a new filter, containing a ‘IP6DSCP’ item, in the FD. This filter<br />
evaluates the DSCP in the new packet header, and associates a new value with it.<br />
4.1.2.9.8 DSCP updates and interaction with AAAC<br />
In the first version of the DMS, provided in October 2002, the ‘CoS’ field value in each filter in the FD<br />
was only a DSCP (e.g. ‘110110’, …). However, if we consider that several users can be located on the<br />
same MT, but with different QoS contracts, the same applications may use different QoS services for two<br />
different users. Thus, when a user enters in a new domain, she has to load the proper DSCP for each<br />
service she’s authorized to ask for, and to associate each service to each application she can launch. The<br />
second version of the DMS, provided in March 2003, offers the possibility to the user to use both DSCP<br />
values and service identifiers in her filters. In fact, a user can write a service identifier in the ‘CoS’ field<br />
D0103v1.doc 42 / 168
D0103v1.doc Version 1 6.7.2003<br />
instead of a DSCP, and the TUM associates itself this service identifier with a DSCP value, loaded from<br />
the network, thanks to the Service Table.<br />
So, when a user registers, the AAAC module in the MT simply sends a list of service identifiers, with<br />
their associated DSCPs, to the TUM, via the /dev/dscp character device (see figure 27). For example, it<br />
can write ‘SIG 50’, ‘S1 5’, ‘S2 10’, ‘S3 15’, …, ‘S7 35’ on the device. Then the ST looks like in Table 5.<br />
Service DSCP<br />
SIG 50<br />
S1 5<br />
S2 10<br />
S3 15<br />
S4 20<br />
S5 25<br />
S6 30<br />
S7 35<br />
Table 4: Service Table example<br />
What we call here a ‘service’ is only a marking type. The service notion in the MT is lightly different<br />
from the service notion in the network. In fact, S1 means ‘the first service marking type’. So, if the user is<br />
authorized to use only a subset of the network services, it is possible that several marking types will have<br />
the same value, which means that different applications associated with different service names may, in<br />
fact, use the same DSCP.<br />
During the user registration, the MT will always receive seven DSCP codes, which is the number of CoS<br />
defined in <strong>Moby</strong> <strong>Dick</strong>. The filters will also be the same in all the Mobile Terminals.<br />
By default, all the DSCPs are set to 0, excepted the SIG value, which is set to 34 (100010 in binary). Each<br />
DSCP can be manually initialised, by the user or the MT administrator himself, by writing ‘SX DSCPX’<br />
on the /dev/dscp character device, where X is the service number. However, a manual initialisation of the<br />
DSCPs is probably useless, considering that a user cannot send traffic towards the network without<br />
registering first.<br />
4.1.2.10 Monitoring Extensions to Ethernet / WLAN driver<br />
4.1.2.10.1 Monitoring Extensions to Ethernet driver<br />
One of the access technologies covered by the inter-technology handover within <strong>Moby</strong> <strong>Dick</strong> is Ethernet,<br />
which entails specific availability constraints, as described in this section. This evaluation requires the<br />
distinction between a handover (i) towards an Ethernet interface and (ii) away from an Ethernet interface<br />
to a different technology.<br />
In the (i) case, the handover decision algorithm, which is located in the MTNM on the Mobile Terminal<br />
within the framework of <strong>Moby</strong> <strong>Dick</strong>, has to be aware about the presence and availability of the Ethernet<br />
link. This is not as trivial as for example in WLAN, where the signal quality, which is provided by the<br />
wireless tools from the periodical beacons, implies the presence of the medium. In order to signal the<br />
availability of the Ethernet medium to the MTNM module, a monitoring extension is required. Therefore,<br />
the medium-independent interface (MII) is deployed in <strong>Moby</strong> <strong>Dick</strong>. This extension is part of the Fast<br />
Ethernet standard and provides support for 10 and 100 Mbps media segments. In order to announce<br />
medium availability to the MTNM module, the status register of this attachment is deployed.<br />
The second case does not require extension, but the user has to be aware that a handover away from<br />
Ethernet has to be announced ‘manually’, since there is no signal quality decrease, which gives handover<br />
preparation time. The medium availability is one or zero; i.e., the cable is connected or unplugged. In<br />
order to provide fast handover from Ethernet to any other technology, the user must announce the desire<br />
to handover via a manual trigger before unplugging the cable.<br />
4.1.2.10.2 Monitoring Extensions to WLAN driver<br />
In <strong>Moby</strong> <strong>Dick</strong> the hostap driver (http://hostap.epitest.fi/), version 19-05, created by Jouni Malinen will be<br />
used.<br />
The WLAN driver at the MT will include also a filtering function to be able to provide the right<br />
information/messages to the upper layers (essentially the MTNM and the IPv6 stack).<br />
The WLAN driver will be configured to work in ad-hoc mode, using a common SSID and a common<br />
frequency with the WLAN ARs in the <strong>Moby</strong> <strong>Dick</strong> network. This configuration, and the reasons behind it,<br />
is explained in detail in appendix A.<br />
The filtering function has three missions:<br />
D0103v1.doc 43 / 168
D0103v1.doc Version 1 6.7.2003<br />
1. It detects Router Advertisements (and so, the respective ARs). The IPv6 addresses of these ARs,<br />
the corresponding subnet prefixes, and the signal levels associated with the frames that contain<br />
the respective Router Advertisements, are sent to the MTNM in a WLAN_INFO message. If no<br />
Router Advertisements are received from the AR the MT is using, the IPv6 address of this AR<br />
must nevertheless be included in the WLAN_INFO message with signal level “0” (this indicates<br />
to the MTNM that the WLAN connection is lost).<br />
2. The Router Advertisements received from the AR the MT is using, are sent to the IPv6 stack.<br />
Any other Router Advertisements are not sent to the IPv6 stack. The filtering function knows the<br />
AR the MT is using because, each time a handover is executed, the MTNM sends a message<br />
USE_WLAN_AR to the WLAN driver. This message includes the IPv6 address of the AR to<br />
use, and the respective network prefix.<br />
3. All broadcast traffic that does not belong to the IPv6 subnet of the AR the MT is using, is<br />
discarded. The subnet is identified by the source address of the packet, using the subnet prefix of<br />
the subnet of the current AR.<br />
4.2 Access Router Software Specification<br />
Figure 29 depicts a functional overview of the Access Router (protocol communications with MT are not<br />
shown in this figure).<br />
The basic functional blocks are:<br />
• The Fast Handover Module which is responsible for an appropriate context transfer for intra-mobility<br />
scenarios.<br />
• A Paging Attendant which is responsible for paging in the connected access cell.<br />
• The AAAC Framework which is represented by a Metering module and the AAAC Attendant.<br />
• A QoS Attendant which is responsible for executing QoS related actions on the Access Router.<br />
• The Enhanced IPv6 stack and the Network Device Drivers.<br />
• The Logger which is responsible for logging availability, registration, and authorization events.<br />
All these modules will be described in greater detail in the following sections.<br />
4.2.1 Overview of the different components<br />
This section splits the components identified before in sub-blocks, giving an overview of their role. The<br />
detailed behaviour of these sub-blocks and their interactions will be detailed in the next chapter.<br />
4.2.1.1 Fast Handover Module / MIPL<br />
It provides the implementation of fast handover procedures. Also, this module will take care of the<br />
context transfer of some AAAC, and security parameters that will be done between the old AR and the<br />
new AR to speed up handover. QoS context is transferred by the QoS infrastructure.<br />
4.2.1.2 Paging Attendant<br />
The IP paging attendant implements procedures for IP paging support:<br />
1. Procedures for PA discovery.<br />
2. Procedures for paging request. PA will send paging requests from which the AR will create an<br />
on-link paging request to awake the dormant MT (if it is in the corresponding cell).<br />
4.2.1.3 Network Device Driver /WLAN<br />
This is a standard WLAN driver. In <strong>Moby</strong> <strong>Dick</strong> the hostap driver (http://hostap.epitest.fi/), version 19-05,<br />
by Jouni Malinen is used.<br />
4.2.1.4 Enhanced IPV6/IPSec/DiffServ packet Filter<br />
The enhanced IPv6 stack is based on the IPv6 stack of the linux kernel 2.4.16. Functionality that must be<br />
present:<br />
• Standard IPv6 functionality.<br />
• IPSec: for authentication of packets.<br />
• Mobile-Ipv6, needed for Fast-Handoff implementation<br />
• Diffserv and packet filter, that includes:<br />
o Filtering: all packets received must belong to a flow in the DSCP table or they must be<br />
signalling packets for network access procedures (a particular DSCP code) that must be<br />
given to upper layers. If not, they must be dropped.<br />
o Shaping: when sending packets, to control that flows adjust to agreed bandwidth.<br />
D0103v1.doc 44 / 168
D0103v1.doc Version 1 6.7.2003<br />
MT<br />
PA<br />
RG<br />
AAAC server<br />
QoS broker<br />
AR<br />
Fast Handover<br />
module<br />
IP paging<br />
attendant<br />
AAA andQoS modules<br />
AAA<br />
Attendant<br />
Metering<br />
Logger<br />
QoSManager<br />
QoS<br />
Attendant<br />
DSCP table<br />
PEP<br />
Enhanced IPv6 stack<br />
Standard IPv6 stack<br />
IPSec<br />
Diffserv<br />
Packet filter<br />
DiffServ<br />
Marking<br />
Soft<br />
Network device<br />
drivers<br />
Internal interface<br />
Protocolcommunication<br />
WLAN<br />
Ethernet<br />
Figure 29: Access Router Software Architecture.<br />
4.2.1.5 AAAC Attendant<br />
The AAAC attendant acts as AAAC client and is responsible for communication with AAAC server on<br />
behalf of the MT. This includes all security specific functionalities like key handling and network access<br />
procedures, i.e., it deals with registration and setup.<br />
This module deals further with a metering module. For that purpose it has an interface with the Metering<br />
module.<br />
4.2.1.6 Metering<br />
It deals with metering issues. It will be controlled by the AAAC attendant which will decide when start or<br />
finish metering a particular user session. Metering is based on the output of the IETF Real Time Flow<br />
Measurement working group with project specific enhancements.<br />
4.2.1.7 QoS Manager<br />
The QoS manager is responsible for QoS activities in the AR. It includes a Data Base with the DSCP<br />
table. The Policy Enforcement Point PEP is responsible for policing issues. The policy information is sent<br />
to the PEP by the QoS broker and the PEP stores it in the DSCP table. The QoS attendant receives QoS<br />
context transfer initiation order from the fast handover module and contacts the PEP so that the QoS<br />
infrastructure performs the QoS context transfer. Also the QoS attendant tells the FHO module of the<br />
availability or not of QoS resources in the nAR during the FHO process.<br />
4.2.1.8 Logger<br />
The Logger consists of two parts:<br />
• Integrated Logger which is integrated into AAAC Client and QoS Manager.<br />
• Local Log Management<br />
The AAAC Client’s Integrated Logger is responsible for generating Availability Event Logs and User<br />
Registration Event Logs, while the QoS Manager’s Integrated Logger is responsible for generating<br />
Availability Event Logs and Service Authorization Event Logs.<br />
D0103v1.doc 45 / 168
D0103v1.doc Version 1 6.7.2003<br />
The Local Log Management transfers the logs generated by Integrated Loggers to the Auditing<br />
Framework.<br />
4.2.1.9 DSCP Marking Software (DMS)<br />
The goal of the DMS is to mark packets with a DiffServ Code Point (DSCP) reflecting the level of QoS<br />
requested by the corresponding stream. Packets are marked according filtering rules (i.e. policies) defined<br />
by the network administrator, in the user space.<br />
When a new packet is ready to be transmitted to the layer two, the DMS inspects its header and consults a<br />
DSCP Matching Table. This table contains a set of filters to apply on the information extracted from the<br />
header, and the values of the associated DSCPs. Then, if one of the filters matches perfectly with this<br />
information, the packet is marked with the value of the DSCP associated with this filter.<br />
4.2.2 Description of the different Components<br />
4.2.2.1 Network device drivers<br />
This is a standard WLAN driver. In <strong>Moby</strong> <strong>Dick</strong> the hostap driver (http://hostap.epitest.fi/), version 19-05,<br />
by Jouni Malinen will be used.<br />
The WLAN driver will be configured to work in ad-hoc mode, using a common SSID and a common<br />
frequency with other WLAN ARs in the <strong>Moby</strong> <strong>Dick</strong> network and with the MTs. This configuration, and<br />
the reasons behind it, is explained in detail in appendix A.<br />
Network device drivers<br />
WLAN<br />
Ethernet<br />
Figure 30: Network Device Driver<br />
The Network Device Drivers provide layer 2 connectivity to the AR. WLAN will be used in WLAN AR<br />
to provide WLAN access to visiting MT. Ethernet will be used to provide network access to visiting MTs.<br />
Also Ethernet will be used to connect the AR to the core network (perhaps crossing other routers). In case<br />
of TD-CDMA infrastructure these functionality will be placed at the RG.<br />
4.2.2.2 Enhanced IPv6 stack/IPSec/DiffServ packet Filter<br />
Enhanced IPv6<br />
Standard IPv6 stack<br />
IPSe<br />
Diffserv<br />
Packet filter<br />
Figure 31: Enhanced Ipv6 Stack<br />
The enhanced IPv6 stack will be based on the IPv6 stack of the linux kernel 2.4.16. Functionality that<br />
must be present:<br />
• Standard IPv6 functionality.<br />
• IPSec: for authentication of packets.<br />
• Diffserv and packet filter, that includes:<br />
o Filtering: all packets received must belong to a flow in the DSCP table or they must be<br />
signalling packets for network access procedures (a particular DSCP code) that must be<br />
given to upper layers. If not, they must be dropped.<br />
o Shaping: when sending packets, to control that flows adjust to agreed bandwidth.<br />
D0103v1.doc 46 / 168
D0103v1.doc Version 1 6.7.2003<br />
The IPSec and Mobile-Ipv6 functionality within the kernel is provided by a software package called<br />
SWAMP. It is accompanied by a userspace library called liburp, which aids in writing a User-<br />
Registration-Protocol handler program.<br />
The major component of SWAMP consists of patches to the Linux kernel version 2.4.16 which provides<br />
IPSec and Mobile-Ipv6 functionality. SWAMP is not an implementation from-scratch. It merely takes<br />
two existing projects for providing support for these technologies in the Linux kernel and integrates them.<br />
It is not possible to apply them independently to the same kernel.<br />
The liburp provides a simplified interface to the IPSec functionalities of the kernel, since the native API<br />
exposed by IPSec (called PFKey) is quite complex and its fully generic behaviour is not needed in<br />
<strong>Moby</strong><strong>Dick</strong>.<br />
In addition, the liburp package provides a kernel module, called pep6_kmod, and an API to control this<br />
module from userspace. This module implements simple but powerful packet filtering functions. Using<br />
this, a user-space program (such as the AAA Attendant in <strong>Moby</strong><strong>Dick</strong>) can implement access control<br />
based on user authentication.<br />
Since the Mobile -Ipv6 functionality is the same as that provided by the MIPL implementation by HUT, it<br />
is not described here.<br />
4.2.2.3 Fast Handover Module / MIPL<br />
The fast handover module (FHM) is responsible for fast handover procedures in the access router.<br />
QoS manager<br />
AAA<br />
Attendan<br />
t<br />
Fast Handover<br />
module<br />
QoS<br />
attendant<br />
PEP<br />
DSCP<br />
TABLE<br />
Enhanced IPv6 stack<br />
Standard IPv6 stack<br />
Internal interface<br />
IPSec<br />
Diffserv<br />
Packet filter<br />
Kernel space<br />
User space<br />
Figure 32: Fast Handover module and its relationship with other modules<br />
Figure 32 shows the fast handover module and the interfaces between this module and others in the AR<br />
architecture.<br />
Communication between the FHM and the AAAC attendant is for the following purposes:<br />
• The FHM will inform the AAAC attendant when a MT is expected to execute a handover to this<br />
AR, i.e. a Handover Initiate message has been received and the nCoA proposed has been<br />
checked and is correct.<br />
• The FHM will inform the AAAC attendant when a handover procedure has ended with the<br />
result of a MT finishing using the AR services, this will allow the AAAC attendant to finish the<br />
accounting for this MT and sending the pending accounting information to the AAAC server.<br />
Communication between the FHM and the QoS attendant is for the following purpose:<br />
• The FHM will send a message to the QoS attendant in the oAR when a MT is expected to<br />
execute a handover to the nAR. QoS attendant will indicate the PEP to perform a QoS context<br />
transfer using the QoS infrastructure.<br />
• Also the QoS attendant tells the FHO module of the availability or not of QoS resources in the<br />
nAR during the FHO process.<br />
The fast handover module on the access router is mainly responsible for the inter-access router<br />
communication and the bi-casting of data, which is destined for the mobile node, during the handover<br />
process. Conceptually, MIPL is not required on the access router, but currently, the fast handover<br />
modules accesses functionalities of the mobility module and therefore the MIPL module is mentioned<br />
here in combination with the fast handover module. Again the sending and receiving functions of the<br />
(enhanced) IPv6 stack are to be made accessible without explicit interface specification. Interactions to<br />
other modules than the IPv6 stack are not required on the access router.<br />
D0103v1.doc 47 / 168
D0103v1.doc Version 1 6.7.2003<br />
After the reception of a ROUTER_SOLICITATION_PROXY at the ‘old’ access router a<br />
HANDOVER_INITIATE message is generated and send to the new access router. The new access router<br />
responds with a HANDOVER_ACK message to the old access router. Receiving this packet the old router<br />
invokes the bicasting, i.e., duplicates all packets destined for the mobile terminal and send these packets<br />
to the old and the new care-of address simultaneously. The FAST_HANDOVER_ACK is generated and<br />
send to the mobile node in order to inform the mobile terminal that the preparation is done.<br />
Figure 33 shows an detailed overview of the FHO module.<br />
This module will also take care of the context transfer. Some context related parameters from AAAC and<br />
Security must be transferred from the oAR to the nAR to prepare a handover. The following table<br />
presents the parameters included into the context transfer communication.<br />
RCF Fast Handover Module<br />
WCDMA<br />
Connection Manager<br />
Fast Handover<br />
Wcdma<br />
Open /<br />
Execution<br />
Infos<br />
Close<br />
Context<br />
Transfer<br />
Conn<br />
Figure 33: Fast Handover Module<br />
Context Transfer Message Format<br />
Name Type Length<br />
SA tripple doskey 24 Byte<br />
SPI Integer fix 4 Byte<br />
NAI String 50 Bytes maximum<br />
Meter Configuration<br />
Session ID + User_Class 17 Bytes<br />
Table 5: Context Transfer Format<br />
When the IPv6 stack receives fast handover protocol messages (ICMP packets or destination options in IP<br />
packets), it informs the fast handover module of the correspondent situation. The fast handover module<br />
will request the IPv6 stack to send the messages (ICMP packets or destination options to be included in<br />
other packets) needed for fast handover procedures. The procedures that are carried out in the FHM when<br />
the AR is acting as oAR on behalf of a MT that wants to execute a handover to a nAR are described in<br />
figure 34.<br />
D0103v1.doc 48 / 168
D0103v1.doc Version 1 6.7.2003<br />
RtSolPr received<br />
HI_MAX retransmissions<br />
Of HI without reply<br />
Initiate FH<br />
procedures as oAR<br />
-Send HI to nAR<br />
-Initiate timer and<br />
retransmit HI HI_MAX times<br />
Error 1<br />
END<br />
PrRtAdv_MAX retransmissions<br />
of PrRtAdv without reply<br />
Handover<br />
Proceeding<br />
F-HAck received<br />
-Send PrRtAdv to oCoA<br />
-Initiate timer and retransmit<br />
PrRtAdv PrRtAdv_MAX times<br />
F-BU received<br />
Error 2<br />
END<br />
Executing<br />
Handover<br />
Handover<br />
Finished<br />
END<br />
-Send F-BUAck to oCoA<br />
-Start bicasting<br />
-Start timer to stop bicasting<br />
Bicasting timer<br />
expired<br />
-Stop bicasting<br />
-Inform AAA attendant<br />
of finished handover<br />
-Clear information<br />
about handover<br />
Figure 34: FH procedures in oAR<br />
The procedures that are carried out in the FHM when the AR is acting as nAR on behalf of a MT that<br />
wants to execute a handover from an oAR are described in figure 35.<br />
HI<br />
received<br />
Initiate FH<br />
procedures as<br />
nAR<br />
-Check nCoA<br />
-Inform AAA attendant<br />
-Send F-Hack to oAR<br />
END<br />
Figure 35: FH procedures in nAR<br />
4.2.2.4 Paging Attendant<br />
The IP paging attendant function includes the paging related signalling relay block as well as a<br />
mapping function block. Latter one allows mapping between generic IP paging messages to onlink<br />
paging messages. This can be either mapping to an on-link IP paging message, to a<br />
proprietary paging related signal to be sent to the TD-CDMA RG via appropriate sockets or to<br />
an access technology specific paging function (hence the link to the network device driver level).<br />
For authentication of Paging Agent originated messages, the system deploys IPSec mechanisms and<br />
implementations. For handling of paging process related authentication mechanisms on the access link<br />
(AR/RG originated), the IP paging attendant does not deploy IPSec, since no security association has<br />
been established between a paging area’s ARs and the paged mobile terminal. Rather the paging<br />
proprietary authentication fields are to be deployed in the paging message handler of the IP paging<br />
D0103v1.doc 49 / 168
D0103v1.doc Version 1 6.7.2003<br />
attendant. The respective PBKs are to be extracted from the generic IP paging request message originated<br />
from the Paging Agent.<br />
The remote signalling peers (MT, RG and PA) are shown in the figure above and connected to the IP<br />
paging attendant through a dotted line for illustration purposes.<br />
IP Paging attendant<br />
MT<br />
Signaling<br />
relay<br />
PA<br />
RG<br />
Mapping<br />
function<br />
Enhanced IPv6 proto<br />
DiffServ<br />
IPv6<br />
IPSec<br />
Network device drivers<br />
WLAN<br />
Ethernet<br />
Figure 36: Paging Agent<br />
4.2.2.4.1 Paging Attendant Signalling Relay<br />
The signalling relay block represents the actual attendant function, receiving IP signalling<br />
messages from mobile terminals for Paging Agent (PA) discovery, implicit registration and<br />
paging area update. Furthermore, during a paging process this functional block receives the<br />
generic IP paging procedure related signalling messages from the respective PA. If L2 support<br />
from access technologies is available, the mapping function described in 4.2.2.4.2 performs<br />
appropriate conversion.<br />
Receiving an IP dormant registration message from a mobile terminal, the signalling relay<br />
checks its database for a responsible PA. Alternatively, PA address discovery can be initiated<br />
from the AR or a remote database can be contacted. The dormant registration is to be relayed<br />
to the responsible PA. The reply messages, originated from the PA, have to be relayed back to<br />
the mobile terminal.<br />
In case of receiving a paging request message from a PA, the signalling relay does not process the IP<br />
signalling message. The paging request message content is to be passed to the mapping function.<br />
4.2.2.4.2 Paging Agent Mapping Function<br />
During a paging process, the mapping function is responsible for generating the appropriate on-link<br />
paging request message. This can be either an IP paging message, addressing the Solicited Node<br />
Multicast Address, or a technology proprietary signalling sequence. On L2 support of respective access<br />
technologies, the mapping function represents an additional block for conversion between access<br />
technology specific location management signalling and respective IP signalling.<br />
For paging area update signalling, the mapping function block of the attendant can support a mobile<br />
terminal’s dormant mode if the respective access technology allows tracking and signalling of/from<br />
dormant mobile terminals on L2 mechanisms. The attendant on the first AR of the new paging area could<br />
then map the access technology specific indication to update the paging area to a generic IP paging area<br />
update message, which is to be forwarded to the appropriate PA then. This mechanisms is allowed to be<br />
implemented from paging attendants in ARs, but will not be specified and implemented within the<br />
framework of the <strong>Moby</strong> <strong>Dick</strong> project<br />
The mapping function is also responsible for extracting the PBKs from the generic IP paging message<br />
sent from the PA to the respective ARs. This key is to be processed and mapped to the proprietary<br />
D0103v1.doc 50 / 168
D0103v1.doc Version 1 6.7.2003<br />
authentication scheme deployed by the access link paging procedure. Also the paging process related<br />
proprietary encryption of access link paging messages is to be handled within this function block.<br />
On reception of an IP paging request message from the signalling relay block, in particular the common<br />
IP paging ID is processed and the Solicited Node Multicast address for the respective access technology<br />
interface is derived from it. In case of having TD-CDMA as access technology, the mapping function is<br />
responsible for building of paging signalling messages and interaction with the Radio Gateway through<br />
the signalling socket.<br />
4.2.2.4.3 Dormant Monitoring Agent Functional Entity (DMA)<br />
The Dormant Monitoring Agent function is responsible to capture/receive user-data traffic, destined for<br />
dormant mobile terminals. In <strong>Moby</strong> <strong>Dick</strong>, this function is co-located with the Paging Agent node, since<br />
with a Mobile IPv6 system, the concept implies the registration of the PA node address as alternate CoA<br />
with the HA for dormant mobile terminals. Therefore, initial packets, destined for dormant mobile<br />
terminals, are forwarded from the HA to the PA by means of IP-IP encapsulation. The DMA function<br />
receives the tunnelled packets and represents a temporary tunnel endpoint for the HA originated tunnel.<br />
User-data packets will be processed and it’s checked, whether or not the actual addressed node has<br />
registered with the PA. If the address cannot be matched with one of the registered mobile terminals, the<br />
packet has to be dropped and an ICMPv6 Error message has to be sent, indicating that the destination is<br />
not reachable.<br />
If the user-data packet addresses a mobile terminal registered as dormant with the PA, the DMA function<br />
has to buffer the packet and check a previously set individual filter function, indicating whether or not<br />
this type of packet is allowed to trigger a paging procedure. During a paging process, the packet is to be<br />
buffered and after the current location has been found out through the paging mechanisms, the DMA has<br />
to re-address the packet and forward it to the current location of the addressed mobile terminal by means<br />
of IP tunnelling.<br />
The size of buffers, which should be available for storing user-data packets temporarily for individual<br />
registered mobile terminals during a paging process, should be configurable for an administrator.<br />
4.2.2.4.4 Tracking Agent Functional Entity (TA)<br />
The Tracking Agent is responsible for tracking a dormant mobile terminal’s location. Paging area<br />
registrations and updates are to be processed by this functional block. The paging area update message<br />
can be either originated from the MT or from the paging attendant implemented in a paging area’s Access<br />
Router in case of getting related L2 support from access technologies while being dormant. In case the<br />
DMA receives a validated user-data packet (paging trigger packet) destined for a registered dormant<br />
mobile terminal, the DMA requests the TA to initiate the paging process. The TA checks for the paging<br />
area the dormant mobile terminal has registered with. The TA initiates paging the mobile terminal by<br />
telling the registered paging area to the PA-function. After a successful page, the TA gets information<br />
from the PA-function about the current location of the paged mobile terminal. The location information is<br />
given to the DMA function to allow forwarding of buffered paging trigger packet for the addressed<br />
mobile terminal.<br />
4.2.2.4.5 Paging Agent Functional Entity (PA)<br />
The Paging Agent function is responsible for generation and distribution of generic IP paging<br />
messages. The paging request signalling messages address all paging attendants implemented<br />
in a registered paging area’s set of Access Routers. The Paging Agent function receives a<br />
notification from the TA function to page an individual mobile terminal.<br />
Addressing a paging area:<br />
If the registered paging area comprises N Access Routers, N IP paging request messages have to be<br />
generated and to be distributed to the ARs individually. If static paging areas are deployed, a multicast<br />
tree could be set up for each set of ARs building a paging area. In the latter case, the PA addresses one IP<br />
paging request message to the paging area’s multicast address. The deployment of multicast addressing of<br />
paging areas won’t be deployed within the <strong>Moby</strong> <strong>Dick</strong> project. Rather lists of ARs access interface<br />
addresses are maintained in the Paging Agent node. Later, this list could be maintained by an external<br />
paging server.<br />
4.2.2.5 QoS Manager<br />
The QoS manager is responsible for QoS activities in the AR. Figure 37 shows the QoS Manager and its<br />
relationship with other components.<br />
D0103v1.doc 51 / 168
D0103v1.doc Version 1 6.7.2003<br />
QoS broker<br />
QoS manager<br />
FastHandover<br />
module<br />
QoS<br />
Attendant<br />
PEP<br />
DSCP table<br />
Enhanced IPv6 stack<br />
Standard IPv6 stack<br />
Local Log<br />
Management<br />
Local<br />
Log<br />
IPSec<br />
Diffserv<br />
logic<br />
Internalinterface<br />
Protocol communication<br />
Kernel space<br />
User space<br />
Figure 37: QoSManager and its relationship with other modules<br />
4.2.2.5.1 Communication with other AR elements and within the modules of the QoS Manager<br />
Communication between the QoS Attendant and the FHM is for the following purposes:<br />
• See corresponding paragraph in Fast Handover Module / MIPL section<br />
Communication between the PEP and the DiffServ logic is for the following purposes:<br />
• Once the PEP has queried the BB how to configure the DiffServ Logic, PEP will configure<br />
queues in the DiffServ logic.<br />
• Periodically, the PEP queries the DiffServ Logic about its queues’ state.<br />
• When a new entry is added in the DSCP table, the PEP creates a filter in the DiffServ logic so<br />
that the packets whose parameters match this entry are no longer blocked but given the<br />
appropriated<br />
• When a entry is removed in the DSCP table, the PEP removes the above mentioned filter in the<br />
DiffServ logic.<br />
• When a packet is blocked the DiffServ logic, communicates packet’s parameters to the PEP so<br />
that it can initiate an authorization procedure (i.e. queering the BB).<br />
Communication between the internal elements of the QoS Manager<br />
Three elements constitute the QoS Manager, the PEP module, the QoS Attendant Module and the DSCP<br />
table. PEP communicates with both QoS Attendant and DSCP table. No communication exists between<br />
DSCP table and the QoS Attendant.<br />
Communication between the PEP and the DSCP table is for the following purposes.<br />
• Periodically the PEP checks the table for flows (CoA+DSCP) whose authorization live time is<br />
about to expire. In that case, the PEP queries the BB for a reauthorisation.<br />
• DSCP table contains the QoS treatment to apply to flows and, knowing this, the PEP can<br />
configure accordingly the DiffServ Logic.<br />
Communication between the PEP and the QoSAttendant is for the following purposes.<br />
• The QoSAttendant tells the PEP to:<br />
o ask the QoSBroker for a context transfer (in the oAR)<br />
o start listening for the Context transfer message coming form the QoSBroker (in the<br />
nAR)<br />
• When the PEP in the nAR receives this context transfer it tells the QoSAttendant if there are or<br />
not enough available QoS resources.<br />
D0103v1.doc 52 / 168
D0103v1.doc Version 1 6.7.2003<br />
In addition to the abovementioned communications, PEP has an Integrated Logger which generates<br />
Availability and Service Authorization Event Logs, and sends them to the Local Log Management. The<br />
Availability Event Logs are generated periodically. Each time PEP is going to send a ‘Resource allocation<br />
Request’ message asking authorization for an active traffic not installed at this time, the router is forced to<br />
log this event for later auditing. After the response is received and the report state message sent, this event<br />
must also be logged. The Integrated Logger functionalities are provided by the API<br />
‘SessionSetupLogger’.<br />
4.2.2.5.2 Procedures in the QoS Manager<br />
Procedure when a packet not matching any filter arrives<br />
unknown (CoA,DSCP)<br />
Request Authorization<br />
to the BB<br />
-Send Autho. REQ to BB<br />
Process<br />
BB response<br />
DEC from the BB received<br />
DEC is negative<br />
Unauthorized<br />
Flow<br />
END<br />
Configure<br />
DiffServ<br />
logic<br />
DEC is positive<br />
-Install new filter using<br />
The apropiate API functions<br />
Update<br />
DSCP table<br />
-Add entry with the<br />
(CoA,DSCP) and TTL<br />
END<br />
Figure 38: Procedure in QoS manager<br />
Procedure when a FHO is initiated in the oAR<br />
FHI received<br />
Initiate FH<br />
procedures as oAR<br />
-Send the nAR, oCoA, nCoA to BB<br />
END<br />
Figure 39: FHO Initiation Procedure<br />
Procedure when a FHO occurs (QoS context transfer) in nAR<br />
D0103v1.doc 53 / 168
D0103v1.doc Version 1 6.7.2003<br />
DEC received<br />
Update QoS context<br />
-Update DSCP tabe<br />
-configure filters in DiffServ<br />
logic<br />
END<br />
Procedure when the QoS Manager is (re)configured<br />
Figure 40: FHO Context Transfer Procedure<br />
Inicite (re)configuration<br />
Delete old<br />
configuration<br />
Query BB for new<br />
Configuration<br />
-Send conf. REQ to BB<br />
DEC received<br />
Configure<br />
DiffServ<br />
logic<br />
-Install new queues using<br />
The apropiate API functions<br />
Send Report<br />
To BB<br />
END<br />
Procedure at start up of the QoS Manager<br />
Figure 41: FHO Reconfiguration Procedure<br />
D0103v1.doc 54 / 168
D0103v1.doc Version 1 6.7.2003<br />
AR startup<br />
Open COPS<br />
connection<br />
- Send CO message and<br />
Receive CA message<br />
Configuration<br />
procedure<br />
END<br />
Figure 42: QoS Manager start-up<br />
4.2.2.5.3 Internal Interface spec<br />
Three elements constitute the QoS Manager, the PEP module, the QoS Attendant Module and the DSCP<br />
table. PEP communicates with both QoS Attendant and DSCP table. No communication exists between<br />
DSCP table and the QoS Attendant.<br />
DSCP table is accessed only by the PEP and indeed it is just a variable in the PEP code. This variable is<br />
an array, each element of the array being an authorized (DSCP, CoA) pair and its TTL.<br />
QoSAttendant is part of the code of the PEP. It checks if a message comes from the FHO module and if<br />
so, the PEP is awaken and start to process the received message.<br />
4.2.2.5.4 State Machine<br />
No.<br />
Signal<br />
0 Start<br />
1 CA received<br />
2 DEC(conf) received<br />
3 Always<br />
4 Signal from FHO module FAST_HANDOVER_INI<br />
5 Always (or DEC from QoSB)<br />
6 Signal from FHO module: START_QOSB_LISTEN<br />
6b Unsolicited DEC(Context Transfer) message received<br />
7 KA timer expires<br />
8 KA received<br />
9 Accounting timer expires<br />
10 Always<br />
11 Time out to check for new packets and packet with new (CoA,DSCP,DestAddress) found<br />
12 Positive DEC(AF) received<br />
13 Always<br />
14 Negative DEC(AF) received<br />
15 DEC(AF) with reconf. Flag set received<br />
16 End<br />
Table 6: State Machine<br />
4.2.2.6 AAAC Attendant<br />
The AAAC attendant acts as AAAC client and is responsible for communication between AAAC server<br />
on behalf of the MT. This includes all security specific functionalities like key handling and network<br />
access procedures, i.e., it deals with registration and setup.<br />
This module must also deal with accounting issues. For that purpose it must have an interface with the<br />
Metering module.<br />
The Attendant comprises a module of software that implements the AAAC signalling and a set of routing<br />
policies; some of these policies are set up as a consequence of the AAAC signalling.<br />
D0103v1.doc 55 / 168
D0103v1.doc Version 1 6.7.2003<br />
Registration<br />
protocoll<br />
handler<br />
ATTENDANT<br />
AAAC protocol<br />
handler<br />
AAAC<br />
Server<br />
Mapper, Mediator, Event gen.<br />
AAAC client<br />
Attendant<br />
log<br />
Session<br />
Status<br />
Trigger,<br />
remove<br />
S.A.<br />
Configure,<br />
Meter data<br />
Security<br />
Manager<br />
Metering<br />
Figure 43: AAAC Attendant<br />
User-space application residing on the AR<br />
The Attendant communicates with the MN and AAAC. F. The Attendant uses:<br />
- UDP for communication with the MN<br />
- TCP for communication with the AAAC.f<br />
Main function:<br />
- allowing / denying a MN the access to the Net<br />
- metering / accounting<br />
Behaviour:<br />
There are two main external events that trigger some actions from this entity i.e. receiving an MNARq on<br />
the AAAC-signalling-interface and Upon receiving an ARA.f<br />
At receiving a MNARq at its AAAC-signalling interface from MN, the Attendant will execute the<br />
following actions<br />
Upon receiving an MNARq on the AAAC-signalling-interface:<br />
• the Attendant generates an DH key /FORWHOM /<br />
• generates an ARR.f message; generates the following AVPS:<br />
• Session-Id, Origin-Host, Origin-Realm, Destination-Realm (by taking the realm part of the<br />
NAI sent by the MN)<br />
• Att-DH-PV (keying material for setting up an SA btw. the MN and the Att.<br />
• constructs an ARR.f to be relayed/proxied thru one of the AAAC servers (relay/proxy agent)<br />
in its realm<br />
• AAAC.f; keeps some info related to this message (the interface on which the MNARq was<br />
received, the MN CoA, MN-DH-PV) into the list of pending requests (LPR)<br />
Upon receiving an ARA.f from the AAAC.f :<br />
• check the AAAC Result-Code<br />
• sets up the SA with the MN using MN-DH-PV<br />
• constructs an MNARp and sends it to the MN using the info related to this MN (i.e.<br />
interface, CoA and so on.)<br />
• sets up the policy related to IP routing for this MN accordingly.<br />
AAAC Client has an Integrated Logger which generates Availability and User Registration Event Logs,<br />
and sends them to the Local Log Management. The Availability Event Logs are generated periodically.<br />
Each time AAAC Client receives a valid MNARq it logs this event for later auditing. After sending the<br />
response MNARp to MN, this event will also be logged.<br />
D0103v1.doc 56 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.2.2.6.1 Metering<br />
The core component of the metering software is the IETF RTFM NeTraMet implementation as<br />
documented in RFC 2063, RFC 2064 and its successor RFCs.<br />
The NeTraMet implementation was enhanced with the following new features:<br />
A Meter was modifies in the sense that dynamically CoAs can be assigned to User_Class_IDs. This user<br />
class Ids will be used to link CoAs with a predefined user group reflecting a certain SLA.<br />
A Meter Manager and Meter reader was modified in the sense that the flow data is stored into a mySQL<br />
database. The communication between the Meter Reader and the database is done via ODBC.<br />
Figure 44 depicts the components of the meter block located at the Access Router. NeTraMet meters the<br />
data according the above mentioned RFCs. NeMaCDB reads the data from the meter, opens at each<br />
reading cycle the database and stores the raw data into this database. All this modules are installed at the<br />
same machine. The interval between two consecutive meter reading cycles is expected to be in the rage 1<br />
s – 5 s.<br />
NeTraMet<br />
SNMP<br />
NeMaCDB<br />
SNMP<br />
ODBC<br />
Metering<br />
Attendant<br />
Accounting<br />
Interface<br />
AAA Attendant<br />
Figure 44: Metering Module Architecture<br />
The metering attendant can read out the data from the Accounting database on request coming from the<br />
AAAC Attendant. It is expected that data of the accounting database is red out in permanent intervals<br />
(about 3 minutes). The data red out will be deleted at the accounting database in order to keep the size of<br />
this database small and the whole system scalable. This reading intervals will be triggered by the AAAC<br />
Attendant via a C API which is described in the following:<br />
AAAC client can get accounting data through a function call (Get_Meter_Data). Additionally, the C Lib<br />
can also give AAAC client two functions as required in [1]: Meter_Start() and Meter_Stop().<br />
struct st_accdata<br />
{<br />
char *date;<br />
char *time;<br />
char *sourcepeeraddress;<br />
char *destpeeraddress;<br />
unsigned int inputOctets; //fromoctets<br />
unsigned int outputOctets; //tooctets<br />
unsigned int inputPackets; //frompdus<br />
unsigned int outputPackets; //fromoctets<br />
unsigned int destPort;<br />
unsigned int dscp;<br />
struct st_acctdata *next<br />
}<br />
Figure 45: Meter Attendant API – data format<br />
D0103v1.doc 57 / 168
D0103v1.doc Version 1 6.7.2003<br />
Parameters of the Meter_Start message are Session_ID and CoA. Parameters of the get_Meter are the<br />
Session_ID. The Meter_Stop parameter is the Session_ID only.<br />
The Session_ID will be created and maintained by the AAAC Attendant. This session_ID will be<br />
combined with a CoA after Meter_Start is called. AAAC client can use it to get Accounting data from<br />
meter and inform meter to stop counting for this CoA.<br />
Get_Meter_Data return a pointer to the structure. The accounting data are stored in this structure list. The<br />
list end with a null point in next.<br />
4.2.2.6.2 Logger<br />
Figure 46 depicts the logging framework. It is required that the impact caused by the Integrated Loggers<br />
to the main tasks performed by the hosting entity should be reduced to minimum. Therefore Integrated<br />
Loggers are required to be non-blocking and must log as fast as possible. The logs will be stored locally<br />
before being transferred to the Auditing Framework by the Local Log Management.<br />
Access Router<br />
AAAC Client<br />
Integrated<br />
Logger<br />
QoS Manager<br />
Integrated<br />
Logger<br />
Local<br />
Log<br />
Local<br />
Log Mgmt<br />
Auditing<br />
Framework<br />
Figure 46: Logger<br />
QoS Manager’s Integrated Logger does not know NAI but CoA. In order to allow for logging NAI in<br />
Service Authorization Events, the mapping from CoA to NAI must be made available to the QoS<br />
Manager’s Integrated Logger. AAAC Client’s Integrated Logger knows this mapping, therefore both<br />
Integrated Loggers need to communicate.<br />
4.2.2.6.3 Local Log<br />
The Local Log is implemented as a MySQL database consisting of three tables: SoL, UsrReg, and<br />
SvcAuth. The table SoL is used to store Availability Event Logs. The table UsrReg is used to store User<br />
Registration Event Logs, and the table SvcAuth is used to store Service Authorization Event Logs.<br />
The data structure of each of the tables are shown below.<br />
Field Type Null allowed? Default<br />
LoggerID varchar(255) NO “”<br />
LogTime Datetime NO 0000-00-00 00:00:00<br />
EventID tinyint(3) unsigned NO 0<br />
EventID is 1.<br />
Table 7: SoL data structure<br />
LoggerID is the unique identity of QoSManager (e.g., “:QoSManager”) or AAAC<br />
Client (e.g., “:AAACClient”).<br />
Field Type Null allowed? Default<br />
LoggerID varchar(255) NO “”<br />
LogTime Datetime NO 0000-00-00 00:00:00<br />
D0103v1.doc 58 / 168
D0103v1.doc Version 1 6.7.2003<br />
EventID tinyint(3) unsigned NO 0<br />
NAI varchar(255) NO “”<br />
CoA varchar(255) NO “”<br />
ResultCode int(10) unsigned YES NULL<br />
Table 8: UsrReg data structure<br />
EventID is 11 for the registration request event from the MN and 12 for the registration response to the<br />
MN.<br />
NAI is the user identifier.<br />
CoA: Care-of Address in hexadecimal text format.<br />
ResultCode: result code from the AAAC Server if EventID is 12, 0 if EventID is 11.<br />
Field Type Null allowed? Default<br />
LoggerID varchar(255) NO “”<br />
LogTime Datetime NO 0000-00-00 00:00:00<br />
EventID tinyint(3) unsigned NO 0<br />
NAI varchar(255) NO “”<br />
CoA varchar(255) NO “”<br />
DestAddr varchar(255) YES NULL<br />
DSCP tinyint(3) unsigned NO 0<br />
ResultCode int(10) unsigned YES NULL<br />
Table 9: SvcAuth data structure<br />
EventID is 21 for the authorization request event to the QoSBroker and 22 for the authorization response<br />
from the QoSBroker.<br />
CoA: captured and requested traffic source address (Care-of Address) in hexadecimal text format.<br />
DestAddr: captured and requested traffic destination address in hexadecimal text format.<br />
DSCP: captured and requested traffic DSCP in decimal format.<br />
ResultCode: QoSBroker Authorization code: ‘1’=admit/install, ‘2’=reject/block, 0 if EventID is 21.<br />
4.2.2.6.4 Interface between Integrated Loggers for CoA-NAI Mapping<br />
The purpose of this communication is to allow the Integrated Logger of QoS Manager to map a CoA to<br />
NAI. The message exchange between the Integrated Logger of QoS Manager (ILQoSM) and the<br />
Integrated Logger of AAAC Client (ILAAACCl) is simple and defined as follows:<br />
ILQoSM à ILAAACCl : GetMap(CoA)<br />
ILAAACCl à ILQoSM : Map(NAI, CoA)<br />
The format of the message GetMap and Map is shown in the following figure. The Type of the TLV for<br />
CoA is 1 and NAI is 2.<br />
D0103v1.doc 59 / 168
D0103v1.doc Version 1 6.7.2003<br />
0 GetMa 31 0 Map 31 0 TLV 31<br />
Message Type p = 1 Message Type = 2<br />
Type<br />
Length of CoA<br />
CoA<br />
TLV<br />
TLV<br />
Length<br />
Value<br />
4.2.2.7 DSCP Marking Software<br />
4.2.2.7.1 Motivations<br />
Figure 47. Message format for CoA to NAI mapping<br />
Initially, the marking process was expected to work only in the Mobile Terminal. However, a few<br />
network entities (Home Agent for ex.) may generate signalling packets that must be marked. In fact, with<br />
Ethernet and WLAN technologies, these packets do not cause any problem, even if they are marked with<br />
a default DSCP set to ‘0’. With TD-CDMA, these packets may be dropped. To cross the interface, all the<br />
packets are associated with a specific radio bearer, according to their DSCP. In <strong>Moby</strong> <strong>Dick</strong>, a DSCP set to<br />
‘0’ is not recognized (see Table 10), and signalling and data packets use separate radio bearers associated<br />
with different DSCPs. So, the signalling packets must be marked just before sending them on a TD-<br />
CDMA interface, i.e. in the Access Router.<br />
Service Relative<br />
Typical Usage<br />
Name Class Priority<br />
Service parameters<br />
Description<br />
DSCP<br />
SIG AF41 2 Unspecified Signalling (network usage) 0x22<br />
S1 EF 1 Peak BW: 32 kbit/s Real time services 0x2e<br />
S2 AF21 3 CIR: 256 kbit/s<br />
Priority (urgent)<br />
data transfer<br />
0x12<br />
Three drop precedences (kbps): Olympic service<br />
S3 AF1* 4<br />
AF11 – 64<br />
AF12 – 128<br />
(better then<br />
BE:streaming, ftp,<br />
0x0a<br />
0x0c<br />
AF13 – 256<br />
etc) 0x0e<br />
S4 BE 0 Peak bit rate: 32 kbit/s Best Effort (BE) 0x00<br />
S5 BE 0 Peak bit rate: 64 kbit/s Best effort 0x02<br />
S6 BE 0 Peak bit rate: 256 kbit/s Best effort 0x04<br />
Table 10: Classes of Service and associated DSCP codes<br />
D0103v1.doc 60 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.2.2.7.2 DMS location<br />
Application 1 Application 2<br />
Application level module<br />
DSCP<br />
matching<br />
table<br />
Fast Handover<br />
module<br />
Enhanced IPv6 stack<br />
Standard IPv6 stack<br />
MIPL<br />
DSCP marking software<br />
Network devicedrivers<br />
TDCDMA WLAN Ethernet<br />
Figure 48: Location of the DSCP marking software in the IP stack<br />
The previous figure shows where the DMS will be located in the protocol stack. It « intercepts » packets<br />
just before transmitting them to the lower layer. Thus, all the packets generated by both the IP stack and<br />
the upper layers can be filtered and marked.<br />
4.2.2.7.3 DMS Architecture<br />
The DMS contains five components, as in figure 49:<br />
• a DSCP Matching Table (DMT): this table contains the definition of every filter and the DSCP<br />
associated with it in the Linux kernel space,<br />
• a DSCP Marking Function (DMF): this is the DMS engine, which consults the fields in the different<br />
headers of each packet, compares it with the filters in the DMT, and decides to mark or not the<br />
packet with a new DSCP; it is located in the Linux kernel (in the IPv6 code),<br />
• a Filters Database (FD): this file (or set of files) contains the definitions of all the filters, in the user<br />
space,<br />
• a Table Update Module (TUM): this is a Linux module in charge of updating the DSCP Matching<br />
Table with the data stored in the Filters Database,<br />
• a Service Table (ST): this table, only used by the TUM, associates a DSCP with each service.<br />
4.2.2.7.4 DSCP Matching<br />
The packet marking process is based on the search of a table containing all the filters definitions<br />
whenever a packet is ready to be transmitted. In this section, we describe how these filters are introduced<br />
by a user, and how the DMT is built and updated.<br />
D0103v1.doc 61 / 168
D0103v1.doc Version 1 6.7.2003<br />
Kernel Space<br />
User Space<br />
DSCP Marking<br />
Function (IPv6)<br />
Table update<br />
Module<br />
Service<br />
Table<br />
DSCP<br />
Matching<br />
Table<br />
Filters<br />
Db<br />
Rules1.txt<br />
Rules2.txt<br />
Rules3.txt<br />
Figure 49: DMS Components<br />
Packet filtering<br />
The description of a filter is as follows:<br />
Filter<br />
10<br />
Description FTPFilter<br />
TCPDestPort 21<br />
IP6SrcAddr FEDC:BA98:7654:3210:FEDC:BA98:7654:3210<br />
CoS<br />
S1<br />
Table 11: Packet Filter<br />
The complete descriptions of the filters are stored in one or several files (the FD). Each file is loaded in<br />
the DMT with help of the TUM. Then, when a packet is ready to be delivered to the lower layer, the DMF<br />
consults the DMT, and marks the packet with the DSCP associated with the first filter that matches with<br />
the information of its header(s).<br />
A filter contains:<br />
• An identifier (the ‘Description’ field), which also represents its priority. Thus, if two filters<br />
match, only the first one, i.e. the one with the lowest identifier, is considered.<br />
• A description, i.e. a filter name.<br />
• A CoS: the value of this field can be either a service identifier (S1, S2, …) or a DSCP. If this<br />
value is a service identifier, then the DSCP associated with the filter will be found by the TUM<br />
in the ST.<br />
• A list of items, with their values. The number of items is not limited, and a list of items can be<br />
empty (then, all the packets are marked with the DSCP associated with the filter). Packets are<br />
marked with the DSCP associated with the filter only if all the items values are equal to the<br />
corresponding fields values in the different headers of the packet. On the previous example, a<br />
packet will be marked with the ‘101110’ DSCP (which is associated with the S1 service in the<br />
ST) only if, in the packet headers, the TCP Destination Port is set to ‘21’ and the IPv6 Source<br />
Address is set to ‘FEDC:…:3210’. If only one value doesn’t match, then the filter also doesn’t<br />
match.<br />
Typically, each description can use all the possible fields of the different headers added by the network<br />
and the transport layers. This software supports a large subset of these fields, in the following headers:<br />
IPv6 main header, TCP, UDP, Destination option (including the Binding Update, Binding<br />
Acknowledgment, Binding Request, and Home Address options), Routing option, Hop-by-hop option,<br />
Authentication option, Encapsulating Security Payload (ESP) option, Fragment option, IPv6 (tunnelling),<br />
and ICMPv6.<br />
The goal of this software is simple: the filtering rules will not be directly written in the. In fact, the<br />
software offers the possibility to filter packets using a more or less complete subset of the different header<br />
fields. Only the user, and/or the network administrator, thanks to their good knowledge of the network<br />
protocols, is able to define precisely these rules. Thus, the code of the software is the same in all the<br />
different entities of the network using it, and in all the different QoS domains. Only the contents of the<br />
filters can change from an entity to another, or from a QoS domain to another. The different filtering rules<br />
supported by the DMS are listed in Table 10.<br />
DSCP Matching Table<br />
When a user, or a network administrator, triggers a modification of the filters descriptions, the TUM<br />
modifies the DMT automatically. In this section, we describe how this table is organized.<br />
D0103v1.doc 62 / 168
D0103v1.doc Version 1 6.7.2003<br />
Filter number<br />
(= line number)<br />
0<br />
1<br />
2<br />
3<br />
4<br />
…<br />
N<br />
Filter Pointer<br />
Filter0Ptr<br />
NULL<br />
Filter2Ptr<br />
Filter3Ptr<br />
NULL<br />
…<br />
FilterNPtr<br />
Table 12: Format of the DMT<br />
Each line of the table only contains a pointer to a complete description of a filter loaded in the memory<br />
(see Table 3).<br />
Each filter is a simple structure containing a description, the DSCP (CoS) used to mark each packet that<br />
matches this filter, a set of bits identifying the different headers to examine, and a pointer to a list of items<br />
representing the different fields of the packet header that are to be inspected (see figure 26). Thus, the<br />
number of fields in a filter is variable. The bits identifying the different headers to examine accelerate the<br />
filtering process. Indeed, if a filter contains items related to TCP fields, and if the packet does not contain<br />
a TCP header, the filter doesn’t match, and browsing its items list and the header fields’ values becomes<br />
useless. The use of these bits avoids useless treatments in the DMF.<br />
Every item of this list contains an identification of the field to inspect, i.e. a value identifying the name of<br />
the field in the kernel (IP6_SRC_ADDR is equivalent to the IP6SrcAddr field in the FD,<br />
TCP_SRC_PORT is equivalent to the TCPSrcPort field, etc.), the expected value of this field, and a<br />
pointer to the next item.<br />
It is possible that the information extracted from the packet header matches with several filters. Only the<br />
first filter is taken into account. Thus, the number of the filter, which is the range of the filter in the table,<br />
represents its priority. The lower is this number, the greater is the priority of the filter. So, it is important<br />
to sort the filters from the more detailed to the less detailed.<br />
Desc.: ANiceFilter<br />
Headers:IP6, TCP<br />
CoS: 101101<br />
Items list: item1<br />
Ident.: IP6_SRC_ADDR<br />
Value: FEC0::1<br />
Next: item2<br />
Ident.: IP6_DSCP<br />
Value: 010110<br />
Next: item3<br />
Ident.: TCP_SRC_PORT<br />
Value: 21<br />
Next: NULL<br />
Figure 50: Representation of a filter in the Linux kernel<br />
Table updates<br />
The TUM modifies the DMT each time the user, or the network administrator, modifies the FD and<br />
communicates it to the module (figure 27). The modified FD – which is a single text file – is forwarded to<br />
the module over a simple Linux character device (/dev/dscp). This solution is the simplest way to<br />
communicate information from the user space (here, the FD) to the kernel space where the DMT is<br />
located.<br />
Thus, the user only has to write on this device with the contents of the FD (by the ‘cat filters_database.txt<br />
> /dev/dscp’ command for ex.). Then, the TUM automatically reads the text written on the device, and<br />
updates the DMT in the Linux kernel. Note that it is not necessary to write the entire FD on the device to<br />
update properly the DMT: only a file containing new filters, or a subset of modified filters can be<br />
communicated to the TUM.<br />
D0103v1.doc 63 / 168
D0103v1.doc Version 1 6.7.2003<br />
User<br />
AAAC<br />
Table update<br />
Module<br />
3b<br />
Filtering Rules & DSCP<br />
1 2 3a<br />
Service<br />
Table<br />
Character device<br />
/dev/ dscp<br />
1: Filters writing<br />
2: Filters reading<br />
DSCP<br />
Matching<br />
Table<br />
3a: DSCP update<br />
3b: Filters update<br />
Figure 51: DMT and SC update process<br />
For the moment, the table update process is triggered manually, by writing on the /dev/dscp character<br />
device. However, it is possible to make the AAAC system update the FD, in the same way than the DSCP<br />
update (see section 4.1.2.9.8) or triggering automatic updates regularly, in the user space.<br />
4.2.2.7.5 DSCP marking<br />
DSCP marking is done thanks to a modification of the Traffic Class and Flow Label fields in the IPv6<br />
header. When the information of the packet header matches with a filter, the corresponding DSCP is<br />
marked in the header of the packet: the four first bits of the DSCP are stored in the last four bits of the<br />
Traffic Class field, and the last two bits, plus two bits set to ‘0’, are stored in the four first bits of the Flow<br />
Label field.<br />
DSCP<br />
Vers<br />
TC<br />
…..<br />
Flow Label<br />
Figure 52: DSCP bits in the IPv6 main header<br />
4.2.2.7.6 Packet re-marking<br />
This operation is supported by the DMT, if the DMS is installed in a Linux router. To re-mark packets,<br />
the network administrator has just to add a new filter, containing a ‘IP6DSCP’ item, in the FD. This filter<br />
evaluates the DSCP in the new packet header, and associates a new value with it.<br />
4.2.3 Software implementation / interfaces<br />
4.2.3.1 Interface between QoSManager and Fast Handover module<br />
The Fast Handover modules, implemented in the Access Routers, handle fast handover related control<br />
messages. As specified in chapter 4 for the Fast Handover signalling flow, the oAR releases two further<br />
control messages on reception of the Router Solicitation for Proxy message. One message is related to the<br />
fast handover procedure and refers to the HI/HACK Fast-HO control message handshake between the<br />
oAR and the nAR. The second message that should be released is the QoS related control message<br />
initiating re-establishment of QoS context on the nAR and conveying QoS related information to the<br />
domains QoS brokers. This requires an appropriate local interface between the Fast-HO module and the<br />
QoS attendant function, which are both implemented on Access Routers.<br />
D0103v1.doc 64 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.2.3.1.1 Interface mechanisms<br />
Control primitive exchange between Fast-HO module and QoS attendant function on Access Routers<br />
requires deployment of an appropriate interface for bi-directional user-space / kernel communications.<br />
We use for that a character device. The following sections describe the interface.<br />
4.2.3.1.2 Interface contents<br />
Source Dest Primitive Parameters<br />
Fast-HO<br />
in oAR<br />
QoSattend<br />
in oAR<br />
START_QOS_FHO<br />
oCoA, nAR address, nCoA.<br />
Fast-HO<br />
in nAR<br />
QoSattend<br />
in nAR<br />
START_QOSB_LISTEN<br />
none<br />
QoSattend<br />
in nAR<br />
Fast-HO in<br />
nAR<br />
QOS_FHO_ACK<br />
Result info: QOS_AVAILABLE<br />
or<br />
QOS_NOT_AVAILABLE<br />
Table 13: Interface Contents<br />
4.2.3.1.3 Format of the messages<br />
/* Message definition(s) */<br />
struct qos_fho_msg_t<br />
{<br />
int type;<br />
union<br />
{<br />
start_qos_fho_msg_t start_qos_fho;<br />
start_qosb_listen_msg_t start_qosb_listen;<br />
qos_fho_ack_msg_t qos_fho_ack;<br />
} msg;<br />
};<br />
typedef struct qos_fho_msg_t qos_fho_msg_t;<br />
/* FHO module -> QOS-attendant on the oAR: handover initiate info message to QoS */<br />
struct start_qos_fho_msg_t<br />
{<br />
struct in6_addr old_coa;<br />
struct in6_addr new_coa;<br />
struct in6_addr new_ar;<br />
};<br />
typedef struct start_qos_fho_msg_t start_qos_fho_msg_t;<br />
/* FHO module --> QoS attendant on the oAR: trigger the QoS attendant to listen for QoS message */<br />
struct start_qosb_listen_msg_t<br />
{<br />
};<br />
typedef struct start_qosb_listen_msg_t start_qosb_listen_msg_t;<br />
/* QoS attendant --> FHO module on the nAR: allow or deny handover via acknowledgement */<br />
struct qos_fho_ack_msg_t<br />
{<br />
int qos_ack;<br />
};<br />
typedef struct qos_fho_ack_msg_t qos_fho_ack_msg_t;<br />
D0103v1.doc 65 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.2.3.2 Interface between QoSManager and DiffServ Logic<br />
PEP communicates with DiffServ Logic using an API: The IBM TC API. This section describes shortly<br />
the main functions of the API.<br />
• First is the call of the API function QSession() which creates a netlink socket to communicate<br />
between the kernel space (where DiffServ Logic runs) and the user space (where PEP code<br />
runs).<br />
• To configure queues in the DiffServ Logic a two step process is followed. We first call the API<br />
function AddQDiscCBQ() is first called to reserve and configure some resources of a router<br />
interface for later creating the queues in those reserved resources. Then, for each queue we want<br />
to create in the mentioned interface, we call AddTClassCBQ(). If we want to create queues other<br />
than CBQ we may also call AddQDiscName() and AddTClassName().<br />
• To create filters to route packets to any of the queues created in the preceding step, we have to<br />
call two API functions. First we create a set of conditions the packet must meet using the<br />
function AddCondition() as many times as needed. Then, we aggregate these conditions and<br />
create the filter using AddFilterU32Filter(), this functions allow us to specify to which queue the<br />
packets meeting the above created conditions will be routed.<br />
DiffServ Logic has also to tell the PEP when a packet that does not match any filter rules arrives, so that<br />
the PEP initiates the Authorization Process. But TC does not allow that. So we use pcap. Pcap captures all<br />
the packets and stores in a shared memory variable packets parameters (CoA and DSCP). PEP checks this<br />
shared memory variable and looks if any (CoA, DSCP) pair is not in his DSCP table. In that case it begins<br />
the authorization process begins.<br />
A wrapper around IBM’s TC API has been designed. Its more relevant functions are:<br />
Create_session(interface)<br />
Create_initial_qdiscs()<br />
create_CBQ_class(BW, borrow_bw)<br />
create_GRED_VQ(queue capacity (min, max) discard probabilty)<br />
create_default_filter(class to send packets matching none of the filters)<br />
add_filter6(CoA, DSCP, class to send packets matching this filter)<br />
tell_stats(interface_status)<br />
4.2.3.2.1 Flow sequence between PEP and DiffServ Logic<br />
No. Function call Remarks<br />
1 Create_session<br />
To initiate DiffServ Logic<br />
2 Create_initial_qdiscs<br />
3 create_CBQ_class As many times as needed<br />
4 create_CBQ_class<br />
As many times as needed<br />
5 create_GRED_VQ<br />
6 create_CBQ_class<br />
CBQ can be created and deleted as<br />
needed<br />
7 delete_CBQ_class<br />
create_default_filter<br />
8 add_filter6 As many times as needed<br />
9 add_filter6<br />
10 remove_filter6<br />
11 Stats As many times as needed<br />
Table 14: Flow Sequence between PEP and DiffServ logic<br />
Filters can be created and deleted as<br />
needed<br />
4.2.3.3 Interface between the QoSManager and the Integrated Logger<br />
Each time the Access Router is going to send a ‘Resource allocation Request’ message asking<br />
authorization for an active traffic not installed at this time, the router is forced to log this event for later<br />
auditing. After the response is received and the report state message sent, this event must also be logged.<br />
The Integrated Logger functionalities are provided by the API ‘SessionSetupLogger’.<br />
The interface provided by the Integrated Logger is simple and consists of three functions and a structure.<br />
The functions are:<br />
D0103v1.doc 66 / 168
D0103v1.doc Version 1 6.7.2003<br />
• void createQoSMgrLogger(char *loggerName);<br />
This function replaces the deprecated function void *createLogger(char *loggerName).<br />
Call this function once at the initialization of the QoSManager. The parameter loggerName contains<br />
the identity of the logger. If this parameter is NULL, then the concatenated hostname and<br />
“:qosmanager” will be used as the LoggerID by the Integrated Logger.<br />
• int logAuth(svcAuthStruct *log); // return 0 if successful<br />
This function replaces the deprecated function int logSvcAuthorization(void *logger, svcAuthStruct<br />
*log).<br />
Call this function for each session setup request and session setup response. The function returns 0 if<br />
no error occurs, otherwise it returns a negative number (Logger not initialized (-1), Parameter is<br />
NULL (-2), Error while logging (-3)).<br />
• void destroyQoSMgrLogger();<br />
This function replaces the deprecated function void destroyLogger(void **logger).<br />
Call this function at the end of execution of the QoSManager.<br />
The structure is the svcAuthStruct structure defined as:<br />
typedef struct _svcAuthStruct {<br />
unsigned char eventId;<br />
char *NAI;<br />
char *CoA;<br />
char *destAddr;<br />
unsigned char dscp;<br />
unsigned int resultCode;<br />
} svcAuthStruct;<br />
It is used in the logAuth() function.<br />
4.2.3.4 Interface between the IPv6 enhanced stack and the Fast Handover module<br />
The Messages exchanged between the fast handover module (FHM) and the IPv6 enhanced stack (Ipv6)<br />
are the following:<br />
• IPv6 -> FHM: ROUTER_SOLICITATION_FOR_PROXY_RECEIVED, parameters:<br />
_nARaddr (IP address of the new AR if available or perhaps other kind of identifier), _HoA,<br />
_oCoA (the CoA the MT is using), _nCoA (the CoA the MT is going to use with the nAR).<br />
• FHM -> IPv6: SEND_HANDOVER_INITIATE, parameters: _nARaddr, _nCoA,<br />
SubSubProfile, key<br />
• IPv6 -> FHM: HANDOVER_INITIATE_RECEIVED, parameters: _oARaddr (IP address<br />
of the AR that sent the HI), _nCoA, SubSubProfile, key<br />
• IPv6 -> FHM: SEND_HANDOVER_ACK, parameters: _oARaddr<br />
• FHM -> IPv6: HANDOVER_ACK_RECEIVED, parameters: _nARaddr<br />
• FHM -> IPv6: SEND_PROXY_ROUTER_ADVERTISEMENT, parameters: _oCoA<br />
• IPv6 -> FHM: FAST_BINDING_UPDATE_RECEIVED, parameters: _oCoA<br />
• FHM -> IPv6: SEND_FAST_HANDOVER_ACK, parameters: _oCoA, _nCoA<br />
• IPv6 -> FHM: FAST_NEIGHBOUR_ADVERTISEMENT_RECEIVED, parameters:<br />
_nCoA<br />
4.2.3.5 Interface between the IPv6 enhanced stack and the IP paging attendant<br />
The messages exchanged between the IP paging attendant (IP_PA) and the IPv6 enhanced stack (Ipv6)<br />
are the following:<br />
• IPv6 -> IP_PA: DORMANT_MODE_REQUEST_RECEIVED, parameters: _HoA, _MAC<br />
address list (n * 3byte) or _L3-ID, _Paging area ID, _Sequence #, _reg. Lifetime, _NAI,<br />
_credentials<br />
D0103v1.doc 67 / 168
D0103v1.doc Version 1 6.7.2003<br />
• IP_PA -> IPv6: SEND_DORMANT_MODE_REQUEST, parameters: _PAaddr (IP address<br />
of the paging agent), _HoA, _MAC address list (n * 3byte) or _L3-ID, _Paging area ID,<br />
_Sequence #, _reg. Lifetime, _NAI, _credentials<br />
• IPv6 -> IP_PA: PAGING_REQUEST, parameters: _RAN (random number), _SessKey<br />
(session key), _MAC address list , L3-ID (MTSolicitedNodeAddr????)<br />
• IP_PA -> IPv6: ON-LINK_PAGING_REQUEST, parameters:<br />
_MTSolicitedNodeAddrInterface between AAAC Attendant and IpSec<br />
4.2.3.6 Interface between AAAC Attendant and IPSec<br />
4.2.3.6.1 IPSec Functions<br />
SWAMP gets its IPSec functionality from two projects: the FreeS/WAN project<br />
(http://www.freeswan.org) implements IPSec for Ipv4 on the Linux platform. IABG has patched<br />
FreeS/WAN to provide Ipv6 support.<br />
Since the IPSec protocol , and its API, PFKEY has been extensively described in the relevant standards,<br />
this document focuses on the interface provided by liburp for the purposes of liburp. This interface is used<br />
by the AAA Attendant on the AR.<br />
The liburp library provides a simplified interface to the kernel IPSec interface. It allows programs to set<br />
up 'connections', described by a 'struct ipsec_conn'. A connection is an IPSec tunnel between a mobile<br />
node and an access router. It is assumed that all the traffic of a mobile node will be routed to a single<br />
access router, through a single connection. Each router, of course, may have multiple connections, one for<br />
each attached mobile node.<br />
Each connection contains a bundle of Security Associations (SA's). A program may set up a connection<br />
with only AH tunnel, only ESP tunnel, or both AH and ESP tunnel protection.<br />
Before one can use the IPSec functionality, one must call IPSecMgr::init(). Likewise, when done, the<br />
program should call IPSecMgr::exit(). This will destroy any IPSec connections that are still around.<br />
To set up a connection, a program creates and fills up a 'struct ipsec_conn' variable:<br />
truct ipsec_conn {<br />
bool is_mn; /* Is the node an MN? AR? */<br />
in6_addr *local_addr6;<br />
uint32_t local_maskbits;<br />
in6_addr *remote_addr6;<br />
uint32_t remote_maskbits;<br />
uint8_t *ah_key;<br />
uint32_t ah_spi_in;<br />
uint32_t ah_spi_out;<br />
uint8_t *esp_key;<br />
uint32_t esp_spi_in;<br />
uint32_t esp_spi_out;<br />
/* tunnel SA SPI's */<br />
uint32_t ipip_in_spi;<br />
uint32_t ipip_out_spi;<br />
};<br />
On the mobile node, 'is_mn' is set to true, and on the access router, it is set to false. The 'local_addr6' and<br />
'remote_addr6' members are self_explanatory. The '*_maskbits' is set to 128 for now. In future they may<br />
be used to protect network segments instead all traffic.<br />
'ah_key' and 'esp_key' are the keys for AH and ESP protection, respectively. The liburp uses HMAC-<br />
MD5-96 algorithm for AH, and 3DES-CBC for ESP. Thus, they ah_key must always be 16 bytes in<br />
length, and the esp_key must always be 24 bytes in length (the canonical key lengths for these<br />
algorithms). The liburp does not attempt to pad or truncate the keys you supply, and improper lengths<br />
may be fatal.<br />
If neither AH nor ESP is used, then the corresponding key is set to 0 (NULL pointer). This is the only<br />
exception to the restriction on key length described above.<br />
The '*_spi_in' and '*_spi_out' members are the SPI's of incoming and outgoing SA's, respectively. They<br />
must be anti-symmetric on the mobile node and access router. That is, if the ah_spi_in on the mobile node<br />
is 101, then (for the same ipsec connection) the ah_spi_out on the access router must also be 101, and<br />
vice-versa.<br />
If you are not using AH, then you can leave the ah_spi_* members unset: they will not be used. However,<br />
you must always set the esp_spi_* members correctly. This restriction is imposed by the design of the<br />
FreeS/WAN IPSec implementation.<br />
The ipip_*_spi members must also be set, but they need not be anti-symmetric or even same on the<br />
mobile node and access router: they should just be unique within and between ipsec connections.<br />
D0103v1.doc 68 / 168
D0103v1.doc Version 1 6.7.2003<br />
The above means that you will use up four SPI's for an ESP only connection (two for incoming and<br />
outgoing ESP SA's, two for incoming and outgoing IPIP SA's) and six SPI's for an AH or Ah+ESP<br />
connection (additionally two SPI's for incoming and outgoing AH SA's).<br />
Once you have set up the ipsec_conn structure properly, you can create a connection by calling<br />
IPSecMgr::add_conn(). Since liburp will make copies of any data it needs, you can reuse the same<br />
structure variable again and again (after changing the required members, of course). This also implies that<br />
you are responsible for managing the memory (keys, etc.) used by your variable.<br />
The IPsecMgr::add_conn() method returns a 'connection-id': a non-negative integer identifying the<br />
connection. This id can be used to call IPSecMgr::del_conn(), to destroy the connection. Note: calling<br />
IPSecMgr::exit() also destroys all connections which have not been released by calling<br />
IPSecMgr::del_conn().<br />
4.2.3.6.2 SPI Management<br />
Since one needs to have unique SPI's for each connection, and should then return them to the unused SPI<br />
'pool' for later re -use after destroying a connection (lest you run out of SPI's), liburp provides a SPI<br />
management interface.<br />
You can ask for unique SPI's by calling PFKey::get_spi() as many times as required: it will ensure that<br />
you only get unique PI's, and will return 0 if no SPI is available.<br />
Once you have done with an SPI, free it by calling PFKey::free_spi(). PFKey will then re-use it if<br />
necessary.<br />
Note: IPSecMgr::del_conn() does not automatically free the SPI's used by a connection: you must still<br />
call PFKey::free_spi().<br />
Note that the SPI management routines can only ensure that SPI's are unique within a single process.<br />
There is no mechanism to ensure SPI uniqueness system-wide. Thus, if there is another program using the<br />
PF_KEY (RFC 2367) interface to use SPI's, then conflict is likely. To be safe, liburp uses the SPI range<br />
0x100 to 0xfff, which is reserved for manual keying. This will ensure that at least liburpallocated SPI's<br />
do not conflict with those used by some key-management daemon like FreeS/WAN's pluto.<br />
4.2.3.6.3 Firewall control<br />
The Access Router has to implement a packet filter that would drop packets sent from unauthenticated<br />
mobile hosts. This is achieved via the pep6_kmod kernel filter. This is a kernel module provided with the<br />
library. You must compile and insert this mo dule into the kernel to use the packet filter functions of<br />
librup. This library provides a simple interface to the kernel filter rules through the class<br />
URPFWMgr. The philosophy of the kernel filter is to not allow Any packets to be forwarded, except<br />
those from or to addresses Specified in a “rule". Each rule is associated with an interface. The wildcard<br />
"any" interface is also allowed, to create global rules.<br />
Call URPFWMgr::init() to initialize the firewall manager. The kernel module must be loaded for this to<br />
success.<br />
Call URPFWMgr::allow6() to allow forwarding for a particular mobile node. 'in_dev' is the name of the<br />
network interface the rule should be associated with ("eth0", "wlan0", etc. for example). Using "any" as<br />
the interface name causes the rule to be associated with all interfaces. 'v6addr' is the source or destination<br />
address of the packets for which forwarding is enabled, and should be the care-of-address of the mobile<br />
node.<br />
URPFWMgr::forbid6() serves to disable the forwarding enabled by calling allow6(). It takes only a single<br />
argument, which is the address the rules should be revoked. All rules containing this address will be<br />
removed.<br />
All these functions return 0 if the operation was successful; otherwise they return an integer less than 0.<br />
4.2.3.6.4 2.2.2.4 API Synopsis<br />
The API is summarized here.<br />
#include <br />
static void Logger::setDefaults(const char *ident,<br />
const bool tid = false, const int facility = DAEMON)<br />
static void Logger::setDebugState(bool state)<br />
static int IPSecMgr::init()<br />
static int IPSecMgr::add_conn(struct ipsec_conn *conn)<br />
static int IPSecMgr::del_conn(int connid)<br />
static int IPSecMgr::exit()<br />
D0103v1.doc 69 / 168
D0103v1.doc Version 1 6.7.2003<br />
static int PFKey::get_spi()<br />
static void PFKey::free_spi(int spi)<br />
static int URPFWMgr::init()<br />
static int URPFWMgr::allow6(const char *in_dev,<br />
struct in6_addr *v6addr)<br />
static int URPFWMgr::forbid6(struct in6_addr *v6addr)<br />
4.2.3.7 Interface between AAAC Attendant and metering<br />
The metering attendant can read out the data from the Accounting database on request coming from the<br />
AAAC Attendant. It is expected that data of the accounting database is red out in permanent intervals<br />
(about 3 minutes). The data red out will be deleted at the accounting database in order to keep the size of<br />
this database small and the whole system scalable. This reading intervals will be triggered by the AAAC<br />
Attendant via a C API which is described in the following:<br />
AAAC client can get accounting data through a function call (Get_Meter_Data). Additionally, the C Lib<br />
can also give AAAC client two functions as required in [1]: Meter_Start() and Meter_Stop().<br />
struct st_accdata<br />
{<br />
char *date;<br />
char *time;<br />
char *sourcepeeraddress;<br />
char *destpeeraddress;<br />
unsigned int inputOctets; //fromoctets<br />
unsigned int outputOctets; //tooctets<br />
unsigned int inputPackets; //frompdus<br />
unsigned int outputPackets; //fromoctets<br />
unsigned int destPort;<br />
unsigned int dscp;<br />
struct st_acctdata *next<br />
}<br />
Figure 53: Meter Attendant API – data format<br />
Parameters of the Meter_Start message are Session_ID and CoA. Para meters of the get_Meter are the<br />
Session_ID. The Meter_Stop parameter is the Session_ID only.<br />
The Session_ID will be created and maintained by the AAAC Attendant. This session_ID will be<br />
combined with a CoA after Meter_Start is called. AAAC client can use it to get Accounting data from<br />
meter and inform meter to stop counting for this CoA.<br />
Get_Meter_Data return a pointer to the structure. The accounting data are stored in this structure list. The<br />
list end with a null point in next.<br />
4.2.3.8 Interface between AAAC attendant and Fast Handover module<br />
4.2.3.8.1 Description<br />
The AAAC attendant module has an interface to the Fast Handover (FHO) module, which is a kernel<br />
space module. These modules interact with each other to transfer the context from the old access router<br />
(oAR) to the new access router (nAR). This is illustrated in the figure below.<br />
On receiving a “Router Solicitation for Proxy” message form the MN, the FHO module at the old access<br />
router requests the AAAC Attendant for the context associated with the MN. The FHOmodule executes<br />
the function “StartCtxTransfer” which contains identification of the message (MesgType) e.g.<br />
StartCtxTransfer, SendctxToAtt or SendctxToFHO and the length of this message<br />
In case of an intra-domain fast handover, which is the only kind of FAST Handover to be considered<br />
within <strong>Moby</strong> <strong>Dick</strong>, transferring the related context between the oAR and the nAR performs reestablishment<br />
of related AAAC context on the nAR. This requires control primitives to be exchanged<br />
locally between the old and new Air’s HO module and the AAAC attendant. Context has to be requested<br />
from the AAAC attendant on the oAR on reception of the Router Solicitation for Proxy. To identify the<br />
respective mobile terminal, the old CoA is used as an identifier on the oAR. The context is to be attached<br />
to the Fast-HO CT extension and conveyed to the nAR through the HI message. On the nAR, the context<br />
D0103v1.doc 70 / 168
D0103v1.doc Version 1 6.7.2003<br />
is to be passed to the AAAC attendant module, providing also the nCoA as identifier for the new binding.<br />
The following figure repeats the fast handover message flow, whereas the important messages for the<br />
AAAC context transfer are numbered 3 and 5 and the colored messages, marked with A,B,C and X, are<br />
not considered in the following description.<br />
After the Mobile Terminal initialized the handover via the Proxy Router Advertisement (msg. 2), the<br />
FHO module should:<br />
• Get the WP4 context from the AAAC on the oAR before Msg 3 (fig. above)<br />
• Include the WP4 context in the Handover initiate (msg. 3) and sent it to the nAR<br />
• Give the WP4 context to the AAAC attendant on the nAR (fig above)<br />
The context will consist of a Type Length Value TLV structure that is opaque to the FHO module. The<br />
parameters passed from the AAAC attendant to the MT registration module are also passed in a TLV<br />
structure.<br />
Old AR<br />
New AR<br />
User Space<br />
AAA Att.<br />
User Space<br />
AAA Att.<br />
1.<br />
Trigger<br />
ctxTran<br />
FHO Mod.<br />
Kernel<br />
2.<br />
CtxtoFHO<br />
3. Handover Initiate<br />
FHO Mod.<br />
Kernel<br />
4.<br />
CtxtoAtt<br />
Figure 54: FHO module and Attendant interaction during FHO<br />
4.2.3.8.2 Interface mechanisms<br />
After the handover is initiated via the Proxy Router Advertisement (msg. 2) by the Mobile Node, the oAR<br />
needs the AAAC context before contacting the nAR and triggers the ATT to relay the AAAC context to<br />
the FHO module (see figure below: step 1), which is performed in step 2 (figure below). The context is<br />
included in the Handover initiate message to the nAR (step 3, figure below) where it is given to the<br />
respective AAAC attendant in step4. The figure below shows the interaction between the different entities<br />
involved in detail.<br />
On receiving a “Router Solicitation for Proxy” message form the MN, the FHO module at the old access<br />
router requests the AAAC Attendant for the context associated with the MN. The FHOmodule executes<br />
the function “StartCtxTransfer” which contains identification of the message (MesgType) e.g.<br />
StartCtxTransfer, SendctxToAtt or SendctxToFHO and the length of this message. The parameters of the<br />
respective messages will be presented in detail below.<br />
4.2.3.8.3 Interface contents<br />
The contents of the context are as follows<br />
Context<br />
{ Auth-Lifetime };<br />
{ Session-Timeout }; /* what's left of it */<br />
{ ATT-MN-SPI };<br />
{ MIPv6-Mobile-Node-Address };<br />
{ MIPv6-CO-Address };<br />
{ AR-Address };<br />
D0103v1.doc 71 / 168
D0103v1.doc Version 1 6.7.2003<br />
{ MN-User-Name};<br />
{ Session-Id};<br />
{ ATT-MN-3DES-KEY};<br />
{ ATT-MN-SPI};<br />
Source Dest Primitive Parameters<br />
Fast-HO<br />
(oAR)<br />
AAAatt<br />
(oAR)<br />
StartCtxTransfer<br />
MesgType<br />
MesgLen<br />
AAAatt<br />
(oAR)<br />
Fast-HO<br />
(oAR)<br />
SendCtxToFHO<br />
MesgType<br />
MesgLen<br />
Context (i.e., stream of bytes)<br />
Fast-HO<br />
(nAR)<br />
AAAatt<br />
(nAR)<br />
SendCtxToATT<br />
MesgType<br />
MesgLen<br />
Context (i.e., stream of bytes)<br />
Table 15: Interface Contents<br />
4.2.3.9 Interface between AAAC Client and Integrated Logger<br />
The interface provided by the Integrated Logger is simple and consists of 5 functions and a structure.<br />
The functions are:<br />
• void createAAACClientLogger(char *loggerName);<br />
Call this function once at the initialization of the AAAC Client. The parameter loggerName contains<br />
the identity of the logger. If this parameter is NULL, then the concatenated hostname and<br />
“:aaacclient” will be used as the LoggerID by the Integrated Logger.<br />
• int logReg(usrRegLogStruct *usrRegLog); // return 0 if successful<br />
Call this function for each registration request and regis tration response. The function returns 0 if no<br />
error occurs, otherwise it returns a negative number (Logger not initialized (-1), Parameter is NULL<br />
(-2), Error while logging (-3)).<br />
• void destroyAAACClientLogger();<br />
Call this function at the end of execution of the AAAC Client.<br />
• void logger_add_map(char *nai, struct in6_addr *in6_CoA);<br />
Call this function if a user is registered to this AAAC Client either by an initial registration or a<br />
“joining” handover.<br />
• void logger_remove_map(struct in6_addr *in6_CoA);<br />
Call this function if a user is deregistered to this AAAC Client either due to session timeout or<br />
“leaving” handover.<br />
The structure is the usrRegLogStruct structure defined as:<br />
typedef struct _usrRegLogStruct {<br />
unsigned char eventId;<br />
char NAI[256];<br />
int NAILen;<br />
char CoA[48];<br />
int CoALen;<br />
unsigned int resultCode;<br />
} usrRegLogStruct;<br />
It is used in the logReg() function.<br />
D0103v1.doc 72 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.3 Radio Gateway Software Specification<br />
This chapter gives the software specification of the different components of the Radio Gateway. These<br />
include the Inter Working Function (IWF), the TD-CDMA driver (Radio Channel Manager and Radio<br />
Convergence Function), the Access Stratum. It also provides the interface between these components, and<br />
also the components involved in other equipments. Below is a high level integrated view of the different<br />
components of the Radio Gateway.<br />
IWF<br />
TD-CDMA to<br />
IP relay<br />
QoS<br />
attendant<br />
IP to<br />
TD-CDMA<br />
relay<br />
QoS Broker<br />
Info<br />
Management<br />
Raw Socket<br />
Interface<br />
Standard Socket<br />
Interface<br />
Raw Socket<br />
Interface<br />
Internal in terface<br />
Protocol<br />
communication<br />
IPv6 Protocol Stack<br />
Kernel space<br />
TD-CDMA NDD on MT<br />
Standard Network<br />
Device Interface<br />
User space<br />
TD-CDMA Network Device Driver<br />
RCM / RCF<br />
Ethernet<br />
Network<br />
Device<br />
Driver<br />
AS on MT<br />
NAS / AS interface<br />
Access Stratum<br />
Figure 55: Integrated View on Radio Gateway<br />
4.3.1 Overview of the different components<br />
This section splits the components identified before in sub-blocks, giving an overview of their role. The<br />
detailed behaviour of these sub-blocks and their interactions will be detailed in the next chapter.<br />
4.3.1.1 Radio Gateway Operating <strong>System</strong><br />
The Radio Gateway will run the Linux Operating system, kernel 2.4.4 (option 1) or kernel 2.4.20 (option<br />
2)<br />
The Radio Gateway will run the Real-Time Linux (RTLinux) on top of the Linux Operating <strong>System</strong>,<br />
patch RTL 3.1 (option 1) or patch RTL 3.2 (option 2).<br />
4.3.1.2 Inter Working Function<br />
This module will act as a relay between the Ipv6 world and the radio world, transferring the IPv6 packets<br />
from one to the other and generating any kind of specific signalling (paging, radio broadcast, QoS<br />
signalling, specific IP signalling).<br />
D0103v1.doc 73 / 168
D0103v1.doc Version 1 6.7.2003<br />
The behaviour of the different sub-blocks of the IWF will be detailed in the next chapter.<br />
4.3.1.3 IP stack<br />
The IP stack will be the basic IPv6 stack from the Linux kernel, with no specific functionalities related to<br />
Mobility and AAA. As regards QoS, the DSCP marking software is not needed, as the IP signalling<br />
packets generated by the IWF will be addressed only to the corresponding Access Router.<br />
The IP traffic received from the Mobile Terminal by the TD-CDMA driver will be sent by the IWF to the<br />
Ethernet driver, to be forwarded to the Access Router (raw socket interfaces will be used between the<br />
IWF and the TD-CDMA / Ethernet drivers).<br />
The IP traffic received from the Access Router by the Ethernet driver will not be handled by the IP stack,<br />
but by the IP to TD-CDMA relay block. Depending on its kind, it will be treated by this block, or<br />
transmitted to the TD-CDMA driver (via a raw socket interface), to be sent to the Mobile Terminal.<br />
The only exception is the IP packets for the Radio Gateway QoS Attendant (exchanged with the QoS<br />
Broker, which will go through the IP stack.<br />
IWF<br />
TD-CDMA to<br />
IP relay<br />
QoS<br />
attendant<br />
IP to<br />
TD-CDMA<br />
relay<br />
QoS attendant on AR<br />
Info<br />
Management<br />
Raw Socket<br />
Interface<br />
Standard Socket<br />
Interface<br />
Raw Socket<br />
Interface<br />
Internal interface<br />
Protocol<br />
communication<br />
IPv6 Protocol Stack<br />
Kernel space<br />
Standard Network<br />
Device Interface<br />
User space<br />
TD-CDMA NDD on MT<br />
TD-CDMA Network Device Driver<br />
RCM / RCF<br />
Ethernet<br />
Network<br />
Device<br />
Driver<br />
AS on MT<br />
NAS / AS interface<br />
Access Stratum<br />
4.3.1.4 Radio Channel Manager (RCM)<br />
Figure 56: Radio Gateway Software Architecture.<br />
This module will act as a generic radio driver, giving a high level interface to manage the connections and<br />
the associated data channels; to send and receive IP packets and other specific radio data; and get some<br />
feedback on the radio conditions.<br />
It will be implemented as a kernel module (RCM and RCF will be grouped in a same kernel module,<br />
namely a driver).<br />
The behaviour of the different sub-blocks of the RCM will be detailed in the next chapter.<br />
D0103v1.doc 74 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.3.1.5 Radio Convergence Function (RCF)<br />
This module will act as a specific TD-CDMA driver, giving a low level interface to manage the<br />
connections and the associated data channels; to send and receive IP packets and other specific radio data;<br />
and get some feedback on the TD-CDMA conditions.<br />
It will be implemented as a kernel module (RCM and RCF will be grouped in a same kernel module,<br />
namely a driver).<br />
The behaviour of the different sub-blocks of the RCF will be detailed in the next chapter.<br />
4.3.1.6 Access Stratum<br />
The Access Stratum provides services related to the transmission of data over the radio interface and the<br />
management of the radio interface.<br />
It includes the following Radio Interface protocols: the Physical layer, the data link layer, divided into 2<br />
sub-layers: Medium Access Control (MAC) and Radio Link Control (RLC). In the user-plane, an<br />
additional service dependant protocol exists: the Packet Data Convergence Protocol (PDCP). The lowest<br />
sub-layer of the network layer consists of one protocol, called Radio Resource Control (RRC), which<br />
belongs to the control plane.<br />
The behaviour of the different sub-blocks of the Access Stratum will be detailed in the next chapter.<br />
The following chapters give a detailed description of the sub-blocks of each component, and their<br />
interactions with other components.<br />
4.3.1.7 Inter Working Function<br />
IWF<br />
IP to TD-CDMA relay<br />
TD-CDMA<br />
to IP relay<br />
QoS<br />
Attendant<br />
Router<br />
Advertisement<br />
proxy<br />
Neighbor<br />
Discovery<br />
proxy<br />
Info<br />
Management<br />
Other IP signaling<br />
+ IP data<br />
proxy<br />
Paging<br />
proxy<br />
Figure 57: Inter Working Function<br />
The IWF has interactions with the RCM (generic part of the TD-CDMA driver), the IP stack and the<br />
Ethernet driver. It is split into the following sub-blocks.<br />
4.3.1.8 Info Management block<br />
In the initialisation phase, it will retrieve the list of IP addresses of the Access Routers (linked to the<br />
neighbouring Radio Gateways) from a static configuration file, and a request will be sent to the<br />
Broadcasting sub-block of the RCM, to broadcast this information on the radio. The message will be<br />
IWF_BROADCAST_REQUEST, with the list as parameter.<br />
It will store the Router Advertisement currently broadcasted on the radio, for the Mobile Terminals. It<br />
will store a list with the local connection reference of every Mobile Terminal currently connected to the<br />
Radio Gateway, the associated Home Address and Care Of Address of the MT, and the IMEI of the MT.<br />
Upon reception of the message OPEN_TD-CDMA_CONN_IND, with parameter local connection<br />
reference and IMEI of MT, the corresponding entry will be added to the list.<br />
Upon reception of the message TD-CDMA_CONN_INFO, with parameters local connection reference,<br />
associated Home Address and Care Of Address, the corresponding entry in the list will be updated.<br />
Upon reception of the messages CLOSE_TD-CDMA_CONN_IND or LOST_TD-CDMA_CONN_IND,<br />
with parameter local connection reference, the corresponding entry will be deleted from the list.<br />
4.3.1.9 IP to TD-CDMA relay block<br />
The following schema details the Info Management Block and the sub-blocks presented in the next 3<br />
chapters.<br />
D0103v1.doc 75 / 168
D0103v1.doc Version 1 6.7.2003<br />
IWF<br />
IP to TD-CDMA<br />
relay<br />
Paging<br />
proxy<br />
Info<br />
Management<br />
Neighbor<br />
Discovery<br />
proxy<br />
Router<br />
Advertisement<br />
proxy<br />
IP stack<br />
RCM<br />
Ethernet RCM driver<br />
Radio<br />
Connection Manager<br />
Broad<br />
casting<br />
Paging<br />
Open /<br />
Close<br />
Conn<br />
RCF<br />
TD-CDMA Radio<br />
Connection Manager<br />
Broad<br />
casting<br />
Paging<br />
Open /<br />
Close<br />
Conn<br />
AS<br />
• Router Advertisement Proxy sub-block<br />
Figure 58: IP to TD-CDMA Relay block<br />
This sub-block will be directly connected to the Ethernet driver via a raw socket, to intercept Router<br />
Advertisements from the Access Router. The first received Router Advertisement will be stored in the<br />
Info Management block, and a request will be sent to the Broadcasting sub block of the RCM, to<br />
broadcast this Router Advertisement on the radio. The message will be IWF_BROADCAST_REQUEST,<br />
with the Router Advertisement as parameter.<br />
The Radio Gateway is supposed to be connected to the same Access Router all the time, so that the<br />
Router Advertisement should never change.<br />
• Neighbour Discovery Proxy sub-block<br />
This sub-block will be directly connected to the Ethernet driver via a raw socket, to intercept Neighbour<br />
Solicitation requests from the Access Router. If it corresponds to the Care Of Address of one of the<br />
currently connected Mobile Terminal (information stored in the Info Management block), a Neighbour<br />
Advertisement will be sent to the Access Router, with the “MAC address” of the Radio Gateway, instead<br />
of the one from the Mobile Terminal.<br />
• Paging Proxy sub-block<br />
D0103v1.doc 76 / 168
D0103v1.doc Version 1 6.7.2003<br />
This sub-block will be directly connected to the Ethernet driver via a raw socket, to intercept requests<br />
from the paging proxy of the Access Router. These will be ICMPv6 packets of a specific type, to<br />
recognize the paging functionality.<br />
The request from the paging proxy of the Access Router will need to be checked, using information<br />
stored in the Info Management block, to see if the paging Solicited Node Multicast destination address of<br />
the paging packet maps one of the IMEI of the MT connected to the Radio Gateway. The comparison will<br />
be made on the 24 last bits.<br />
If true, a request will be sent to the Paging sub-block of the RCM, to send a message on the paging radio<br />
channel. The message will be IWF_PAGING_REQUEST, with the local connection reference of the<br />
Mobile Terminal and the IP paging packet as parameters.<br />
IWF<br />
IP to TD-CDMA relay<br />
Other IP signaling<br />
+ IP data<br />
proxy<br />
IP stack<br />
RCM<br />
Packet Transmission<br />
Ethernet RCM driver<br />
Control<br />
Packet<br />
Data<br />
Packet<br />
RCF<br />
Control Channel Mngt<br />
Data Channel Mngt<br />
Send /<br />
Receive<br />
Open /<br />
Close<br />
Send /<br />
Receive<br />
Data<br />
Data<br />
Channels<br />
Data<br />
AS<br />
Figure 59: Other IP signalling and IP data proxy sub-block<br />
D0103v1.doc 77 / 168
D0103v1.doc Version 1 6.7.2003<br />
• Other IP signalling and IP data proxy sub-block<br />
These IP packets, received from the Ethernet driver (via a raw socket interface), will be transmitted to the<br />
RCM packet transmission block (via a raw socket interface), which will take care of sending them on the<br />
appropriate radio bearer. We will use the message IWF_IP_PACKET for the interface between the IWF<br />
and the RCM.<br />
We will use the destination address of the IP packet to find the associated local connection reference,<br />
using the information stored in the Info Management block (match the destination address with one of the<br />
CoA of the connected Mobile Terminals).<br />
4.3.1.10 QoS Attendant sub-block<br />
IWF<br />
Info<br />
Management<br />
QoS<br />
Attendant<br />
IP stack<br />
RCM<br />
Ethernet RCM driver<br />
Packet Transmission<br />
Control<br />
Packet<br />
Data<br />
Packet<br />
RCF<br />
Data Channel Mngt<br />
Open /<br />
Close<br />
Send /<br />
Receive<br />
Data<br />
Channels<br />
Data<br />
AS<br />
Figure 60: QoS Attendant sub-block<br />
D0103v1.doc 78 / 168
D0103v1.doc Version 1 6.7.2003<br />
This entity communicates with the QoS Manager on the Access Router and the QoS Broker.<br />
The radio resources will be negotiated dynamically each time a radio bearer is requested by a Mobile<br />
Terminal (in the case of a first incoming IP packet originating fro m the Access Router, the QoS broker<br />
will send the necessary information without solicitation from the RG).<br />
When the RCF on the Radio Gateway receives a request from the RCF on the Mobile Terminal to open a<br />
radio bearer, it will send the message IWF_RADIO_BEARER_REQ to the QoS Attendant of the IWF,<br />
with the characteristics associated to the requested bearer (local connection reference, DSCP code, IP<br />
source address of original packet on MT, IP destination address of original packet on MT).<br />
The QoS Attendant will send a “dummy packet” (an echo request will do the trick) with the<br />
characteristics of the original packet on the MT: IP source address, IP destination address, DSCP code.<br />
This packet will be intercepted by the QoS Manager on the Access Router and will trigger the “QoS<br />
authorisation process” involving the QoS Broker.<br />
The QoS Attendant on the RG then expects an answer from the QoS Broker, message<br />
RADIO_ACCESS_ALLOCATION, with the following parameters: DSCP code, Home Address of MT (for<br />
identification purpose), Radio QoS Class, status.<br />
In the case of an incoming packet from the Access Router (and not from the MT), the QoS Broker will<br />
also have to send the message RADIO_ACCESS_ALLOCATION, with the parameters corresponding to<br />
the incoming packet.<br />
In the case of a fast handover with the RG as destination, the QoS Broker will have to send the message<br />
RADIO_ACCESS_ALLOCATION, with a list of entries with once again the same parameters. This will<br />
enable the Radio Gateway to open the radio bearers corresponding to the DSCP codes used by the Mobile<br />
Terminal, immediately after the radio connection between MT and RG has been established.<br />
A specific value will be given to the status parameters in the message RADIO_ACCESS_ALLOCATION,<br />
to recognize this case of fast handover.<br />
Hence, the message RADIO_ACCESS_ALLOCATION should be in fact a list of the following parameters:<br />
DSCP code, Home Address of MT (for identification purpose), Radio QoS Class, status (ok, not ok,<br />
specific value in fast handover case).<br />
It can be a UDP packet exchanged between two known ports on the Radio Gateway and the QoS Broker.<br />
After reception of the message RADIO_ACCESS_ALLOCATION, the QoS Attendant on the RG will send<br />
the message IWF_RADIO_BEARER_CONF to the RCF, with the following parameters: local connection<br />
reference corresponding to the MT Home Address, list of [DSCP code, Radio QoS class, status].<br />
4.3.1.11 TD-CDMA to IP relay block<br />
The TD-CDMA to IP relay block will receive the IP packets from the TD-CDMA driver via a raw socket<br />
interface, and transmit them to the Ethernet Driver via a raw socket interface. We will use the message<br />
IWF_IP_PACKET for the interface between the RCM and the IWF.<br />
D0103v1.doc 79 / 168
D0103v1.doc Version 1 6.7.2003<br />
IWF<br />
TD-CDMA<br />
to IP relay<br />
IP stack<br />
RCM<br />
Packet Reception<br />
Ethernet RCM driver<br />
Control<br />
Packet<br />
Data<br />
Packet<br />
RCF<br />
Control Channel Mngt<br />
Data Channel Mngt<br />
Send /<br />
Receive<br />
Open /<br />
Close<br />
Send /<br />
Receive<br />
Data<br />
Data<br />
Channels<br />
Data<br />
AS<br />
Figure 61: TD-CDMA to IP relay block<br />
4.3.1.12 IP stack<br />
This part does not need to be further detailed.<br />
D0103v1.doc 80 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.3.2 Radio Channel Manager<br />
RCM<br />
Radio<br />
Connection Manager<br />
Broad<br />
casting<br />
Paging<br />
Open /<br />
Close<br />
Conn<br />
Packet Transmission<br />
Control<br />
Data<br />
Packet<br />
Packet<br />
Packet Reception<br />
Control<br />
Data<br />
Packet<br />
Packet<br />
Figure 62: Radio Channel Manager<br />
The Radio Channel Manager is the generic part of the Radio driver. It provides a generic interface to the<br />
IWF and to the IP stack. It provides also a generic interface to the lower layer of the Radio driver: the<br />
Radio Convergence Function.<br />
4.3.2.1 Radio Connection Manager block<br />
• Broadcasting sub-block<br />
It will transmit the broadcast requests from the IWF, message IWF_BROADCAST_REQ, directly to the<br />
Broadcasting sub-block of the RCF.<br />
• Paging sub-block<br />
It will transmit the paging requests from the IWF, message IWF_PAGING_REQ, directly to the Paging<br />
sub-block of the RCF.<br />
• Open / Close connection sub-block<br />
The Open / Close Connection sub-block manages the Radio Connections with Mobile Terminal.<br />
The connections are always opened on the initiative of the Mobile Terminal.<br />
When the Open / Close Connection sub-block of the RCF opens a connection, it will transmit the message<br />
OPEN_TD-CDMA_CONN_IND, to the Open / Close Connection sub-block of the RCM, which will<br />
transmit it to the Info Management block of the IWF. There will be two parameters: local connection<br />
reference and IMEI of MT.<br />
When a connection has been opened, the RCF of the MT sends a NAS signalling message to the RCF of<br />
the RG (NAS_CONNECTION_INFO), with the parameters: Home Address and CoA of MT. This<br />
information is passed to the Open / Close Connection sub-block of the RCM, with the associated local<br />
connection reference, via message OPEN_TD-CDMA_CONN_INFO.<br />
Then this message OPEN_TD-CDMA_CONN_INFO is forwarded to the Info Management block of the<br />
IWF, with the parameters: local connection reference, Home Address and CoA of MT.<br />
The association “local connection reference / Mobile Terminal Care Of Address” is important for IP<br />
packets received from the Access Router, to be transmitted to a Mobile Terminal: a match is searched<br />
between the destination address of the IP packet and the list of Care Of Address, and the associated<br />
connection reference is used to send the packet on the proper radio bearer to the Mobile Terminal.<br />
The connections are always closed on the initiative of the Mobile Terminal.<br />
When the Open / Close Connection sub-block of the RCF closes a connection, it will transmit the<br />
message CLOSE_TD-CDMA_CONN_IND, to the Open / Close Connection sub-block of the RCM, which<br />
will forward it to the Info Management block of the IWF. There will be one parameter: local connection<br />
reference.<br />
When the Open / Close Connection sub-block of the RCF detects a connection loss, it will transmit the<br />
message LOST_TD-CDMA_CONN_IND, to the Open / Close Connection sub-block of the RCM, which<br />
will forward it to the Info Management block of the IWF. There will be one parameter: local connection<br />
reference.<br />
4.3.2.2 Packet Transmission block<br />
The connection must have been opened by the Radio Connection Manager sub-block, before any IP<br />
packet can be transmitted (if it’s not the case, they will be dropped: this can only happen with packet<br />
arriving from the Access Router, and there is nothing we can do if the MT has not opened the connection<br />
yet). An open connection means that the RCF has also established all the associated radio control<br />
channels, but that no radio bearer has been pre-established.<br />
In case of connection loss, we do nothing on the Radio Gateway side (the IP packets from the Access<br />
Router to the Mobile Terminal will be lost). The connection loss will be detected on the Mobile Terminal<br />
side too, and a new connection will be established on its initiative, if appropriate.<br />
D0103v1.doc 81 / 168
D0103v1.doc Version 1 6.7.2003<br />
In case of Fast Handover, it might be necessary to buffer IP packets from the new Access Router, during<br />
the bi-casting phase, before the new connection between the Mobile Terminal and the Radio Gateway is<br />
established. In fact, the problem happens only for a Fast Handover between two Radio Gateways, where<br />
there is a time interval during which the MT has closed its connection to the old RG and not opened yet<br />
the connection to the new RG (the MT can handle a connection to only one RG at the same time). From<br />
an implementation point of view, there is nothing simple we can do, as the RGs are not aware of a Fast<br />
Handover taking place. Therefore, we accept to loose a “certain” number of packets in this specific case.<br />
The Packet Transmission block receives IP packets from the IWF via a raw socket interface, using the<br />
message IWF_IP_PACKET. The associated local connection reference will be used to determine to which<br />
MT (radio connection in fact) it is associated.<br />
Then it will determine if it is an IP signalling packet or an IP data packet, by analysing its DSCP code<br />
(the IP signalling packets have a DSCP corresponding to a specific class).<br />
The IP signalling packets are transmitted directly to the Control Channel Management block of the RCF<br />
(with the local connection reference).<br />
The data packets are analysed to perform the mapping between IP QoS classes and radio bearers / radio<br />
QoS classes: based on the DSCP code of the IP packet, a radio bearer is selected, with a radio QoS class<br />
associated to it. The RCM manages a fixed number of radio bearers per MT, each one associated to one of<br />
the radio QoS class available. These radio bearers will be: 0—4 for signalling channels, 5—31 for data<br />
channels.<br />
At the RCM level, a table will be stored for each MT identified by its local connection reference with, for<br />
each valid DSCP code, the associated [bearer id, Radio QoS class, SAP id].<br />
If the radio bearer is not yet established, the QoS Broker “is about to” send the characteristics of this radio<br />
bearer to the IWF, which will forward the information to the RCF with message<br />
RADIO_ACCESS_ALLOCATION. In the meantime, the IP packets will be stored.<br />
When the message RADIO_ACCESS_ALLOCATION is received from the IWF, we update the RCM table<br />
and a request is made to the Data Channel Management block of the RCF to establish the radio bearer,<br />
with the local connection reference, the radio bearer Id, the radio QoS class, the DSCP code, as<br />
parameters.<br />
An answer is expected from the RCF, to give the status of this operation, upon which the radio bearer is<br />
declared established or not. The answer will contain the local connection reference, the DSCP code, the<br />
radio bearer Id and a SAP Id as parameters.<br />
If it is established, the IP data packets can be transmitted to the Data Channel Management block of the<br />
RCF (with the local connection reference, the radio bearer Id and SAP id), to be sent on the radio bearer<br />
by the AS.<br />
The RCM can also receive the message RADIO_ACCESS_ALLOCATION from the QoS Attendant of the<br />
IWF, when a request from a MT to open a radio bearer associated to this DSCP code has been sent to the<br />
QoS Broker. We will use the same process as for an incoming IP packet, which has been described before<br />
(mapping between DSCP / radio bearer + radio QoS class, update of RCF table, and request to the RCF to<br />
open the radio bearer).<br />
The RCM can also receive the message RADIO_ACCESS_ALLOCATION from the QoS Attendant of the<br />
IWF, in the Fast Handover case (a specific value of parameter status will identify this situation). In this<br />
case, we receive a list of the currently used DSCP codes, and their associated radio QoS classes. We will<br />
store this information in the RCM, and when the radio connection between the MT and RG is opened (as<br />
a part of the Fast Handover process), we will use these data to establish the radio bearers, at the same time<br />
we establish the radio connection.<br />
4.3.2.3 Packet Reception block<br />
The IP signalling packets and the IP data packets received from the RCF are transmitted to the IWF via a<br />
raw socket interface, using the message IWF_IP_PACKET.<br />
D0103v1.doc 82 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.3.3 Radio Convergence Function<br />
RCF<br />
TD-CDMA Radio<br />
Connection Manager<br />
Broad<br />
casting<br />
Paging<br />
Open /<br />
Close<br />
Control Channel Mngt<br />
Send /<br />
Receive<br />
Data Channel Mngt<br />
Open /<br />
Send /<br />
Close<br />
Receive<br />
Conn<br />
Data<br />
Data<br />
Data<br />
Channels<br />
Figure 63: Radio Convergence Function<br />
The Radio Convergence Function is the specific part of the Radio driver. It has a generic interface with<br />
the upper layer of the Radio driver: the Radio Channel Manager. It has a specific interface with the<br />
Access Stratum, to take into account the specificities of the TD-CDMA AS layer.<br />
4.3.3.1 TD-CDMA Connection Manager block<br />
• Broadcasting sub-block<br />
It will transmit the broadcast requests from the RCM, message IWF_BROADCAST_REQ, to the Access<br />
Stratum (AS), via message INFORMATION_BROADCAST_REQ, with the information to be broadcasted<br />
and the period as parameters.<br />
Two types of information can be broadcasted: Router Advertisement and list of IP addresses of each<br />
neighbouring Access Routers (as explained in the IWF description).<br />
Each type of message to be broadcasted will have a specific period, stored as local information in this<br />
sub-block.<br />
For the Router Advertisement, we will broadcast them once, every time it is received by the RG.<br />
For the list of IP addresses, a reasonable value is in the order of a few seconds (to be refined during<br />
integration tests).<br />
Note that we could broadcast any other information of interest for the Mobile Terminal Non Access<br />
Stratum or upper layers (MIPv6 stack, MTNM, Fast Handover module…).<br />
• Paging sub-block<br />
It will transmit the paging requests from the RCM, message IWF_PAGING_REQ, to the AS, via message<br />
PAGING_REQ, with the local connection reference and the IP paging packet (and its length) as<br />
parameters.<br />
• Open / Close connection sub-block<br />
The Open / Close Connection sub-block manages the Radio Connections with Mobile Terminals.<br />
The current number of Mobile Terminals connected to the Radio Gateway will be stored locally, and a<br />
maximum number will be defined.<br />
The connections can only be opened on the MT initiative.<br />
Upon reception of the message CONNECTION_ESTABLISHMENT_IND from the AS (parameter: local<br />
connection reference, IMEI of MT), the current number of MT connected will be compared to the<br />
maximum number allowed. The connection request will be accepted if it is lower, and refused otherwise.<br />
The message CONNECTION_ESTABLISHMENT_CONF will be sent to the AS, to be transmitted to the<br />
MT. The parameters are: the local connection reference and the status (connection accepted or refused).<br />
A local list containing all the MT connected will be updated with the local connection reference of the<br />
newly connected MT.<br />
The message OPEN_TD-CDMA_CONN_IND, with parameter local connection reference and IMEI of<br />
MT, will be transmitted to the RCM, to be sent to the IWF Info Management block.<br />
When the connection has been opened, the RCF of the MT sends a NAS signalling message<br />
(DATA_TRANSFER_IND with specific type NAS_CONNECTION_INFO) to the RCF of the RG, with the<br />
parameters: Home Address and CoA of MT. This information is passed to the Open / Close Connection<br />
sub-block of the RCM, with the associated local connection reference, via message OPEN_TD-<br />
CDMA_CONN_INFO.<br />
The connections can only be closed on the MT initiative.<br />
Upon reception of the message CONNECTION_RELEASE_IND from the AS (parameter: local<br />
connection reference), a request to release every radio bearer associated to the connection will be sent to<br />
the AS, via message (one per bearer) RADIO_BEARER_RELEASE_REQ (parameters: local connection<br />
D0103v1.doc 83 / 168
D0103v1.doc Version 1 6.7.2003<br />
reference and radio bearer id). This may not be necessary: the bearers may be released automatically by<br />
the AS.<br />
The local list containing all the MT connected will be updated by suppressing the local connection<br />
reference.<br />
The message CLOSE_TD-CDMA_CONN_IND, with parameter local connection reference, will be<br />
transmitted to the RCM, to be sent to the IWF Info Management block.<br />
Upon reception of the message CONNECTION_LOSS_IND from the AS (parameter: local connection<br />
reference), the connection with the associated MT will be considered as lost.<br />
The local list containing all the MT connected will be updated by suppressing the local connection<br />
reference.<br />
The message LOST_TD-CDMA_CONN_IND, with parameter local connection reference, will be<br />
transmitted to the RCM, to be sent to the IWF Info Management block.<br />
In this case, we consider there is no need to release the radio bearers: they are lost too.<br />
In the case of a Fast Handover, with the Radio Gateway as target, the message<br />
CONNECTION_ESTABLISHMENT_CONF will contain the list of radio bearers to establish and their<br />
Radio QoS class, based on the DSCP codes currently used by the MT. The AS will automatically reestablish<br />
these radio bearers.<br />
For this, we will use the information stored by the RCM, upon reception of message<br />
RADIO_ACCESS_ALLOCATION, as described in chapter Packet Transmission block.<br />
4.3.3.2 Control Channel Management block<br />
When a connection is established with a Mobile Terminal, a radio control channel is automatically<br />
allocated. Therefore there is no need to open / close control channels.<br />
Any IP control packet received from the RCM (with the associated local connection reference) is<br />
transmitted to the AS, via message DATA_TRANSFER_REQ, to be transferred to the Mobile Terminal on<br />
the radio control channel.<br />
Any radio control packet received from the AS, via message DATA_TRANSFER_IND, containing IP<br />
signalling, is transmitted to the RCM Packet Reception block.<br />
The parameter data of the DATA_TRANSFER_REQ and DATA_TRANSFER_IND will be a specific<br />
message type (NAS_IP_SIGNALLING), to identify the content of the AS message as IP signalling.<br />
This IP control packet can be pure IP protocol signalling, and also specific signalling for AAA and<br />
mobility.<br />
Some signalling specific to the NAS can also be exchanged between the Mobile Terminal and the Radio<br />
Gateway, using a specific message type for the parameter data of the DATA_TRANSFER_REQ and<br />
DATA_TRANSFER_IND messages. This will not be addressed here, but directly in the chapters where<br />
this signalling is used.<br />
4.3.3.3 Data Channel Management block<br />
• Open / Close Data Channels sub-block<br />
When the connection is established with a Mobile Terminal, no radio bearer is established.<br />
Upon reception of a request from the AS to open a radio bearer, is sued by a Mobile Terminal, via<br />
message DATA_TRANSFER_IND, the QoS Attendant in the IWF will be contacted via message<br />
IWF_RADIO_BEARER_REQ. The parameter data of the DATA_TRANSFER_IND message will be of a<br />
specific type (NAS_RADIO_BEARER_ESTABLISHMENT_REQ), to recognize the radio bearer<br />
establishment request, with the DSCP code, the IP source and destination address of the original packet<br />
on the MT, as parameters. This DSCP code, source and destination address, and the local connection<br />
reference will be transferred in the message IWF_RADIO_BEARER_REQ, to the IWF QoS Attendant.<br />
The IWF QoS Attendant will contact the QoS Broker, and wait for its answer, as already explained in a<br />
previous chapter.<br />
Upon reception of a request from the RCM to open a radio bearer, the AS will be notified via message<br />
RADIO_BEARER_ESTABLISHMENT_REQ, with parameters: local connection reference, radio bearer id,<br />
radio QoS class. This request will be sent to the MT by the AS.<br />
The acknowledgement from the AS that the radio bearer has been opened will be transmitted by the AS,<br />
via message RADIO_BEARER_ESTABLISHMENT_CONF, with parameters local connection reference,<br />
radio bearer Id, SAP Id.<br />
An acknowledgement that the radio data bearer has been established will be given to the Packet<br />
Transmission block of the RCM, so that the transmission of IP packets can start (with parameters local<br />
connection reference, radio bearer Id and SAP Id).<br />
Note that the request from the RCM to establish the radio bearer will follow the reception of the message<br />
RADIO_ACCESS_ALLOCATION, as already explained in a previous chapter. And this request can be<br />
originally triggered, either by a request from a MT to open a radio bearer, or a request originating from<br />
the Access Router.<br />
D0103v1.doc 84 / 168
D0103v1.doc Version 1 6.7.2003<br />
The radio bearers will be released by the TD-CDMA Connection Manager block of the RCF, when a<br />
connection is closed, if needed (this may be done automatically by the AS when the connection is closed).<br />
In the case that a radio bearer has not been used for a certain time, the AS will take care of reallocating<br />
the associated radio resources.<br />
• Send / Receive Data sub-block<br />
The Send / Receive Data sub-block manages the sending and reception of data packets to and from the<br />
AS.<br />
When an IP data packet is received from the RCM, with the associated radio bearer id and SAP Id, the<br />
radio bearer is already opened (this has been taken care of in the RCM, before transmitting this packet).<br />
Therefore, the RCF directly makes a PDCP_DATA_REQ to the AS on the appropriate SAP, to transfer<br />
the data packet to the Mobile Terminal, with parameters radio bearer id, data packet length and data<br />
packet.<br />
When an IP data packet sent by the Mobile Terminal is received from the AS via message<br />
PDCP_DATA_IND, with parameters: local connection reference, data packet length and data packet; this<br />
IP data packet is directly transmitted to the Packet Reception block of the RCM.<br />
4.3.4 Access Stratum<br />
C-plane signalling<br />
U-plane information<br />
GC SAP<br />
NT SAP<br />
DC SAP<br />
Qos SAPs<br />
control<br />
RB MUX/DEMUX<br />
RRC<br />
control<br />
PDCP<br />
PDCP<br />
Radio<br />
Bearers<br />
L3<br />
control<br />
control<br />
control<br />
RLC<br />
RLC<br />
RLC<br />
RLC<br />
RLC<br />
RLC<br />
L2/RLC<br />
Logical<br />
Channels<br />
MAC<br />
L2/MAC<br />
Transport<br />
Channels<br />
Layer 1 High<br />
L1<br />
Layer 1 Low<br />
D/A<br />
A/D<br />
Data AcQuisition (DAQ)<br />
Hardware<br />
RF (TDD)<br />
Figure 64: Access Stratum Layers<br />
D0103v1.doc 85 / 168
D0103v1.doc Version 1 6.7.2003<br />
The elements of the radio interface protocol are shown in figure 64, where it is seen that the radio<br />
interface is layered into three protocol layers:<br />
• The physical layer (L1);<br />
• The data link layer (L2);<br />
• The network layer (L3).<br />
L1 is responsible for<br />
• Control/configuration of the hardware elements (Data Acquisition),<br />
• Basic signal processing,<br />
• Channel coding/decoding and multiplexing/demultiplexing.<br />
It operates under real-time constraints. We have split L1 into two sub layers, L1L and L1H. L1L is<br />
responsible for slot based signal processing (e.g. matched filtering, channel estimation, etc.) while L1H is<br />
responsible for frame -based signal processing (e.g. interleaving, error coding/decoding).<br />
L1H receives data from the MAC (see 4.3.4.2.4 ) in blocks known as transport channels. These are<br />
further sub-divided into transport channel blocks. L1H multiplexes and codes these blocks to forms what<br />
are known as physical channels. Physical channels are raw data mapped onto specific radio channels<br />
which, as we will see shortly, are indexed by timeslots and channelization codes.<br />
At the lowest level, the physical layer software interfaces to the hardware data acquisition system and is<br />
responsible for configuring DMA transfers of the incoming/outgoing sample streams. Interfaces for<br />
controlling the RF functionality (antenna switch, amplifier gains, oscillator frequencies, etc.) are also<br />
implemented.<br />
L2 is responsible for<br />
• Medium-access protocols (MAC) (dynamic channel allocation, bandwidth optimization)<br />
• Radio Link layer (RLC) algorithms (retransmission protocols, segmentation)<br />
• Packet data Convergence Protocol (PDCP)<br />
It also operates under real-time constraints, although somewhat less stringent.<br />
L3 implements the signalling protocols that control the radio resources. These are known as control-plane<br />
or C-plane signalling protocols. Furthermore, L3 provides the data interface to the IP backbone network,<br />
for user data or U-plane information, in the form of a standard Linux networking device.<br />
Layer 3 and RLC are divided into Control (C-) and User (U-) planes. PDCP exists in the U-plane only. In<br />
the C-plane, Layer 3 is partitioned into sub layers where the lowest sub layer, denoted as Radio Resource<br />
Control (RRC), interfaces with layer 2 and terminates in the backbone IP network; it provides the AS<br />
Services to higher layers. RRC is part of the Access Stratum and operates under the same real-time<br />
constraints as L2.<br />
Each RLC/MAC/PDCP block in figure 64 represents an instance of the respective protocol. Service<br />
Access Points (SAP) for peer-to-peer communication are marked with circles at the interface between sub<br />
layers.<br />
• The SAP between MAC and the physical layer provides the transport channels.<br />
• The SAPs between RLC and the MAC sub layer provide the logical channels.<br />
• The RLC layer provides three types of SAPs, one for each RLC operation mode (unacknowledged-<br />
UM, acknowledged-AM, and transparent-TM).<br />
• PDCP is accessed by PDCP SAP.<br />
• The service provided by L2 is referred to as the radio bearer.<br />
• The C-plane radio bearers, which are provided by RLC to RRC, are denoted as signalling radio<br />
bearers.<br />
• In the C-plane, the interface between RRC and higher L3 sub-layers (NAS) is defined by the General<br />
Control (GC), Notification (Nt) and Dedicated Control (DC) SAPs.<br />
Also shown in the figure are connections between RRC and MAC as well as RRC and L1 providing local<br />
inter-layer control services. An equivalent control interface exists between RRC and the RLC sublayer,<br />
between RRC and the PDCP sublayer. These interfaces allow the RRC to control the configuration of the<br />
lower layers. For this purpose separate Control SAPs are defined between RRC and each lower layer<br />
(PDCP, RLC, MAC, and L1).<br />
The RLC sublayer provides ARQ functionality closely coupled with the radio transmission technique<br />
used. There is no difference between RLC instances in C and U planes. There are primarily two kinds of<br />
signalling messages transported over the radio interface - RRC generated signalling messages and NAS<br />
messages generated in the higher layers. On establishment of the signalling connection between the peer<br />
RRC entities, three UM/AM signalling radio bearers may be set up in addition to the one set-up by default<br />
on common channels. Two of these bearers are set up for transport of RRC generated signalling messages<br />
- one for transferring messages through an unacknowledged mode RLC entity and one for transferring<br />
messages through an acknowledged mode RLC entity. One signalling radio bearer is set up for<br />
transferring NAS messages.<br />
D0103v1.doc 86 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.3.4.1 General architecture of the software platform<br />
This section presents an overview of the basic hardware/software architecture. The platform is used to<br />
implement the Time Division Duplex (TDD) transmission mode of the UMTS standard. The hardware<br />
architecture is centred on a real-time PC system that gives access to, and allows experimenting with, wide<br />
band radio resources. The platform is scalable and allows configurations from a powerful base station<br />
with smart antennas to simpler mobile terminals with a single antenna. It provides functionality at three<br />
levels: hardware, Digital Signal Processing (DSP) software, and link level software.<br />
• Hardware Components<br />
The hardware portion of the current testbed consists of 3 elements which are under software-control,<br />
namely<br />
• a PCI-bus based data acquisition card (PMC form-factor)<br />
• an analogue/digital interface<br />
• an up/down conversion RF card using TDD multiplexing<br />
The radio portion is capable of generating arbitrary signals of a 5MHZ bandwidth in the 2110-2170 MHz<br />
band using TDD multiplexing. A new radio interface is being produced for the 1900-1920 MHz band<br />
(UMTS TDD).<br />
• Software Components<br />
The software portion of the platform is an extension to the Linux Operating <strong>System</strong> and makes use of a<br />
hard real-time micro-kernel known as RT -Linux for performing layer 1 and layer 2 UMTS/TDD<br />
processing. Networking functionality is provided by the Linux kernel and open-source extensions.<br />
RT-Linux, an extension to the Linux Operating <strong>System</strong>, supports real-time interrupt handlers and realtime<br />
periodic tasks with interrupt latencies and scheduling jitter close to hardware limits.<br />
Real-time tasks in RT-Linux can communicate with Linux processes either via shared memory regions or<br />
a FIFO interface. Thus, real-time applications can make use of all the powerful, non-real-time services of<br />
Linux, including: Networking, Graphics, Windowing systems, Linux device drivers, Standard POSIX<br />
functionality.<br />
The configurations for Radio Gateways (RG), a combination of a base station and an IP router, and<br />
Mobile Terminals (MT) are shown in figure 65 and figure 66.<br />
IP Network (v4 v6)<br />
Multi-CPU Linux Machine<br />
/dev/srnet<br />
/dev/eth0<br />
Kernel<br />
Space<br />
Layer 1H/2/3<br />
RT thread<br />
Radio<br />
Bearers<br />
IP Networking subsystem<br />
Linux Kernel<br />
Server<br />
Functions<br />
PCI<br />
Real-time<br />
µKernel<br />
DAQ<br />
+<br />
RF<br />
Layer1L<br />
RT thread<br />
Real-time Space<br />
User<br />
Space<br />
Figure 65: Radio Gateway Architecture<br />
The RG’s network connection is IP based and is assumed to be connected to an IP network via Ethernet<br />
using the standard Linux /dev/eth0 Ethernet device. The TD-CDMA to IP Network Interconnect is<br />
made via a homemade RTLinux driver /dev/srnet. Its basic functions include<br />
• Strict real-time implementation of 3GPP Layers 1 (PHY) and 2 (MAC/RLC)<br />
• Adapted RRC signalling functionality to accommodate a set of mobile-IP management functions<br />
(information broadcast, attachment, resource requests, paging, etc.)<br />
The entities comprising the Radio Protocol Layers are collectively known as the Access Stratum (AS) in<br />
3GPP terminology, whereas entities in the IP backbone are collectively known as the Non-Access<br />
Stratum (NAS).<br />
D0103v1.doc 87 / 168
D0103v1.doc Version 1 6.7.2003<br />
The computational complexity of the RG will depend on the number of channels and/or antennae that are<br />
required. It can range from a dual-processor server machine to a powerful 8-way SMP server (e.g.<br />
COMPAQ Proliant 6500, 8500).<br />
The MT is a normal Linux machine (e.g. laptop) and may be connected to a second machine via Ethernet<br />
for running special applications.<br />
Normal Linux Laptop<br />
/dev/srnet<br />
Kernel<br />
Space<br />
Layer1H/2/3<br />
RT thread<br />
Radio<br />
Bearers<br />
IP Networking subsystem<br />
Linux Kernel<br />
User<br />
Application<br />
Cardbus<br />
DAQ<br />
+<br />
RF<br />
Layer1L<br />
RT thread<br />
Real-time<br />
µKernel<br />
Real-time Space<br />
User<br />
Space<br />
Figure 66: Mobile Terminal Architecture<br />
4.3.4.2 Physical Layer Software Architecture<br />
4.3.4.2.1 3GPP TDD 3.84 Mchips/s Physical Layer<br />
Here we give a very brief summary of the 3GPP TDD 3.84 Mchip/s physical layer.<br />
3GPP TDD 3.84 Mchip/s is a time-slotted CDMA system. Data frames last 10ms and are divided into 15<br />
times slots of equal time duration (667 µs) as shown in figure 67.<br />
FRAME i<br />
10 ms<br />
Slot<br />
#0<br />
Slot<br />
#1<br />
Slot<br />
#14<br />
2560 T c<br />
T c = chip time = (1 / 3.84) µs<br />
Figure 67: Frame Structure<br />
Slots can be dynamically allocated for either uplink or downlink transmission which allows for the<br />
possibility of asymmetric resource allocation for the two traffic directions.<br />
The basic transmission entity in a slot is a burst. Bursts are further subdivided into 2560 QPSK symbols<br />
(chips).<br />
4.3.4.2.2 Implemented Physical Channels<br />
Physical channels are indexed by their slot number and orthogonal channelization (spreading) code.<br />
Spreading is used to allow several users to share a particular timeslot and as a means of achieving multilevel<br />
coding.<br />
On the uplink (UL) the maximum number of users sharing a particular timeslot is 8, and users can use at<br />
most 2 channelization codes in parallel. On the downlink (DL) up to 16 parallel channelization codes can<br />
D0103v1.doc 88 / 168
D0103v1.doc Version 1 6.7.2003<br />
be used. Spreading is achieved through the use of Orthogonal Variable Spreading Factor (OVSF) codes<br />
which are based on Hadamard sequences.<br />
• Channelization Codes<br />
Channelization codes are simply an organization of Hadamard codes of varying lengths which allow users<br />
(or data streams of one user) of potentially different data rates to be mutually orthogonal. These are<br />
known as OVSF codes.<br />
• Scrambling codes<br />
Scrambling is used to reduce interference from signals originated in neighbouring cells. Each cell is<br />
assigned a scrambling sequence of length 16 chips. This is a major difference from other CDMA systems<br />
such as UMTS/FDD and IS-95 which use very long scrambling codes. Because of this short scrambling<br />
sequence, advanced receiver architectures (i.e. equalizers, multi-user receivers) can be implemented at<br />
reasonable computational cost.<br />
• Modulation Pulse-Shaping<br />
QPSK signalling is used in UMTS TDD. Pulse-shaping is achieved through the use of a root-raised cosine<br />
filter with a spectral roll-off factor of .22. The resulting channel bandwidth is 5 MHz.<br />
• Dedicated Physical Channels (DPCH)<br />
Dedicated physical channels are used to transmit user traffic. Any combination of burst types,<br />
channelization codes and TFCI formats are allowed. On the downlink the allowed spreading factors are<br />
16 and 1, whereas on the uplink, factors of 1, 2, and 4, 8, 16 are possible.<br />
• Primary common control physical channel (P-CCPCH)<br />
The BCH or broadcast channel is mapped onto the Primary Common Control Physical Channel (P-<br />
CCPCH). The position (time slot / code) of the P-CCPCH is known from the Physical Synchronization<br />
Channel (PSCH).<br />
• Secondary common control physical channel (S-CCPCH)<br />
PCH (Paging Channel) and FACH (Forward Access Channel) are mapped onto one or more secondary<br />
common control physical channels (S-CCPCH). In this way the capacity of PCH and FACH can be<br />
adapted to the different requirements. The S-CCPCH is implemented for control channels.<br />
• Physical random access channel (PRACH)<br />
The RACH (Random-access Channel) is mapped onto one uplink physical random access channel<br />
(PRACH). This channel is used by the mobile station during the connection phase with the base station<br />
and for passing control information once connected. Because of its importance, the PRACH is<br />
implemented for control information and short user data packets.<br />
• Synchronization channel (SCH)<br />
The SCH is used for two purposes in UMTS/TDD: First, to acquire initial frame synchronization (using<br />
the primary synchronization code) and second, to derive the code group of a cell (using the secondary<br />
synchronization code). In order not to limit the uplink/downlink asymmetry, the SCH is mapped onto one<br />
or two downlink slots per frame only.<br />
4.3.4.2.3 Layer 1L overview<br />
Layer 1 DSP routines operate on buffers written to and read from the external PCI acquisition system.<br />
The two DMA memory buffers contain 1 UMTS frame’s (10ms) worth of samples.<br />
As shown in figure 66, Layer 1 is subdivided into 2 parts, L1L and L1H. L1L is responsible for<br />
modulation and L1H for channel coding and multiplexing. The higher layers (including L1H) provide<br />
data to be modulated to L1L in a form that can be interpreted to generate the sample streams. The raw<br />
data sequences are first spread (including scrambling) and then modulated.<br />
The receiver for a MT operates in 2 modes. The first is the initial acquisition of the RGs synchronization<br />
signal. This operation comprises correlation and energy detection. Once synchronized, frame/slot timing<br />
is acquired and demodulation of the different parallel channels can be accomplished. The receiver for an<br />
RG is somewhat simpler since initial synchronization is not needed. At a later stage, a synchronization<br />
(and timing adjustment) algorithm will be required to synchronize several RGs. This will be<br />
accomplished using the 3GPP Node-B synchronization burst. The main difference is that the RG must<br />
demodulate more parallel streams and perform joint channel estimation of up to 8 users.<br />
4.3.4.2.4 Layer 1H overview<br />
On the transmitter side (from the MAC layer), data arrive to the coding/multiplexing unit of L1H in form<br />
of transport block sets, once every transmission time interval (TTI). The transmission time interval is<br />
transport-channel specific from the set {10 ms, 20 ms, 40 ms, 80 ms}. The following coding/multiplexing<br />
steps can be identified:<br />
• Addition of CRC information to each transport block<br />
• Transport Block concatenation / Code block segmentation<br />
• channel coding (convolutional, turbo, uncoded)<br />
D0103v1.doc 89 / 168
D0103v1.doc Version 1 6.7.2003<br />
• radio frame size equalization<br />
• interleaving<br />
• radio frame segmentation<br />
• rate matching<br />
• multiplexing of transport channels<br />
• bit scrambling<br />
• physical channel segmentation<br />
• mapping to physical channels<br />
The main computational burden related to L1H lies in the channel decoder for the receiver. Three of the<br />
channel coding methods require either a soft-decision Viterbi decoder on a 256-state trellis (convolutional<br />
code), or a soft-in soft-out 8-state iterative decoder (turbo decoder). We have currently only implemented<br />
the convolutional coding options of 3GPP in RT -mode.<br />
4.3.4.3 MAC Services and Functions<br />
This section provides an overview on services and functions provided by the MAC sublayer. Further<br />
details can be found in the 3GPP specification [25.321].<br />
4.3.4.3.1 MAC Services to upper layers<br />
• Data transfer. This service provides unacknowledged transfer of MAC SDUs between peer MAC<br />
entities. This service does not provide any data segmentation. Therefore, segmentation/reassembly<br />
function should be achieved by upper layer.<br />
• Reallocation of radio resources and MAC parameters. This service performs, on request of RRC,<br />
the execution of radio resource reallocation and the reconfiguration of MAC functions such as<br />
change of identity of UE, change of transport format (combination) sets, change of transport channel<br />
type.<br />
• Reporting of measurements. Local measurements such as traffic volume and quality indication are<br />
reported to RRC.<br />
4.3.4.3.2 Transport and Logical channels<br />
o Transport Channels<br />
The MAC layer provides an interface to L1 consisting of transport channels. The following transport<br />
channels are implemented in the testbed.<br />
BCH (Broadcast Channel) - A downlink channel used for broadcasting basic system information,<br />
notably radio channel configuration data.<br />
FACH (Forward Access Channel) - A common downlink channel for AS/NAS signalling (connection<br />
establishment, data channel establishment) as well as short user packets and paging.<br />
RACH (Random-Access Channel) - A contention-based uplink channel for AS/NAS signalling<br />
(connection establishment, data channel establishment) as well as short user packets.<br />
DCH (Dedicated Channel) - An uplink or downlink channel for either dedicated traffic or control<br />
information.<br />
o Logical Channels<br />
The MAC layer provides data transfer services on logical channels. A set of logical channel types is<br />
defined for different kinds of data transfer services as offered by MAC. Each logical channel type is<br />
defined by what type of information is transferred.<br />
Logical channels are generally classified into two groups:<br />
• Control Channels (for the transfer of C-plane information);<br />
• Traffic Channels (for the transfer of U-plane information).<br />
Control channels are used for transfer of C-plane information only. The following control channels are<br />
implemented.<br />
Broadcast Control Channel (BCCH) - A downlink channel for broadcasting system control information.<br />
Common Control Channel (CCCH) - Bi-directional channel for transmitting control information<br />
between network and UEs. This channel is commonly used by the UEs having no RRC connection with<br />
the network<br />
Dedicated Control Channel (DCCH) - A point-to-point bi-directional channel that transmits dedicated<br />
control information between a UE and the network. This channel is established through the RRC<br />
connection setup procedure.<br />
Traffic channels are used for the transfer of U-plane information only. The following U-plane channels<br />
are implemented.<br />
Dedicated Traffic Channel (DTCH) - A Dedicated Traffic Channel (DTCH) is a point-to-point channel,<br />
dedicated to one UE, for the transfer of user information. A DTCH can exis t in both uplink and downlink.<br />
D0103v1.doc 90 / 168
D0103v1.doc Version 1 6.7.2003<br />
o Mapping between logical channels and transport channels<br />
The logical/transport channel mappings as seen from the UE and Network sides are shown below.<br />
BCCH-<br />
SAP<br />
PCCH-<br />
SAP<br />
DCCH-<br />
SAP<br />
CCCH-<br />
SAP<br />
DTCH-<br />
SAP<br />
MAC SAPs<br />
BCH<br />
RACH<br />
FACH<br />
DCH<br />
Transport<br />
Channels<br />
Figure 68: Logical channels mapped onto transport channels, seen from the UE side<br />
BCCH-<br />
SAP<br />
PCCH-<br />
SAP<br />
DCCH-<br />
SAP<br />
CCCH-<br />
SAP<br />
DTCH-<br />
SAP<br />
MAC SAPs<br />
BCH<br />
RACH<br />
FACH<br />
DCH<br />
Transport<br />
Channels<br />
Figure 69: Logical channels mapped onto transport channels, seen from the Network side<br />
4.3.4.3.3 MAC functions<br />
The functions of MAC include:<br />
• Mapping between logical channels and transport channels.<br />
• Selection of appropriate Transport Format for each Transport Channel depending on instantaneous<br />
source rate.<br />
• Priority handling between data flows of one UE.<br />
• Priority handling between UEs by means of dynamic scheduling.<br />
NOTE: In the TDD mode the data to be transported are represented in terms of sets of resource units.<br />
• Identification of UEs on common transport channels.<br />
• Multiplexing/demultiplexing of upper layer PDUs into/from transport blocks delivered to/from the<br />
physical layer on common transport channels.<br />
• Multiplexing/demultiplexing of upper layer PDUs into/from transport block sets delivered to/from<br />
the physical layer on dedicated transport channels.<br />
• Traffic volume measurement.<br />
• Transport Channel type switching.<br />
• Access Service Class selection for RACH transmission.<br />
4.3.4.4 RLC Services and Functions<br />
This section provides an overview on services and functions provided by the RLC sublayer. Further<br />
details can be found in the 3GPP specification [25.322].<br />
D0103v1.doc 91 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.3.4.4.1 Services provided to the upper layer<br />
• Transparent data transfer. This service transmits upper layer PDUs without adding any protocol<br />
information, possibly including segmentation/reassembly functionality.<br />
• Unacknowledged data transfer. This service transmits upper layer PDUs without guaranteeing<br />
delivery to the peer entity. The unacknowledged data transfer mode has the following characteristics:<br />
o Detection of erroneous data: By using the sequence-number check function.<br />
o Immediate delivery: Delivery of a SDU to the upper layer as soon as it arrives at the<br />
receiver.<br />
• Acknowledged data transfer. This service transmits upper layer PDUs and guarantees delivery to<br />
the peer entity. In case RLC is unable to deliver the data correctly, the user of RLC at the<br />
transmitting side is notified. For this service, only in-sequence delivery is supported. The<br />
acknowledged data transfer mode has the following characteristics:<br />
o Error-free delivery: Error-free delivery is ensured by means of retransmission. The receiving<br />
RLC entity delivers only error-free SDUs to the upper layer.<br />
o Unique delivery: The RLC sublayer delivers each SDU only once to the receiving upper<br />
layer using duplication detection function.<br />
o In-sequence delivery: RLC sublayer delivers SDUs to the receiving upper layer entity in the<br />
same order as the transmitting upper layer entity submits them to the RLC sublayer.<br />
o Out-of-sequence delivery: Alternatively to in-sequence delivery, the receiving RLC entity<br />
delivers SDUs to upper layer in different order than submitted to RLC sublayer at the<br />
transmitting side.<br />
• Maintenance of QoS as defined by upper layers. The retransmission protocol shall be configurable<br />
by layer 3 to provide different levels of QoS. This can be controlled.<br />
• Notification of unrecoverable errors. RLC notifies the upper layer of errors that cannot be resolved<br />
by RLC itself by normal exception handling procedures, e.g. by adjusting the maximum number of<br />
retransmissions according to delay requirements.<br />
There is a single RLC connection per Radio Bearer.<br />
4.3.4.4.2 RLC Functions<br />
The RLC sub layer implements the following functions:<br />
• Segmentation and reassembly.<br />
• Concatenation<br />
• Padding.<br />
• Transfer of user data.<br />
• Error correction.<br />
• In-sequence delivery of upper layer PDUs.<br />
• Duplicate Detection.<br />
• Flow control.<br />
• Sequence number check.<br />
• Protocol error detection and recovery.<br />
• SDU discard.<br />
4.3.4.5 PDCP Services and Functions<br />
This section provides an overview on services and functions provided by the Packet Data Convergence<br />
Protocol (PDCP). A detailed description of the PDCP is given in [25.324].<br />
4.3.4.5.1 PDCP Services provided to upper layers<br />
- PDCP SDU delivery.<br />
4.3.4.5.2 PDCP Functions<br />
- Transfer of user data. Transmission of user data means that PDCP receives PDCP SDU from the NAS<br />
and forwards it to the RLC layer and vice versa.<br />
4.3.4.6 RRC Specification<br />
The RRC sub-component is based on the 3GPP specification [25.331], but modified to fit the needs of the<br />
<strong>Moby</strong> <strong>Dick</strong> framework whenever needed.<br />
4.3.4.6.1 Services provided to the Non Access Stratum<br />
• General Control<br />
The GC SAP provides an information broadcast service. It is used to enable the NAS entities (IP<br />
Network) to provide information and to give commands that do not relate to specific users. There is one<br />
D0103v1.doc 92 / 168
D0103v1.doc Version 1 6.7.2003<br />
General Control SAP per Radio Gateway connection point. On the UE side, there is a single General<br />
Control SAP in an MS. This service broadcasts information to all UEs in the cell area.<br />
• Notification<br />
The Nt SAP provides paging and notification broadcast services. There is one Notification SAP per RG<br />
connection point. On the UE side, there is a single Notification SAP (a Paging SAP) in an MS. The<br />
paging service sends information to a specific UE(s). The information is broadcast in the cell area but<br />
addressed to a specific UE(s).<br />
• Dedicated Control<br />
The DC SAP provides services for establishment/release of a connection and transfer of messages using<br />
this connection. It should also be possible to transfer a message during the establishment phase. A<br />
connection is a relationship with a temporary context in the RG. The context in the RG is initiated at the<br />
establishment of the connection, and erased when the connection is released.<br />
There are typically a great number of Dedicated Control SAPs per RG connection point. SAPs are<br />
identified by a SAPI at the AS boundary. During the lifetime of a connection, the connection can be<br />
identified unambiguously by the SAPI of the associated SAP, and the SAPI is used as a reference in the<br />
exchanges at the AS boundary on the infrastructure side. On the UE side, there is a single dedicated<br />
control SAP.<br />
The information transfer service sends a signalling message using the earlier established connection.<br />
4.3.4.6.2 RRC functions<br />
The Radio Resource Control (RRC) layer handles the control plane signalling of Layer 3 between the<br />
UEs and the RG. The RRC performs the following functions:<br />
• Broadcast of information provided by the non-access stratum. The RRC layer performs system<br />
information broadcasting from the network to all UEs. The system information is normally repeated<br />
on a regular basis. How it is repeated is controlled by the non-access stratum. The RRC layer<br />
performs the scheduling, segmentation and repetition. This function supports broadcast of higher<br />
layer (above RRC) information. This information may be cell specific or not. As an example RRC<br />
may broadcast Router Advertisement IP packets and/or the list of suitable neighbouring cells.<br />
• Broadcast of information related to the access stratum. The RRC layer performs system<br />
information broadcasting from the network to all UEs. The system information is normally repeated<br />
on a regular basis. The RRC layer performs the scheduling, segmentation and repetition. This<br />
function supports broadcast of typically cell-specific information, such as common channels<br />
parameters.<br />
• Establishment, re-establishment, maintenance and release of an RRC connection between the<br />
UE and RG. The establishment of an RRC connection is initiated by a request from RCF at the UE<br />
side to establish the first Signalling Connection for the UE. The establishment of an RRC connection<br />
includes a layer 2 signalling link establishment. The release of an RRC connection can be initiated by<br />
a request from RCF to release the Connection for the UE or by the RRC layer itself in case of RRC<br />
connection failure. In case of connection loss, the UE requests re-establishment of the RRC<br />
connection. In case of RRC connection failure, RRC releases resources associated with the RRC<br />
connection.<br />
• Establishment and release of Radio Bearers. The RRC layer can, on request from RCF, perform<br />
the establishment and release of Radio Bearers in the user plane. A number of Radio Bearers can be<br />
established to an UE at the same time. At establishment, the RRC layer performs admission control<br />
and selects parameters describing the Radio Bearer processing in layer 2 and layer 1, based on<br />
information from RCF.<br />
This function includes coordination of the radio resource allocation between multiple radio bearers<br />
related to the same RRC connection. RRC controls the radio resources in the uplink and downlink<br />
such that UE and Network can communicate using unbalanced radio resources (asymmetric uplink<br />
and downlink).<br />
• Paging/notification. The RRC layer can broadcast paging information from the network to selected<br />
UEs. Higher layers on the network side can request paging and notification. The RRC layer can also<br />
propagate paging during an established RRC connection.<br />
• Control of requested QoS. This function shall ensure that the QoS requested for the Radio Bearers<br />
can be met. This includes the allocation of a sufficient number of radio resources.<br />
• UE measurement reporting and control of the reporting. The measurements performed by the UE<br />
are controlled by the RRC layer, in terms of what to measure, when to measure and how to report,<br />
including UMTS air interface. The RRC layer may also perform the reporting of the measurements<br />
from the UE to the network (currently not planned in <strong>Moby</strong> <strong>Dick</strong>).<br />
• Initial cell selection and re-selection in idle mode. Selection of the most suitable cell based on idle<br />
mode measurements and cell selection criteria.<br />
D0103v1.doc 93 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.3.4.6.3 RRC internal states<br />
The RRC layer implements a state machine. From a macroscopic point of view, the UE can be either in<br />
idle or in connected mode. This mode is known at NAS level.<br />
• idle mode: The Mobile Terminal (UE) is first switched on. Then it enters the “Idle” mode where<br />
it listens to the synchronization channel and then to the BCH. After this first synchronization<br />
phase, the UE is “physically” attached to the RG. It is said to “camp on the cell”. It monitors the<br />
<strong>System</strong> Information messages broadcasted by the Radio Gateway (RG). When applicable, the<br />
UE RRC forwards the information received to the NAS entities.<br />
The UE enters connected mode on NAS request when data must be transferred between the UE and<br />
the RG. It then continues to monitor the <strong>System</strong> Information messages.<br />
• connected mode: The UE has established a connection with the Network. This mode is divided<br />
into several states:<br />
o Connected: CELL-DCH<br />
• One or more dedicated physical channel(s) is allocated to the UE<br />
• The UE may monitor FACH for <strong>System</strong> Info messages<br />
o Connected: CELL-FACH<br />
• No dedicated physical channel, FACH and RACH are used instead<br />
• The UE listens to BCH (Broadcast Channel) for <strong>System</strong> Information<br />
o Connected: CELL-PCH<br />
• No physical channel is allocated<br />
• The UE is accessible only via the PCH (Paging Channel)<br />
• It listens to <strong>System</strong> Information on BCH<br />
4.3.4.6.4 RRC procedures and messages<br />
The RRC protocol procedures are detailed in specification [25.331]. The following procedures are<br />
implemented in the <strong>Moby</strong> <strong>Dick</strong> framework.<br />
Broadcast of system information<br />
RG → UE - - SYSTEM INFORMATION <strong>System</strong> Information is broadcasted in <strong>System</strong><br />
Information Blocks. The following ones are used:<br />
• SIB type 1 : NAS system information as well as<br />
UE timers and counters to be used in idle mode<br />
and in connected mode<br />
• SIB type 5: parameters for the configuration of the<br />
common physical channels in the cell.<br />
• SIB type 11: measurement control information to<br />
be used in the cell.<br />
• SIB type 18: Identities of neighbouring cells to be<br />
considered in idle mode as well as in connected<br />
mode.<br />
RRC connection establishment<br />
UE → RG - RRC CONNECTION REQUEST<br />
RG → UE - RRC CONNECTION SETUP<br />
UE → RG - RRC CONNECTION SETUP<br />
COMPLETE<br />
RG → UE - RRC CONNECTION REJECT<br />
RRC connection release<br />
UE → RG – RRC UL CONNECTION RELEASE<br />
Initial Direct transfer<br />
UE → RG - INITIAL DIRECT TRANSFER<br />
Downlink Direct transfer<br />
RG → UE - DOWNLINK DIRECT TRANSFER<br />
The purpose of this procedure is to release the RRC<br />
connection including and all radio bearers between the<br />
UE and the Network. By doing so, all established<br />
signalling connections will be released.<br />
The initial direct transfer procedure is used in the<br />
uplink to establish a signalling connection. It is also<br />
used to carry an initial upper layer (NAS) message over<br />
the radio interface<br />
The downlink direct transfer procedure is used in the<br />
downlink direction to carry upper layer (NAS)<br />
messages over the radio interface.<br />
D0103v1.doc 94 / 168
D0103v1.doc Version 1 6.7.2003<br />
Uplink Direct transfer<br />
UE → RG - UPLINK DIRECT TRANSFER<br />
UE dedicated paging<br />
RG → UE - PAGING TYPE 2<br />
The uplink direct transfer procedure is used in the<br />
uplink direction to carry all subsequent upper layer<br />
(NAS) messages over the radio interface belonging to a<br />
signalling connection.<br />
This procedure is used to transmit dedicated paging<br />
information to one UE in connected mode in<br />
CELL_DCH or CELL_FACH state. Upper layers in<br />
the network may request initiation of paging.<br />
Radio bearer establishment<br />
RG → UE - RADIO BEARER SETUP<br />
UE → RG - RADIO BEARER SETUP COMPLETE<br />
UE → RG - RADIO BEARER SETUP FAILURE<br />
Radio bearer release<br />
RG → UE - RADIO BEARER RELEASE<br />
UE → RG - RADIO BEARER RELEASE<br />
COMPLETE<br />
UE → RG - RADIO BEARER RELEASE FAILURE<br />
Cell update procedures<br />
UE → RG - CELL UPDATE<br />
RG → UE - CELL UPDATE CONFIRM<br />
The cell update procedures serve several main<br />
purposes:<br />
• to notify the Network of an RLC unrecoverable<br />
error [25.322] on an AM RLC entity;<br />
• to be used as a supervision mechanism in the<br />
CELL_FACH state by means of periodical update.<br />
• to act on a radio link failure in the CELL_DCH<br />
state;<br />
The cell update procedures may:<br />
• cause a state transition from the CELL_FACH<br />
state to the CELL_DCH state or idle mode.<br />
The cell update procedure may also include:<br />
• a re-establish of AM RLC entities;<br />
• a radio bearer release.<br />
4.4 QoS Broker Software Specification<br />
Table 16 : RRC procedures and messages<br />
This section describes the software specification of the Bandwidth Broker (QoS Broker). It will describe<br />
the <strong>Moby</strong> <strong>Dick</strong> components that interact with the QoS Broker, the broker’s interfaces and all its internal<br />
functions.<br />
On each QoS Broker interface we will discuss the messages exchanged between the QoS Broker and the<br />
other <strong>Moby</strong><strong>Dick</strong> components, its format and when they will occur. At the end of the section we will<br />
resent the QoS Broker databases format, and discuss its purpose.<br />
A bandwidth broker is an entity that takes admission control decisions and configures all access network<br />
components, according to a set of conditions given by administration entities.<br />
4.4.1 General QoS Broker Positioning<br />
Figure 70 shows a view of all the entities of the <strong>Moby</strong> <strong>Dick</strong> project that interact with QoSBroker.<br />
D0103v1.doc 95 / 168
D0103v1.doc Version 1 6.7.2003<br />
AAAC<br />
Server<br />
NMS<br />
Entity<br />
Router<br />
QBroker<br />
QBroker2<br />
Computer<br />
Cisco/Linux<br />
Linux Router<br />
Radio tower<br />
Cisco<br />
Router<br />
Cisco<br />
Router<br />
Laptop<br />
Telephone<br />
Workstation<br />
Server<br />
Figure 70 – The QoS Broker within the <strong>Moby</strong> <strong>Dick</strong> architecture<br />
These entities can be summarized as:<br />
• AAAC Server. The entity responsible for authenticating user information, identifying the<br />
proper SLA (Service Level Agreement), keeping accounting and charging information.<br />
• NMS Server. The entity that makes core network configuration and defines the available<br />
resources for the broker in each moment.<br />
• “Other brokers”. Each broker has his own domain of action. To keep end-to-end QoS, all<br />
brokers in the path need to interact.<br />
• Network routers. Routers have to be configured according to the user profile, and network<br />
conditions, so that QoS conditions can be achieved. The QoS broker will be the responsible<br />
for the router configuration.<br />
4.4.2 QoS Broker components<br />
Figure 71 represents a block diagram of the QoS Broker components and its relation to other components<br />
.<br />
AAACInterf<br />
QBroker<br />
FHOInterf<br />
NMSInterf<br />
NetworkDB<br />
User<br />
Profile<br />
Data<br />
QBrokerEngine<br />
NetStatus<br />
RGWClient<br />
NetProbe<br />
WebGUI<br />
RouterInterface<br />
Figure 71 - QoS Broker components and its external relations<br />
D0103v1.doc 96 / 168
D0103v1.doc Version 1 6.7.2003<br />
Now we will list all the components with a small description of each one:<br />
4.4.2.1 WebGUI<br />
WebGUI is the module that enables the contact with the human operator. It was developed with two<br />
purposes:<br />
• It enables the QoS Broker configuration with the data edition in the NetworkDB database;<br />
• It shows the network use status, showing the active reservations and the profiles authorized;<br />
4.4.2.2 NetProbe<br />
NetProbe is the entity that monitors the network status. The collected information is inserted in a database<br />
named NetStatus. This information and the information given by the NMSInterface represent the network<br />
status, at every instant. QBrokerEngine will user this information to decide if it should or should not<br />
allow a new access to the network resources.<br />
4.4.2.3 QBrokerEngine<br />
QBrokerEngine is a process that manages several threads, one for each interface. Those threads should<br />
wait for requests from the outside world. We will have:<br />
• AAACAttendant – AAACAttendant will receive and answer the AAAC requests<br />
• InterBrokerAttendant – InterBrokerAttendant receives external FHO-related data needed by the<br />
nQoSBroker to configure the mobile terminal's nAR.<br />
• RouterAttendant – RouterAttendant will receive router requests after processing the QoSBroker<br />
answers. Those requests can to be summarized as follows:<br />
o Data flow authorizing requests: AR requests QoSBroker to accept some data flow, and<br />
QoSBroker after analysing network resource state answers accepting or rejecting that<br />
flow;<br />
o FHO requests: oAR contacts QoSBroker requesting the FHO process sending oCoA,<br />
nCoA and nAR addresses. QoSBroker looks for nAR address<br />
QBrokerEngine is responsible to launch, stop and manage those threads.<br />
4.4.2.4 QoS Broker Interfaces<br />
QoS Broker has several interfaces, one for each <strong>Moby</strong> <strong>Dick</strong> architecture component. Figure 72 shows a<br />
picture of this aspect of the architecture.<br />
AAACInterf<br />
RGWClient<br />
QoSBroker<br />
NMSInterf<br />
RouterInterface<br />
WebServer<br />
BrokerInterface<br />
Attendant<br />
BrokerClient<br />
Now we will describe those interfaces:<br />
4.4.2.4.1 BrokerInterface<br />
Figure 72 – QoS Broker interfaces<br />
BrokerInterface is the module that interfaces with neighbouring Brokers. This interface is used to change<br />
external handover information between oQosBroker and nQoSBroker. As soon as oQoSBroker realises<br />
that nAR belongs to other QoSBroker it collects NVUP information and reservation information about<br />
this oCoA and sends it to the nQoSBroker. The communication between QoSBroker is made using COPS<br />
protocol and the COPSApi developed to the communication between the AAAC, the AR and the<br />
QoSBroker is utilised.<br />
4.4.2.4.2 NMSInterface<br />
That’s the interface with NMS (Network Management <strong>System</strong>) entity that allows the NMS entity to<br />
define the network resources that can be used by this broker. It should also allow access to policy, alarm<br />
processing and service translation functions. This interface should also to be connected to the database<br />
D0103v1.doc 97 / 168
D0103v1.doc Version 1 6.7.2003<br />
that keeps the network information, named NetStatus. It will receive a message SendQoSBConfigData<br />
with parameter QOSB_CONFIGDATA.<br />
4.4.2.4.3 AAACInterface<br />
AAACInterface interfaces with the AAAC server. It defines the service QoS parameters at QoSBroker<br />
start-up time, and dumps NVUP information to QoSBroker when any user registers in AAAC system.<br />
Once the AAAC server starts running, it connects with the QoSBroker and sends a message defining QoS<br />
parameters used in the available services and the corresponding DSCP codes. Those parameters are used<br />
in the network QoS management that QoSBroker does during its operation.<br />
After user registration in the AAAC system has been performed, the AAAC server dumps NVUP<br />
information into the QoSBroker defining the list of services that the user will be able to use. The NVUP<br />
information contains information such as CoA, authorisation timeout, and a list of services described by a<br />
source address, destination address and a DSCP. It is also possible to have different timeouts for different<br />
services, because each service has its own timeout.<br />
4.4.2.4.4 RouterInterface<br />
RouterInterface is the entity that will interface with the routers. It will have two modes of operation:<br />
• receives the router request reservations: when a host starts sending a packet flow, the<br />
Access Router (AR) will send a request to the QoSBroker through COPSDriver making a<br />
resource reservation. QoSBroker analyses network usage state and sends an answer<br />
accepting the new flow, or denying it.<br />
• sends router configuration information: during AR startup, and when AR requests for a<br />
configuration, the QoSBroker sends a set of parameters configuring the AR Queues;<br />
4.4.3 Software Implementation<br />
Now we will describe the implementation that has been done of the software components. We will start<br />
with the interface description, and then we will analyze the databases used by the broker, and this<br />
structure.<br />
4.4.3.1 Interfaces<br />
4.4.3.1.1 AAACInterface<br />
AAACInterface interfaces with the AAAC server.<br />
4.4.3.1.1.1 Data format interchanged between QoSBroker and AAAC<br />
NVUP (Network View of User Profile). It represents the subset of the user profile that the network needs<br />
to know. Such subset includes:<br />
-User ID / NAI;<br />
-Home Domain / Home service provider;<br />
-Source address;<br />
-N services: number of services that a user subscribed;<br />
-Array of N elements with:<br />
-Destination address;<br />
-Authorisation timeout;<br />
-DSCP signalling code;<br />
DSCP signalling code can be very useful in a situation of a foreign domain access with different QoS<br />
signalization. For each user is defined a set of N services that can be used by him. Each service has an<br />
authorisation timeout, a destination address, a QoS Profile describing this service QoS parameters, and a<br />
DSCP signalling code. Matching user profiles in different domains is a task to AAAC.<br />
QoSProfile – QosProfile represents the QoS conditions of some profile. This profile defines some<br />
parameters as:<br />
-DSCP;<br />
-Bandwidth;<br />
-Priority;<br />
-Minimum Delay;<br />
4.4.3.1.1.2 Messages changed between AAAC and QoSBroker<br />
It will allow several messages in several different moments:<br />
1. Before Operation: SendQoSProfile(QoSProfile) – Used by the AAAC to define to the<br />
QoSBroker the QoS Profiles, and its QoS parameters;<br />
2. Registration time: AuthorizeProfile(NVUP) - AAAC signals QoSBroker to allow resource<br />
usage (for a user). Resources are not yet reserved, this is done at session setup time;<br />
D0103v1.doc 98 / 168
D0103v1.doc Version 1 6.7.2003<br />
3. Deregistration time: DeAuthorizeProfile(NVUP) – AAAC signal QoSBroker to cancel resource<br />
usage by that user;<br />
Communication between AAAC and the QoSBroker is made using a COPS API, that implement COPSprotocol<br />
as messages aren't answered by the QoSBroker because of scalability reasons it was decided that<br />
the AAAC server shouldn't wait for the QoSBroker answer each time it sends a message.<br />
4.4.3.1.2 RouterInterface<br />
As was stated before RouterInterface is the interface to the routers. Figure 73 shows its internal<br />
composition.<br />
QBroker<br />
QBrokerEngine<br />
NetProbe<br />
VirtualRouter<br />
CLIDriver<br />
COPSDriver<br />
Linux Router<br />
Figure 73 - RouterInterface internals<br />
Here is the list of those components :<br />
• VirtualRouter: It chooses the driver that should to be used to communicate with some<br />
specific router;<br />
• CLIDriver: CLIDriver is the driver used to communicate with routers that we should<br />
communicate by Command Line Interface;<br />
• COPSDriver: COPSDriver is the driver used to communicate through COPS.<br />
The incoming messages from the routers that request some network resource are mapped from the<br />
COPSDriver directly to the QBrokerEngine. The outgoing messages, from the QBrokerEngine to the<br />
routers, messages to make some configuration, or simply to analyse the network status are passed to the<br />
VirtualRouter. Now we will describe in more detail these components and their implementation.<br />
4.4.3.1.2.1 VirtualRouter<br />
VirtualRouter, in Figure 74, is a kind of virtual driver that will interface the Router Interface and the<br />
router drivers that broker use to configure the routers. It will have a database that keeps information about<br />
the routers, its vendors, its models, and its communication format.<br />
When the Virtual router receives a message that it should send to a router, it should verify the routers<br />
communication format and use the correct driver to send that message. Like that we are able to have<br />
different protocols to be used to “talk” with different routers. Such an architecture was chosen because of<br />
the following reasons:<br />
• The program uses the drivers as an abstraction to communicate with all the routers without<br />
taking care about specific router communication details, making development easier;<br />
• Makes the program evolution easier, when a new router arise the only thing needed is to add a<br />
new entry in the database and add the specific router commands in the database.<br />
D0103v1.doc 99 / 168
D0103v1.doc Version 1 6.7.2003<br />
Router Interface<br />
VirtualRouter<br />
Engine<br />
Router<br />
List<br />
Database<br />
CLIDriver<br />
COPSDriver<br />
Cisco<br />
Router<br />
Linux Router<br />
Figure 74 - VirtualRouter<br />
4.4.3.1.2.2 CLIDriver<br />
CLIDriver is the driver that will communicate with the routers using the Command Line Interface. It will<br />
receive requests from the VirtualRouter and then forward them to the routers through a set of instructions<br />
that are present in the database.<br />
Router Interface<br />
VirtualRouter<br />
Engine<br />
Router<br />
List<br />
Database<br />
CLIDriver<br />
Engine<br />
CLI<br />
Command<br />
Cisco<br />
Router<br />
Router<br />
Figure 75 - CLIDriver<br />
When the Virtual router receives a message from a CLI router, it sends this message to the<br />
appropriatedriver. CLIDriver check in this database how to format the message in routers CLI commands.<br />
Then it will send the list of commands one by one to the router, making the message configuration.<br />
4.4.3.1.2.3 COPSDriver<br />
COPS protocol was specially designed to exchange network policy information between a network policy<br />
decision point (PDP) and policy enforcement points. In this case the policy decision point is the broker<br />
and the policy enforcement point is the router. When the router starts receiving a set of packets from a<br />
user with some QoSProfile code, it will ask the QoSBroker to reserve resources to this particular flow.<br />
After analysing the network conditions, the QoSBroker will send an answer that will be applied by the<br />
router. In order to supply the QoSBroker with all needed information to judge about that reservation,<br />
router and QoSBroker should exchange some messages with some data.<br />
D0103v1.doc 100 / 168
D0103v1.doc Version 1 6.7.2003<br />
User<br />
Profile<br />
Data<br />
QBroker<br />
QBrokerEngine<br />
NetStatus<br />
RouterInterface<br />
COPSDriver<br />
Linux Router<br />
Figure 76 – COPSDriver as a PDP interface<br />
COPS communication between AR and QoSBroker is made by the COPSApi referred before. The Api<br />
implements a COPS-RSVP-like protocol, with the exception in the FHO message that is the only<br />
unsolicited message the Api supports. This interface uses the change of Keep-Alive messages in order to<br />
the network components to announce its running state to the network elements that they are connected.<br />
4.4.3.1.2.4 Data format interchanged between AR and QoSBroker<br />
BehaviourData: It describes the QoSManager queues parameters. This structure can be described:<br />
- dscp_b;<br />
- dest_addr;<br />
- queue_type;<br />
- behaviuor;<br />
- borrow_flag;<br />
- min_gred_queue;<br />
- max_gred_queue;<br />
- prob_gred_queue;<br />
At QoSManager start-up time, the QoSManager requests the configuration from the QoSBroker. The<br />
QoSBroker collects an array of BehaviourData from describing QoSManager queues information and<br />
send them to QoSManager.<br />
RD (Resource Description). It describes the resource that is being requested to the AR by a host. Such a<br />
description has:<br />
-Source address;<br />
-Destination address;<br />
-DSCP signalling code;<br />
DSCP is the reference to the QoS profile wanted. With this information QoSBroker will analyse network<br />
conditions and decide about accepting or rejecting that flow.<br />
FHOData(Fast Handover data). It describes the FHO process being requested to the QoSBroker. This<br />
structure has:<br />
- oCoA ( the old CoA): the address in use by the MN that is making a FHO;<br />
- nCoA ( the new CoA): the address that will be used by the MN after the FHO process;<br />
- nAR ( new AR): the address of the router that will connect the MN after the FHO.<br />
FHOServReserv (Fast Handover Service Reservation): is the fast handover registered service<br />
description sent by the QoSBroker to the nAR after a FHO decision was taken. This data structures has:<br />
- SourceAddress (Source address): is the source address of the registered service for the MN;<br />
- DestAddress (Destination address): is the destiny address of the service registered to that MN;<br />
- DSCP: is the DSCP of the regis tered service;<br />
- PolicyBW (Policy Bandwidth): is bandwidth values send to nAR that is used for the data rate<br />
parameter of the queue that is created to keep this service packets;<br />
- PolicyBurst (Policy Burst): is the burst rate value that defines the burst rate of the queue that<br />
AR will create in it interface to keep this service packets;<br />
D0103v1.doc 101 / 168
D0103v1.doc Version 1 6.7.2003<br />
A FHO answer is sent from QoSBroker to the nAR having a FHOServReserv for each registered service<br />
that the MN owns in the QoSBroker. For a MN having N registered services in the QoSBroker the<br />
message has an array of N FHOServReserv structures describing those services.<br />
4.4.3.1.2.5 Messages exchanged between AR and QoSBroker<br />
During AR and QoSBroker functioning several messages are exchanged between the two programs.<br />
Those messages can to be listed:<br />
- ConfigRequest: is a configuration request made by AR in order to know configuration it should give to<br />
its interface queues. This message is send at AR start-up and after QoSBroker shows its configuration<br />
intention flag. Each time QoSBroker detects the need of reconfiguring AR it will wait for the next AR<br />
requests and then the QoSBroker will set the reconfiguration flag in the answer it send to AR. After<br />
receiving the message with this flag AR makes a configuration request to QoSBroker.<br />
- ConfigDec: is the configuration message sent by the QoSBroker to the AR describing the interface<br />
queues parameters. This message sends data<br />
- ResourceRequest: Is the message sent by QoSManager to QoSBroker requesting for accepting a flow<br />
described by the RG structure. QoSBroker, accepting or denying that flow acceptance answers this<br />
message.<br />
- ReleaseResource: Is the message send by QoSManager requesting QoSBroker to deallocate those<br />
resources described in the RG structure.<br />
- FHORequest: Is the FHO request sent by oAR to QoSBroker that defines the oCoA, the nCoA and<br />
nAR. QoSBroker analyses this request and send an answer to oAR.<br />
- FHODecision: Is the FHO decision sent from QoSBroker to oAR. After analysing the FHO request and<br />
network resource availability, QoSBroker sends an answer to nAR.<br />
4.4.3.1.3 NMSInterface<br />
NMSInterface is the interface through QoSBroker will know the resources of the core network that will<br />
be able for its own usage.<br />
The definition of those resources will be made by a data structure like:<br />
UpstreamResoucesData<br />
UpstreamBW<br />
UpstreamDelay<br />
This data will be sent to the QosBroker by a message like SendQoSConfigData(UpstreamResoucesData);<br />
4.4.3.1.4 RGWClient<br />
This interface is used to open a radio barrier in the radio gateway.<br />
4.4.3.2 Data format interchanged between Radio Gateway and QoSBroker<br />
qosb_radio_bearer_info_t: This structure defines a radio bearer information. It has some fields:<br />
- dscp;<br />
- radio_QoS_class;<br />
- status;<br />
radio_access_allocation_msg_t: This structure defines the message QoSBroker sends to Radio Gateway<br />
- type: Only one type of message, but keep it for compatibility;<br />
- nb_entries: number of valid entries in info array;<br />
- Home_Addr: home address of the MT attached to radio gateway;<br />
- qosb_radio_bearer_info_t: an array of radio barer information structures;<br />
4.4.3.2.1.1 Messages changed between Radio Gateway and QoSBroker<br />
OpenChanel: QoSBroker sends a message to Radio Gateway opening a radio barer.<br />
4.4.3.2.2 Interface Summary<br />
In order to summarize all the interface information, messages, data changed and message timing we<br />
present the following table:<br />
D0103v1.doc 102 / 168
D0103v1.doc Version 1 6.7.2003<br />
Interface Timing Message Send data<br />
AAAC<br />
QoSBroker SendQoSProfile Services Description<br />
start-up<br />
User<br />
AuthoriseProfile NVUP<br />
registration<br />
time<br />
User<br />
registration<br />
removal<br />
DeAutorizeProfile<br />
AR<br />
Before runtime<br />
ConfigRequest RouterConfig<br />
ChangeConfig<br />
Run-time ResourceRequest Resource<br />
ResourceRelease<br />
In a handover HandoverRequest HandoverResource<br />
HandoverDec<br />
NMS Any time SendQoSConfig QoSResourceData<br />
QoSBrokerInterface External RequestHandover HandoverResource<br />
Hanover<br />
process<br />
Radio Gateway In a new Radio<br />
Gateway flow<br />
OpenChannel<br />
radio_access_allocation_msg_t<br />
Table 17: RG to QoS Broker data<br />
4.4.3.3 Databases<br />
QoS Broker will have several databases. Depending on the size of them, the number of necessary queries<br />
they should have, these databases will be present in memory or in a file. We will analyse each situation in<br />
the following lines.<br />
4.4.3.3.1 NetworkDB<br />
NetworkDBs is the database that keeps the information about the network topology. It will keep<br />
information about each router that the broker manages, its load information, the queues defined to each of<br />
its interfaces, the scheduling algorithm applied to each interface, the occupation of each queue and the<br />
resources that the NMS assigned in this broker. The database, as can be seen in the Figure 77, will have 5<br />
tables:<br />
• Router. Router table keep information such as router memory, processing capacity, router<br />
load, and its state;<br />
• Interface. Represents the router interfaces. It will keep information such as the Interface<br />
address, the scheduling discipline used by the interface, and interface state;<br />
• Queue. Represents the interface queues. It will keep the queue memory, queue occupation,<br />
queue priority;<br />
• QueueConf: Describes the AR queues parameters;<br />
• RadioGW: Lists the radio gateways that belong to QoSBroker network. I has the radio<br />
network address, as well as its network address and network mask;<br />
• NetService: It describes the QoSBroker network services, as well as the correspondence<br />
existing between services and radio classes;<br />
D0103v1.doc 103 / 168
D0103v1.doc Version 1 6.7.2003<br />
PK,FK1,FK2<br />
PK<br />
QueueConf<br />
DSCP<br />
InterfaceBW<br />
Bandwidth<br />
AgregNumb<br />
Borrow<br />
MinGRED<br />
MaxGRED<br />
DropNumb<br />
LimitGRED<br />
QueueID<br />
PK,FK1<br />
FK2<br />
Interface<br />
InterfaceID<br />
Address<br />
Active<br />
IsCoreInterface<br />
TotalBandwidth<br />
RefDisciplineID<br />
RefRouterID<br />
QueueID<br />
PK<br />
FK1<br />
Router<br />
RouterID<br />
Active<br />
AvailBW<br />
Login<br />
Pass<br />
EnablePass<br />
Name<br />
RefBrokerID<br />
InterfaceID<br />
Broker<br />
PK<br />
Queue<br />
QueueID<br />
DSCP<br />
DropNumber<br />
SentNumber<br />
YellowMarked<br />
RedMArked<br />
Occupation<br />
OverLimits<br />
BurtSize<br />
Rate<br />
BufferSize<br />
YellowThreshold<br />
RedThreshold<br />
RefInterfaceID<br />
NetService<br />
PK DSCP<br />
Name<br />
RadioClass<br />
FK1 QueueID<br />
PK,FK1,FK2<br />
PK<br />
RadioGW<br />
BrokerID<br />
Address<br />
Active<br />
RadioGWID<br />
CoreInterf<br />
NetInterf<br />
RefInterfaceID<br />
RefBrokerID<br />
Figure 77 - NetworkDB database format<br />
4.4.3.3.2 NetStatus<br />
NetStatus database keeps information about the network state. It keeps information about network usage,<br />
as well as about authorized user profiles in this network. This database has the tables:<br />
- NVUP: Keeps the information about the NVUP of the registered user;<br />
- NetService: Has the authorized service list of the registered users;<br />
- Reservations: Keeps a list of network services in use by a network user;<br />
NVUP<br />
NetService<br />
Reservations<br />
PK<br />
NVUPID<br />
PK<br />
ServiceID<br />
PK<br />
ReservID<br />
NAI<br />
CoA<br />
Timeout<br />
FK1<br />
SourceAddress<br />
DestAddress<br />
DSCP<br />
Timeout<br />
RefNVUPID<br />
Figure 78: NetStatus database<br />
SourceAddress<br />
DestAddress<br />
DSCP<br />
Timeout<br />
RefRouterID<br />
4.5 AAAC Server Software Specification<br />
This document describes the modules within the AAAC Server and their interaction.<br />
D0103v1.doc 104 / 168
D0103v1.doc Version 1 6.7.2003<br />
User<br />
Profile<br />
Policy<br />
Acctg<br />
DB<br />
Charging<br />
Module<br />
AAAC<br />
Server<br />
DIAMETER<br />
Server<br />
Chrg<br />
DB<br />
Home<br />
Agent<br />
QoS<br />
ASM<br />
QoS<br />
Broker<br />
AAAC<br />
Attendant<br />
Audit<br />
Trail<br />
Auditing<br />
Audit<br />
Rpt<br />
Figure 79: AAAC Server Architecture<br />
The following sections describe the functionalities of each module and the interaction with other<br />
modules within AAAC Server as well as with other <strong>Moby</strong><strong>Dick</strong> entities, if any. The interaction comprises<br />
of message sequence and the respective parameters.<br />
4.5.1 User Profile<br />
This document first gives a specification of the user profile as used within the project <strong>Moby</strong> <strong>Dick</strong> and in<br />
the second part it defines a set of user profiles to by used within the <strong>Moby</strong> <strong>Dick</strong> tests. The goal for these<br />
test users is not to have a complete list of all possible test users with the variety of possibilities of how to<br />
assign parameters to a QoS profile, but to define a well known set of profiles which allow to reproduce<br />
integration tests since they are based on these profiles.<br />
A user profile is a data record of user-specific data; it contains all the data associated with the user, e.g.<br />
username, authentications data, service level agreements, charging info, policies etc.<br />
The user profile is unique, every user who is able to access the network and use some application or<br />
network services must have one user profile.<br />
The information contained in the user profile could be divided in the following different groups:<br />
• User specific information for authentication purpose: Username, password, secret key, etc.<br />
• Service specific information for authorization purpose: Service level agreements, max<br />
bandwidth, etc<br />
• Charging / Tariff specific information for accounting purpose: Tariff group, etc.<br />
4.5.1.1 User Profile Attributes<br />
The information in the user profile is usually represented as attributes.<br />
An attribute is consisting of the name of the attribute and a value, called an Attribute-Value Pair (AVP).<br />
The user profile contains a set of mandatory attributes, which must be present, and a set of optional<br />
attributes, which may be present. Mandatory attributes are set during the creation process of the user<br />
profile with the user value or the default value. In the RADIUS and DIAMETER specification various<br />
attributes are defined.<br />
The user profile contains static attributes. The Static attributes are not being changed during a session.<br />
Dynamic data and accounting data are stored in the session and accounting record. Maybe some (limited)<br />
sections of the user profile could be dynamic. One example of this is a remaining budget in the case of a<br />
prepaid user.<br />
D0103v1.doc 105 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.5.1.2 General View of User Profile<br />
Before talking of user profiles and their definitions, we need to spend some thoughts on the accounting,<br />
charging, customer profiles and SLA’s—since this is all related together. Within the <strong>Moby</strong><strong>Dick</strong> project<br />
there will be “<strong>Moby</strong><strong>Dick</strong>” -operators offering services to the customers. For such an operator accountingand<br />
charging-components (besides many other components) will be developed. One aim is that roaming<br />
between different “<strong>Moby</strong><strong>Dick</strong>”-operators shall be possible. This aim has main influence in developing the<br />
accounting and its components, c.f. section 4.5.3. All accounting data is stored at the AAAC.h—in the<br />
case of roaming (i.e. the customer is in a foreign domain), the accounting data is transferred from the<br />
AAAC.f to the AAAC.h and then stored in the accounting database. The format and structure of the<br />
accounting data is fixed, cf. section 4.5.4.4.<br />
The next step is the SLA between the customer and one of our “<strong>Moby</strong><strong>Dick</strong>”-operators. Each user must<br />
have an SLA with at least one operator (called home operator), before he can use a service—this SLA<br />
may include the post- or prepaid billing scenario. Basically each “<strong>Moby</strong><strong>Dick</strong>”-operator can setup its own<br />
SLA’s and its own tariff structure. In order to support roaming between operators, the basis for the<br />
charging (and tariffs) will be the accounting data, which has always the same structure (cf. section<br />
4.5.4.4). So, each “<strong>Moby</strong><strong>Dick</strong>”operator could use its own charging component and its own tariff<br />
structure, regardless what the other operators will use and roaming would still be possible.<br />
Within the <strong>Moby</strong><strong>Dick</strong>-project we need to develop one charging component for a “<strong>Moby</strong><strong>Dick</strong>”-operator.<br />
The charging component will be developed at ETH and will then be used for all “<strong>Moby</strong><strong>Dick</strong>”-operators,<br />
since no other charging components will be developed. Therefore, all operators will use the same<br />
charging components with the same tariff structure (but not the same tariffs) and hence the SLA’s and the<br />
corresponding parts in the customer profile will have the same structure, too. This is simply due to the<br />
fact that the SLA’s and the charging/tariffing structure are closely related.<br />
This general structure of the SLA’s, i.e. their representations in the customer profiles are shown in Table<br />
20. The customer database containing this data will be realized with MySQL and is always located at the<br />
home “<strong>Moby</strong><strong>Dick</strong>” operator.<br />
Some entries in Table 20 should not be transferred to any other “<strong>Moby</strong><strong>Dick</strong>”-operator, because the data is<br />
only needed by the charging and/or billing component of the home operator, cf. last column. The first<br />
rows of Table 20 contain information about the user’s address. The row for the remaining budget “RB”<br />
will be used in the future to support the prepaid business case. Here it is important to note that the<br />
remaining budget in monetary units (e.g. € 12.50) must never be transferred to another operator. But the<br />
representation of the remaining budget in terms of “accounting units” (e.g. 120 MB download volume)<br />
needs to be accessible for other operators, since they need to know, when the remaining budget is empty.<br />
The row “Payment scheme” is used to distinguish between the post- and prepaid business case.<br />
The structure of tariffs is as follows:<br />
Within an SLA, each service is associated with a tariff ID. In the accounting process, services can be<br />
distinguished on the basis of the DSCP field, cf. section 4.5.4.3, 4.5.4.4 for details. Because we<br />
distinguish between tariffs in the home and foreign domain, there exists also different tariff ID’s for the<br />
home and foreign domain. As an example “HDTariffS1” would contain the tariff ID for service S1 in the<br />
home domain. Certain values of the tariff ID’s have special meanings, please refer to Table 18.<br />
Values of TariffID’s<br />
Meaning<br />
0 Users is not allowed to use the respective service<br />
according to the SLA<br />
1 Signalling (this might lead to no charge or only a<br />
very small charge)<br />
2 … 9 Reserved for future use<br />
10 … 255 Valid Tariff ID’s of services<br />
Table 18: Values of tariff ID’s.<br />
In order to give further structure in the values of the tariff ID’s, the ranges reserved for selecting the tariff<br />
are shown in Table 19. With this predefined structure it’s possible to setup 5 different tariffs for each<br />
service per domain. For the <strong>Moby</strong><strong>Dick</strong> environment this represents enough flexibility.<br />
D0103v1.doc 106 / 168
D0103v1.doc Version 1 6.7.2003<br />
Service Values of TariffID’s Home or Foreign Domain<br />
S1 10 – 14 HD<br />
15 – 19 FD<br />
S2 20 – 24 HD<br />
25 – 29 FD<br />
S311 30 – 34 HD<br />
35 – 39 FD<br />
S312 40 – 44 HD<br />
45 – 49 FD<br />
S313 50 – 54 HD<br />
55 – 59 FD<br />
S4 60 – 64 HD<br />
65 – 69 FD<br />
S5 70 – 74 HD<br />
75 – 79 FD<br />
S6 80 – 84 HD<br />
85 – 89 FD<br />
(S7) 90 – 94 HD<br />
95 – 99 FD<br />
SIG 1 FD and HD<br />
Table 19: Ranges reserved for selecting tariffs.<br />
MySQL<br />
Column<br />
Name<br />
MySQL<br />
Data Type<br />
Example Remarks Transfer<br />
allowed?<br />
UserID VARCHAR (255) mhans@abc.com It is the NAI of the user,<br />
which must be globally<br />
unique, and it will be the<br />
primary key.<br />
Password VARCHAR (255) top-secret No<br />
Email VARCHAR (255) hans.muster@abc.com No<br />
LastName VARCHAR (255) Muster No<br />
FirstName VARCHAR (255) Hans No<br />
Street VARCHAR (255) Bahnhofstrasse 12 No<br />
City VARCHAR (255) Zürich No<br />
Zip VARCHAR (255) 8001 No<br />
Country VARCHAR (255) Switzerland No<br />
HDTariffS1<br />
HDTariffS2<br />
TINYINT<br />
UNSIGNED<br />
(Value 0 to 255)<br />
TINYINT<br />
UNSIGNED<br />
10, cf remarks on<br />
reserved value<br />
This value specifies the<br />
TariffID (i.e. tariff) that<br />
will be applied, when a<br />
customer will use this<br />
service in his HOME<br />
domain.<br />
If the value is “0” then the<br />
user is not allowed to use<br />
the service.<br />
... No<br />
… … … … …<br />
HDTariffS6<br />
TINYINT<br />
UNSIGNED<br />
... No<br />
FDTariffS1 TINYINT 10 This value specifies the No<br />
Yes<br />
No<br />
D0103v1.doc 107 / 168
D0103v1.doc Version 1 6.7.2003<br />
FDTariffS2<br />
UNSIGNED<br />
TINYINT<br />
UNSIGNED<br />
TariffID (i.e. tariff) that<br />
will be applied, when a<br />
customer will use this<br />
service in his FOREIGN<br />
domain.<br />
... No<br />
… … … … …<br />
FDTariffS6<br />
TINYINT<br />
UNSIGNED<br />
... No<br />
Table 20: Generic <strong>Moby</strong> <strong>Dick</strong> User Profile<br />
In order to allow a user the usage of applications and services in both, home network and foreign<br />
network, information about the user is necessary and services for authentication, authorization and<br />
accounting purpose. An AAAC service provides the needed information to authenticate a user and to<br />
establish authorized network service for a user. A main idea of a distributed AAAC service is that all data<br />
associated with users are stored centralized in the user database. All data in this database associated with<br />
the same user is called user profile of this user.<br />
4.5.1.3 User Profile Distribution<br />
A User Profile generally is stored in a repository “close” to the AAAC.h server. Within this context,<br />
“closed” means that the AAAC.h server has all access capabilities to this repository required for<br />
Authentication and Authorization process. So an interface to the user profiles is the access over the<br />
AAAC.h to which a user has registered.<br />
After the AAAC.h received an authentication and authorization request over AAA protocol for a usage of<br />
an applications or a network service, the AAAC.h retrieves over this interface all needed information<br />
from the user profile, in order to make a decision. If the decision is successful the home AAAC server<br />
sends in the authentication and authorization response all attributes of the user profiles, which are needed<br />
to provide the service to the user. Usually the authentication and authorization decision is made from<br />
Home AAAC Server (decision enforcement point). Only the result of the decision and configuration data<br />
are send to AAA entity (i.e. AAAC.f), which has generated the authentication and authorization request.<br />
The whole user profile is never sent to other AAA entity for privacy and legal issues. Only AAAC.h has<br />
full knowledge of the user profile.<br />
The conveyance of user profile data over the AAA protocol must be secure. This means that at least data<br />
integrity for the end-to-end communication is guaranteed.<br />
4.5.1.4 User Profile Management<br />
The User Profiles are stored in the user database of users Home Domain and also all management and<br />
maintenance tasks for the user profiles are performed in the home domain. The management and<br />
maintenance tasks involved: to create and to delete user profiles and to add, to modify and to delete static<br />
attributes. The registration process for a new user creates the user profile. It is assumed that this process is<br />
done “offline” and so it is out of the scope of <strong>Moby</strong> <strong>Dick</strong>. All these tasks are performed over the<br />
management interface to user database. This interface is not standardized in the AAA infrastructure.<br />
Usually the user database is stored either in database or in directory service. A user has no direct access to<br />
this user profile.<br />
To define and implement the management interface for the user database is out of the scope of the <strong>Moby</strong><br />
<strong>Dick</strong> project.<br />
4.5.1.5 Network View of user Profile (NVUP) - Global SLAs<br />
The following section describes an example NVUP.<br />
Name<br />
Service<br />
Class<br />
Relative<br />
Priority<br />
Service parameters<br />
Typical Usage Description<br />
SIG AF41 2 Unspecified Signalling (network usage)<br />
D0103v1.doc 108 / 168
D0103v1.doc Version 1 6.7.2003<br />
S1 EF 1 Peak BW: 32 kbit/s Real time services<br />
S2 AF21 3 CIR: 256 kbit/s Priority (urgent) data transfer<br />
S3 AF1* 4 Three drop precedences<br />
(kbps):<br />
AF11 – 64<br />
AF12 – 128<br />
AF13 – 256<br />
Olympic service (better than<br />
BE:streaming, ftp, etc)<br />
S4 BE 0 Peak bit rate: 32 kbit/s Best Effort (BE)<br />
S5 BE 0 Peak bit rate: 64 kbit/s Best effort<br />
S6 BE 0 Peak bit rate: 256 kbit/s Best effort<br />
S7<br />
Request AAAC<br />
Table 21: SLA<br />
Note: 1 is highest priority, 4 lowest. 0 means no priority.<br />
4.5.1.6 Test users – Profile Examples<br />
In the following a set of test-users are defined which will be represented in the repository of the database.<br />
In the AAAC system. According to this profile specifications the traffic is marked and services are<br />
provided.<br />
4.5.1.6.1 Victor<br />
User Victor is a user subscribing a high bandwidth “Internet” and a “voice”. He would get a S6, a S1 and<br />
the SIG services attributed, no specific destination. Victor has full roaming possibilities, a fixed contract<br />
with not budget/quota limitations. The detailed profile can be found in the Annex.<br />
4.5.1.6.2 Eric<br />
Eric - user subscribing a “Premium Internet” for company access, a voice and a “Traditional Internet”. It<br />
would get the SIG, the S1 and the S5 services, no specific destination, and a S2 with destiny equal to its<br />
company address. The detailed profile can be found in the Annex.<br />
4.5.1.6.3 Hans<br />
Hans – user subscribing “Flexible Internet”. It would get SIG and S3, no specific destination. Hans is not<br />
allowed to roam. So this profile is only valid in the home domain. The detailed profile can be found in the<br />
Annex.<br />
4.5.1.6.4 Michelle<br />
Michelle – user subscribing “Costless Internet”, “VideoService” and “voice”. It would get a S4, a SIG<br />
and a S1, without specific destination, and a S2, directed to a specific videoserver, and for specific<br />
protocols. Amardeo is able to roam. The detailed profile can be found in the Annex.<br />
4.5.2 Diameter Entities<br />
As shown in Figure 79 the diameter server plays a central role in AAAC architecture. The diameter server<br />
maintains interfaces to other AAAC servers, Attendant on the access router, QoS broker via an ASM, and<br />
to other backend databases that are used for charging, accounting, policy etc.<br />
This section describes the interaction between Mobile Node (MN), Attendant, , AAAC Server foreign<br />
(AAAC.f), AAAC Server home (AAAC.h) and the home agent (HA) respectively in the framework of the<br />
<strong>Moby</strong> <strong>Dick</strong> project. The section further describes the parameters to be used. It is further a functional<br />
specification of the interaction between the different entities involved in AAAC and MIP.<br />
D0103v1.doc 109 / 168
D0103v1.doc Version 1 6.7.2003<br />
Foreign<br />
AAA<br />
(AAAF)<br />
Home<br />
AAA<br />
(AAAH)<br />
ƒAA-Mobile-Node-<br />
Request<br />
„AA-Mobile-Node-<br />
Answer<br />
‚AA-Mobile-Node-<br />
Request<br />
…AA-Mobile-Node-Answer<br />
Attendant<br />
on<br />
AR<br />
MNAReq<br />
† MNARsp<br />
Mobile<br />
Node<br />
(MN)<br />
MN = Mobile Node<br />
Figure 80: AAAC in <strong>Moby</strong> <strong>Dick</strong> – Global Operation<br />
4.5.2.1 User registration with a MN<br />
The User Registration Protocol (URP) module on the MN is responsible for initiating a communication<br />
between the MN and the AAAC attendant, which is located on the access router. This is a user space<br />
application residing on the MN, which communicates with the MTNM module and the attendant.<br />
The main functions of URP module are:<br />
• Setting up an AAA session after being triggered by MTNM module<br />
• Setting up an Security Association with the Attendant<br />
• Passing the result of registration to NTNM module<br />
Mobile Terminal<br />
Access Router<br />
User Space<br />
URP Module<br />
4. SendRegResp<br />
2.<br />
3.<br />
User Space<br />
AAA Att.<br />
1.<br />
Trigger<br />
StartIntDomHO<br />
NTNM Module<br />
Kernel<br />
Kernel<br />
Figure 81: URP and MTNM interaction<br />
D0103v1.doc 110 / 168
D0103v1.doc Version 1 6.7.2003<br />
The URP is triggered by the MTNM to send a Mobile Node Authentication Request (MNARq) when one<br />
or more then one of the following events are detected:<br />
• the current AAA state was lost due to: (re)booting, crashing, etc.<br />
• expiration of authorization lifetime<br />
• the AAA domain is changed because of an hand-over (inter domain HO)<br />
At the time of registration the URP sends the Mobile Node Authentication Request message (MNARq) to<br />
the attendant on the access router. The information contained in an MNARq is local/internal i.e. residing<br />
in an configuration file on the MN e.g. NAI.<br />
Other information that is used by URP is some external information e.g. the challenge taken from a<br />
Router (Attendant) Advertisement. This information is added into the MNARq to avoid reply attacks.<br />
The attendant responds to MNARq with MNARp<br />
The MN carries out the following actions upon receiving an MNARp:<br />
• check that < AAAC.h-MAC > is correct using the SK[MN-AAAC.h]; if not drop the whole<br />
message<br />
• process the AAA Result-Code, HA-Result-Code<br />
• set up timers for being able to tell when the session identified by the Session-Id is over<br />
• set up SA the MN-Attendant SA (using key material in Att-DH-PV)<br />
In case of errors (transport-mechanism-related, AAA-related, mobile-IPv6-related) an exponential backoff<br />
approach for resending packets is used. As this method does not use too much resources (bandwidth)<br />
for sending requests.<br />
The information about the internal states / info related to MNARq / MNARp signalling must be made<br />
available; especially to be able to generate the SAs.<br />
The AVPs exchanged between the AAAC.h and the MN are always authenticated by computing an<br />
HMAC-MD5 over them using SK[MN-AAAC.h]<br />
4.5.2.2 Attendant<br />
Attendant is a diameter specific module in the access router. The Attendant comprises a module of<br />
software that implements the AAA signalling and a set of routing policies; some of these policies are set<br />
up as a consequence of the AAA signalling.<br />
Registration<br />
protocoll<br />
handler<br />
ATTENDANT<br />
AAAC protocol<br />
handler<br />
AAAC<br />
Server<br />
Mapper, Mediator, Event gen.<br />
AAAC client<br />
Attendant<br />
log<br />
Session<br />
Status<br />
Trigger,<br />
remove<br />
S.A.<br />
Configure,<br />
Meter data<br />
Security<br />
Manager<br />
Metering<br />
Figure 82: The attendant<br />
D0103v1.doc 111 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.5.2.3 Registration Protocol Handler<br />
The Registration Protocol Handler (RPH) is triggered on receiving an MNARq or on receiving an<br />
MNARp.<br />
The MNARq message is sent when the MN is switched on or the authorization lifetime expires. After<br />
such an event the MN communicates with the attendant to request an access. As Diameter is not used for<br />
communication between a MN and an Attendant, the AAA request from the MN must be sent using UDP<br />
to the Attendant.<br />
Message:<br />
Parameters:<br />
MNARq (Mobile Node AAA Request)<br />
Challenge<br />
User-Name (AVP name which can generate lots of confusion)<br />
MIPv6-Mobile-Node-Address<br />
MIPv6-Home -Agent-Address<br />
MIP-Binding-Update (Home Registration)<br />
MN-DH-PV (MN's Diffie-Hellman public value)<br />
The RPH is also triggered at receiving a response message from the AAAC infrastructure. This is the<br />
response sent by the AAA-h to the MNARq<br />
Message: MNARp.<br />
Message:<br />
Parameters:<br />
MNARp<br />
Session-Id<br />
Result-Code<br />
AAAC.h-MN-AVPs<br />
4.5.2.4 AAAC Protocol Handler<br />
Once the Attendant has received the UDP packets containing the AAA messages, it will send all the<br />
upstream messages using Diameter<br />
ARR.f ::= < Diameter-Header: 0xfff00fff, 0, REQ, PXY ><br />
{ Session-Id }<br />
{ Origin-Host }<br />
{ Origin-Realm }<br />
{ Destination-Realm }<br />
{ Auth-Application-Id }<br />
{ MN-AAAC.h-AVPs } /* An AVP of type Grouped */<br />
{ Att-DH-PV }<br />
* [ AVP ]<br />
The answer to the above request looks as follows<br />
ARA.f ::= < Diameter-Header: 0xfff00fff, 0, REP, PXY ><br />
{ Session-Id }<br />
{ Result-Code }<br />
{ AAAC.h-MN-AVPs } /* An AVP of type Grouped */<br />
* [ AVP ]<br />
4.5.2.5 Fast handover<br />
The attendant also has an interface to the Fast Handover (FHO) module, which is a kernel space module.<br />
These modules interact with each other to transfer the context from the old access router to the new<br />
access router.<br />
D0103v1.doc 112 / 168
D0103v1.doc Version 1 6.7.2003<br />
Old AR<br />
New AR<br />
User Space<br />
AAA Att.<br />
User Space<br />
AAA Att.<br />
1.<br />
Trigger<br />
ctxTran<br />
FHO Mod.<br />
Kernel<br />
2.<br />
CtxtoFHO<br />
3. Handover Initiate<br />
FHO Mod.<br />
Kernel<br />
4.<br />
CtxtoAtt<br />
Figure 83: FHO module and Attendant interaction during FHO<br />
On receiving a “Router Solicitation for Proxy” message form the MN, the FHO module at the old access<br />
router requests the AAA Attendant for the context associated with the MN. The FHOmodule executes the<br />
function “StartCtxTransfer” which contains identification of the message (MesgType) e.g.<br />
StartCtxTransfer, SendctxToAtt or SendctxToFHO and the length of this message<br />
4.5.2.6 Diameter / foreign server<br />
The main functions of a foreign server are to support the mobile users to be able to access the network<br />
from outside their home network. For this purpose the AAAC.f must also support MIP.<br />
Upon receiving an AA Registration Request (ARR.f) message, the AAAC.f: The foreign server then<br />
routes the ARR.f message to the AAAC.h (using proxies or not). The AAA core executes routing using<br />
Realm Routing Table (RRT). The AAAC.f then keeps the info related to this message into the list of<br />
pending requests<br />
The response to ARR is AA Registration Reply (ARA). Upon receiving an ARA message from the<br />
AAAC.h, the AAAC.f: checks / processes the AAA Result-Code and then route it back to the Attendant.<br />
After receiving an answer from the AAAC.h the AAAC.f calls the QoS ASM, that communicates with a<br />
QoS broker.<br />
4.5.2.7 AAAC.h<br />
The AAAC.h supports MIP (as developed for the <strong>Moby</strong> <strong>Dick</strong> project) with help of ASM (application<br />
specific module)<br />
After receiving an ARR.f message the mobility ASM checks the MN's NAI, MN's Home IP Addr., Home<br />
Ag. Addr. It further checks the authentication of the AVPs record from the MN. Based on this info, it<br />
decides whether it should allow the MN to use mobile-ipv6 or not. It also selects the SA to be used for<br />
authentication.<br />
4.5.2.8 Home Agent-AAA-Enabler<br />
This is a User-space application implementing an AAA-client. Main functions of this entity are that it<br />
enables the AAAC.h to dynamically allocate HAs (load balancing) and enforce mipv6 policies at the HA.<br />
After receiving HOR (Home Agent Request),: the AAA_HA module checks whether it is good or not;<br />
respond with an appropriate Result-Code AVP and create a DH key and send the public part to the MN as<br />
an AVP in the HOA message. This then sends the reply to the requesting AAAC.h server by using the<br />
HOA (Home Agent Answer) message:<br />
D0103v1.doc 113 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.5.2.9 AAA message flow<br />
This section describes and specifies the message flows. The flows are divided in to request flow and reply<br />
flows. The request flow originate from MN and trans the AAA entities towards the AAA server. Whereas<br />
the reply flow is the response to the request flow and goes towards the MN.<br />
MN<br />
MNARq<br />
Attendant AAA.f AAA.h<br />
ARR.f<br />
ARR<br />
Request flow<br />
MNARp<br />
ARA.f<br />
ARA<br />
Reply flow<br />
Figure 84: AAA message flows<br />
Note, upon the reception of the ARA, the AAAC.f dumps the NVUP (part of user’s profile) to the<br />
QoSB.f. For more details see section: QoS Interface.<br />
4.5.2.9.1 MN to Attendant<br />
When the MN is switched on or after the expiration of the authorization lifetime, the MN communicates<br />
with the attendant to request an access. As Diameter is not used for communication between an MN and<br />
Attendant, the diameter AAA request from the MN must be sent using UDP to the Attendant.<br />
Message:<br />
MNARq (Mobile Node AAA Request)<br />
UDP packet containing an AAA message having the following structure:<br />
Parameters:<br />
Challenge<br />
User-Name<br />
MIPv6-Mobile-Node-Address<br />
MIPv6-Home -Agent-Address<br />
MIP-Binding-Update<br />
MN-DH-PV<br />
MN-MAC<br />
In the following sections the content of the AAA message is listed.<br />
Challenge<br />
The attendant broadcasts the challenge. The format of the Challenge has the following structure.<br />
AVP code: 0xfff00400<br />
Type: Unsigned32<br />
Length: 12 (16 if the 'V' bit is enabled)<br />
Value: The challenge MN has got from the Attendant<br />
User-Name<br />
D0103v1.doc 114 / 168
D0103v1.doc Version 1 6.7.2003<br />
This user name should not be seen as the username in a Unix system. This user name is inferred from the<br />
definition as defined in RFC2486.<br />
Note: It is to be kept in mind that mobile-IP DOES NOT have anything to do with user names<br />
AVP code: 1<br />
Type: UTF8String<br />
Length: Variable<br />
Contains: NAI /* As defined in RFC2486 / The Network Access Identifier */<br />
MIPv6 -Mobile-Node-Address<br />
This address has been specified as it is defined in RFC2486 Diameter Mobile IPv6 Application<br />
AVP code: 0xfff00001 /* TBD in the draft */<br />
Type: IPAddress<br />
Length: 24 (28 with bit V enabled) /* 16 (IPv6 Addr) + 8 (12) (AVP Header) */<br />
Contains: Mobile's Node Home Address<br />
MIPv6 -Home-Agent-Address<br />
This is optional since a Home Agent can be assigned automatically. This also defined in RFC 2486<br />
Diameter Mobile IPv6 Application<br />
AVP code: 0xfff00002 /* TBD in the draft */<br />
Type: IPAddress<br />
Length: 24 (28 with bit V enabled) /* 16 (IPv6 Addr) + 8 (12) (AVP Header) */<br />
Contains: Mobile's Node Home Agent AddressA<br />
MIP-Binding-Update<br />
The Home Registration as defined in RFC2486. This is optional because it is used only in the scenario in<br />
which mobile IP and AAA signalling are combined<br />
AVP code: 0xfff00003 /* TBD in the draft */<br />
Type: OctetString<br />
Length: Variable<br />
Contains: Mobile's Node Home Registration message<br />
MN-DH-PV<br />
Defined by <strong>Moby</strong> <strong>Dick</strong>. AVP containing the public value of the MN's Diffie -Hellman key<br />
AVP code: 0xfff00500<br />
Type: OctetString<br />
Length: 128 ( 132 when V is set )<br />
Contains: public value of the MN's Diffie-Hellman key<br />
MN-MAC<br />
Defined by <strong>Moby</strong> <strong>Dick</strong><br />
AVP code: 0xfff00004<br />
Type: OctetString<br />
Length: 16 ( 20 when V is set )<br />
Contains: HMAC-MD5 over the following AVPs:<br />
{Challenge }, { User-Name }, { MIPv6-Mobile-Node-Address }<br />
{ MIPv6-Home-Agent-Address }, { MIP-Binding-Update }<br />
the HMAC-MD5 is computed using SK[MN-AAAC.h]<br />
4.5.2.9.2 Attendant to AAAC.f<br />
Once the Attendant has received the UDP packets containing the AAA messages, it will send all the<br />
upstream messages using Diameter (i.e. over TCP / SCTP).<br />
D0103v1.doc 115 / 168
D0103v1.doc Version 1 6.7.2003<br />
Message:<br />
:Parameter Structure<br />
AA-Registration-Request (ARR.f)<br />
Session-Id<br />
Origin-Host<br />
Origin-Realm<br />
Destination-Realm<br />
Auth-Application-Id<br />
MN-AAAC.h-AVPs<br />
Att-DH-PV<br />
{ Session-Id }<br />
/* Defined in Diameter Base Protocol */<br />
AVP code: 263<br />
Type: UTF8String<br />
Length: variable<br />
Value:<br />
;;[;]<br />
{ Origin-Host }<br />
/* Defined in Diameter Base Protocol */<br />
/* Diameter Base Protocol */<br />
AVP code: 264<br />
Type: DiameterIdentity<br />
Length: Variable<br />
Value: an UTF8String encoding of its FQDN<br />
{ Origin-Host }<br />
/* Defined in Diameter Base Protocol */<br />
/* Diameter Base Protocol */<br />
AVP code: 296<br />
Type: DiameterIdentity<br />
Length: Variable<br />
Value: an UTF8String encoding of its realm<br />
{ MN-AAAC.h-AVPs }<br />
/* Defined by <strong>Moby</strong> <strong>Dick</strong> */<br />
/* An AVP of type grouped containing all AVPs that are exchanged btw. */<br />
/* MN and AAAC.h. Main reason for grouping is that there is a MAC computed */<br />
/* over their values */<br />
MN-AAAC.h-AVPs ::= < AVP Header: 0xfff00401 ><br />
{ Challenge }<br />
{ User-Name }<br />
* { MIPv6-Mobile-Node-Address }<br />
* { MIPv6-Home-Agent-Address }<br />
* { MIP-Binding-Update }<br />
* { MN-DH-PV }<br />
< MN-MAC ><br />
{ Att-DH-PV }<br />
/* Defined by <strong>Moby</strong> <strong>Dick</strong> */<br />
/* Attendant's DH public value */<br />
AVP code: 0xfff00501<br />
Type: OctetString<br />
D0103v1.doc 116 / 168
D0103v1.doc Version 1 6.7.2003<br />
Length: 128 ( 132 when V is set )<br />
Contains: public value of the Attendant's Diffie-Hellman key<br />
The same kind of AAA messages are exchanged btw. AAAC.f and AAAC.h<br />
4.5.2.9.3 AAAC.h to AAAC.f<br />
Message:<br />
Parameters:<br />
{ Result-Code }<br />
AA Registration Answer (ARA)<br />
Session-Id<br />
Result-Code<br />
Origin-Host<br />
Origin-Realm<br />
Auth-Grace-Period<br />
AAAC.h-MN-AVPs<br />
/* Defined in */<br />
AVP code: 268<br />
Type: Unsigned32<br />
Contains: IANA-managed 32-bit address space representing errors.<br />
{ Auth-Grace-Period }<br />
/* Defined in */<br />
AVP code: 276<br />
Type: Unsigned32<br />
Contains: a value that implies the maximum length of the session the home realm is willing to be fiscally<br />
responsible for<br />
AAAC.h-MN-AVPs ::= < AVP Header: 0xfff00402 ><br />
{ User-Name }<br />
{ Authorization-Lifetime }<br />
{ Session-Timeout }<br />
* { MIPv6-Mobile-Node-Address }<br />
{ HA-DH-PV }<br />
* { Att-DH-PV }<br />
< AAAC.h-MAC ><br />
{ Authorization-Lifetime }<br />
/* Defined in Diameter Base Protocol */<br />
AVP code: 291<br />
Type: Unsigned32<br />
Contains: session life time in secs (>= with the BU lifetime req. from the HA)<br />
{ Session-Timeout }<br />
/* Defined in */<br />
AVP code: 27<br />
Type: Unsigned32<br />
Contains: the maximum number of seconds of service to be provided to the user before termination of the<br />
session<br />
< AAAC.h-MAC ><br />
/* Defined by <strong>Moby</strong> <strong>Dick</strong> */<br />
AVP code: 0xfff00005<br />
Type: OctetString<br />
Length: 16 ( 20 when V is set )<br />
Contains: HMAC-MD5 over the following AVPs:<br />
{Challenge }, { User-Name }, { MIPv6-Mobile-Node-Address }<br />
D0103v1.doc 117 / 168
D0103v1.doc Version 1 6.7.2003<br />
{ MIPv6-Home-Agent-Address }, { MIP-Binding-Update }<br />
the HMAC-MD5 is computed using SK[MN-AAAC.h]<br />
4.5.2.9.4 AAAC.f to Attendant<br />
Message:<br />
Parameters:<br />
AA Registration Answer foreign (ARA.f)<br />
Session-Id<br />
Result-Code<br />
AAAC.h-MN-AVPs<br />
4.5.2.10 Attendant to MN (UDP message)<br />
Message:<br />
Parameters :<br />
4.5.3 Accounting DB<br />
Mobile Node AAA Reply (MNARp)<br />
Session-Id<br />
Result-Code<br />
AAAC.h-MN-AVPs<br />
A session, that has been started after a successfully authentication and authorization, must also be<br />
accounted for. Several AAA entities are involved in accounting e.g. attendant, AAAC.f, AAAC.h.<br />
4.5.3.1 AAAC Client<br />
The AAAC Client receives answers from AAAC.f for issued AA requests. In case of a negative answer<br />
the answer is forwarded to the meter client (as usual) and no accounting takes place.<br />
In case of a positive answer the AAAC client configures its accounting functionality according to the<br />
accounting policies contained in the AA answer. If no such policies are present it configures accounting<br />
according to a default configuration specified before starting the client. Accounting is configured before<br />
the answer is forwarded to the client. If some error occurs it is open what happens. Possible solutions are:<br />
• The AAAC client forwards answer to the meter client, session takes place as usual (may be no<br />
accounting or missing accounting data)<br />
• The client sends a message to AAAC.f, AAAC.f can try to get around the problem in which case the<br />
client forwards the positive reply. In the other case it forwards the negative reply.<br />
In the implementation the first option will be preferred and used.<br />
After forwarding the AA answer the client immediately generates an accounting start request and sends it<br />
to the AAAC.f.<br />
During a session runtime the client generates interim accounting messages and sends them to AAAC.f.<br />
If the client receives a session stop indication it generates an accounting stop request and sends it to the<br />
AAAC.f.<br />
The AAAC client has an interface to the metering functionality on the access router. It sends a<br />
METER_START message containing a filter spec and all other configuration parameters when<br />
accounting is started. It may receive a handle from the metering function. It sends a METER_STOP<br />
message containing a filter spec or handle previously received to stop metering for that particular session.<br />
The following information is needed as filter:<br />
• mobile nodes IP address (CoA)<br />
• mobile nodes ports (in case of specific QoS sessions which are flow based) (known through specific<br />
AA request from MN).<br />
• DSCP (either 0 for registration or specific value for QoS session; note that signalling traffic between<br />
MN and AR is supposed to have DSCP!=0 so this traffic is not accounted which is intended).<br />
The AAAC client must have a function to retrieve meter data for a particular session. A<br />
GET_METER_DATA function must be supported by the metering which accepts CoA or handle and<br />
return all current accounting information for a particular MN.<br />
The meter data could also be stored in a DB as long as there is a logic that can handle the<br />
GET_METER_DATA function and deliver requested data.<br />
D0103v1.doc 118 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.5.3.2 Accounting Messages<br />
4.5.3.2.1 The Accounting-Request (ACR)<br />
The Accounting-Request (ACR) command, indicated by the Command-Code field set to 271 and the<br />
Command Flags' 'R' bit set, is sent by a Diameter node (AR), acting as a client, in order to exchange<br />
accounting information with a peer (AAA server).<br />
::= < Diameter Header: 271, REQ, PXY ><br />
< Session-Id ><br />
{ Acct-Application-Id }<br />
{ Origin-Host }<br />
{ Origin-Realm }<br />
{ Destination-Realm }<br />
{ Accounting-Record-Type }<br />
{ Accounting-Record-Number }<br />
[ User-Name ]<br />
[ Accounting-Sub-Session-Id ]<br />
[ Accounting-RADIUS-Session-Id ]<br />
[ Accounting-Multi-Session-Id ]<br />
[ Accounting-Interim-Interval ]<br />
[ Origin-State-Id ]<br />
* [ AVP ]<br />
* [ Proxy -Info ]<br />
* [ Route-Record ]<br />
Session-Id is the session ID generated by the client at the time sending the AA request. Acct-Application-<br />
Id is the IANA assigned identifier.<br />
Origin-Host: Originator of the Diameter message<br />
Origin-Realm: Realm of the originator<br />
Destination-Realm: Destination realm (real of AAAC.h)<br />
Accounting-Record-Type: start, stop or interim<br />
Accounting-Record-Number: Unique number which identifies acc rec within one session starting with 0<br />
for acc start record<br />
The AAAC client may include:<br />
User-name, interim interval,<br />
The Accounting-Interim-Interval will set to a value equal to 3 minutes.<br />
4.5.3.2.2 The Accounting-Answer (ACA)<br />
The Accounting-Answer (ACA) command, indicated by the Command-Code field set to 271 and the<br />
Command Flags' 'R' bit cleared, is used to acknowledge an Accounting-Request command. The<br />
Accounting-Answer command contains the same Session-Id and MAY contains the same Accounting<br />
Description and Usage AVPs that were sent in the Accounting-Request command. If the CMS-Data AVP<br />
was present in the Accounting-Request, the corresponding ACA message MUST include the CMS-Data<br />
AVP signed by the responder to provide strong AVP authentication, which MAY be used for the purposes<br />
of repudiation.<br />
Only the target Diameter Server, known as the home Diameter Server, SHOULD respond with the<br />
Accounting-Answer command.<br />
::= < Diameter Header: 271, PXY ><br />
< Session-Id ><br />
{ Acct-Application-Id }<br />
{ Result-Code }<br />
{ Origin-Host }<br />
{ Origin-Realm }<br />
{ Accounting-Record-Type }<br />
{ Accounting-Record-Number }<br />
[ User-Name ]<br />
[ Accounting-Sub-Session-Id ]<br />
D0103v1.doc 119 / 168
D0103v1.doc Version 1 6.7.2003<br />
[ Accounting-RADIUS-Session-Id ]<br />
[ Accounting-Multi-Session-Id ]<br />
[ Error-Reporting-Host ]<br />
[ Accounting-Interim-Interval ]<br />
[ Origin-State-Id ]<br />
* [ AVP ]<br />
* [ Proxy -Info ]<br />
4.5.3.3 The Accounting Information<br />
ACR and ACA contain AVPs containing accounting information. The information is described in the<br />
following section. The following specifications have been done:<br />
Accounting-Input-Octets AVP<br />
The Accounting-Input-Octets AVP (AVP Code 363) is of type Unsigned64, and contains the number of<br />
octets in IP packets received from the user.<br />
Accounting-Output-Octets AVP<br />
The Accounting-Output-Octets AVP (AVP Code 364) is of type Unsigned64, and contains the number of<br />
octets in IP packets sent to the user.<br />
Acct-Session-Time AVP<br />
The Acct-Time AVP (AVP Code 46) is of type Unsigned32, and indicates the length of the current<br />
session in seconds.<br />
Accounting-Input-Packets AVP<br />
The Accounting-Input-Packets (AVP Code 365) is of type Unsigned64, and contains the number of IP<br />
packets received from the user.<br />
Accounting-Output-Packets AVP<br />
The Accounting-Output-Packets (AVP Code 366) is of type Unsigned64, and contains the number of IP<br />
packets sent to the user.<br />
Since we support different QoS classes we need an additional AVP<br />
DSCP AVP<br />
The DSCP AVP is of type unsigned8 and contains the Diffserv Code Point of the session.<br />
An accounting message can contain accounting data for more than one QoS class. The following grouped<br />
AVP is used:<br />
QoS-Class-Acct-Data ::= < ><br />
{DSCP AVP}<br />
{Accounting-Input-Octets AVP}<br />
{Accounting-Output-Octets AVP}<br />
{Acct-Session-Time AVP}<br />
{Accounting-Input-Packets AVP}<br />
{Accounting-Output-Packets AVP}<br />
One or more of these grouped AVPs can appear in a Diameter accounting message.<br />
D0103v1.doc 120 / 168
D0103v1.doc Version 1 6.7.2003<br />
MN<br />
Meter<br />
Attendant/<br />
AAAC client<br />
AAAC.<br />
1<br />
2<br />
3<br />
4a<br />
4 5<br />
6<br />
7<br />
8<br />
9<br />
10<br />
Figure 85: Accounting MSC<br />
The following table specifies the messages, describes parameters and content and allows remarks.<br />
No.<br />
Message Content / Parameters Remarks<br />
1<br />
AA request<br />
usr:pwd@domain; BU<br />
2 AA reques t usr:pwd@domain; BU<br />
3 AA response 2x key(MN, AR), Profile SubSet, BACK<br />
4 Start_Meter CoA, accounting type e.g. [bytes] per DSCP<br />
service class<br />
4a Allow_User_Access<br />
5 ACR 4.5.3.2.1 The Accounting-Request (ACR)<br />
6 ACA 4.5.3.2.2 The Accounting-Answer (ACA)<br />
7 Get_Meter_Value volume, DSCP<br />
8 Send_Meter_Value volume, DSCP<br />
9 ACR 4.5.3.2.1 The Accounting-Request (ACR)<br />
10<br />
ACA<br />
4.5.3.2.2 The Accounting-Answer (ACA)<br />
Table 22: Accounting Messages and their content<br />
4.5.4 Charging Module<br />
Charging calculates the price for a given service consumption based on session and accounting<br />
information. It maps technical values into monetary units, and therefore applies a given contractual<br />
agreed upon tariff. The tariff applied might depend on QoS parameters as well as timely dependent<br />
parameters, e.g. time of the days, days of the week a service is invoked. The tariff for a particular session<br />
is assumed to be static during that session.<br />
If the user stays in a foreign domain (i.e. roaming) then the accounting data could basically be stored in an<br />
accounting database located in AAAC.f or AAAC.h. Furthermore the charging could be done either in<br />
AAAC.f or AAAC.h. Within <strong>Moby</strong> <strong>Dick</strong>, all accounting data is stored in an accounting database located<br />
at the AAAC.h only (home domain). This implies that the charging component is located in the home<br />
domain, too. In the case of roaming, accounting data is flowing from the foreign to the home domain. Of<br />
D0103v1.doc 121 / 168
D0103v1.doc Version 1 6.7.2003<br />
course, the accounting data needs to contain information about roaming, in order to allow the charging<br />
component selecting different tariffs (i.e. roaming tariffs).<br />
4.5.4.1 DIAMETER Messages vs. Entries in the Accounting Database<br />
In this context, three kind of DIAMETER messages are of interest: “start”, “interim” and “end” messages.<br />
When a session starts, the DIAMETER “start” message will add the first row of the current session to the<br />
accounting database. This first row is mandatory. Section 0 describes in details how the parameters have<br />
to be defined. When a session is running, DIAMETER “interim” messages are being generated. When a<br />
session ends, a DIAMETER “end” message will be generated and the last row for this current session will<br />
be added to the accounting database. This last row is mandatory like the first row.<br />
It is important that the accounting database is consistent! It’s up to the accounting system, to ensure the<br />
consistency. Therefore, accounting for the current session x has to produce the following entries in the<br />
accounting database:<br />
“start” message => first row for session x<br />
“interim” messages<br />
“end” message => last row for session x<br />
Therefore, accounting for a session x, will at least yield to two rows in the accounting database 1 .<br />
4.5.4.2 Sessions<br />
<strong>Moby</strong> <strong>Dick</strong> uses the concept of sessions. The next subsections give some more details about the (<strong>Moby</strong><br />
<strong>Dick</strong>) session concept. In general, each session is defined with a unique session ID and is associated with<br />
a user.<br />
Note: It is possible that a user can have more than one open session.<br />
4.5.4.2.1 Start of a Session<br />
A session can start after the following two events:<br />
1. A user switches on his MN and requests authentication and authorization. After successfully<br />
passing AA, the user will be associated with a session ID.<br />
2. A user moves from one AR to another, i.e. handover takes place. The “new” AR will associate a<br />
new session ID to the user.<br />
3. A new user logs in a MN.<br />
All events will yield to a DIAMETER “start” message and will eventually define the first row of a session<br />
in the accounting DB.<br />
Note: When the user starts a new application (e.g. VoIP) within a current session, then there will be new<br />
flows set up (with certain DSCP values), but not a new session.<br />
It is possible that two different applications generate flows with the same DSCP values; therefore it is not<br />
possible to conclude from an observed flow (i.e. the accounting data in the DB) to a certain application.<br />
4.5.4.2.2 Termination of a Session<br />
A session will be terminated after the following three events:<br />
1. A user switches off his MN.<br />
2. A user moves from one AR to another, i.e. handover takes place. The “old” session from the<br />
previous AR has to be closed.<br />
3. The lifetime of a session is reached, cf. section 4.5.4.2.4.<br />
All events will yield to a DIAMETER “end” message and will eventually define the last row of a session<br />
in the accounting DB.<br />
It is important to note that only closed sessions will be used for the charging process, cf. section 4.5.4.2.5.<br />
1 If the duration of a session is shorter than the interval of diameter „interim“ messages then the accounting DB will<br />
contains only two rows.<br />
D0103v1.doc 122 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.5.4.2.3 Re-Authentication, “Authorization-Lifetime”<br />
After 5 minutes the RE-authentication takes place. The session and hence the sessionID will not change.<br />
4.5.4.2.4 Duration of a Session, “Session-Lifetime”<br />
Each session is associated with a lifetime, which is defined during the AA-phases. The correspondent<br />
DIAMETER Parameter (“Session-Lifetime”) has to be set to a reasonable value. In <strong>Moby</strong> <strong>Dick</strong>, this<br />
lifetime will be set to 30 minutes, as it is the case in the GSM standard. After expiring, the AAAC client<br />
must generate a DIAMETER “end” message with the according entry in the accounting DB—since the<br />
current session is terminated and the user is disconnected.<br />
4.5.4.2.5 Charging of “open” Sessions<br />
As described in the section 5.2.6.1, the CC will contact the accounting database periodically. All open<br />
sessions—i.e. sessions without the last mandatory row (the one generated after a DIAMETER “end”<br />
message)—are not used for the charge calculation. It is important to note, that all open sessions need to be<br />
closed finally.<br />
If—due to an error or failure —DIAMETER “end” messages are missing in the accounting DB, then the<br />
AAAC home server has to create the “end” row, i.e. it needs to close the open session.<br />
When the AAAC server is started or restarted it checks whether all sessions have an “end” entry and if<br />
not generates one from the latest entry. This latest entry can be an “interim” or “start” message. The first<br />
case is an indication of lost “interim” messages—the AAAC home server can simply duplicate the last<br />
“interim” message belonging to the open session. The latter case indicates that only the DIAMETER<br />
“start” message was written to the accounting DB. And hence, only “null” values were written to the DB<br />
for this session. In this case the AAAC home server will also duplicate this “start” message and will<br />
generate the “end” message, which will of course contain “null” values only. The CC can detect such<br />
“null” sessions in the charging process and ignores them.<br />
4.5.4.2.6 Definition of Session ID<br />
The session ID is generated in the AR (by the AAAC Client) and has the following structure:<br />
;<br />
An example is: “access-router1.ethz.ch;1234” 2<br />
For a detailed description, see section 4.5.4.5.1.2.<br />
The domain part of the session ID (e.g. “ethz.ch”) is used to compare with the user home domain FQDN<br />
(cf. section 4.5.4.5.1.1) to check for roaming.<br />
4.5.4.2.7 Time Synchronization<br />
The AAAC clients are responsible to generate the session ID and the timestamps of the DIAMETER<br />
messages (cf. section 4.5.4.5.2). Within one domain all AAAC clients and the AAAC server (home or<br />
foreign) should use a synchronized clock. This synchronization is achieved by NTP. Each domain has an<br />
NTP server and the AAA machines have NTP clients installed with synch with the server).<br />
4.5.4.2.8 Counters<br />
The accounting and charging component will rely on counters per session, i.e. absolute counters. Table 23<br />
shows an example of an accounting DB, containing rows for one session (not all MySQL columns are<br />
shown). In the example we made the assumption that DIAMETER “interim” messages are generated after<br />
constant interval (3 minutes).<br />
… EventTime SessionTime AccType BytesToUser …<br />
… 2003-01-12 22:40:00 0 “start” 0 …<br />
… 2003-01-12 22:43:00 180 “interim” 250 …<br />
… 2003-01-12 22:46:00 360 “interim” 259 …<br />
… 2003-01-12 22:48:00 480 “stop” 478 …<br />
2 “1234” is a decimal value.<br />
Table 23: The accounting DB: Use of counters in a session<br />
D0103v1.doc 123 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.5.4.2.9 Interval of “interim” messages<br />
In <strong>Moby</strong> <strong>Dick</strong>, DIAMETER “interim” message are being generated after every 3 minutes 3 .<br />
4.5.4.3 DSCP Values<br />
In <strong>Moby</strong> <strong>Dick</strong>, each service is associated with bandwidth and priority. This two values will be mapped to<br />
a DSCP value. This mapping is fixed and must not be changed later on. The DSCP value will be used to<br />
select the tariffs. There needs to be a mapping from DSCP values to services (with a certain QoS).<br />
Within <strong>Moby</strong> <strong>Dick</strong> we can make the assumptions, that this mapping is static and no services are added<br />
later on. Of course, in a general environment this assumption could not be made.<br />
The DSCP field consists of 6 Bits and is present in every header of an IP packet. Due to implementation<br />
reasons, the DSCP values will be stored in different data types, cf. Table 24.<br />
DSCP Format in<br />
# Bits<br />
Values of Bits<br />
0 1 2 3 4 5 6 7 8 – 15 16 – 31<br />
Meter Component 16 1 2 3 4 5 6 x x x – x –<br />
Accounting Database 32 1 2 3 4 5 6 x x x – x x – x<br />
Charging Database 8 1 2 3 4 5 6 x x – –<br />
Table 24: Representation of DSCP Values; DSCP Bits marked in yellow; “x” are don’t cares<br />
Table 25 shows the mapping from services to DSCP values. It is possible that two different applications<br />
generate flows with the same DSCP values; therefore it is not possible to conclude from an observed flow<br />
(i.e. the accounting data in the DB) to a certain application.<br />
Name<br />
Service<br />
Class<br />
Relative<br />
Priority<br />
Service parameters<br />
Service<br />
Description<br />
DSCP<br />
(binary)<br />
DSCP<br />
(decimal)<br />
S1 EF 1 Peak BW: 32 kbit/s Real time services<br />
101110 46<br />
SIG AF41 2 Unspecified IP signalling only 100010 34<br />
S2 AF21 3 CIR: 256 kbit/s Priority (urgent) data<br />
transfer<br />
S3 AF1* 4 Three drop<br />
precedences (kbit/s):<br />
AF11 – 64<br />
AF12 – 128<br />
AF13 – 256<br />
S4 BE 0 Peak bit rate: 32<br />
kbit/s<br />
S5 BE 0 Peak bit rate: 64<br />
kbit/s<br />
S6 BE 0 Peak bit rate: 256<br />
kbit/s<br />
4.5.4.3.1 Alternatives after charge calculation<br />
Olympic service<br />
(better then BE:<br />
streaming, ftp, etc)<br />
Table 25. Mapping of Services to DSCP values.<br />
010010 18<br />
001010<br />
001100<br />
001110<br />
Best effort 000000 0<br />
Best effort 000010 2<br />
Best effort 000100 4<br />
After the accounting data was used by the charging component, it needs to be marked as “used”.<br />
After this marking of accounting data, there exist two alternatives:<br />
10<br />
12<br />
14<br />
3 There is no scientific reason to set this value to 3 minutes. If it is too small (e.g. 10 seconds) then the accounting DB<br />
would get too big.<br />
D0103v1.doc 124 / 168
D0103v1.doc Version 1 6.7.2003<br />
After marking, the data is left in the accounting database. The problem here is , that after a certain amount<br />
of time the database will be very huge, and the processing time of each database query (or modification)<br />
will get very slow.<br />
After marking, the used data is moved to another database. With this approach, the processing time will<br />
remain more or less constant.<br />
The CC supports the latter proposal: After being used for charging purposes, the accounting data will be<br />
moved to an accounting data warehouse, cf. section 4.5.4.9.<br />
4.5.4.4 Overview of Databases<br />
Figure 86 shows the overview of all Databases in use. All Databases are based on MySQL.<br />
accountingrecords<br />
accountingrecords<br />
AccID, primary key<br />
ID , primary key<br />
Accounting<br />
flows<br />
AccDataWarehouse<br />
flows<br />
FTID, primary key<br />
AccID, foreign key<br />
ID , primary key<br />
AccID, foreign key<br />
chargingrecords<br />
CharginID, primary key<br />
Charging<br />
chargingrecordsdetails<br />
ID, primary key<br />
ChargingID, foreign key<br />
Customer<br />
userprofiles<br />
Figure 86: Overview of Databases<br />
4.5.4.5 Representation of Accounting Data in the MySQL database<br />
The accounting component will write its (accounting-) data in a MySQL database. The charging<br />
component will then pull the data periodically. Table 26 gives an overview of the DIAMETER<br />
parameters and their correspondent MySQL column names. Table 27 describes the main accounting table,<br />
containing the basic accounting information. In the <strong>Moby</strong> <strong>Dick</strong> project, there could be more then one flow<br />
per direction. Therefore the detailed information on flows is written into a second (MySQL) table, see<br />
Table 28.<br />
DIAMETER-<br />
Parameter<br />
Name<br />
DIAMETER<br />
Data Type<br />
MySQL<br />
Column Name<br />
MySQL<br />
Data Type<br />
- - AccID INT UNSIGNED, auto_increment<br />
User-Name UTF8String UserID VARCHAR (255)<br />
(Max. 2^8 – 1 Characters)<br />
Session-ID UTF8String SessionID VARCHAR (255)<br />
(Max. 2^8 – 1 Characters)<br />
Accounting-<br />
Session-Time<br />
Unsigned32 SessionTime INT UNSIGNED<br />
(32 Bit Unsigned)<br />
Event-<br />
Time EventTime DATETIME<br />
Timestamp<br />
Accounting-<br />
Record-Type<br />
Enumerated AcctType ENUM(“start”, ”interim”, “stop”,<br />
“event”)<br />
– – DataUsed TINYINT UNSIGNED<br />
D0103v1.doc 125 / 168
D0103v1.doc Version 1 6.7.2003<br />
(Value 0 to 255)<br />
Accounting.-<br />
Input-Octets<br />
Unsigned64 BytesToUser BIGINT UNSIGNED<br />
(64 Bit Unsigned)<br />
Accounting-<br />
Input-Packets<br />
Unsigned64 PacketsToUser BIGINT UNSIGNED<br />
(64 Bit Unsigned)<br />
DSCP Unsigned32 DSCP TINYINT UNSIGNED<br />
(Value 0 to 255)<br />
Accounting-<br />
Output-Octets<br />
Unsigned64 BytesFromUser BIGINT UNSIGNED<br />
(64 Bit Unsigned)<br />
Accounting-<br />
Output-Packets<br />
Unsigned64 PacketsFromUser BIGINT UNSIGNED<br />
(64 Bit Unsigned)<br />
Table 26. Comparison of DIAMETER parameters and MySQL data types<br />
All other DIAMETER parameters shall not be saved in this MySQL Database, since they are not used by<br />
the charging component and would only occupy place.<br />
The accounting information about flows is as general as possible. Therefore it is possible that the flows<br />
from and to the user (from the user’s point of view) can contain different DSCP values.<br />
Table 27 describes all data types that will be needed by the charging component.<br />
MySQL<br />
MySQL<br />
Example<br />
Remarks<br />
Column Name Data Type<br />
AccID INT UNSIGNED Primary key,<br />
auto_increment<br />
UserID VARCHAR (255) hans.muster@abc.com Must be globally unique<br />
(Max. 2^8 – 1<br />
Characters)<br />
SessionID VARCHAR (255) Exact structure see Must be globally unique<br />
(Max. 2^8 – 1<br />
Characters)<br />
4.5.4.5.1.2<br />
SessionTime INT UNSIGNED<br />
(32 Bit Unsigned)<br />
1350 Duration of current session,<br />
measured in seconds.<br />
EventTime DATETIME 2002-12-31 22:40:11 Time when the record was<br />
AcctType<br />
DataUsed<br />
ENUM(“start”,<br />
”interim”, “stop”,<br />
“event”)<br />
Start<br />
generated.<br />
Defines whether the entry<br />
is from a start, interim or<br />
end accounting request<br />
TINYINT<br />
UNSIGNED<br />
(Va lue 0 to 255)<br />
0 or 1 If a row was used for<br />
charging, then the value of<br />
this parameter is set to 1<br />
otherwise the value will be<br />
0.<br />
Table 27. First MySQL table “accounting records”<br />
MySQL MySQL<br />
Remarks<br />
Column Name Data Type<br />
AccID INT UNSIGNED Foreign key from table<br />
“accountingrecords”<br />
FTID INT UNSIGNED Primary key,<br />
auto_increment<br />
BytesToUser BIGINT UNSIGNED<br />
(64 Bit Unsigned)<br />
PacketsToUser BIGINT UNSIGNED<br />
(64 Bit Unsigned)<br />
DSCP<br />
TINYINT<br />
UNSIGNED<br />
(Value 0 to 255)<br />
BytesFromUser BIGINT UNSIGNED<br />
(64 Bit Unsigned)<br />
D0103v1.doc 126 / 168
D0103v1.doc Version 1 6.7.2003<br />
PacketsFromUser BIGINT UNSIGNED<br />
(64 Bit Unsigned)<br />
Table 28. Second MySQL table “flows” for detailed information on flows.<br />
4.5.4.5.1 Detailed Descriptions of Parameters<br />
4.5.4.5.1.1 UserID<br />
For the UserID the NAI format is used. The UserID has the following structure:<br />
@<br />
An example UserID is “fred@bco.com”.<br />
The FQDN contained in the UserID can be compared with the FQDN contained in the sessionID to find<br />
out whether the user is roaming or not. The UserID will be used as a key to select data from the database,<br />
therefore each row in the table must contain the UserID.<br />
MySQL data type<br />
VARCHAR (255)<br />
(Max. 2^8 – 1 Characters)<br />
4.5.4.5.1.2 SessionID<br />
As described in section 4.5.4.1, the accounting components will generate n rows of accounting data for<br />
each session. If the session duration is shorter than the “interim” interval, then a completely accounted<br />
session will consist only of two rows. Otherwise there will be several “interim” rows between the “start”<br />
and “end” row.<br />
Therefore a complete accounting for one session, consists of n rows, where n is greater or equal to two.<br />
Details:<br />
The exact structure of the sessionID is the following:<br />
;<br />
An example is: “access-router1.ethz.ch;1234”<br />
Value<br />
Rows (in the same session)<br />
SessionID 1. – n.<br />
Table 29: Session ID<br />
The 64bit numeric ID uniquely identifies the session at the AAA client. The AAA client can generate it<br />
by just monotonically increase a session counter. The 64bit ID should be spitted into lower and higher<br />
32bit for transfer encoding:<br />
:;
D0103v1.doc Version 1 6.7.2003<br />
MySQL data type:<br />
INT UNSIGNED<br />
(32 Bit Unsigned)<br />
4.5.4.5.2 EventTime<br />
0 1.<br />
Session time at the time the 2. – n.<br />
record was generated in<br />
seconds<br />
Table 30: Session Time Details<br />
In order to support “a time of the day” tariff scheme, each record contains the timestamp of its generation.<br />
Thus the first record contains the start time of the session and the last record contains the end time of the<br />
session. Within the <strong>Moby</strong> <strong>Dick</strong> project the time base will be CET.<br />
Details:<br />
MySQL data type:<br />
DATETIME<br />
4.5.4.5.2.1 BytesToUser<br />
Value<br />
Rows (in the same session)<br />
Start time of session and date 1.<br />
Time of interim record 2. – n-1<br />
End time of session n.<br />
Table 31: Event Time<br />
This parameter measures the number of bytes sent to the user (i.e. downstream) from the user’s point of<br />
view. The first row of a session in the accounting DB (“start” row), will contain only “null” values. The<br />
counter is an absolute number from the start of the session. Thus the final amount will be in the n. row<br />
which is the row generated by the DIAMETER “end” message.<br />
Details:<br />
MySQL data type:<br />
INT UNSIGNED<br />
(32 Bit Unsigned)<br />
4.5.4.5.2.2 PacketsToUser<br />
Value<br />
Rows (in the same session)<br />
BytesToUser 1. – n.<br />
Table 32: Bytes To User<br />
This parameter measures the number of packets sent to the user (i.e. downstream) from the user’s point of<br />
view. The first row of a session in the accounting DB (“start” row), will contain only “null” values. The<br />
counter is an absolute number from the start of the session. Thus the final amount will be in the n. row<br />
which is the row generated by the DIAMET ER “end” message.<br />
Details:<br />
MySQL data type:<br />
INT UNSIGNED<br />
(32 Bit Unsigned)<br />
Value<br />
Rows (in the same session)<br />
PacketsToUser 1. – n.<br />
Table 33: Packets To User<br />
D0103v1.doc 128 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.5.4.5.2.3 DSCP<br />
Each flow is associated with a DSCP-Field. In general, there will be at least one flow from the user and<br />
one to the user. In <strong>Moby</strong> <strong>Dick</strong> flows occur always pair wise—one flow to and one flow from the user.<br />
Such a pair of flows has always the same DSCP value. Therefore only one DSCP field is needed.<br />
Within one session there can be an unlimited number of such pair wise flows.<br />
Details:<br />
MySQL data type:<br />
TINYINT UNSIGNED<br />
(Value 0 to 255)<br />
4.5.4.5.2.4 BytesFromUser<br />
Same case as “ToUser”<br />
4.5.4.5.2.5 PacketsFromUser<br />
Same case as “ToUser”<br />
4.5.4.5.2.6 AcctType<br />
Value<br />
Rows (in the same session)<br />
DSCP 1. – n.<br />
Table 34: DSCP<br />
This column defines the type of record: start, interim and end row. This field is used to verify that the<br />
session has been closed before calculation of the charges. The column is defined as enumeration<br />
ENUM(“start”, ”interim”, “end”) .<br />
Details:<br />
4.5.4.5.2.7 DataUsed<br />
Value<br />
Rows (in the same session)<br />
“start”, “interim”, “stop” 1. – n.<br />
Table 35: AccType<br />
This is column that must not be changed by the accounting component. The charging component will use<br />
it for marking a row that has been used for charge calculation. After marking it might be useful to move<br />
the row to a separate database – this move operation will be issued by the charging component. This way,<br />
the accounting database doesn’t get to big.<br />
Details:<br />
MySQL data type:<br />
TINYINT UNSIGNED<br />
(Value 0 to 255)<br />
4.5.4.6 Locking of Accounting Database<br />
Value<br />
Rows (in the same session)<br />
0 or 1 1. – n.<br />
2 to 255 Reserved for future use<br />
Table 36: Data Used<br />
Single updates to the accounting DB are atomic. As the accounting DB consists of two tables—cf. Table<br />
27 and Table 28—it is possible that the CC could access an incomplete or inconsistent entry. Therefore<br />
the AAAC server has to lock the tables until the complete data of an accounting message has been<br />
updated. The locking will be realized by putting MySQL write locks on both tables for the time of the<br />
update. A MySQL write lock prevents read and write access to the tables by any other process.<br />
D0103v1.doc 129 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.5.4.7 Charging Database<br />
The charging DB consists of two MySQL tables, cf. Table 37 and Table 38. The first one consists of<br />
charging information for one session, i.e. each session of an user will is represented by one row in this<br />
table. The second MySQL table holds additional information of each session, e.g. it contains information<br />
about the DSCP (i.e. the service) the customer was using.<br />
MySQL<br />
MySQL<br />
Example<br />
Remarks<br />
Column Name Data Type<br />
ChargingID INT UNSIGNED Primary key,<br />
auto_increment<br />
UserID VARCHAR (255) hans.muster@bco.com Must be globally unique<br />
(Max. 2^8 – 1<br />
Characters)<br />
SessionID VARCHAR (255) Exact structure see<br />
Must be globally unique<br />
(Max. 2^8 – 1<br />
Characters)<br />
4.5.4.5.1.2<br />
Charge FLOAT Charge in Euros for this<br />
Domain VARCHAR (50)<br />
(Max. 50<br />
Characters)<br />
SessionTime<br />
INT UNSIGNED<br />
(32 Bit Unsigned)<br />
“foreign”<br />
session.<br />
Indicate the domain where<br />
the services were<br />
consumed: “home” or<br />
“foreign”. Note: It does<br />
not contain the domain<br />
name!<br />
1350 Duration of this session,<br />
measured in seconds.<br />
Table 37: First MySQL table “chargingrecords” containing charge-information for a Session.<br />
MySQL MySQL<br />
Remarks<br />
Column Name Data Type<br />
ID INT UNSIGNED Primary key, auto_increment<br />
ChargingID INT UNSIGNED Foreign key from table<br />
“chargingrecords”<br />
BytesToUser BIGINT UNSIGNED (64 Bit Unsigned)<br />
DSCP TINYINT UNSIGNED (Value 0 to 255)<br />
BytesFromUser BIGINT UNSIGNED (64 Bit Unsigned)<br />
Charge FLOAT Charge in Euros for consuming<br />
services with this DSCP value.<br />
Table 38: Second MySQL table “chargingrecordsdetails” containing detailed charge-information of a<br />
Session.<br />
4.5.4.8 User-profiles Database<br />
The User-profile with its databases is described in section 4.5.1.<br />
4.5.4.9 Accounting Data Warehouse<br />
The table definitions and exactly the same as for the accounting DB, cf. section 4.5.4.5.<br />
4.5.4.10 Error Handling and Failure<br />
After the accounting for one session is finished, there must be the following rows in the accounting<br />
database:<br />
The first row that was created with “DIAMETER start message”<br />
(One or more rows that were generated with “DIAMETER interim messages”) 4<br />
The last row that was created with “DIAMETER end message”<br />
The charging component will only use closed sessions, i.e. sessions containing the last message, cf.<br />
section 4.5.4.2.5. Due to failure of one or several components, it might happen that one or more rows are<br />
4 Only present, if the duration of the session is longer than the „interim“ interval.<br />
D0103v1.doc 130 / 168
D0103v1.doc Version 1 6.7.2003<br />
missing in the accounting database. It is important to note that the accounting data has to be consistent<br />
and complete. Completer in the sense that all open session are eventually closed. The accounting<br />
components are responsible for a consistent and complete accounting database.<br />
Basically, information 5 is lost only when n consecutive “interim” accounting messages are lost until and<br />
including the “end” message of the session. If only “interim” messages are lost, but the “end” message is<br />
correct, then accounting is correct as well. This is because the counters produced from one session at one<br />
AR are absolute—i.e. the lost of DIAMETER “interim” messages is not a problem as long as the<br />
DIAMETER “end” message is correctly written to the accounting database.<br />
4.5.4.11 Implementation of the Charging Component<br />
The charging component is realized by using a web server and JSP’s. The main calculation is done in a<br />
small java module located at the web server. The next figure depicts the overall architecture as well as the<br />
message flows.<br />
The users can login and view their charges that have been accumulated so far. The user communicates<br />
through a web-browser with the web server; this connection can be IPv6, if the user is running an IPv6<br />
capable browser.<br />
The “<strong>Moby</strong> <strong>Dick</strong>”-operator on the other can also login via a web-browser, but has more and advanced<br />
possibilities, for instance it can trigger manually the “accounting to charging” process.<br />
Accounting DB<br />
Datawarehouse<br />
Customer DB<br />
Charging DB<br />
New<br />
Accounting<br />
Data<br />
copying of processed data<br />
Datawarehouse<br />
Customer<br />
profile<br />
Charging<br />
Data<br />
Addi ng chargi ng data<br />
Readi ng new accounting Data<br />
Webserver<br />
Accounting to charging<br />
Checking consistency of all<br />
databases<br />
Reading customer profile<br />
Looking up customer data<br />
Looking up charging data of customer<br />
Star ting<br />
Triggering; either<br />
manualy or automatically<br />
Accounting2charging.jsp<br />
cal li ng<br />
Charging report<br />
(JSP)<br />
Charge Servlet, calculates<br />
volume based charges.<br />
Figure 87. Implementation Overview<br />
4.5.5 QoS Interface<br />
4.5.5.1 Purpose and architecture<br />
The QoS Interface is used by the AAAC.f to dump, upon the arrival of a positive ARA, part of the user<br />
profile, the NVUP, to the QoSB.f. The NVUP has a TTL equal to Authorization Life time of the<br />
DIAMETER Session.<br />
Upon its initialization, the AAAC.f provides the QoSB.f with a description of the NetServices within this<br />
domain. To do so, the AAAC.f also uses the QoS Interface.<br />
5 Information is seen here from point of view of the charging component.<br />
D0103v1.doc 131 / 168
D0103v1.doc Version 1 6.7.2003<br />
In <strong>Moby</strong> <strong>Dick</strong>, the AAAC <strong>System</strong> uses DIAMETER protocol and the QoS <strong>System</strong> employs COPS<br />
protocol. To make the interaction possible between those two <strong>System</strong>s (in particular between the AAAC.f<br />
and the QoSB.f), the QoS-ASM presents two interfaces as depicted in Figure 88.<br />
AAAC server source code<br />
Uses<br />
API: AuthorizeProfile();<br />
SendNetServicesDescr ();<br />
connectBB();<br />
disconnectBB();<br />
ASM<br />
COPS Client<br />
COPS messages<br />
QoSB.<br />
Figure 88: QoS ASM interfaces<br />
4.5.5.2 Description of the C API interface to the AAAC.f Server<br />
The C API consists of two structures and 4 functions. The two structures are used to fill the NVUP. The<br />
functions are described hereafter:<br />
AuthorizeProfile(), used upon a positive ARA to dump the NVUP (part of the user profile) to the QoSB.f.<br />
We provide the function the NVUP.<br />
SendNetServicesDesc() must be called once before any operation. It sends the QoSB.f the meaning (in<br />
terms of IpDest Address –optional-, B.W., burst size and priority) of the DSCPs employed within the<br />
domain. Reads this data from a given file. The contents of this file are represented bellow:<br />
Destination<br />
address<br />
Traffic’s<br />
BW (kbps)<br />
Burst size<br />
(Bytes)<br />
Priority DSCP<br />
(hex)<br />
::0 1 1514 2 0x22<br />
::0 32 1514 1 0x2e<br />
::0 256 1514 3 0x12<br />
::0 64 1514 4 0x0a<br />
::0 128 1514 4 0x0c<br />
::0 256 1514 4 0x0e<br />
::0 32 1514 0 0x00<br />
::0 64 1514 0 0x02<br />
::0 256 1514 0 0x04<br />
Table 39: DSCP - Service Provisioning in <strong>Moby</strong> <strong>Dick</strong><br />
These contents are in conformance with the NetServices table defined in <strong>Moby</strong> <strong>Dick</strong>.<br />
ConnectBB(). This function must be called once and before any call to any other function.<br />
DisconnectBB(). This function ends the COPS connection to the B.B. Called at the end of the program in<br />
the AAAC.f.<br />
The calling order of this functions is represented in Figure 89.<br />
We stress that this 4 functions and the two mentioned structures is the only part of the QoS ASM visible<br />
to the AAAC.f.<br />
D0103v1.doc 132 / 168
D0103v1.doc Version 1 6.7.2003<br />
ConnectBB()<br />
Opens cops connection<br />
SendNetServicesDesc()<br />
Reads from file and exchanges COPS<br />
messages<br />
AuthorizeProfile()<br />
Creates COPS message and sends it<br />
DisconnectBB()<br />
Closes cops<br />
connection<br />
Figure 89: Usage cycle of the QoS ASM<br />
4.5.5.3 Description of the COPS Client interface to the QoSB.f<br />
We list now the COPS messages exchanged between the COPS client interface of the ASM and the<br />
QoSB.f, the COPS server.<br />
To open the COPS connection –using ConnectBB()- COPS Client-Open and Client-Accept messages<br />
with no optional cops objects are exchanged. The AAAC server client type is 65283 (in decimal).<br />
To close the COPS connection –using DisconnectBB()- we send a COPS ClientClose Message with no<br />
optional cops objects.<br />
To send the NetServices Description –using the SendNetServicesDesc() function- to the QoSB.f a<br />
REQuest message is sent with optional cops “Client Specific Information Objects”. The format of these<br />
objects (and of the entire REQuest message) is given below. The QoSB.f answers to this message with a<br />
DECission message with no optional COPS objects.<br />
Format of the REQuest message (fields length is in bytes):<br />
D0103v1.doc 133 / 168
D0103v1.doc Version 1 6.7.2003<br />
<br />
common<br />
<br />
<br />
#1<br />
Ver 1 Flg 0 Op. code 1 Client Type: 0xFF03<br />
Message length: 52+N*28 (bytes)<br />
Object length: 8 C-Num 1 C-Type 1<br />
Handle<br />
Object length: 8 C-Num 2 C-Type 1<br />
R-Type 2<br />
M-Type<br />
Object length: 28 C-Num 9 C-Type 131<br />
Struct in6_addr dest. Addr.<br />
BW<br />
Burst Size<br />
priority DSCP Padding 00 00<br />
Object length: 28 C-Num 9 C-Type 131<br />
#N<br />
struct in6_addr dest. Addr<br />
BW<br />
Burst Size<br />
Priority DSCP Padding 00 00<br />
When dest. Addr is not used it is filled with 0.<br />
AuthorizeNVUP(); Sends a REPort State message.<br />
Figure 90: Request Message<br />
To dump the NVUP, we send a REPORT STATE message –using the AuthorizeProfile() function- with<br />
optional cops “Client Specific Information Objects”. The format of these objects (and of the entire<br />
REPORT STATE message) is given below.<br />
Format of the REPort message (fields length is in bytes):<br />
<br />
<br />
<br />
Ver 1 Flg 0 Op. Code 3 Client Type: 0xFF03<br />
Message length: 24+24+24*(N-1) (bytes)<br />
Object length: 8 C-Num 1 C-Type 1<br />
Handle<br />
Object length: 8 C-Num 12 C-Type 1<br />
Report-Type: 8<br />
0x0000<br />
Object length: 24 C-Num 9 C-Type 129<br />
#1<br />
struct in6_addr CoA<br />
TTL<br />
Object length: 24 C-Num 9 C-Type 138<br />
#2<br />
in6_addr dest. Addr<br />
DSCP Padding 00 00 00<br />
When dest. Addr is not used it is filled with 0.<br />
Figure 91: Report Message<br />
D0103v1.doc 134 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.5.6 Auditing<br />
Auditing objectives need to be determined in advance in order to be able to specify the auditing and<br />
logging requirements. Auditing requirements determine what tasks to be accomplished to meet the<br />
auditing objectives, whereas logging requirements determine which events need to be logged by whom<br />
and when. The auditing objective of <strong>Moby</strong><strong>Dick</strong> is to detect violation of Service Level Guarantees (SLGs)<br />
between a customer and a provider. An SLG is the part of Service Level Agreement (SLA) which<br />
specifies a provider’s commitment on quality level of services it will deliver.<br />
Furthermore it is assumed that <strong>Moby</strong><strong>Dick</strong> auditing objectives do NOT include following goals:<br />
• Detection of security breaches<br />
• Detection of failure in design and implementation of <strong>Moby</strong><strong>Dick</strong> entities<br />
• Detection of AAAC’s policies violation. AAAC policies represent the provider’s policies in<br />
determining the behavior of AAAC entities in performing authentication, authorization,<br />
accounting, and charging.<br />
It is important to note here, that security breaches, failure in design and/or implementation, and policies<br />
violation may lead to SLG violation.<br />
4.5.6.1 <strong>Moby</strong><strong>Dick</strong> SLG<br />
A <strong>Moby</strong><strong>Dick</strong> Service Level Agreement (SLA) reflects the contract between a customer and <strong>Moby</strong><strong>Dick</strong><br />
service provider. This section does not describe the whole detail of SLA, but only the guarantees<br />
specified within an SLA, termed SLG.<br />
Three commitments are specified within <strong>Moby</strong> <strong>Dick</strong>:<br />
? Entity Availability<br />
? Success of User Registration<br />
? Success of Service Authorization<br />
Entity Availability defines the guaranteed availability of <strong>Moby</strong> <strong>Dick</strong> key entities (in particular AAAC<br />
Clients and QoS Managers) in unit of time or in percentage within each period of a pre-defined length.<br />
The usual period is a calendar month or a billing period.<br />
Success of User Registration defines the guaranteed successful of a valid registration request with a valid<br />
NAI and credentials within minute, at least after retries of ‘approximately uniform’ interval, if<br />
the user is currently in the home domain.<br />
Success of Service Authorization defines the guaranteed acceptance of a valid service request from a<br />
registered home user within minutes, at least after retries of ‘approximately uniform’ interval. In<br />
<strong>Moby</strong> <strong>Dick</strong>, services offered to customers are network transport services. These services enable IPv6<br />
packets to be transported with a certain QoS within the operator network. The QoS parameters in <strong>Moby</strong><br />
<strong>Dick</strong> are restricted to bandwidth and a priority number. The network transport services are characterized<br />
by any combination of the CoA/HomeAddr, DestAddr, and DSCP. A particular service in <strong>Moby</strong> <strong>Dick</strong> is<br />
implicitly requested with the arrival of the first packet marked with the corresponding DSCP.<br />
Different situations and conditions can lead to violations of the abovementioned commitments:<br />
? Implementation errors of one or more of the involving entities.<br />
? Configuration errors of one or more of the involving entities.<br />
? Data communication errors.<br />
? The respective entities are compromised.<br />
? The database which holds the required information e.g., user profile, is corrupted.<br />
? Network is overloaded<br />
The entity unavailability does not include unavailability due to:<br />
? scheduled maintenance<br />
? failures of users’ own devices and/or applications<br />
? force majeure<br />
D0103v1.doc 135 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.5.6.2 Requirements<br />
4.5.6.2.1 Auditing Requirements<br />
There are three tasks to be accomplished to detect SLG violation:<br />
? Determine the downtime of <strong>Moby</strong><strong>Dick</strong> entities<br />
? Determine whether all consecutive registration attempts of a user currently in the home<br />
domain, fail within the pre-defined time interval . Failures due to invalid NAI and credentials<br />
do not violate SLG. To perform this task it is necessary to query the customer database to check,<br />
whether the NAI is valid (is a home user). The validity check of the credentials supplied by the<br />
user will rely on the response coming from the AAAC server. This response is reflected in the<br />
AAAC client’s response to the mobile terminal. This means correct implementation and<br />
behaviour of the AAAC server and client is assumed and expected.<br />
? Determine whether all consecutive service requests of an authenticated user are rejected or<br />
ignored within the pre-defined time interval .<br />
4.5.6.2.2 Logging Requirements<br />
Downtime determination requires <strong>Moby</strong> <strong>Dick</strong> entities to periodically send a sign of life. The sign of life<br />
contains the identity of the entity (EntityID) and a Timestamp. The time interval must be configurable.<br />
To determine whether registration attempts are successful following events need to be logged:<br />
? Each valid registration request must be logged by the AAAC Client,<br />
? Each registration response must be logged by the AAAC Client.<br />
The receipt of a valid registration request must be logged and the log must contain the following<br />
information: EventID, Timestamp, CoA, and NAI. EventID identifies uniquely the event that occurs; in<br />
this case the arrival of a valid registration request.<br />
The arrival of a valid registration request will trigger a sequence of message exchange in the provider’s<br />
network to carry out the registration process. In the end the AAAC Client will receive a response from the<br />
AAAC Server or a request timeout will occur. This will lead to AAAC Client sends a registration<br />
response containing the result of the request to the MN. Note here that communication errors can lead to<br />
missing response. MN should perform registration retries, if no positive answer is received after a certain<br />
timeout. The following information needs to be logged after sending a response to the MN: EventID,<br />
Timestamp, CoA, NAI, and ResultCode. The ResultCode should tell whether the registration is successful<br />
or not, and if not due to what reason.<br />
To determine whether service requests are accepted following events need to be logged:<br />
• Each service request sent to QoS broker must be logged by the QoS Manager,<br />
• Each corresponding response coming from QoS broker must be logged by the QoS Manager.<br />
After detecting that a new service is requested by a MN (MN sends a packet marked with a DSCP not<br />
being used), the QoS Manager in the access router needs to log the following information regarding this<br />
event: EventID, Timestamp, DSCP, DestAddr, CoA, and NAI. EventID identifies the arrival of a service<br />
request.<br />
The arrival of a service request will trigger a sequence of message exchange between QoS Manager and<br />
QoS Broker. In the end the QoS Manager will receive a response from the QoS Broker or a request<br />
timeout will occur. This will lead to QoS Manager configures the Access Router to forward or drop the<br />
packets of this requested service. The following information needs to be logged: EventID, Timestamp,<br />
DSCP, DestAddr, CoA, NAI, and ResultCode. The ResultCode states whether the requested service is<br />
accepted or not, and if not due to what reason.<br />
4.5.6.3 Architecture<br />
The following figure depicts the logging and auditing architecture. As described in the section on<br />
Logging Requirements, in addition to availability events, AAAC Clients have to log user registration<br />
events, while QoS Managers have to log service authorization events. Both entities, the AAAC Client and<br />
the QoS Manager, reside in each Access Router. Events to be logged will first be stored in the Local Log<br />
via an Integrated Logger. This Local Log will be managed by Local Log Management module, which has<br />
the responsibility to transfer the logs to the Central Log Management module. The Central Log<br />
Management module will store the logs in the Audit Trail before being fetched by the Auditing module to<br />
be examined with respect to the given commitments.<br />
D0103v1.doc 136 / 168
D0103v1.doc Version 1 6.7.2003<br />
Access Router<br />
AAAC Client<br />
Integrated<br />
Logger<br />
QoS Manager<br />
Integrated<br />
Logger<br />
Local<br />
Log<br />
Audit<br />
Trail<br />
Auditing<br />
Local<br />
Log Mgmt<br />
Central Log<br />
Mgmt<br />
Figure 92: Auditing and Logging Architecture<br />
The task carried out by the Integrated Logger should not significantly affect the tasks of the hosting<br />
entity, i.e., the AAAC Client and the QoS Manager. This is the reason why the event logs are not s ent<br />
directly to a central Audit Trail, which may last longer due to the network communication overhead.<br />
Since QoS Manager does not aware of NAI, a way to map a CoA to NAI needs to be found to allow for<br />
logging of NAI in the service authorization event logs. This mapping can be done with the help of the<br />
AAAC Client, who knows exactly which NAI a certain CoA belongs to, as long as the MN having this<br />
CoA is currently registered by this AAAC Client. Because this is a logging issue, the required<br />
communication will be carried out between the AAAC Client’s Integrated Logger and the QoS Manager’s<br />
Integrated Logger. The information on CoA-NAI mapping will be provided to the Integrated Logger by<br />
the AAAC Client.<br />
The Local Log is not implemented as a flat file, but as a MySQL database. This requires a running<br />
MySQL server in each Access Router. Logs that have been successfully sent to the Central Log<br />
Management will be deleted from the Local Log. In this regard MySQL provides for a reliable and easy<br />
manipulation of event logs.<br />
Since each Local Log Management in each Access Router is connected to the Central Log Management,<br />
the data transfer need to be controlled, so that no packet loss occurs due to buffer overflow.<br />
The Audit Trail is a MySQL database, which has the same structure as the Local Log. It stores the event<br />
logs collected from every Local Log before being processed by the Auditing module. Logs in the Audit<br />
Trail that have been completely processed will be deleted or moved into data archives by the Auditing<br />
module. The result of the auditing process is a report telling whether or not violation to each commitment<br />
has occurred. This report is written into different flat files for each customer in case of user registration<br />
and service authorization, and for each entity in case of entity availability.<br />
4.5.6.4 Data Structures<br />
Based on the logging requirements, five types of events have been identified, which can be separated into<br />
three groups. The five types of events are Entity Availability Event, User Registration Request Event,<br />
User Registration Response Event, Service Authorization Request Event, and Service Authorization<br />
Response Event. The three groups are obviously Entity Availability Event Group, User Registration<br />
Event Group, and Service Authorization Event Group. All event logs in a group will be stored in the same<br />
MySQL table in the Local Log, and after being collected in the same MySQL table in the Audit Trail.<br />
The three tables corresponding to the three groups are named SoL (Sign of Life), UsrReg (User<br />
Registration), and SvcAuth (Service Authorization). The following subsections describe the data structure<br />
of each table.<br />
4.5.6.4.1 Sign of Life<br />
MySQL Table: SoL<br />
D0103v1.doc 137 / 168
D0103v1.doc Version 1 6.7.2003<br />
Logger: QoS Manager and AAAC Client<br />
Attribute<br />
(MySQL<br />
Column Name)<br />
MySQL<br />
Data Type<br />
Example<br />
Remarks<br />
LoggerID VARCHAR (255) “arc.ethz.ch:qosmanager”<br />
LogTime DATETIME “2002-12-31 22:40:11”<br />
EventID<br />
TINYINT UNSIGNED<br />
(Value 0 to 255)<br />
1<br />
Globally unique identity of<br />
the entity which creates the<br />
log. Possible format:<br />
: (qosmanager |<br />
aaacclient)<br />
Creation timepoint of the<br />
log<br />
Globally unique identity of<br />
the event<br />
Table 40: SoL Table<br />
4.5.6.4.2 User Registration<br />
MySQL Table: UsrReg<br />
Logger: AAAC Client<br />
Attribute<br />
(MySQL<br />
Column Name)<br />
MySQL<br />
Data Type<br />
Example<br />
Remarks<br />
LoggerID VARCHAR (255) “arc.ethz.ch:aaacclient”<br />
LogTime DATETIME “2002-12-31 22:40:11”<br />
EventID<br />
TINYINT UNSIGNED<br />
(Value 0 to 255)<br />
CoA VARCHAR (255) “2000::1:2:3:4”<br />
NAI VARCHAR (255) “hasan@ethz.ch”<br />
ResultCode<br />
INT UNSIGNED<br />
(32 bit unsigned)<br />
11<br />
12<br />
2001<br />
Globally unique identity of<br />
the entity which creates the<br />
log. Possible format:<br />
:aaacclient<br />
Creation timepoint of the<br />
log<br />
Globally unique identity of<br />
the event:<br />
11 for User Registration<br />
Request and<br />
12 for User Registration<br />
Response<br />
0 for User Registration<br />
Request<br />
Other values are for User<br />
Registration Response<br />
according to the<br />
DIAMETER specification<br />
Table 41: User Registration Table<br />
4.5.6.4.3 Service Authorization<br />
MySQL Table: SvcAuth<br />
Logger: QoS Manager<br />
Attribute<br />
(MySQL<br />
Column Name)<br />
MySQL<br />
Data Type<br />
Example<br />
Remarks<br />
D0103v1.doc 138 / 168
D0103v1.doc Version 1 6.7.2003<br />
LoggerID VARCHAR (255) “arc.ethz.ch:qosmanager”<br />
LogTime DATETIME “2002-12-31 22:40:11”<br />
EventID<br />
TINYINT UNSIGNED<br />
(Value 0 to 255)<br />
CoA VARCHAR (255) “2000::1:2:3:4”<br />
DestAddr VARCHAR (255) “2000::7:7:7:4”<br />
NAI VARCHAR (255) “hasan@ethz.ch”<br />
DSCP<br />
ResultCode<br />
TINYINT UNSIGNED<br />
(Value 0 to 255)<br />
INT UNSIGNED<br />
(32 bit unsigned)<br />
21<br />
22<br />
2<br />
Globally unique identity of<br />
the entity which creates the<br />
log. Possible format:<br />
:qosmanager<br />
Creation timepoint of the<br />
log<br />
Globally unique identity of<br />
the event:<br />
21 for Service<br />
Authorization Request and<br />
22 for Service<br />
Authorization Response<br />
0 for Service<br />
Authorization Request<br />
Other values are for<br />
Service Authorization<br />
Response according to the<br />
QoS Broker<br />
implementation<br />
Table 42: Service Authorization Table<br />
4.5.6.5 Event Log Transfer<br />
The transfer of the event logs stored in the Local Log to the central Audit Trail is carried out by the Local<br />
Log Management and Central Log Management. An event can be conveniently represented as a set of<br />
Attribute Value Pairs (AVPs).<br />
OpenDiameter provides a library to generate and parse messages containing AVPs, which lead to the<br />
decision of using this library. The message format will therefore be the same as all DIAMETER<br />
messages. The main advantage of DIAMETER message format is the flexibility and extensibility. To<br />
allow for correct interpretation of these new messages, new command codes and AVP codes are defined<br />
for the transfer of Availability Event Logs, User Registration Event Logs, and Service Authorization<br />
Event Logs. An attribute can be defined optional, so that a message needs not contain the corresponding<br />
AVP, as in the case of User Registration Events, where the ResultCode is only relevant for Response<br />
Events.<br />
Log messages are transferred over TCP in a client/server fashion, where the Local Log Management can<br />
be seen as a client that initiates a TCP connection upon startup, and the Central Log Management as a<br />
server, which is waiting for new connections from the clients.<br />
4.5.6.6 Audit Report<br />
The Auditor is implemented in C++. A process is started for each type of commitment: Entity<br />
Availability, Success of User Registration, and Success of Service Authorization. The result of the<br />
violation detection process is written in a flat file. For each entity respectively customer, and each<br />
commitment, a report file is generated. The report tells whether an entity is available during the predefined<br />
interval in case of availability guarantee. In the case of guarantees on success of user registration<br />
and service authorization, the report shows for a particular customer, whether the respective provider’s<br />
commitment is fulfilled or not. A commitment violation is considered to happen, if no response has been<br />
received or if negative response is received, which is caused by network generated errors.<br />
An examp le report of the availability investigation of the QoS Manager in the Access Router<br />
ksat72.ipv6.rus.uni-stuttgart.de for April 2003 looks like:<br />
D0103v1.doc 139 / 168
D0103v1.doc Version 1 6.7.2003<br />
AUDITING Availability for ksat72.ipv6.rus.uni-stuttgart.de:QoSManager:<br />
2003-04 down=43155 => violation<br />
It shows that during April 2003, the downtime of the QoS Manager entity is 43155 seconds, which leads<br />
to the conclusion, that the commitment is violated.<br />
Another example report of the examination on user registration for the user cco@rus.uni-stuttgart.de<br />
shows the following:<br />
AUDITING User Registration for cco@rus.uni-stuttgart.de:<br />
2003-05-09 14:23:36 3 1 0 0 0 net-err= 0 usr-err= 0 => no violation<br />
2003-05-09 14:33:50 1 0 0 0 0 net-err= 0 usr-err= 0 => no violation<br />
2003-05-09 14:45:16 1 2 1 1 1 net-err=4002 usr-err= 0 => violation<br />
The report shows that there is a violation of the guarantee on registration success. User cco@rus.unistuttgart.de<br />
tried to register at 2003-05-09 14:45:16 and received a negative response with the code 4002<br />
(DIAMETER_OUT_OF_SPACE). The user has performed registration retries as required (more than 5<br />
times as can be seen in the series of number 1 2 1 1 1, that shows number of retries in each interval).<br />
A similar report is also generated for the examination of service authorization event logs.<br />
4.6 Paging Agent Software Specification<br />
This section provides an overview on the Paging Agent software components, associated interfaces to<br />
remote nodes and implementation specific information.<br />
4.6.1 Overview of the different functional components<br />
The following figure illustrates the logical functions of the Paging Agent node.<br />
IP paging module<br />
AR<br />
Tracking<br />
Agent<br />
Component<br />
MT<br />
AAAC.f<br />
Paging Agent<br />
Functional<br />
Component<br />
Dormant<br />
Monitoring<br />
Agent Comp.<br />
Enhanced IPv6 stack<br />
Standard IPv6 stack<br />
Network Device<br />
Ethernet<br />
Figure 93: Paging Agent Software Architecture.<br />
The protocol interface to the AAAC.f , as illustrated in the figure above, can be used optionally according<br />
to the paging concept in case, the proposed security mechanisms are supported. This interface has been<br />
proposed in the concept, but has not been implemented and is not used in the integrated <strong>Moby</strong> <strong>Dick</strong> testbed.<br />
4.6.2 Description of the different functional components<br />
4.6.2.1 Dormant Monitoring Agent Functional Entity (DMA)<br />
The Dormant Monitoring Agent function is responsible to capture/receive user-data traffic, destined for<br />
dormant mobile terminals, which have been registered with the Paging Agent node before. In <strong>Moby</strong> <strong>Dick</strong>,<br />
this function is co-located with the Paging Agent node, since with a Mobile IPv6 system, the concept<br />
deploys the registration of the PA node address as alternate CoA with the HA for dormant mobile<br />
terminals (MTs). Therefore, initial packets, destined for dormant mobile terminals, are forwarded from<br />
the HA to the PA by means of IP-IP encapsulation. The DMA function receives the tunnelled packets and<br />
D0103v1.doc 140 / 168
D0103v1.doc Version 1 6.7.2003<br />
represents a temporary tunnel endpoint for the HA originated tunnel. User-data packets' address<br />
information will be processed and it is checked, whether or not the actual addressed node has registered<br />
as dormant with the PA before. If the address cannot be matched with one of the registered mobile<br />
terminals, the packet has to be dropped and an ICMPv6 Error message has to be sent, indicating that the<br />
destination is not reachable.<br />
If the user-data packet addresses a mobile terminal that has been registered as dormant with the PA, the<br />
DMA function has to buffer the packet and checks a previously set individual filter function, indicating<br />
whether or not this type of packet is allowed to trigger a paging procedure. As a default function setting,<br />
this filter allows all packet types and addressing types to initiate re-activation of the addressed dormant<br />
mobile terminal. During a paging process, the packet is to be buffered and after the current location has<br />
been found out through the paging mechanisms, the DMA has to re-address the packet and forward it to<br />
the current location of the addressed mobile terminal by means of IP tunnelling mechanism. The<br />
configuration of the packet filter function, as described briefly above, has not been implemented in the<br />
<strong>Moby</strong> <strong>Dick</strong> test-bed, but is for future optimisation. Hence, all kind of user-data packets, addressing a<br />
dormant mobile terminal and being forwarded from the HA to the PA, will initiate paging the mobile<br />
terminal.<br />
The size of buffers, which should be available for storing user-data packets temporarily for individual<br />
registered mobile terminals during a paging process, has been implemented to be configurable for an<br />
administrator.<br />
4.6.2.2 Tracking Agent Functional Entity (TA)<br />
The Tracking Agent function is responsible for tracking a dormant mobile terminal’s location. Paging<br />
area registrations and updates are to be processed by this functional block. The paging area update<br />
message can be either originated from the mobile terminal or from the paging attendant implemented in a<br />
paging area’s Access Router. In case the DMA receives an initial user-data packet (paging trigger packet)<br />
destined for a registered dormant mobile terminal, the DMA requests the TA to initiate the paging<br />
process. The TA checks for the paging area the dormant mobile terminal has registered with. The TA<br />
initiates paging the mobile terminal by means of providing the registered paging area information to the<br />
PA-function. After a successful page, the TA gets information from the PA-function about the current<br />
location of the paged mobile terminal. The location information is given to the DMA function to allow<br />
forwarding of buffered paging trigger packet for the addressed mobile terminal.<br />
4.6.2.3 Paging Agent Functional Entity (PA)<br />
The Paging Agent function is responsible for generation and distribution of generic IP paging messages as<br />
well as for the co-ordination of the paging process. The paging request signalling messages address all<br />
paging attendants implemented in a registered paging area’s set of Access Routers. The Paging Agent<br />
function receives a notification from the TA function to page an individual mobile terminal.<br />
Addressing a paging area:<br />
If the registered paging area comprises N Access Routers, N IP paging request messages are to be<br />
generated and to be distributed to the paging area’s ARs implementing the paging attendant function. If<br />
static paging areas are deployed, a multicast tree could be set up for each set of ARs building a paging<br />
area. In the latter case, the PA addresses one IP paging request message to the paging area’s multicast<br />
address. The deployment of multicast addressing of paging areas will not be deployed within the <strong>Moby</strong><br />
<strong>Dick</strong> project. Rather lists of ARs' access interface addresses are maintained in the Paging Agent node to<br />
keep addressing of paging attendant functions in ARs flexible, which allows operation of enhanced<br />
paging strategies in the future.<br />
4.6.3 Softwarimplementation / interfaces<br />
4.6.3.1 Interface between the Mobile Terminal and the Paging Agent<br />
4.6.3.1.1 Description<br />
In case of having a pre-established security association with the PA, the mobile terminal can<br />
communicate directly to the PA, if the current AR allows respective ICMPv6 message types passing<br />
through, either based on a previously established security association ??? or administrative setting of AR<br />
filter functions (also taking QoS and AAA filtering function on ARs into account). This can happen after<br />
the discovery phase (explicit dormant mode registration) as well as for paging area updating and dormant<br />
mode de-registration.<br />
The remote entities deploy the ICMPv6 protocol as specified for the IP paging concept in <strong>Moby</strong> <strong>Dick</strong>.<br />
4.6.3.1.2 Message types<br />
Source Dest Primitive Parameters<br />
D0103v1.doc 141 / 168
D0103v1.doc Version 1 6.7.2003<br />
MT PA DORMANT_MODE_REQ Message flags, HoA, CoA, paging area<br />
ID, common paging ID, registration<br />
lifetime<br />
PA MT DORMANT_MODE_REPL Message flags, status code, HoA, CoA,<br />
paging area ID, common paging ID,<br />
registration lifetime, paging agent<br />
address<br />
Table 43: Message Types<br />
4.6.3.1.3 Format of the messages<br />
The following figures illustrate the formats of the small ICMPv6 basic header for IP paging control<br />
messages. Most identifiers and variable length fields are encoded as options. The immediate following<br />
format illustrates message encoding valid for all REQUEST messages.<br />
0 31<br />
Type Code CRC<br />
Sequence Number<br />
R R R R R R I U<br />
Reserved<br />
Options<br />
Type:<br />
According to the IP paging message type.<br />
To be specified. Type codes used in this project:<br />
DORMANT MODE REQUEST 152<br />
DORMANT MODE REPLY 153<br />
PAGING REQUEST 154<br />
Code:<br />
Checksum:<br />
Sequence Number:<br />
Set to 0 for all messages as described here for IP paging.<br />
Calculated according to the ICMPv6 standard.<br />
Allows for correlating replies with requests.<br />
Flags: R: Reserved. To be initialised with 0.<br />
I: Implicit dormant registration<br />
U: Updating messages.<br />
Reserved:<br />
Options:<br />
below, usage<br />
Reserved for future use.<br />
One or more TLV (type-length-value )-encoded option. Format as described<br />
according to the paging concept.<br />
In addition to the ICMPv6 header format of the REQUEST messages, REPLY messages have a status<br />
code field encoded, as illustrated in the following message format:<br />
0 31<br />
Type Code CRC<br />
Sequence Number<br />
R R R R R R I U<br />
Reserved<br />
Options<br />
Status Code<br />
D0103v1.doc 142 / 168
D0103v1.doc Version 1 6.7.2003<br />
Type:<br />
According to the IP paging message type.<br />
To be specified. Type codes used in this project:<br />
DORMANT MODE REQUEST 152<br />
DORMANT MODE REPLY 153<br />
PAGING REQUEST 154<br />
Code:<br />
Checksum:<br />
Sequence Number:<br />
Set to 0 for all messages as described here for IP paging.<br />
Calculated according to the ICMPv6 standard.<br />
Allows for correlating replies with requests.<br />
Flags: R: Reserved. To be initialised with 0.<br />
I: Implicit dormant registration (1=Implicit registration).<br />
U: Updating messages (1=Updating message).<br />
Reserved:<br />
Status Code:<br />
Options:<br />
Reserved for future use.<br />
Result of a request message.<br />
Currently specified 0x00 SUCCESS<br />
0x02 USE EXPLICIT REGISTRATION<br />
0xff ERROR<br />
One or more TLV-encoded option. Format as described below, usage<br />
according to the paging concept.<br />
Most of the signalling message details are encoded as option, which allows carrying one or more options<br />
with the message when needed. Options are encoded as generic TLV messages, as illustrated in the<br />
following figure.<br />
1 byte 1 byte<br />
Type<br />
Length<br />
Value<br />
Type: Option type identifier according to the table below.<br />
Length: Option length in octets, including the Type and the Length field.<br />
The following options will be implemented within the framework of the <strong>Moby</strong> <strong>Dick</strong> project. These do not<br />
include the security related options and some technology specific address options when not needed in the<br />
project’s testbed (e.g. International Mobile Subscriber Identifier – IMSI). The options referred to in the<br />
following table are required to be implemented to support basic protocol operation according to the IP<br />
paging scheme.<br />
Option Value-Length Type<br />
IPv6 Home Address 16 0x01<br />
IPv6 Care-of Address 16 0x02<br />
IPv6 PA address 16 0x03<br />
Common Paging ID Variable 0x04<br />
Paging Area ID 4 0x05<br />
Registration Lifetime 16 0x06<br />
Home Agent Address 16 0x07<br />
Table 44: Paging Options<br />
An overview on the format of the Common Paging Identifier can be found below.<br />
For IP paging, a common identifier is used. Its structure allows ARs to derive information, which is<br />
necessary to build the appropriate Solicited Node Multicast address for an individual mobile terminal on<br />
the respective technology. The identifier has the 24bit-identifier part of the MAC address for IEEE 802.3<br />
and IEEE 802.11b included, for TD-CDMA the 24bit terminal identifier part of the International Mobile<br />
station Equipment Identity (IMEI) will be taken. To allow flexible deployment of the common identifier,<br />
D0103v1.doc 143 / 168
D0103v1.doc Version 1 6.7.2003<br />
each 24-bit identifier has a preceding 8bit-identifier to allow ARs to ascertain the appropriate identifier<br />
part for its respective access technology and to learn about the length of each identifier fraction. For<br />
details about the format, please be referred to [D0301].<br />
Taking the three interfaces as taken for the <strong>Moby</strong> <strong>Dick</strong> platform, the raw common identifier has a size of<br />
96 bit (12 byte). This identifier will be conveyed in a TLV-encoded option.<br />
The common IP paging identifier has a preceding unique header, which allows identification of the entire<br />
ID length (part of the generic TLV-encoded format), the access provider as well as provision of an<br />
additional field to distinguish common IP paging identifier (ID Extension).<br />
4.6.4 Implementation specific information<br />
This section provides some details on how the software modules have been designed, implemented and<br />
interfaced.<br />
4.6.4.1 Dormant Monitoring Agent Functional Entity<br />
The Dormant Monitoring Agent (DMA) function on the Paging Agent node was implemented as a<br />
separate kernel module, interfacing to the actual paging signalling control kernel module. Since the DMA<br />
module handles only user-data packets (queuing, management, forwarding) and no paging related<br />
protocol signalling, this separation allows keeping software modules' responsibility separated for control<br />
plane (signalling) and user plane (data packets) tasks. From implementation point of view, the DMA<br />
module depends on the Dormant Mode Host Alerting (DMHA) module (see below), hence first the<br />
DMHA module is to be loaded, then the DMA module can be loaded to the kernel, which dynamically<br />
interfaces to the DMHA module (automatic interfacing through the module initialisation function).<br />
The DMA module must be loaded with a startup script, which checks the availability of the IPv6 tunnel<br />
module, as provided by the MIPL Mobile IPv6 software package. The latter module is needed for support<br />
of IPv6-encapsulation. The script first loads the tunnel module in case it is not yet linked to the kernel,<br />
then four (default value, can be changed in the script) DMA specific tunnel modules are created and the<br />
DMA module is loaded subsequently.<br />
The following functions were implemented with regard to DMA kernel module functionality:<br />
DMA kernel module:<br />
o IPv6 tunnel endpoint functionality<br />
o Queuing of data packets, which address a mobile terminal previously registered as dormant<br />
o Dynamic management of data packets for different registered mobile terminals<br />
o Interfacing to the DMHA (paging signalling control) module<br />
o Forwarding functionality (IPv6 tunnelling)<br />
DMA startup script:<br />
o IPv6 tunnel module availability check and module loading function<br />
o Configuration and activation of four (default value, can be changed) DMA tunnel interfaces<br />
o DMA module (re-)loading (start and stop) functions<br />
4.6.4.2 Tracking Agent Functional Entity<br />
The Tracking Agent function has been co-located with the Paging Agent functional entity in the Dormant<br />
Mode Host Alerting (DMHA) kernel module, which will be described in the following section.<br />
4.6.4.3 Paging Agent Functional Entity<br />
The Paging Agent function has been co-located with the Tracking Agent function within the Dormant<br />
Mode Host Altering (DMHA) kernel module. The DMHA module takes over all functions required for<br />
the dormant registration of a mobile terminal, including PA discovery, dormant registration, tracking the<br />
paging area a registered mobile terminal is located in, as well as controlling the actual paging process for<br />
location, re-activation and initiation of routing state re-establishment. Furthermore, dynamic interfacing<br />
to the DMA module is supported to co-ordinate queuing and forwarding of user-data packets.<br />
The DMHA module is loaded by means of a startup script, that co-ordinates linkage of the module to the<br />
kernel, as well as the configuration of the kernel module. A configuration file is provided, allowing the<br />
module to learn about a min imal set of static configuration parameters. The script deploys a user-space<br />
process to read the configuration data and to provide the configuration information to the kernel module<br />
through a previously established character device driver interface.<br />
The following function are implemented with regard to DMHA kernel module functionality:<br />
DMHA module:<br />
o Paging signalling state machines<br />
o Dynamic mobile terminal registration management, including TA functions<br />
o Message and options handler (message generator and pars er)<br />
o Interfacing to the DMA kernel module<br />
DMHA startup script:<br />
D0103v1.doc 144 / 168
D0103v1.doc Version 1 6.7.2003<br />
o DMHA kernel module (re-)loading (start and stop) functions<br />
o Utilization of a user-space process to read the appropriate configuration file and to write<br />
configuration data to the DMHA kernel module<br />
4.7 Home Agent Software Specification<br />
This document gives the software specification of the different components of the Home Agent (HA).<br />
There are no additional <strong>Moby</strong> <strong>Dick</strong> requirements to the Home Agent apart from the (standard) Mobile IP<br />
stack. However, for the sake of completeness. This section specifies the software structure of the Home<br />
Agent.<br />
4.7.1 Overview<br />
According to the current <strong>Moby</strong> <strong>Dick</strong> specifications, the one and only component of the Home Agent is<br />
the provision of (macro) mobility, as provided by Mobile IPv6 stack from MIPL<br />
(www.mipl.mediapoli.org ).<br />
Mobile NCP IPv6 module<br />
MIPv6<br />
Home Agent functionality<br />
Figure 94: Mobile IPv6 Module<br />
The Mobile IPv6 Home Agent acts as proxy for in its home network registered roaming Mobile Nodes.<br />
The detailed behaviour of this functionality will be detailed in the next chapter.<br />
4.7.2 Detailed description of the components<br />
This chapter gives a detailed description of the sub-blocks of each component, and their interactions with<br />
other components.<br />
4.7.2.1 Mobile IPv6 Module<br />
The Mobile IPv6 module is integrated into the IPv6 stack and has the following interactions.<br />
IPv6 NCP stack<br />
Mobile NCP IPv6 stack<br />
MIPv6<br />
Home Agent functionality<br />
Network NCP Device Driver<br />
Ethernet<br />
(or WVLAN<br />
or W-CDMA)<br />
Fi<br />
gure 95: Mobile Ipv6 Module<br />
The Mobile IPv6 stack in the Home Agent provides standard Home Agent functionality; i.e., the Home<br />
Agent acts as a proxy for roaming Mobile Nodes of its (home) network and delivers packets destined for<br />
this roaming Mobile Nodes to their current point of attachment via IP-in-IP encapsulation (i.e.,<br />
tunnelling). Therefore, the Home Agent always needs to be informed about the current location (i.e. Careof-Address<br />
CoA) of the Mobile Nodes, which are stored in a binding cache.<br />
D0103v1.doc 145 / 168
D0103v1.doc Version 1 6.7.2003<br />
4.7.2.2 Alternate Care-of Address support<br />
In order to support the alternate-CoA registration with a binding update, which is required for Paging, the<br />
Mobile IPv6 implementation is to be patched with an appropriate alt-CoA patch, which was implemented<br />
within the framework of WP3 activities.<br />
D0103v1.doc 146 / 168
D0103v1.doc Version 1 6.7.2003<br />
5 <strong>Moby</strong> <strong>Dick</strong> Signalling Flow Specification<br />
This chapter reports about the specification of signalling and message flows for initial registration, fast<br />
intra-domain handover, inter-domain handover and Paging with respect to mobility, QoS and AAA. Thus,<br />
this version contains all required information for a reader to understand the way, how the components as<br />
described in the previous chapter will interact in the deployed <strong>Moby</strong> <strong>Dick</strong> architecture.<br />
Since the specification allows several possible implementations, the structure of the following section<br />
comprises for all scenarios the functional specification and the detailed implementation specification.<br />
5.1 Assumptions<br />
This section lists the assumptions and specifies the interface between WP2 (QoS), WP3 (Mobility) and<br />
WP4 (AAA), especially with respect to implementation issues, since there is the need for ‘message<br />
combination’ during the <strong>Moby</strong> <strong>Dick</strong> key scenarios, which are registration, handover signalling within and<br />
between administrative domains, session setup, paging, Auditing and charging. Interaction and Interfaces<br />
between all involved components as described in the previous chapter have been defined.<br />
5.1.1 Security Associations<br />
Within the current <strong>Moby</strong> <strong>Dick</strong> approach, the following security associations are assumed:<br />
Static<br />
MN - AAAC.h<br />
AAAC.h – HA<br />
MN – HA<br />
oARx – nAR<br />
AAAC.f - AAAC.h<br />
AR - AAAC.f<br />
MN – PA<br />
PA - ARx<br />
Dynamic<br />
MN – ARx<br />
MN - PA<br />
Table 45: Security Associations<br />
In the framework of <strong>Moby</strong> <strong>Dick</strong>, we assume a security association of neighbour Access Routers within an<br />
administrative domain. This assumption is also part of the fast-handover draft [draft-ietf-mobileip -fastmipv6-03.txt;<br />
section 5.2.1].<br />
This means that dynamic attachment of a user to a domain is out of the scope of <strong>Moby</strong> <strong>Dick</strong>. It is assumed<br />
that each user has a fixed home domain where he is registered and when asking for resources, this so<br />
called home domain is asked for enabling this resources vouching for the user towards any visiting<br />
domain.<br />
5.1.2 Distinction: Registration, fast intra-domain and inter-domain handover<br />
There is the need to distinguish between Registration, fast intra-domain and inter-domain handover, since<br />
all the scenarios require different handling / procedures. This section identifies the entity on which the<br />
decision algorithm should be located and presents the parameters on which the decision is based.<br />
Intra-domain handover requires a fast handover procedure (i.e., communication between new Access<br />
Router and old Access Router), while for the registration and for inter-domain handover the involvement<br />
of AAAC.h and Home Agent is required. The reason for this distinction is the assumption, that the<br />
provider of a domain a MN is about to leave, in the following called old domain, has not necessarily any<br />
contractual relationship with the provider of the domain the MN is about to join, in the following called<br />
new domain. But both providers, the provider of the old domain and the provider of the new domain have<br />
a business relationship with the provider of the home domain of the user currently using the MN. Within<br />
the framework of <strong>Moby</strong> <strong>Dick</strong>, special focus will be on intra-domain handover, since inter-domain<br />
handovers are expected to occur more rarely and will not be seamless, since the involvement of ‘far<br />
away’ network entities is required.) In order to keep this decision transparent to the Mobile IP stack, it is<br />
suggested to place this decision algorithm ‘below’ Mobile IP (i.e., in the MTNM).<br />
The parameters on which the decision is based are:<br />
• Binding cache (i.e., no entry: registration; valid entry: handover)<br />
• Analysis of the router advertisement prefix, in order to distinguish between intra and interdomain<br />
Several theoretical work is ongoing to extend and to enhance this decision finding process by AAA, QoS<br />
and possibly higher layer input such ay payment preferences and so on.<br />
D0103v1.doc 147 / 168
D0103v1.doc Version 1 6.7.2003<br />
5.2 Signalling Scenarios<br />
This chapter specifies the scenarios between the <strong>Moby</strong> <strong>Dick</strong> key components. This are: the Mobile<br />
Terminal (MT), the Radio Gateway (RG), the Access Router (AR), the AAAC Server, the QoS Broker,<br />
the Paging Agent and the Home Agent.<br />
5.2.1 Registration<br />
This chapter specifies the signalling for Registration i.e., the registration of a Mobile Node, which has no<br />
valid entry in its binding cache. Registration describes the process, which takes place after a mobile node<br />
is e.g. switched on and the user of the mobile terminal wants to connect to the Internet. This means either<br />
the user wants to send data or being reachable for any other user in the world. So a registration takes place<br />
when a Mobile Node wants to connect first to any domain. This means that a registration process takes<br />
place as well during a mobility scenario where two administrative domains are involved. If this happens<br />
during an activity of a Mobile Node (the MN send or receives packets), this process is called inter-domain<br />
handover as is described in one of the following sections. In the case the MN is not active, this is just<br />
identical to the case a MN is switched on. The monitoring of the binding cache is part of the decision<br />
handover type decision algorithm and therefore is part of the MTNM. Additionally there is a reregistration<br />
process defined, since the registration is bound to a certain period of time. This re -registration<br />
is triggered by an internal timer and does not differ principally from the registration process.<br />
If this regis tration did not happen correctly, the mobile node is transferred into a de-registered status,<br />
which means that no Internet connectivity is available for the Mobile Node at all.<br />
The Registration process (AAA and Mobility) is initiated after the Care-of-Address (CoA) is acquired by<br />
the Mobile Node. This is performed via the deployment of stateless auto-configuration, avoiding<br />
Duplicate Address Detection (DAD). According to an internal study, the probability for an duplicate IP<br />
address within a network is that low that no additional effort to resolve this is justified within <strong>Moby</strong> <strong>Dick</strong>.<br />
However, the CoA does not entitle the user to consume resources apart from the following registration<br />
messages and emergency calls. Note that in the envisaged QoS architecture, other type of services can be<br />
available to the user, depending on the specific network policy.<br />
The registration scenario has been developed in a two step approach. In the first step, AAA signalling and<br />
MIP signalling is completely separated. The advantage of this is that there is no interface required<br />
between AAA and MIP. The disadvantage is that the registration takes longer. Furthermore in the first<br />
step an existing security association is needed between MN and HA. In the second step this association is<br />
build dynamically. Furthermore in the second step the AAA architecture even could be used for dynamic<br />
HA discovery.<br />
In the first step (Figure 96) the MN sends an AA request via the user registration protocol to the AR. The<br />
AR sends an AA request via AAA protocol to his AAAC.f, which forwards the request to the AAAC.h<br />
according to the NAI. The AAAC.h authenticates and authorizes the user and sends a AAA protocol reply<br />
back to the AAAC.f. In this message the network permissions of the user are already indicated. The<br />
AAAC.f may then perform local global authorization decisions. The AAAC.f sends back a reply to the<br />
AR, which forwards all relevant data to the MN via the user registration protocol. At the same time, the<br />
AAAC.f dumps on the local QoS.f the relevant network parameters for the services authorized for that<br />
user. Standard Mobile IP implementation send out an Binding Update (BU) immediately after the CoA<br />
acquisition. At the point of time the QoS.f is informed about the users successful registration, this BU is<br />
not any more blocked by the QoS attendant located at the access router, but forwarded to the home agent.<br />
Afterwards the MN sends a BU to the HA and the HA replies with a BACK. This message goes through<br />
the AR without any requirement for authorization, as the AR will be configured by default with a minimal<br />
bandwidth for signalling. This also assumes that in the WCDMA case these packets will arrive via a<br />
broadcast channel. Upon receiving the AAA answer from AAAC.f, the AR starts an accounting session.<br />
The metering entity at the AR collects these raw data and send is in a fixed and externally defined interval<br />
to the AAAC.f. The AAAC.f consolidates these data and forwards them to the AAAC.h. The accounting<br />
functionality is configured by the accounting policies contained in the AA response from AAAC.f. The<br />
timer interval T1 describes the interval between two forwarding processes of consolidated accounting<br />
data. Within the current <strong>Moby</strong> <strong>Dick</strong> implementation this interval is also valid for message “10”, which is<br />
basically inline with the proposed solutions as currently discussed in the IETF. Theoretical work is<br />
ongoing to decouple this which would lead to a more intelligent behaviour of the AAAC.f consolidating<br />
the data received from the AAA Attendants as well. T2 describes the interval for the re-registration<br />
process.<br />
Currently <strong>Moby</strong> <strong>Dick</strong> Step1 signalling scenario is implemented and brought to the field trial.<br />
D0103v1.doc 148 / 168
D0103v1.doc Version 1 6.7.2003<br />
MN AR AAAC.<br />
f<br />
1<br />
QoS.f QoS.h AAAC.<br />
h<br />
2<br />
3<br />
4<br />
6<br />
5a<br />
5b<br />
T2<br />
7<br />
8<br />
T1<br />
9<br />
9<br />
9<br />
9<br />
10<br />
10<br />
10<br />
1<br />
2<br />
10<br />
3<br />
4<br />
6<br />
5a<br />
5b<br />
Figure 96: Registration Scenario Step 1<br />
In order to make comments and additions as easy as possible, the messages and parameters will be<br />
defined in a separate table below the signalling flow diagram.<br />
The following table specifies the messages, describes parameters and content and allows remarks.<br />
No. Message Content / Parameters Remarks<br />
1 AA Request NAI; credentials; CoA<br />
2 AA Request NAI; credentials; CoA<br />
3 AA Request NAI; credentials; CoA<br />
4 AA Response 2x key(MN, AR), Profile SubSet<br />
(explanation see below), Session<br />
Timeout<br />
5a AA Response 2x key(MN, AR), Profile SubSet<br />
(explanation see below), Session<br />
Timeout<br />
5b NVUP dump MN, AR, Profile SubSet (includes<br />
timeout)<br />
6 AA Response 1x key(MN, AR), Profile SubSet<br />
(codes), Session Timeout<br />
Dumps the proper<br />
DSCP codes to use in<br />
this network<br />
D0103v1.doc 149 / 168
D0103v1.doc Version 1 6.7.2003<br />
7 BU<br />
8 BACK<br />
9 Accounting Data SrcIP, HoAd?, DesIP, DSCP, In/Out<br />
Byte/Packet Counter<br />
10 Accounting Data SrcIP, HoAd?, DesIP, DSCP, In/Out<br />
Byte/Packet Counter<br />
T1 Timer for AAA Attendant<br />
to forward data to AAAC.f<br />
T2 Re-registration interval<br />
Table 46: Registration Step 1 messages and Parameters<br />
The destination address<br />
may also be required in<br />
many network-level<br />
services (free numbers,<br />
e.g.)<br />
The setting of the timer T1 has not been studies profoundly. However, in first discussions about the<br />
involved partners for the time being a 3 minute interval is foreseen. The timer T2 for the re -registration<br />
interval is proposed to be at the range of about 10 minutes, but also here some further discussions are<br />
required and this value might change significantly. Possible the measurements of the trials will provide<br />
here further input in order to come to an optimal solution.<br />
The key between Mobile Node and Access Router is send twice, due to the encryption requirement: the<br />
first key is encrypted for the AR, the second is encrypted for the MN. (However, it is the same key).<br />
Messages between the MN and AR are URP messages. Messages between AR, AAAC.f and AAAC.h are<br />
Diameter messages containing the appropriate AVPs already defined. BU and BACK are standard MIP<br />
messages. Step 2 is shown in Figure 2. In the step 2 the initial BU is piggybacked on the AA request. This<br />
figure does not contain the re-registration interval and the interval for the transfer of the accounting data<br />
since this procedure is identical to step1.<br />
MN AR AAAC. QoS.f QoS.h AAAC. HA<br />
Figure 97: Registration Scenario Step 2<br />
The following table specifies the messages, describes parameters and content and allows remarks.<br />
No. Message Content / Parameters Remarks<br />
1 AA request usr:pwd@domain; BU<br />
2 AA request usr:pwd@domain; BU<br />
D0103v1.doc 150 / 168
D0103v1.doc Version 1 6.7.2003<br />
3 AA request usr:pwd@domain; BU<br />
4 BU (see Mobile IP BU)<br />
5 BACK (see Mobile IP BACK)<br />
6 AA response 2x key(MN, AR), Profile SubSet, BACK<br />
7a AA response 2x key(MN, AR), Profile SubSet, BACK<br />
7b NVUP dump MN, AR, Profile SubSet (includes timeout)<br />
8 AA response 1x key(MN, AR), Profile SubSet (codes),<br />
BACK<br />
9 Accounting Data CoA, HoAd?, DestIP, DSCP, Time, In/Out<br />
Byte/Packet Counter<br />
10 Accounting Data CoA, HoAd?, DestIP, DSCP, Time, In/Out<br />
Byte/Packet Counter<br />
Table 47: Registration Step 2 messages and Parameters<br />
The protocols used are the same as in step 1.<br />
5.2.2 Session setup and Service authorization<br />
This chapter specifies part of the signalling for establishing a QoS “session”. It deals with authorizing a<br />
flow pass through <strong>Moby</strong> <strong>Dick</strong>’s network, providing it QoS and configuring measurement parameters.<br />
Previous phases (Authentication & Registration) are needed for the user to be allowed to send packets but<br />
are not sufficient (except in some possible cases). The further (and last) step needed, “service<br />
authorization”, is described here. Only the QoS Manager of the AR is involved in that process and is the<br />
sole part considered in this chapter. In this section, we assume that registration has already been done and<br />
that the needed subset of the user profile is in the AAAC.f. and this has already sent a subset of this<br />
subset, the NVUP, to the QoSBroker. Also user’s identity is already known to the network and it could<br />
tariff user’s packets. But we recall that the user is not yet authorized to send packets (except for some<br />
possible exceptions).<br />
Note that the notion of flow in these sentences is quite flexible. It represents a set of packets, which<br />
trigger a non-default match on the AR classification unit. In typical terms, this will represent a (CoA,<br />
Destination, DSCP) tuple, but can represent a (CoA, DSCP) or a (Destination, DSCP) tuple.<br />
A service is just the network resources (BW and priority) that a flow can employ. It is identified by the<br />
DSCP of the packets sent by the MN.<br />
When a new service flow enters the access router the following can happen depending on the policy<br />
decisions of the network operator.<br />
• The service has previously been authorized, the AR forwards the packets.<br />
• The service has not previously been authorized but the flow goes to a certain IP address (e.g.<br />
VoIP Server for emergency calls or some predefined SP’s) in the foreign domain. The AR<br />
forwards the flow.<br />
• The service has not previously been authorized, but it has a DSCP=0 (B.E.). The AR either<br />
forwards or stops the flow, according to overall network policy.<br />
• The service has not previously been authorized; the AR begins an authorization process<br />
(described below). If the process succeeds the AR forwards the packets, else it drops the flow.<br />
The following MSC (Message Sequence Chart) applies to the following cases:<br />
• An application starts sending packets. The AR detects a new service flow, it may perform the<br />
following flow authorization.<br />
The process can be summarized as follows:<br />
Note that QoSBroker knows already user profile, as the user has already registered in the<br />
network, and thus is implicitly authorized to use some services. In “session setup” time, the AR contacts<br />
the QoSBroker in order to know about the network availability to allow some resource usage that is<br />
described in the NVUP.<br />
1. MT starts a flow. MT sends some packets to AR;<br />
D0103v1.doc 151 / 168
D0103v1.doc Version 1 6.7.2003<br />
2. AR request resource to QoS. If the flow is not registered in the AR, AR requests some resource<br />
usage instructions to QoSBroker sending some message with the identification of the flow<br />
(CoA+ DSCP code+ dest. Address);<br />
3. QoS Broker answers. QoS Broker checks its network availability conditions and allows or<br />
rejects that flow;<br />
4. AR applies QoS Broker decision. In a positive answer from QoSBroker AR reconfigure itself,<br />
and stop discarding the MT packets. In a negative answer it continues discarding MT packets<br />
and doesn’t do any reconfiguration.<br />
This process can be illustrated in Figure 98. In (1) the first packet from the MN is represented. This<br />
packet will trigger the request from the QoSB – which should already have the relevant information for<br />
that user (MN). Until the response from the QoSB arrives (3) the packets are discarded. According to the<br />
initial tests´, only the first packet is discarded. After the authorization from the QoSB (which depends on<br />
the administrative settings provided by the AAAC to the QoSB, and the resource management made by<br />
the QoSB) the packets are then transmitted to the network.<br />
Note that this process can be easily extended to support RSVP -aware applications, processing the RSVP<br />
request in function of QoSB commands for that request.<br />
The figure also shows the situation at a CN, in another domain. First, there will exist proper agreements<br />
between both domains. These agreements are reflected at AAAC-level, and typically will convey rules to<br />
be enforced by QoSBrokers at the respective Border Gateways. All this process is not represented in the<br />
Figure. The figure does represent the flow authorization when the packets transverse domains. The first<br />
packet arriving the egress router (AR2) in the foreign domain, will require authorization to be transmitted<br />
to the CN (e.g. because the CN is on a wireless net). AR2 then contacts its local QoSB, which will then<br />
issue the control information for the AR2 (imply for instance the establishment of a bi-directional<br />
connection between AR2 and CN). Note that in most cases QoSB2 will not need to contact any AAAC<br />
for information. The QosB will, in principle, trust the packets that are arriving from its network<br />
interfaces, and proceed based in the DSCP code of the incoming packet – its significance will be assured<br />
by the transformations/policies made at the ingress of the domain.<br />
Notice that this view is optimised for a small number of services defined across operators. For general<br />
widespread service provision, specific requests to the AAAC entities would be required – however, either<br />
service agreements were already in place between those operators (which basically is the situation defined<br />
here), or dynamic service negotiation would be required –situation which is not foreseeable in a near<br />
future.<br />
MN AR QoSB1 AAAC1 CORE AAAC2<br />
QoSB2<br />
AR2<br />
CN<br />
Trunking Agreement<br />
& SLA Mapping<br />
1<br />
2<br />
3<br />
4<br />
8<br />
7<br />
5<br />
6<br />
Figure 98: “Flow” authorization<br />
AAAC.f ßà SP’s AAAC, AR --- DIAMETER<br />
AAAC.f ßà QoS Broker --- COPS<br />
QoSBroker ßà AR --- COPS, (SNMP, CLI)<br />
No. Message Content / Parameters Remarks<br />
1 1 st packet of a CoA, Destination, DSCP This packet will be discarded by the AR, but<br />
D0103v1.doc 152 / 168
D0103v1.doc Version 1 6.7.2003<br />
given application<br />
with a given DSCP<br />
not yet in use<br />
2 QoS Broker query<br />
for<br />
QoS<br />
instructions<br />
3 AR QoS<br />
Configuration<br />
4 1 st packet,<br />
retransmitted by<br />
the MN<br />
5 QoS Broker query<br />
for<br />
QoS<br />
instructions<br />
6 AR2 QoS<br />
Configuration<br />
7, 8 1 st packet,<br />
retransmitted by<br />
the MN and reply<br />
from the CN.<br />
its information (CoA, Destination, DSCP)<br />
will be used to query the QoS Broker.<br />
CoA, Destination, DSCP The QoS Broker will consult the NVUP<br />
information for that user, and if the DSCP is<br />
allowed by the SLA, the QoS Broker<br />
configures the AR to allow forwarding of<br />
the next matching packets (DSCP, Dest,<br />
CoA).<br />
BW, priority, DSCP, CoA If there are not enough resources available in<br />
that AR, nothing will be done.<br />
CoA, DSCP, CN Address This packet will initiate the resource<br />
reservation on the CN access network.<br />
DSCP, CN Address<br />
DSCP, CN Address<br />
DSCP is the DSCP of the packets sent by the MT.<br />
5.2.3 Intra-domain handover<br />
Table 48: Message Specification for Session Setup<br />
Every packet coming from the CORE is<br />
trusted. No authorization or authentication<br />
information needed at this point.<br />
The QoS Broker will configure the AR to<br />
allow the packets coming and going to the<br />
CN Address with that specific DSCP.<br />
“Session Start”<br />
Within the <strong>Moby</strong> <strong>Dick</strong> mobility framework two different handover scenarios are considered. These are<br />
from an administrative point of view inter-domain handover scenarios and inter-domain handover<br />
scenarios. In order to fasten up the scenarios to minimize the timely effort for the mobility management<br />
procedure, an intra-domain handover involves no AAA entity. Here AAA mechanisms are included as<br />
attributes into the FAST handover specific communication between the oAR and the nAR. So, the focus<br />
of the <strong>Moby</strong> <strong>Dick</strong> project with respect to an integration of AAA and mobility is on intra-domain<br />
handover, mainly due to the following aspects:<br />
• Majority of handovers will occur within an administrative domain<br />
• Provisioning of seamless handover can be guaranteed (while inter-domain handover requires<br />
time consuming signalling to the home domain, which might cause interruptions)<br />
At this point of time there seems to be no need to distinguish between specification and implementation.<br />
Therefore, the following diagram represents the fast handover signalling specification. The<br />
implementation may depend on existing code capabilities.<br />
The deployment of context transfer in combination with the fast handover messages prior to the handover<br />
allow to carry the IPsec related data as e.g. a key, meter configuration information and the (sub-) profile<br />
to the new AR and thus, e.g., allow network configuration before handover execution. It is required that<br />
the whole active user configuration on the oAR is transmitted to the nAR. However, the acceptance of<br />
these new flows may imply changes on current configuration of the nAR. The QoSB is aware of all these<br />
aspects, and thus will be signalled by the oAR that a movement is desired. The QoSB does make the<br />
adequate configuration changes and sends these commands to the nAR. After being properly configured,<br />
the nAR confirms the configuration to the oAR, and the MN then proceeds with the handover. The a-<br />
priory transferred information (i.e., meter configuration information and key) allow the AR to match the<br />
authorization, to start the accounting appropriately and if necessary cancel the connection. It is not<br />
necessary for advising the AAAC.f of the new location of the MN, to start a new AAA session between<br />
nAR and AAAC.f, to configure the accounting on nAR etc. The AAAC only needs to receive the overall<br />
accounting information, offline, and does not need to be informed real-time of these movements. The<br />
parameters concerned with metering can be exchanged via a CT-alike information at the Handover<br />
Initiate. Regardless of the result of the handover, the handover request will be then automatically<br />
registered in the metering unit.<br />
With respect to Context Transfer provision in combination with Fast-HO, the HI message conveys AAA<br />
related data as a byte-stream from the oAR to the nAR. There is no need to transfer context or related<br />
D0103v1.doc 153 / 168
D0103v1.doc Version 1 6.7.2003<br />
parameters for re -establishment of QoS functions on the nAR. Re-establishment of the security<br />
association on the nAR is done by conveying the respective key. Additionally, since each AR generates a<br />
new SPI, this index is not to be conveyed from oAR to nAR, but the nAR generates a new SPI. This SPI<br />
is to be transferred from the nAR to the mobile terminal.<br />
The Accounting Start indication is sent to the AAAC.f from the mobility manager of the nAR on<br />
reception of the 1 st PDU at the nAR.<br />
In case of a inter-domain handover it is expected that no communication between the two provider (of the<br />
oAR and the nAR) takes place for sure and so no direct context transfer is possible. In this case a standard<br />
registration process is triggered. The de-registration of a user/MT in the oAR domain is done exclusively<br />
by either a missing re-registration message, or a registration message of a new user using the same CoA.<br />
MN oAR nAR oQoS.f nQoS.f AAAC.f HA<br />
2<br />
1<br />
3<br />
Is delay an issue? If yes,<br />
consider to not wait for C.<br />
A<br />
C<br />
B<br />
5<br />
6<br />
7<br />
9<br />
8<br />
10<br />
11 12<br />
13<br />
14<br />
X<br />
15<br />
Figure 99: Fast Handover Signalling Flow<br />
The following table describes the messages and parameters for the Fast Handover Signalling:<br />
No. Message Content / Parameters Remarks<br />
1 Router Advertisement Network prefix + x Indicates HO type - see below<br />
2 Router Solicitation for Proxy NARaddr, new CoA<br />
3 Handover Initiate SubSubProfile, key, new<br />
CoA<br />
CT info for AAA as bytestream<br />
conveyed<br />
A QoS message (COPS?) NAR, oCoA Indication of nAR ID, oCoA<br />
B QoS message (COPS?) HoA, nCoA, DSCP in use carry NVUP (HoA, nCoA,<br />
DSCP in use)<br />
C QoS message (COPS?) Configuration data, result<br />
info (command and DAD<br />
check result)<br />
5 Handover Acknowledge SPI<br />
6 Proxy Router Advertisement SPI<br />
7 Handover Execute (FBU)<br />
8 Start Bicasting (& Timer)<br />
carries configuration data for<br />
nAR or info on ResReserv<br />
failure, indication on DAD<br />
result<br />
D0103v1.doc 154 / 168
D0103v1.doc Version 1 6.7.2003<br />
9 Handover Execute ACK<br />
10 Leaving old link<br />
11 Bicasting Timer expired (Forwarding still ‘active’<br />
some more time)<br />
12 Accounting data CoA, DSCP, Time, In/Out<br />
Byte/Packet Counter<br />
13 Neighbour Advertisement<br />
X Accounting Start CoA, DSCP, Time Accounting Start requires<br />
context and is triggered on<br />
reception of 1st PDU<br />
14 Binding Update<br />
15 Binding ACK<br />
Table 49: Fast Handover Signalling Messages and actions<br />
The MIP fast handover message format will follow the fast handover draft specification (see draft-ietfmobileip-fast-mipv6-03.txt).<br />
The AAA specific parameters are to be appended as option(s) to the fast<br />
handover message, which has been defined.<br />
The Router Advertisement (1) indicates if the intended handover takes place within a domain or if it is<br />
inter-domain. The decision is based on the prefix structure of the IPv6 address:<br />
48 bit<br />
16 bit 64 bit = 24 bit + FFFE (16bit) + 24 bit<br />
2001:0638:0202<br />
Ethernet………………….address<br />
Network provider address SLA EUI 64 bit<br />
2001:0638:0202: 0 :0250:daff:fecf:c6ad<br />
Figure 100: IPv6 message format<br />
In case the first 48 bit change, the Mobile Terminal knows that it will enter another administrative<br />
domain, since the network provider is different. Changes of the SLA refer to a subnet change within an<br />
administrative domain.<br />
Extension proposal: Within the framework of <strong>Moby</strong> <strong>Dick</strong> the first two bit of the SLA could be reserved to<br />
‘simulate’ different domains within a trial area (see first line of table 3: prefix + x).<br />
5.2.4 Inter-domain handover<br />
An inter-domain handover requires message exchange with the home domain (i.e., AAAC.h and HA),<br />
because there will be no pre-established security association between different network providers.<br />
Therefore, there will be no guarantee for seamless inter-domain handover, since the interruption time<br />
depends on the round trip time to the home domain, which might be far away. Due to this reason and due<br />
to the assumption that inter-domain handover will occur more rarely than handover within a domain, the<br />
project will not focus on optimising the inter-domain handover case. However, the signalling for interdomain<br />
handover is quite similar to the Registration case.<br />
5.2.5 Paging<br />
5.2.5.1 General information<br />
This section describes a signalling flow for entering a dormant mode, initiated from mobile terminal side,<br />
as well as for the actual IP paging process according to the specified paging concept.<br />
This section intends to describe the integration of the concept for IP based paging into the <strong>Moby</strong> <strong>Dick</strong><br />
platform, which takes also inter-working with the project’s security framework into consideration. The<br />
security related options of the protocol are for dynamic establishment of paging security association<br />
between a mobile terminal and its discovered Paging Agent. Furthermore, an authentication option is<br />
considered for the last-hop paging message authentication process when the mobile terminal is being<br />
D0103v1.doc 155 / 168
D0103v1.doc Version 1 6.7.2003<br />
paged. However, the security support of the paging concept is specified and described in a Deliverable,<br />
and will not be part of the project’s implementation of IP paging support. Therefore, as an example, the<br />
interface between the Paging Agent and the AAAC.f for key management will not be implemented;<br />
hence the NAI will not be deployed here.<br />
Assumptions for the paging concept’s security support<br />
Pre-established security associations:<br />
• AAAC.f – PA<br />
• PA – ARx (ARs inside a domain, in particular these assigned to the registered paging areas)<br />
• MN – current AR before entering the IDLE mode (since dormant mode registration requires<br />
previous authentication with the network, which is considered to be the standard AA procedure<br />
of the <strong>Moby</strong> <strong>Dick</strong> scenario).<br />
Dynamic SAs for registration with a Paging Agent and for a paging process:<br />
• ARx – MN<br />
• MN – PA<br />
5.2.5.2 Service discovery and dormant mode registration<br />
When a mobile terminal decides to enter the idle mode, it has to discover the responsible Paging Agent<br />
first. This agent should be a long-term PA, which is responsible to track the mobile terminal’s location<br />
beyond the scope of the current paging area. This means, the discovered PA, once having a registration<br />
for the respective mobile terminal, should be updated when the idle mode registration lifetime expires or<br />
the paging area changes. Two proposals are illustrated below, one having the idle mode registration<br />
implicit with the PA discovery procedure, the other one keeps PA discovery separated from the actual<br />
registration with this PA. The implicit registration can be requested from the MN in the registration<br />
message sent to the current AR. Messages for discovery and registration are the same, but distinguished<br />
with a flag set. Implicit registration messages carry the respective options required for the actual dormant<br />
registration. Since the mobile terminal has a previously established security association with its current<br />
AR, the AR can authenticate the incoming request. The AR generates another Dormant Mode Request<br />
message, which is to be sent to the responsible PA for dynamic security association establishment<br />
between the MN and the PA as well as for implicit registration purpose. The PA takes the decision on<br />
whether implicit registration should be allowed or the MN has to explicitly register dormant with the PA<br />
after the discovery procedure. In the reply from the PA, the appropriate keys for authentication of paging<br />
messages as well as for optional encryption of paging message parts are encapsulated. The PA either<br />
determines the keys on its own (if allowed from the provider) or contacts the AAAC.f, requesting<br />
appropriate keys. The lifetime of these individual keys terminates after a successful paging process and a<br />
mobile terminal’s active state registration. Before going dormant, the PA has to be registered with the<br />
HA, which is currently done by a BU message carrying the PA’s address within the alternate-CoA suboption.<br />
This signalling flow for PA discovery as well as for implicit dormant registration and explicit<br />
dormant mode registration is illustrated in Figure 101 and Figure 102 respectively.<br />
Explicit registration is optional and will not be deployed in the <strong>Moby</strong> <strong>Dick</strong> test-bed. Implic it registration<br />
is more efficient and will be supported by the test-bed<br />
D0103v1.doc 156 / 168
D0103v1.doc Version 1 6.7.2003<br />
MN<br />
1a<br />
AR1 AR2 AAA PA HA<br />
1b<br />
1f<br />
1e<br />
1c<br />
1d<br />
2<br />
3<br />
Figure 101 : Service discovery, SA establishment (preparation) and implicit Idle Mode registration<br />
No. Message Parameters Remarks<br />
1a Dormant Mode Request HoA, CoA, MAC address list (n *<br />
3byte) or L3-ID, Paging area ID,<br />
Sequence #, reg. lifetime, NAI<br />
Paging Agent discovery,<br />
implicit registration flag set.<br />
AH carried for MN<br />
authentication at AR.<br />
1b Dormant Mode Request HoA, CoA, MAC address list (n *<br />
3byte) or L3-ID, Paging area ID,<br />
Sequence #, reg. lifetime, NAI<br />
AH carried for AR<br />
authentication at PA.<br />
1c Key Request NAI, HoA (or general: MN ID) Diameter message or<br />
proprietary approach.<br />
1d Key Response Keys for authentication and<br />
encryption (PA-MN SA)<br />
Diameter message or<br />
proprietary approach.<br />
1e Dormant Mode Reply + status code, random #, paging<br />
registration keys (PA-MN SA),<br />
paging process keys, PA address,<br />
lifetime, …<br />
Includes AH for PA<br />
authentication at AR.<br />
1f Dormant Mode Reply + status code, random #, paging<br />
registration keys (PA-MN SA),<br />
paging process keys, PA address,<br />
lifetime, …<br />
2 MIPv6 Binding Update Alternate CoA sub-option (PA<br />
address)<br />
3 BACK<br />
Includes AH for AR<br />
authentication at MN.<br />
PA registration, possibly<br />
extended lifetime<br />
Table 50: Messages for PA Discovery and Dormant Registration (implicit registration).<br />
D0103v1.doc 157 / 168
D0103v1.doc Version 1 6.7.2003<br />
MN<br />
1a<br />
AR1 AR2 AAA PA HA<br />
1b<br />
1f<br />
1e<br />
1c<br />
1d<br />
2<br />
3<br />
4<br />
5<br />
Figure 102 : Discovery, SA establishment (preparation) and explicit Idle Mode registration<br />
No. Message Parameters Remarks<br />
1a Dormant Mode Request HoA, CoA, MAC address list (n *<br />
3byte) or L3-ID, Paging area ID,<br />
Sequence #, reg. lifetime, NAI<br />
Paging Agent discovery,<br />
implicit registration flag set.<br />
AH carried for MN<br />
authentication at AR.<br />
1b Dormant Mode Request HoA, CoA, MAC address list (n *<br />
3byte) or L3-ID, Paging area ID,<br />
Sequence #, reg. lifetime, NAI<br />
AH carried for AR<br />
authentication at PA.<br />
1c Key Request NAI, HoA (or general: MN ID) Diameter message or<br />
proprietary approach.<br />
1d Key Response Keys for authentication and<br />
encryption (PA-MN SA)<br />
Diameter message or<br />
proprietary approach.<br />
1e Dormant Mode Reply + status code, random #, paging<br />
registration keys (PA-MN SA), PA<br />
address, lifetime, …<br />
Includes AH for PA<br />
authentication at AR.<br />
Status code indicates ‘explicit<br />
PA registration’.<br />
1f Dormant Mode Reply + status code, random #, paging<br />
registration keys (PA-MN SA), PA<br />
address, lifetime, …<br />
2 Dormant Mode Request HoA, CoA, MAC address list (n *<br />
3byte) or L3-ID, Paging area ID,<br />
Sequence #, reg. Lifetime<br />
3 Dormant Mode Reply + status code, random #, paging<br />
process keys, PA address,<br />
reg. lifetime,…<br />
4 MIPv6 Binding Update Alternate CoA sub-option (PA<br />
address)<br />
5 BACK<br />
Includes AH for AR<br />
authentication at MN.<br />
Status code indicates ‘explicit<br />
PA registration’.<br />
AH carried for MN<br />
authentication at PA.<br />
Includes AH for PA<br />
authentication at MN.<br />
PA registration, possibly extended<br />
lifetime<br />
Table 51 : Messages for PA Discovery and Dormant Registration (explicit registration).<br />
D0103v1.doc 158 / 168
D0103v1.doc Version 1 6.7.2003<br />
5.2.5.3 Paging process<br />
A paging process is initiated from the PA on arrival of an initial user-data packet (paging trigger packet)<br />
at the PA. This (and further) initial paging trigger packets are to be buffered at the PA while the paging<br />
process re-activates a mobile terminal and initiates re-establishment of a routable link for this MN. For<br />
the paging process, the PA sends a Paging Request message to all ARs assigned to the registered paging<br />
area. The signalling message carries the paging process keys to each individual AR, which is to be used<br />
from local paging attendants to allow authentication of locally generated on-link paging messages at the<br />
MN. When a MN is being paged, it has to wake-up, re-establish full functionality to attach to the<br />
appropriate local link as well as to re-establish routing information. The acquired CoA has to be<br />
registered with the MN’s HA by means of the standard MIPv6 procedure as well as to be notified to the<br />
PA in the dormant mode registration (Dormant Registration with lifetime set to 0) to allow forwarding of<br />
buffered paging trigger packets.<br />
MN<br />
AR1 AR2 AAA PA HA<br />
1<br />
2<br />
Polling the<br />
paging area<br />
3<br />
CoA acquisition and<br />
standard attach<br />
(+ AA)<br />
4<br />
5<br />
6<br />
7<br />
Figure 103 : Paging an idle mobile terminal and active state registration<br />
To optimize the paging delay, state re-establishment at the Home Agent (message 4) and de-registration<br />
with the Paging Agent (message 6) could be performed in parallel, assuming the initial data packet for<br />
session setup has been buffered at the PA (this is actually the packet, which initiated the paging process),<br />
waiting for being forwarded to the re-activated mobile terminal<br />
No. Message Parameters Remarks<br />
1 Paging trigger packet ----- Initial user data packet, buffered at<br />
PA.<br />
2 Paging Request Random#, keys, [MAC list Include AH for PA authentication at<br />
3 On-link Paging<br />
Request<br />
4 MIPv6 BU<br />
5 MIPv6 BACK<br />
6 Dormant Mode<br />
Request (0)<br />
or L3-ID]<br />
ARs.<br />
Technology dependent format.<br />
Assume IP paging first.<br />
No AH included, proprietary auth.<br />
and encr. mechanism<br />
CoA, registration<br />
lifetime=0<br />
Dormant mode de-registration.<br />
Notification of CoA allows packet<br />
forwarding. AH included.<br />
7 Dormant Mode Reply …, Status code Entry deleted. AH included.<br />
Table 52: Messages for the IP paging process.<br />
D0103v1.doc 159 / 168
D0103v1.doc Version 1 6.7.2003<br />
5.2.5.4 Paging area update<br />
When a mobile terminal has entered a dormant mode, its interface’s activity might be reduced, but<br />
scanning of paging area advertisement information must be possible to be detected, indicating that the<br />
mobile terminal has entered a new paging area. When a new paging area identifier has been received, the<br />
respective paging area ID has to be notified to the PA by means of paging area update signalling<br />
(Dormant Registration, having the paging area update flag set). This signalling is to be done on IP level<br />
when no support from access technology’s link-layers can be expected and requires that the mobile<br />
terminal sends an IP paging area update message to the PA. This IP signalling is to be allowed to go<br />
through the respective AR without previous establishment of a SA. Alternatively, the paging area update<br />
can be sent through the current AR's paging attendant. In the latter case, the temporarily acquired CoA is<br />
to be sent with the update message to allow replies to be forwarded from the current AR to the mobile<br />
terminal. In both cases, the disadvantage of not taking support from access technologies into account is<br />
that the mobile terminal has to enable full IP functionality for paging related signalling while being<br />
dormant. This procedure can be improved when getting support from access technologies by means of<br />
detecting a mobile terminal’s movement on link-layer (management/control frame messaging) and<br />
generation of the IP paging area update control messages on ARs, which are to be sent to the respective<br />
PA. This avoids IP activity on a mobile terminal for paging area update signalling to the PA while being<br />
dormant. This kind of technology specific support is allowed by the concept but to be detailed in the<br />
future for appropriate access technologies.<br />
MN<br />
AR1 AR2 AAA PA HA<br />
2<br />
1<br />
Paging area ID<br />
advertisements<br />
[RtAdv option or<br />
L2 beacon extension]<br />
No L2 interaction on acces link<br />
3<br />
1a<br />
2<br />
With L2 interaction on acces link<br />
1b<br />
3<br />
L2 interaction with<br />
Paging attendant<br />
in ARs<br />
Figure 104 : Paging Area update signalling<br />
D0103v1.doc 160 / 168
D0103v1.doc Version 1 6.7.2003<br />
No. Message Parameters Remarks<br />
1 RtAdv or L2 beacon …, paging area ID Paging area info<br />
advertisement<br />
2 Dormant Mode Request …, sequence #, paging area ID, Includes AH for PA<br />
reg. lifetime<br />
3 Dormant Mode Reply …, status code, sequence #,<br />
lifetime<br />
authentication at ARs.<br />
Status code to be checked,<br />
paging key is the same. Not<br />
included unless requested.<br />
1a L2 control msg. [technology specific] L2 interaction, AR generated<br />
IP Dormant Mode Request<br />
message (paging area update).<br />
1b L2 control msg. [technology specific] Arrival of IP Dormant Mode<br />
Reply at AR triggers L2<br />
interaction.<br />
Table 53: Messages for Paging Area Updates signalling<br />
5.2.6 Charging<br />
5.2.6.1 Signalling Flow<br />
Basically post-paid and prepaid business models are possible, however only the post-paid scenario will be<br />
implemented. Prepaid scenario will need further investigations. In the ongoing text we will therefore<br />
focus only on the post-paid scenario.<br />
5.2.6.1.1 Post-paid Scenario<br />
In the post-paid scenario, the AAAC.h server stores the accounting data in the accounting database. This<br />
database in conjunction with the customer database will contain all necessary information needed to<br />
perform charging by applying tariffs. The detailed structure of the accounting database is described in<br />
section 4.5.4.4. Section 4.5.4.5 contains details about the charging database, section 0 contains details<br />
about the customer database and section 4.5.4.9 describes the data warehouse, i.e. the used accounting<br />
data.<br />
Cf. Figure 105 for a graphical representation of the signalling: Accounting data is added to the database<br />
after starting a session, during a session and after the session was closed (message 1). The charging<br />
component (CC) will periodically contact the accounting database and extract new records that have not<br />
been yet used for charge calculation purposes (messages 2, 3). For the post-paid scenario it is sufficient<br />
that the CC will contact the database only once a day, typically during a period of low accounting<br />
activities. The CC uses other database—the charging and customer database—to manage the charges. The<br />
tariff definitions will be stored either in CC itself, since they will not change during the <strong>Moby</strong> <strong>Dick</strong> trials.<br />
On the basis of the accounting data and the entries in the customer database, the appropriate tariff will be<br />
applied (messages 4 and 5). After the charge calculation is finished the result (i.e. the charge) is written<br />
back in the charging database (messages 6,7). The used rows from the accounting database for the current<br />
charge calculation, will be marked (messages 7) and then copied to another database (not drawn in the<br />
figure).<br />
D0103v1.doc 161 / 168
D0103v1.doc Version 1 6.7.2003<br />
AAAC.h or<br />
AAAC.f<br />
Client<br />
AAAC.h<br />
Server<br />
Accounting<br />
DB<br />
Charging<br />
Component<br />
Charging DB<br />
Customer DB<br />
AAA_ Phases<br />
Charging component not yet involved.<br />
Accounting is done for current session.<br />
Accounting data is stored in the accounting<br />
DB.<br />
1)<br />
After a certain interval, the charging<br />
component will fetch all new<br />
accounting data from the Accounting<br />
DB.<br />
2)<br />
3 )<br />
Lookup tariff and<br />
calculate charge.<br />
4)<br />
6)<br />
5)<br />
7)<br />
8)<br />
Figure 105. Signalling flow in the Post-paid scenario (simplified)<br />
5.2.7 Logging and Auditing<br />
The following figure shows the logging and auditing architecture. While AAAC Client is responsible for<br />
logging User Registration Events, QoS Manager is responsible for logging Service Authorization Events.<br />
In addition to that, both entities also log periodically their ‘signs of life’ reflecting their availability. The<br />
logs will first be stored in the Local Log via an Integrated Logger and later be transferred by the Local<br />
Log Management to the Central Log Management. The Central Log Management will store these logs<br />
into the Audit Trail before being fetched by the auditing module to be examined with respect to SLA<br />
compliance.<br />
An event can be conveniently represented as a set of Attribute Value Pairs (AVPs). OpenDiameter<br />
provides a library to generate and parse messages containing AVPs, which lead to the decision of using<br />
this library. The message format will therefore be the same as all DIAMETER messages. The main<br />
advantage of DIAMETER message format is the flexibility and extensibility. To allow for correct<br />
interpretation of these new messages, new command codes and AVP codes are defined for the transfer of<br />
Availability Event Logs, User Registration Event Logs, and Service Authorization Event Logs. An<br />
attribute can be defined optional, so that a message needs not contain the corresponding AVP, as in the<br />
case of User Registration Events, where the ResultCode is only relevant for Response Events.<br />
Log messages are transferred over TCP in a client/server fashion, where the Local Log Management can<br />
be seen as a client that initiates a TCP connection upon startup, and the Central Log Management as a<br />
server, which is waiting for new connections from the clients.<br />
D0103v1.doc 162 / 168
D0103v1.doc Version 1 6.7.2003<br />
The signalling messages between Local Log Management and Central Log Management are depicted in<br />
table 54. There are no signalling messages exchanged between the Central Log Management and the<br />
Auditing module. The Auditing module will periodically fetch data from the Audit Trail and processes<br />
the log stored in the Audit Trail.<br />
Access Router<br />
AAAC Client<br />
Integrated<br />
Logger<br />
QoS Manager<br />
Integrated<br />
Logger<br />
Local<br />
Log<br />
Audit<br />
Trail<br />
Auditing<br />
Local<br />
Log Mgmt<br />
Central Log<br />
Mgmt<br />
Figure 101: Logging and Auditing Architecture<br />
Local Log<br />
Mgmt<br />
Central Log<br />
Mgmt<br />
1<br />
2<br />
Figure 102: Log Signalling<br />
The table below shows the messages for log transfer.<br />
No. Message Parameter<br />
Command<br />
Code<br />
1 Availability-Log-Request Logger-Id, Log-Time, Event-Id 1301<br />
2 Availability-Log-Answer 1301<br />
1 User-Registration-Log-Request<br />
Logger-Id, Log-Time, Event-Id, User-<br />
Name, Care-of-Address, Result-Code<br />
1302<br />
2 User-Registration-Log-Answer 1302<br />
1 Service-Authorization-Log-Request<br />
Logger-Id, Log-Time, Event-Id, User-<br />
Name, Care-of-Address, DSCP,<br />
1303<br />
Destination-Address, Result-Code<br />
2 Service-Authorization-Log-Answer 1303<br />
D0103v1.doc 163 / 168
D0103v1.doc Version 1 6.7.2003<br />
The parameters are described in the following table.<br />
Table 54: Log Message Specification<br />
Parameter Format AVP Code Remarks<br />
Logger-Id Octetstring 5101<br />
Unique identity of the entitiy<br />
which logs the events<br />
Log-Time Octetstring 5102<br />
The timestamp when the event<br />
is logged<br />
Event-Id Unsigned32 5103<br />
Identifies uniquely the event<br />
that is being logged<br />
User-Name UTF8String (in NAI format) 1 The identity of the user<br />
Care -of-Address Octetstring 5105 The IPv6 address of the MN<br />
DSCP Unsigned32 5107<br />
Destination-Address Octetstring 5106 The IPv6 address of the CN<br />
Result-Code Unsigned32 268<br />
The response code returned by<br />
the AAAC Server respectively<br />
the QoS Broker<br />
Table 55: Message description<br />
The following table shows the valid Event-Id.<br />
Event<br />
Event-Id<br />
Availability 1<br />
User-Registration Request 11<br />
User-Registration Response 12<br />
Service-Authorization Request 21<br />
Service-Authorization Response 22<br />
Table 56: Valid Events<br />
5.2.8 Bearer Management<br />
This chapter is based on the service authorization section, adapting the message flow to the Radio<br />
Gateway specificities.<br />
Basically, before sending packets from MN to RG, a radio bearer must be opened. The radio bearer will<br />
have a specific Radio QoS traffic class, which will determine its physical properties. The mapping<br />
between the packet DSCP and this Radio QoS traffic class is performed by the QoS Broker.<br />
D0103v1.doc 164 / 168
D0103v1.doc Version 1 6.7.2003<br />
MN RG AR QoSB<br />
1<br />
2<br />
4<br />
3<br />
5<br />
6<br />
7<br />
Figure 103: Radio Bearer Signalling<br />
No. Message Content / Parameters Remarks<br />
1 1 st packet of a CoA, Destination, DSCP<br />
given application<br />
with a given DSCP<br />
not yet in use<br />
2 Dummy ping CoA, Destination, DSCP<br />
packet generated<br />
by RG with<br />
parameters of<br />
message 1<br />
3 QoS Broker query CoA, Destination, DSCP<br />
for<br />
QoS<br />
instructions<br />
This packet will not be sent to the RG, but<br />
its characteristics (CoA / Destination /<br />
DSCP) transmitted to the RG.<br />
This packet will be discarded by the AR, but<br />
its information (CoA, Destination, DSCP)<br />
will be used to query the QoS Broker.<br />
The QoS Broker will consult the NVUP<br />
information for that user, and if the DSCP is<br />
allowed by the SLA, the QoS Broker<br />
configures the AR to allow forwarding of<br />
the next matching packets (DSCP, Dest,<br />
CoA).<br />
4 AR QoS BW, priority, DSCP, CoA If there are not enough resources available in<br />
Configuration<br />
that AR, nothing will be done.<br />
5 RG QoS DSCP, Radio QoS traffic The QoS Broker performs the mapping<br />
Configuration class to use, status<br />
between DSCP codes and Radio QoS<br />
classes.<br />
6 Establishment of the radio bearer between<br />
7 1 st packet,<br />
transmitted by the<br />
MN<br />
MT and RG, using Radio QoS traffic class.<br />
CoA, DSCP, CN Address This packet will initiate the resource<br />
reservation on the CN access network.<br />
Table 57: Message Specification<br />
In the case of an incoming packet from AR to MT, this flow is simplified: messages 1 – 2 – 3 are not<br />
used; but the rest of the process is the same.<br />
5.2.9 Interface AR and RG<br />
The interface between the AR and the RG has been described in details in the Radio Gateway software<br />
Architecture.<br />
D0103v1.doc 165 / 168
D0103v1.doc Version 1 6.7.2003<br />
To summarize:<br />
• The Router Advertisements received by the RG on its interface with the AR are intercepted, sent<br />
to the MT on a dedicated TD-CDMA broadcasting channel. They will be transferred to the IPv6<br />
stack on the MT to configure the CoA of the TD-CDMA interface.<br />
• The Neighbour Solicitation requests received by the RG on its interface with the AR are<br />
intercepted. If they are addressed to one of the MT having an open radio connection with the<br />
RG, the RG will reply to them with a Neighbour Advertisement, on behalf of the correct MT,<br />
using its own MAC address instead of the one from the MT.<br />
• The Paging Requests received by the RG on its interface with the AR are intercepted. If they are<br />
addressed to one of the MT having an open radio connection with the RG, the RG will send them<br />
to the MT on a dedicated TD-CDMA paging channel.<br />
• The IPv6 packets received by the RG on its interface with the AR and addressed to a MT having<br />
an open connection with the RG are intercepted (the global scope IPv6 address or the link local<br />
address of the MT can both be used). These packets are transmitted to the MT on a dedicated<br />
channel, with QoS characteristics determined by the DSCP code of the IPv6 packet.<br />
• The IPv6 packets transmitted by the MT to the RG on a dedicated channel, are forwarded by the<br />
RG on its interface with the AR. These packets will then be properly routed by the AR.<br />
• A specific mechanism has been deployed between the RG and the AR / QoS Broker to manage<br />
the opening of radio bearers between the MT and the RG. It is described in details in the chapter<br />
“Bearer Management” of this document.<br />
5.2.10 Paging<br />
5.2.10.1 Interface between Paging Attendant and Paging Module<br />
5.2.10.1.1 Description<br />
On initial registration with or discovery of the Paging Agent, the mobile terminal contacts the paging<br />
attendant in its current Access Router. The protocol messages for discovery and possibly implicit<br />
dormant registration as well as for implicit dynamic establishment of the paging related security<br />
association are specified as ICMPv6 headers and appropriate options.<br />
5.2.10.1.2 Interface mechanisms<br />
The current access technology provides physical interfacing the mobile terminal to its current Access<br />
Router. The ICMPv6-based protocol, specified for building the paging control plane, is carried over this<br />
interface.<br />
5.2.10.1.3 Interface contents<br />
Source Dest Primitive Parameters<br />
MT PA DORMANT_MODE_REQ According to the protocol described in<br />
D0301.<br />
PA MT DORMANT_MODE_REPL According to the protocol described in<br />
D0301.<br />
Table 58: Interface Contents<br />
5.2.10.2 AR Paging Attendant & RG IWF<br />
5.2.10.2.1 Description<br />
To convey on-link paging control messages from the Access Router, implementing the paging attendant,<br />
to the IWF, implemented in the Radio Gateway, many mechanisms have been evaluated, like tunnelling<br />
mechanisms, UDP/IP encapsulation and RG addressing and IWF controlled re-addressing to the paged<br />
mobile terminal’s Solicited Node Multicast Address. The most transparent and realistic solution has been<br />
selected, keeping the complex paging related functionality within the paging attendant (processing of<br />
options, derivation and addressing of the technology specific solicited node multicast address, …). The<br />
paging attendant generates the PAGING_REQUEST message and provides also appropriate addressing of<br />
the dormant mobile terminal. Since the RG performs Proxy Neighbour Discovery for interception and<br />
mapping of Neighbour Solicitations and Neighbour Advertisements, the same mechanisms is deployed<br />
D0103v1.doc 166 / 168
D0103v1.doc Version 1 6.7.2003<br />
for interception of paging control messages. Only a further check on the respective ICMPv6 message<br />
types is to be performed, mapping the control messages to the appropriate radio channel. What is not<br />
described here is the advertisement mechanisms of paging area information. This is not<br />
5.2.10.2.2 Interface mechanisms<br />
Physically, the RG is connected to the AR through a wired Ethernet connection. The RG listens to<br />
dedicated ICMPv6 message types, either sent to a broadcast or multicast address. The protocol carried by<br />
the described mechanism is ICMPv6 encoded paging control messages.<br />
5.2.10.2.3 Interface contents<br />
Source Dest Primitive Parameters<br />
AR RG PAGING_REQUEST According to the protocol described in<br />
D0301.<br />
AR RG DORMANT_MODE_REPLY According to the protocol described in<br />
D0301.<br />
RG AR DORMANT_MODE_REQ According to the protocol described in<br />
D0301.<br />
Table 59: Interface Contents<br />
5.2.10.3 Interface between Paging Attendant and Paging Agent<br />
5.2.10.3.1 Description<br />
The generic, access technology independent IP paging protocol specifies appropriate control messages<br />
between the Paging Agent and the paging attendant, implemented in Access Routers.<br />
5.2.10.3.2 Interface mechanisms<br />
Wired Ethernet interfaces the related components, providing transport for ICMPv6 encoded paging<br />
control messages.<br />
5.2.10.3.3 Interface contents<br />
Source Dest Primitive Parameters<br />
PA AR PAGING_REQ According to the protocol described in<br />
D0301.<br />
PA AR DORMANT_MODE_REPL According to the protocol described in<br />
D0301.<br />
AR PA DORMANT_MODE_REQ According to the protocol described in<br />
D0301.<br />
Table 60: Interface Contents<br />
D0103v1.doc 167 / 168
D0103v1.doc Version 1 6.7.2003<br />
6 Summary and Outlook<br />
This Deliverable should be regarded as a baseline document for the whole <strong>Moby</strong> <strong>Dick</strong> project, with the<br />
assumption that the presented architecture is for the time being final, but might be enhanced in successor<br />
activities. The Deliverable summarises the work during the first thirty months of the project and includes<br />
a description of generic operational scenario.<br />
The <strong>Moby</strong> <strong>Dick</strong> Architecture has three goals which are orthogonal: First, the Internet Protocol is regarded<br />
as convergence layer for mobility management, AAAC, and QoS issues. This requires a lower layer<br />
technology independent solution with the goal to provide seamless mobility compared to the one of<br />
existing networks. Second, <strong>Moby</strong> <strong>Dick</strong> will manage resources of the scarce wireless access technology<br />
efficiently, namely TD-CDMA and WLAN and third, the whole concept will be targeted towards a<br />
commercial environment and all the required mechanisms will be added around the IETF AAA concept.<br />
The now starting trial will provide qualitative and quantitative answers to various questions related to<br />
overall feasibility, scalability and further operational aspects.<br />
The <strong>Moby</strong> <strong>Dick</strong> architecture is fully IP compliant and a more radical approach as several in various<br />
standardization bodies discussed “ALL-IP” approaches. This choises had been made because backward<br />
compatibility was not an issue.<br />
D0103v1.doc 168 / 168