Guest

Universal Small Cell Solution

Cisco ASR 5000 Series Small Cell Gateway

  • Viewing Options

  • PDF (303.2 KB)
  • Feedback

Mobile subscribers want access to the network at home, work, hotspots, and everywhere in between. This requires mobile operators to expand their service offerings over multiple new access networks, such as broadband DSL, fiber to the home, or cable broadband networks, using small cell technologies such as femtocells and Wi-Fi. How do you cost-effectively and securely deliver the same intelligent services that your customers enjoy today over networks that use small cells?

The Cisco ® ASR 5000 Series Small Cell Gateway is an integral element in both the Cisco SP Wi-Fi Solution and the Cisco 3G Femtocell Solution. The Cisco Small Cell Gateway gives subscribers easy access as they transparently roam between third-generation (3G), fourth-generation (4G), Wi-Fi, and femtocell networks. The gateway provides:

• Exceptional levels of security

• Seamless mobility between network types including WiFi, femtocells, 3G and 4G

• Market-leading IP Security/Internet Key Exchange Version 2 (IPsec/IKEv2) tunnel performance

• Integration of multiple network functions into a single platform for the lowest possible total cost of ownership

• A single platform for common services across Wi-Fi, 3G, 4G, and femtocells

• Real-time integrated intelligence with policy enforcement

• Voice-grade reliability

• Smooth upgrade to 4G

Deployed on the Cisco ASR 5000 multimedia core platform, the Small Cell Gateway (Figure 1) supports multiple standards-based functions including:

• Standalone femtocells (residential and small- and medium-sized business)

• Indoor Wi-Fi

• Indoor Wi-Fi plus integrated femtocells

• Outdoor Wi-Fi plus integrated femtocells

Figure 1. Cisco ASR 5000 Series Small Cell Gateway

Wi-Fi Applications

The Cisco ASR 5000 Series Small Cell Gateway provides full support for multiple Wi-Fi functions to supply intelligent Wi-Fi access for your subscribers. These Wi-Fi functions (shown in Figure 2) include:

• 3rd Generation Partnership Project 2 (3GPP2) WLAN Packet Data Interworking Function (PDIF) for untrusted Wi-Fi networks

• 3GPP Interworking WLAN (iWLAN) Packet Data Gateway (PDG) for untrusted Wi-Fi networks

• 3GPP iWLAN Tunnel Terminating Gateway (TTG) for untrusted Wi-Fi networks

• 3GPP evolved Packet Data Gateway (ePDG) for untrusted Wi-Fi networks

• Evolved Wireless Access Gateway (eWAG) for trusted Wi-Fi networks

The Cisco ASR 5000 Series Small Cell Gateway terminates and manages subscriber-initiated IPsec/IKEv2 and Secure Sockets Layer (SSL) tunnels. It also performs authentication and authorization of the subscriber equipment and data, IP address assignment, and the foreign agent function for Mobile-IP-aware devices, and provides subscriber usage accounting records. The IPsec tunnels are used to perform secure transfers of authentication information and subscriber data over the untrusted interfaces and backhauls. The gateway may optionally provide stateful firewall, Network Address Translation (NAT) Traversal, and denial-of-service (DoS) protection or any other inline service provided by the Cisco ASR 5000 Series.

Figure 2. Cisco ASR 5000 Series Small Cell Gateway Support for Wi-Fi

Femtocell Solutions

Cisco's platform provides a complete solution for 3G and 4G femtocells or Home Node-B (HNB) and Home eNode-B (HeNB) aggregation. Figure 3 illustrates the use of the Cisco ASR 5000 Series Small Cell Gateway in 3G Femtocell architectures with the following features:

• HNB Gateway (HNB-GW) features:

– R9 standard compliance (Iuh, Iu over IP or ATM)

– Full idle and active mode mobility

– Open and closed access mode

– Intelligent paging

– Iu-Flex for multi Core Network (CN) connectivity

• Integrated Security Gateway (SeGW) (optional):

– NAT and firewall traversal

– Multiple authentication (X.509 and EAP-SIM/AKA)

– Dynamic Host Configuration Protocol (DHCP) or IP pools for IP address allocation

• Future capabilities:

– 3GPP R10 compliance

– Feature integration: Serving GPRS Support Node (SGSN), Gateway GPRS Support Node (GGSN), and PDG

– Inter-femto mobility per standard design

– Presence/location service API (XMPP) interface)

– HeNB-GW support for Long-Term Evolution (LTE) small cells

Figure 3. Cisco ASR 5000 Series Small Cell Gateway: HNB-GW (3G Femtocell)

Whether used for WLAN, femtocell, or other emerging technologies, the gateway supports increasingly comprehensive and secure mobile services for subscribers while minimizing the mobile operator's capital and operational expenditures.

Features and Benefits

• Superior performance and security, including IPsec tunnels, rapid tunnel setup rates, exceptional throughput, and deep packet inspection (DPI)

Benefit: Provides an exceptional customer experience, which helps to increase revenue and foster customer loyalty

• Distributed architecture that enables integration of multiple access gateway functions on the same platform with Packet Data Serving Node (PDSN), SGSN, GGSN, Access Services network (ASN) Gateway, or the Proxy Call Session Control Function (P-CSCF) functions of the Cisco Session Control Manager (SCM) solution

Benefit: Reduces the number of components in the network, decreasing the number of potential points of failure and promoting a lower capital and operating expense model

• Secure access for multiple access applications: Wi-Fi (PDIF, PDG, TTG, eWAG, ePDG) and femtocell (femtocell gateway, HNB-GW, and HeNB-GW) solutions for both 3GPP and 3GPP2 standards

Benefit: Gives operators the security and freedom to choose the right access application for their specific needs, without the requirement to design access strategy around the limitations of multiple diverse products

• Real-time integrated subscriber, service, and application intelligence with enforcement through Cisco's inline services

Benefit: Provides the operator with the same transparent service experience required to deliver excellent user experiences and delivers the intelligence necessary to promote new sources of revenue

Summary

The Cisco ASR 5000 Series Small Cell Gateway provides a secure communications gateway between external untrusted networks and trusted networks. This solution supports multiple security standard functions, including PDIF, PDG, TTG, eWAG, ePDG, HNB-GW, and HeNB-GW. With superior performance, reliability, and the capability to integrate the security gateway function into existing GGSN, PDSN, SGSN, or other packet data nodes, this solution reduces both capital and operational expenditures. Whether used for Wi-Fi, femtocell, or other emerging technologies, the gateway helps you to provide an outstanding mobile experience for your subscribers.

Table 1. Cisco ASR 5000 Series Small Cell Gateway Specifications

Description

Specification

Wi-Fi functions

• eWAG
• ePDG
• TTG
• PDG
• PDIF

Femtocell functions

• HNB-GW
• HeNB-GW

Interfaces

• 10 Gigabit Ethernet
• Gigabit Ethernet
• Fast Ethernet

Connectivity

• Gn (TTG mode)
• Gi (PDG mode)
• Mobile IPv4 Foreign Agent (PDIF mode)
• Simple IP (PDIF mode)
• Proxy Mobile IPv4
• Client Mobile IPv4 (PDIF mode)

IPsec tunneling

• Encapsulating Security Payload (ESP) tunnel mode
• ESP anti-replay protection
• Perfect Forward Secrecy (PFS)

IKEv2/IPv4 (IPv6 with future software upgrade)

• RFC 4306-compliant
• Multiple Child SA support
• NAT Traversal (RFC 3947), NAT Keepalive, and ACL
• Configurable Dead Peer Detection (RFC 3706) timer support
• Diffie-Hellman Groups 1, 2, 5, 14
• DoS protection including thresholds for control plane attacks

Encryption and authentication algorithms

• HMAC-MD5-96 (RFC 2403) NULL Encryption (RFC 2410)
• HMAC-SHA1-96 (RFC 2404)
• AES-128-CBC (RFC 3602)
• DES-CBC (RFC 2405)
• AES-192-CBC
• 3DES-CBC (RFC 2451)
• PRF_AES-128-XCBC

Authentication, authorization, and accounting (AAA)

• RADIUS AAA client support
• Dynamic authorization extensions to RADIUS
• EAP authenticator
• Single EAP, user, device, or user/device authentication
• EAP-AKA, EAP-SIM
• Fast reauthentication
• RADIUS accounting: per-session, per-R6 bearer connection, or per-application service flow
• RADIUS AAA server groups
• RADIUS custom dictionaries
• Hotlining (Dynamic RADIUS attributes: COA, DM)
• Diameter-based MAC address authorization to HSS (Sh interface)

IP address allocation

• AAA assignment
• Local pools (dynamic or static)
• Overlapping private IP address pools
• Dynamic home-agent address allocation
• DHCP proxy server

VPN and tunneling

• Multiple enterprise-specific contexts or resource pools
• IP-in-IP tunneling
• Generic Routing Encapsulation (GRE) tunneling
• IEEE 802.1q VLANs

Quality of service (QoS)

• Network admission control
• Service flow authorization
• Multiflow QoS traffic classification
• Intelligent Traffic Control (ITC)
• DiffServ Code Point (DSCP) marking/re-marking

Policy enforcement

• Diameter
• Local policy decision (CLI)
• Dynamic policy via Gx interface support

Routing

• RIP
• OSPFv2
• BGP4
• Easy inter-technology mobility

For More Information