Main Processes [Документация VAS Experts]

Main Processes

For non-trusted non-3GPP network clients, the gateway provides the SWu interface via the IPSec protocol, providing the SWa authentication interface via the IKEv2 protocol and the encrypted secure tunnels interface SWn via the ESP protocol.

1. Authentication and Authorization

For client authentication and authorization, the gateway supports two interaction modes with AAA and HSS core network components via the Diameter protocol: using the SWm interface for interaction with the AAA component and using the SWx interface for interaction with the HSS component.

When operating in SWm interface mode, the plugin performs user authentication during interaction with the AAA component.

When operating in SWx mode, the plugin performs user authentication during direct interaction with the HSS component, similar to the AAA component.

To emulate AAA component functions, the gateway supports server interfaces S6b to support authorization requests from the PGW component, as well as SWa (SWm) for connections from external third-party vendor components.

Gateway interaction requests with components via the Diameter protocol can be load-balanced across client connections to multiple servers of the used interface. In such cases, client connection failure bypass is also supported.

Load balancing is done by distributing active authentication and authorization sessions of gateway clients among servers of the used interface according to specified server priority proportions based on a total sum equal to 100.

Client connection failure bypass is achieved by sending an urgent request for re-authentication and authorization process repetition to all gateway clients with active sessions associated with the failed client connection. Upon repetition of the gateway client authentication and authorization process, the client's authentication and authorization session will be distributed and bound in accordance with the balancing between functioning client connections to servers. In cases of absence of functioning client connections to servers or client authentication and authorization failure, the gateway client will be unilaterally disconnected.

Server interfaces provided by the gateway via the Diameter protocol support multiple connections from corresponding clients.

The transport protocol for the Diameter application protocol supports the use of TCP/SCTP/TLS2/DTLS2 protocols.

2. Tunneling

The gateway supports two interaction modes with the PGW core network component via the GTP protocol: using the S5/S8 interface and using the S2b interface.

When operating using the S5/S8 interface, client requests are used similar to the SGW component.

When operating using the S2b interface, client requests of the EPDG component are used.

When interacting with the PGW component, the gateway uses the selected interface to create GTP-U tunnels via the GTP-C protocol for authorized gateway clients between the EPDG and the packet network served by the PGW. Traffic exchange between associated SWn tunnels of gateway clients and GTP-U tunnels is provided via the GTP-U protocol according to specified QoS.

Interaction requests with the PGW component via the GTP-C protocol can be load-balanced across client connections to multiple servers.

The load balancing and failure bypass algorithm is similar to the algorithm described for the authentication and authorization process, except that the failure bypass involves sending an urgent request for the establishment of SWn tunnels repetition to all gateway clients with active associated GTP-U tunnels associated with the failed client connection.

The transport protocol for the GTP application protocol supports the use of the UDP protocol with standard port numbers 2123 for the GTP-C protocol and 2152 for the GTP-U protocol.

3. Address Assignment

The gateway supports two sources for assigning SWn tunnel addresses, DNS server addresses, and P-CSCF addresses to the gateway client: obtained via the Diameter protocol and obtained via the GTP protocol.