IEEE 802.

11 Plenary, WNG SC Session

March 8th, 2021

5G and Wi-Fi RAN Convergence

Integration Architecture, Wi-Fi Only Devices,
ATSSS Multi-Access Functionality,
Policy interworking, End-to-end QoS

Binita Gupta, Systems Architect

Intel Corporation
5G and Wi-Fi Convergence Opportunities

Business Drivers Applications and Verticals

Ubiquitous Wi-Fi devices

Significant Wi-Fi Advancements

Lower TCO Enterprise/Retail Healthcare Smart Cities

Higher Network Capacity

Improved Reliability

Industry 4.0 AR/VR Logistics/Supply Chain

Seamless Mobility

WBA’s 5G and Wi-Fi RAN Convergence paper aims to educate the industry on
convergence solutions and highlights associated challenges for the industry to address
5G and Wi-Fi Integration Architecture (1/2)

3GPP Releases 15/16 define architecture for WLAN integration and support UEs connecting to 5G
core over WLAN access, without requiring primary connectivity over cellular access

Untrusted WLAN integration:

• Loose coupling over generic IP (Y2) N1
between untrusted WLAN access and AMF
N3IWF

• IPsec tunnel between UE and N3IWF 5G Core Network

(NWu) – applies encryption for gNB (5G RAN)
UE
secure transport of signaling & data WLAN AP/ Data
WLC UPF
N3 Network
• Wi-Fi Only UEs need to be 5G N3IWF
capable (support 5G NAS)
NWu

N3IWF: Non-3GPP Interworking Function

AMF: Access and Mobility Management Function
UPF: User Plane Function
NAS: Non-Access Stratum source: WBA 5G Work Group
5G and Wi-Fi Integration Architecture (2/2)

TNGF: Trusted Non-3GPP Gateway Function

Trusted WLAN integration: N1

AMF
• Tight coupling between trusted WLAN
access and gateway functions TNGF & TWIF 5G Core Network
gNB (5G RAN)
• WLAN layer-2 authentication gets tied to a UE
Trusted Data
key derived from UE 5G core authentication WLAN AP/
WLC N3
UPF Network
Ta TNGF
• IPsec tunnel between UE and TNGF with
NWt
NULL encryption applied (NWt), avoiding 5G Capable UEs
double encryption
TWIF: Trusted WLAN Interworking Function
N5CW: Non-5G-Capable over WLAN
• Non 5G Capable UEs supported via TWIF
N1 AMF
• AAA-based interfaces Ta and Yw between
WLAN access and gateway functions 5G Core Network
Trusted
N5CW WLAN AP/
UE WLC Data
TWIF N3 UPF
Network

Non 5G Capable UEs

source: WBA 5G Work Group
Trusted WLAN Access Selection (1/2)

Trusted WLAN access discovery using

802.11 ANQP Example Scenario 1: Gateway functions deployed as part of WLAN Access Network

• Using ANQP a WLAN access can provide ANQP provided PLMNs:

the list of PLMNs with which trusted 5G PLMN List-3 (5G Connectivity): PLMN-a

connectivity is supported ANQP

WLAN Access
Network 1
Server (SSID=x1)
• PLMN List-3: list of PLMNs with trusted 5G
Trusted WLAN
connectivity through TNGF AP/WLC
5G Core Network
ANQP PLMN-a
• PLMN List-4: list of PLMNs with trusted 5G UE
TNGF
connectivity through TWIF
UE follows steps below:
WLAN Access
ANQP Network 2
• Using ANQP, UE queries PLMNs with which Server (SSID=x2) TNGF 5G Core Network
trusted 5G connectivity is supported N5CW Trusted WLAN
PLMN-b
UE AP/WLC
• UE selects a PLMN to connect from the list TWIF
of available PLMNs (per 3GPP procedure)
• UE selects a WLAN access providing trusted ANQP provided PLMNs:
PLMN List-3 (5G Connectivity): PLMN-a, PLMN-b
5G connectivity to selected PLMN PLMN List-4 (5G Connectivity without NAS): PLMN-b

ANQP: Access Network Query Protocol

source: WBA 5G Work Group

Trusted WLAN Access Selection (2/2)

Example Scenario 2: Gateway functions deployed as part of the 5G Core

ANQP provided PLMNs:

PLMN List-3 (5G Connectivity): PLMN-a

WLAN Access
ANQP Network 1
Server (SSID=x1)

Trusted WLAN 5G Core Network

AP/WLC PLMN-a
ANQP TNGF
UE Ta

TNGF
ANQP
5G Core Network
Server
PLMN-b
N5CW Trusted WLAN
UE AP/WLC TWIF

WLAN Access
Network 2
(SSID=x2)
ANQP provided PLMNs:
PLMN List-3 (5G Connectivity): PLMN-a, PLMN-b
PLMN List-4 (5G Connectivity without NAS): PLMN-b
source: WBA 5G Work Group
WLAN Access Integration – Control Plane

Signaling IPsec SA for control plane:

Control plane for Signaling IPsec SA for Trusted WLAN
• Signaling IPsec SA created between UE and N3IWF/TNGF

• Vendor specific EAP-5G method defined for EAP-AKA or EAP-AKA or

encapsulating 5G NAS messages 5G-AKA 5G-AKA

NAS NAS

• For trusted WLAN, a key from TNGF/TWIF used as PMK EAP-5G EAP-5G
Relay

for the 802.11 4-way handshake for WLAN security EAPoL EAPoL Relay AAA Ta AAA N2 N2
stack stack
WLAN WLAN Lower Lower
Access Access layers layers
Control plane for Signaling IPsec SA for Untrusted WLAN
UE Trusted WLAN AP TNGF AMF
NWt N2
EAP-AKA or EAP-AKA or Control plane over Trusted WLAN before UE is assigned IP address
5G-AKA 5G-AKA

NAS NAS

EAP-5G EAP-5G Relay IKEv2 IKEv2

IKEv2 IKEv2 IP IP IP N2 N2
N2 N2 stack stack
IP IP IP stack stack WLAN WLAN Lower Lower
Access Access layers layers
WLAN WLAN Lower Lower
Access Access layers layers
UE Trusted WLAN AP TNGF AMF
NWt N2
UE Untrusted WLAN AP N3IWF AMF
Nwu N2 Control plane over Trusted WLAN after UE is assigned IP address

IKEv2: Internet Key Exchange Version 2

SA: Security Association
source: WBA 5G Work Group
WLAN Access Integration – User Plane

Establishment of User Plane IPsec child SA

IPsec child SAs for user plane:
• PDU session establishment over WLAN IKEv2 IKEv2

access is based on procedure defined IP IP IP N2 N2

stack stack
over 3GPP access WLAN WLAN Lower Lower
Access Access layers layers
NWu/
• Multi-access PDU session to carry user UE
Untrusted WLAN AP/
Trusted WLAN AP NWt
N3IWF/
TNGF
N2 AMF
data over both 3GPP and WLAN access

• One or more IPsec child SAs created User plane for transport of data over WLAN Access
between N3IWF/TNGF and UE to carry
user data over WLAN PDU Layer
PDU
Layer
Relay Relay
GRE GRE
• N3IWF/TNGF determine how to map 5G
Inner IP Inner IP
QoS flow(s) to IPsec child SAs IPsec IPsec N3 N3 N9 N9
(tunnel mode) (tunnel mode) stack stack stack stack
IP IP IP
• User data packets get encapsulated in WLAN WLAN Lower Lower
Access Access layers layers
GRE packets N3IWF/ UPF
Untrusted WLAN AP/ NWu/
UE TNGF N3 UPF N9 (PSA)
Trusted WLAN AP NWt

GRE: Generic Routing Encapsulation

source: WBA 5G Work Group
Key Hierarchy for Trusted WLAN Access
• Further study needed to examine any impact of the
5G Trusted WLAN Access key hierarchy on the
802.11r Fast BSS Transition key hierarchy
Comparing Trusted WLAN Access key hierarchy with 802.11i key hierarchy

Key Hierarchy for

802.11i Key Hierarchy Trusted WLAN Access
Passphrase 802.1X Authentication 5G AKA Authentication

TNGF Key – KTNGF or

Pre-Shared Key - PSK Master Session Key - MSK TWIF Key – KTWIF

TNAP Key – KTNAP

Pairwise Master Key - PMK (used as PMK)
802.11 4-way 802.11 4-way
handshake handshake

Pairwise Temporal Key - PTK Pairwise Temporal Key - PTK

TNAP: Trusted Non-3GPP Access Point

source: WBA 5G Work Group Figure 12-32, IEEE P802.11-REVmd D5.0
Enhancements to Support Trusted WLAN Integration

Trusted WLAN Access Selection
Discover using ANQP the list of
PLMNs with which trusted 5G
connectivity is supported by WLAN
access and select a PLMN to connect.
Support for EAP-5G Support using TNAP key as PMK
WLAN AP and STA need to support WLAN AP and STA need to support
filtering EAP-5G protocol messages using the TNAP key generated from
and pass to gateway functions and the TNGF or TWIF Key as the PMK for
3GPP access, respectively. 802.11 4-way handshake.**

Support for Ta and Yw Interfaces
WLAN AP/WLC need to support Ta
and Yw AAA-based interfaces to
integrate with TNGF and gateway
functions.*
Generate 3GPP specific NAI WLAN/3GPP UE side integration
WLAN STA needs to provide 3GPP Need UE side integration between
specific NAI to trigger connectivity WLAN STA and 3GPP to pass
via TNGF/TWIF. discovered trusted WLAN networks,
"<any_non_null_string>@nai.5gc.mnc<MNC>.mcc<MCC>.3gppnetwork.org" TNAP key and EAP-5G messages.
NAI: Network Address Identifier

*Standardization of Ta and Yw interfaces can provide improved integration of WLAN access with 5G System
**Need further study on any impact to 802.11r key hierarchy

source: WBA 5G Work Group

Support for Wi-Fi Only Devices

Wi-Fi Only devices with USIM capability:

N1

• Such devices supported by the 5G Core AMF

• Authenticated using SIM-credential based

auth. methods EAP-AKA’ or 5G-AKA 5G Core Network

UE Trusted
• Both 5G Capable and Non-5G-Capable Wi-Fi WLAN AP/
Data
Wi-Fi WLC N3IWF/
Only UEs with SIM are supported N3 UPF Network
TNGF
5G capable Wi-Fi only UEs need to support 5G
control plane and user plane functions NWt

5G Capable UEs
• EAP-5G, IKEv2, IPsec/ESP and 5G NAS protocols
for 5G control plane functions
• GRE and IPsec/ESP protocols for 5G user plane N1 AMF
transport

5G Core Network
Trusted
Most Wi-Fi only devices do not include N5CW WLAN AP/
UE WLC Data
USIM – need support for non-SIM devices TWIF N3 UPF
Network

Non 5G Capable UEs source: WBA 5G Work Group

Support for Wi-Fi Only Devices w/o USIM

N1
Requires support for EAP-TLS/EAP-TTLS AMF
EAP-TLS/
• Support for non-IMSI based identity and 5G Core
EAP-TTLS

certificate based auth methods EAP-TLS/EAP-TTLS Network AUSF

(SNPN)
UE
• Current 3GPP specs define EAP-TLS/EAP-TTLS for Trusted
WLAN AP/ Data
Wi-Fi N3IWF/
private networks (NPN) over 3GPP access only WLC N3 UPF
TNGF Network

3GPP support for NPN over WLAN access NWt

SNPN: Standalone Non-Public Network
AUSF: Authentication Server Function
• 3GPP specs need to define access to NPN over
WLAN access via N3IWF/TNGF/TWIF
• Define EAP-TLS/EAP-TTLS procedure for NPN N1 AMF
EAP-TLS/
over WLAN access 5G Core EAP-TTLS

Network AUSF
Trusted (SNPN)
N5CW WLAN AP/
Up to operators to support EAP-TLS/EAP-TTLS UE Wi-Fi WLC
TWIF N3 UPF
Data
Network
support over PLMNs for Wi-Fi only devices

Enabling Wi-Fi only devices w/o USIM can expand reach of 5G services and applications
to many more devices across enterprises and verticals
source: WBA 5G Work Group
Access Traffic Steering, Switching and Splitting (1/2)

ATSSS feature provides support for Multi-

Access PDU (MA PDU) session ATSSS Architecture
• Enables PDU data delivery over 3GPP and
WLAN access simultaneously
AMF N11 SMF N7 PCF
• When UE registered over both access, user
plane resources established over both
N2 N2
Support for two steering functionalities N1
N4

• MPTCP functionality for TCP traffic, with

MPTCP converter proxy in UPF MPTCP
MPTCP 3GPP Access N3 Proxy
functionality
• ATSSS-LL functionality for all traffic types functionality

including TCP, UDP, ethernet traffic UE ATSSS-LL N6 Data Network

ATSSS-LL functionality
• UE/UPF may support one or more steering functionality
functionality. ATSSS-LL is mandatory for Non-3GPP Access N3 PMF
ethernet PDU session UPF

Performance Measurement Function (PMF)

supported for ATSSS-LL access ATSSS: Access Traffic Steering, Switching and Splitting

source: WBA 5G Work Group

Access Traffic Steering, Switching and Splitting (2/2)

ATSSS Rules ATSSS Steering Functionalities at the UE

Steering Mode – traffic distribution policy over 3GPP
and non-3GPP access
• Active Standby: Steer traffic on the Active access,
when the Active access becomes unavailable switch
to Standby access
• Smallest Delay: Steer traffic to the access with
smallest RTT delay
• Load Balancing: Split traffic across both access
based on percentage specified
• Priority Based: Steer traffic to high-priority access,
until that access gets congested. Then steer traffic
also to the low-priority access
Steering Functionality – MPTCP or ATSSS-LL
functionality used to steer the matching traffic

Release 17 eATSSS:
• Adding support for new multi-access steering
functionality using MPQUIC
source: WBA 5G Work Group
Complex Coexistence of Policies

Blurring between Wi-Fi and 5G creates opportunities for Wi-Fi, but complicates policy decisions
• Access selection (ANDSP), Pre-establishment (URSP) and Multi-path policy (ATSSS)
• Large number of policy stakeholders (device OEM, app providers, end user, service provider and enterprise IT)

source: WBA 5G Work Group

End-to-end QoS over WLAN Access

5G QoS Model Applied over WLAN Access

5G QoS model over WLAN access:
• 3GPP 5G QoS model is also applied QoS Rules
when traffic is carried over WLAN (mapping UL
QoS Rules
AMF/SMF
access packets to
QoS flows) App data packets
QoS Profile App data packets PDRs
• QoS Flow (identified by QFI) is the
QoS Flow
finest granularity of QoS Mapping QoS (identified by QFI)
differentiation flows to IPsec
child SAs
• 5QI (5G QoS Identifier) value
identifies QoS characteristics for a
PDRs
QoS flow (mapping app
IPsec child SA PDU Session data packets
❑ Standardized 5QI values defined for establishment
to QoS flows)
frequently used services IPsec child SA 1

• 5G QoS flows get mapped to IPsec IPsec child SA 2 UPF

child SAs when carried over WLAN UE WLAN AP/WLC N3IWF/TNGF 5G Core Network
access Control plane Data plane
SMF: Session Management Function
QFI: QoS Flow Identifier
PDR: Packet Detection Rule

source: WBA 5G Work Group

QoS Differentiation over WLAN Access

• To support end-to-end QoS, need QoS differentiation for 5G flows over WLAN access per 5G
QoS characteristics and parameters
• Two approaches to provide QoS management for 5G flows within WLAN access:

1) DSCP based QoS Mapping 2) IPsec SA based QoS Management

❑ QoS differentiation done based on ❑ QoS differentiation done based on identifying

DSCP marking in the IP header for
UL and DL data packets
❑ Applicable across all types of WLAN
integration architecture (via N3IWF,
TNGF and TWIF)
and prioritizing IPsec child SAs carrying 5G flows
❑ WLAN STA initiates QoS Traffic Stream setup for
IPsec child SAs using EDCA admission control
❑ Applicable for WLAN integration architecture via
N3IWF and TNGF

source: WBA 5G Work Group

DSCP based QoS Mapping

• 5QI to DSCP mapping done at the N3IWF/TNGF (for DL) and at the UE (for UL)
• DSCP markings get mapped to 802.11 UP/AC on WLAN AP (for DL) and STA (for UL)

Gaps and enhancements needed: 5G Core

UE
❑ Standardized 5QI values to DSCP UL: 5QI to 3GPP AMF
3GPP
mapping not defined DSCP mapping Stack RAN
N3
• IETF draft-henry-tsvwg-diffserv-to-qci-04
N2
defines a mapping but it has expired
• GSMA IR.34 defines mapping for LTE QCIs
but not for 5G UL: DSCP to
WLAN N3IWF/
802.11 UP/AC WLAN UPF
STA TNGF/ N3
❑ Support for tagging 5G data packets mapping Access
TWIF
with appropriate DSCP for UL/DL
❑ Define mapping between updated set 802.11
QoS
DL: DSCP to
802.11 UP/AC
DiffServ
QoS
DL: 5QI to DSCP
mapping
of DSCP values to 802.11 UP/AC mapping

source: WBA 5G Work Group

IPsec SA based QoS Management

• 5G QoS parameters and IPsec SA info for child SAs sent to WLAN STA on the UE
• WLAN STA maps 5G QoS parameters to 802.11 TSPEC, UP/AC and creates TCLAS from IPsec SA info and initiates QoS
Traffic Stream setup for IPsec child SAs using EDCA admission control
• WFA OCE project is addressing IPsec SA based QoS management within WLAN

5G Core
Gaps and enhancements needed: UE

3GPP AMF
❑ UE integration to pass IPsec SA and Stack
3GPP
RAN
5G QoS info to WLAN STA N3

5G QoS Info
❑ Mapping of 5G QoS parameters to IPsec SA Info
N2

DSCP
802.11 TSPEC parameters for WLAN
QoS Traffic Stream setup UL: 5G QoS to
802.11 UP/AC WLAN WLAN N3IWF or UPF
N3
mapping for STA Access TNGF
❑ Determine 802.11 UP/AC based on IPsec SA

5G QoS parameters (or DSCP)

802.11 EDCA QoS 802.11
❑
DL: IPsec SA
TCLAS element to specify filtering for Management for QoS traffic mapped
IPsec SA to 802.11 UP/AC
IPsec SA traffic

source: WBA 5G Work Group

Fine Grain QoS for 5G Flows

• IEEE 802.11ax has added several new capabilities such as TWT, scheduling, OFDMA and MU-
MIMO
• IEEE 802.11be includes features like Multi-link operation, Multi-AP and TSN support
▪ TSPEC enhancements being considered
• Further study needed on how 802.11ax resource scheduling can provide fine grain QoS for
5G flows based on 5G QoS characteristics (5QI) and parameters
• For 802.11be, QoS enhancements should consider how fine grain QoS (on throughput,
latency, PER, data burst) can be provided for 5G flows based on mapping of 5G QoS
characteristics and parameters to 802.11be enhanced TSPEC parameters

source: WBA 5G Work Group

Summary and Key Takeaways

WLAN access can be integrated in 5G System using untrusted or trusted integration

model as defined by 3GPP Release 15/16
Some challenges and enhancements need to be addressed to enable full end-to-end
system support for 5G and Wi-Fi convergence

Trusted WLAN access integration

• ANQP based trusted WLAN access discovery, generation of 3GPP specific NAI, support Ta and Yw
interfaces, EAP-5G messages filtering, and using TNAP key as the PMK
• Ta and Yw AAA-based interfaces not defined by the standard
• Examine any impact of 5G Trusted WLAN Access key hierarchy on the 802.11r key hierarchy

Support for Wi-Fi Only devices w/o USIM

• Requires supporting EAP-TLS/EAP-TTLS methods in private networks
• Add 3GPP support for WLAN access for NPN (Non-Public Network)
• 5G capable Wi-Fi only UEs need to support 3GPP control plane and user plane functions

Support for end-to-end QoS

• DSCP based QoS: Define 5QI to DSCP mapping and 3GPP specific DSCP values to 802.11 UP/AC mapping
• IPsec SA based QoS: UE side integration to pass IPsec SA and 5G QoS info, mapping of 5G QoS to 802.11
TSPEC parameters, support IPsec SA based QoS TS setup
• Further study on how fine grain QoS for 5G flows can be provided in 802.11ax and 802.11be

source: WBA 5G Work Group

Next Steps

Liaisons sent to other SDOs to align the industry and facilitate

actions to address identified issues on 5G/Wi-Fi Convergence
Liaison Activity
• LS to 3GPP SA, WFA, IEEE 802.11, GSMA, IETF, ATIS and NGMN
• Follow-up collaboration with IEEE and WFA

New project for WBA 5G WG in 2021 - examine unique set of 5G and

Private 5G and Wi-Fi Wi-Fi convergence related challenges in private networks
Convergence • Phase 1: Technical whitepaper focusing on use cases, deployment scenarios, challenge
analysis (including QoS/TSN support), potential solutions and deployment guidelines.
• Phase 2: Conduct Private 5G and Wi-Fi 6/6E convergence trials in key verticals.

IEEE and WBA to work together to address challenges and fully

Call-for-Action!
define end-to-end support for 5G and Wi-Fi convergence!

source: WBA 5G Work Group

Thank You

Thank you! Q&A

WBA PMO: [email protected]