This clause is related to the case when the UE attaches to a Trusted Non-3GPP Access network and host based mobility management mechanisms are used. Dual Stack MIPv6, RFC 5555 is used for supporting mobility over S2c interface.
The S2c initial attach can be seen to consist of several modules:
The UE sets up local IP connectivity in a Trusted Non-3GPP Access
The UE discovers the HA, and establishes a security association with it to protect DSMIPv6 signalling.
Non-roaming (Figure 4.2.2-1), home routed roaming (Figure 4.2.3-1) and Local Breakout (Figure 4.2.3-4) cases are supported by this procedure. The AAA proxy and vPCRF are only used in the case of home routed roaming and Local Breakout. In non-roaming scenarios, the AAA proxy and vPCRF are not involved.
This procedure is also used to establish the first PDN connection over a trusted non-3GPP access with DSMIPv6 on S2c when the UE already has active PDN connections only over a 3GPP access and wishes to establish simultaneous PDN connections to different APNs over multiple accesses.
The optional interaction steps between the gateways and the PCRF in the procedures only occur if dynamic policy provisioning is deployed. Otherwise policy may be statically configured in the gateway.
The UE may be authenticated and authorised to access the Trusted Non-3GPP Access network according to an access network specific procedure. These procedures are outside the scope of 3GPP, After the authentication, UE is configured with Local IP Address from the access network domain.
Access Authentication procedure for trusted Non-3GPP access networks between UE and the 3GPP EPC shall be performed as defined by TS 33.402 unless the conditions in TS 33.402 are met that allow to skip this procedure. As indicated above, in the roaming case signalling may be routed via a 3GPP AAA Proxy in the VPLMN. As part of the AAA exchange for network access authentication, the AAA/HSS and/or the 3GPP AAA Proxy may return to the Trusted non-3GPP IP Access a set of home/visited operator's policies to be enforced on the usage of local IP address, or IPv6 prefix, allocated by the access system upon successful authentication. Subscription data is provided to the Trusted non-3GPP IP Access by the HSS/AAA in this step.
The L3 connection is established between the UE and the Trusted Non-3GPP Access system. As a result of this procedure, an IPv4 address or an IPv6 address/prefix is also assigned to the UE by the access system (i.e. a Local IP address that will be used as a Care-of Address for DSMIPv6 over the S2c reference point).
If the access system supports PCC-based policy control, the access gateway initiates a Gateway Control Session Establishment Procedure with the PCRF as specified in TS 23.203. The message includes at least the UE IP address or IPv6 prefix allocated by the access system in step 2. The message includes also the IP-CAN type.
Based e.g. on the UE identity and user profile, operator's policies and the IP-CAN type, the PCRF decides on the QoS policy rules and completes the session establishment towards the access gateway. The rules provided in this step are referred to the address assigned by the trusted non-3GPP access.
In the roaming case, PCC signalling is sent via a vPCRF in the VPLMN.
The UE discovers the PDN-GW (Home Agent) as specified in clause 4.5.2 of this specification. A security association is established between UE and PDN-GW to secure the DSMIPv6 messages between UE and PDN-GW and for authentication between the UE and the PDN-GW. The UE initiates the establishment of the security association using IKEv2, RFC 5996; EAP, RFC 3748 is used over IKEv2 for authentication purposes. The PDN-GW communicates with the AAA infrastructure in order to complete the EAP authentication via S6b. The APN-AMBR and Default Bearer QoS is provided to the PDN-GW in this step.
If the PDN requires an additional authentication and authorization with an external AAA Server, an additional authentication is executed in this step. Details on these multiple authentications are specified in RFC 4739 and in TS 33.402 (Private Network Access (PNA)).
During this step the UE may include the APN of the PDN it wants to access and it can also request the IPv6 home prefix as defined in RFC 5026 in order to influence the IPv6 home network prefix assignment procedure. Even if the UE requests more than one IPv6 home prefix, the PDN-GW shall assign only one IPv6 home prefix to the UE.
During this step an IPv6 home prefix is assigned by the PDN-GW to the UE as defined in RFC 5026. After the IPv6 home network prefix is assigned, UE constructs a home address from it via auto-configuration. The associated PDN identity (APN) shall be indicated to the UE via the IDr payload. In case the UE provided APN to the PDN-GW earlier in this step, the PDN-GW shall not change the provided APN.
During this step, the PDN-GW also informs the 3GPP AAA Server of the identity of the selected PDN-GW and the APN corresponding to the UE's PDN Connection. The PDN-GW also provides information that identifies the PLMN in which the PDN-GW is located. This information is registered in the HSS as described in clause 12.
The UE sends the DSMIPv6 Binding Update (IP Addresses (HoA, CoA), Lifetime) message to the PDN-GW as specified in RFC 5555. The UE shall inform the PDN-GW that IP address preservation shall be maintained for the whole home network prefix.
The PDN-GW processes the binding update. During the processing the PDN-GW performs authentication and authorization of the message using the IPsec security association established in Step 4. During this step the UE can request an IPv4 home address to the PDN-GW as defined in RFC 5555.
If PCC is supported, the PDN-GW initiates the IP-CAN Session Establishment Procedure with the PCRF as specified in TS 23.203. The message includes at least the HoA and the CoA. The message may also include a permanent UE identity and an APN string. The PDN-GW shall provide information about the mobility protocol tunnelling header to the PCRF, the APN-AMBR and Default Bearer QoS obtained in step 4.
The PCRF decides on the PCC rules and Event Triggers and provisions them to the PDN-GW. The PDN-GW installs the received PCC rules.
The PDN-GW sends the DSMIPv6 Binding Ack (Lifetime, IP Addresses (HoA, CoA)) message to the UE. In this step the PDN-GW may include the duration of the binding and the IPv4 home address allocated for the UE as specified in RFC 5555, if previously requested by the UE and allowed by the subscription profile as it is specified in the E-UTRAN attach procedure in TS 23.401. Even in case the UE requests more than one IPv4 home address in step 5, the PDN-GW shall assign only one IPv4 home address for the UE.
The PCRF initiates the Gateway Control and QoS Rules Provision Procedure specified in TS 23.203 by sending a message with the information of mobility protocol tunnelling encapsulation header to the Trusted non 3GPP access Gateway. In case the QoS rules have changed, the updated QoS rules shall also be included in this message.