OBAN Open Broadband Access Networks H. Almus, TU Berlin, EANTC Research The OBAN project is funded by the European Community’s Sixth Framework Programme, project partners and the Swiss Bundesamt für Bildung und Wissenschaft The information in this document is provided as is and no guarantee or warranty is given that the information is fit for any particular purpose. The user thereof uses the information at its sole risk and liability

© 2006 H. AlmusTERENA Networking Conference An Open Network

© 2006 H. AlmusTERENA Networking Conference OBAN Concept To open private WLANs for public use –Allowing people who are passing by (visiting users) to get broadband access via privately owned WLAN access points Business idea beyond –Visiting users pay according to there usage –Contracts between all involved parties will assure appropriate earnings Private use Public use Access to broadband network WLAN ISP OBAN mobility support –Seamless handover and roaming Limited to velocities ≤ 15 km/h OBAN integrated extended services –Voice (VoWLAN, VoIP), Video –Location specific services Local content based on knowledge of coordinates of used broadband access

© 2006 H. AlmusTERENA Networking Conference Broadband access today and tomorrow xDSL technologies –Example ADSL, typical configured bandwidth 1 to 2 Mbps, mostly 8 Mbps possible –Example ADSL 2+, VDSL, VDSL2 provides from 24 Mbps to Mbps Cable modems in TV distribution networks Fiber cable to the home Wireless technologies –Extended use expected According to BT Group: WiMAX for home installation available at the end of 2006 Private flats and houses do have broadband access !!! –23% of the European households are using broadband connections –Broadband connections in Germany (end of 2005) around 10,4 million connections (27 % of German households)

© 2006 H. AlmusTERENA Networking Conference Use of capacities Most private users are using the rented bandwidth only for minor downloads –Usage heavily depends on the daytime Mostly used in the evening and on weekends Minor usage during common working hours Rented bandwidth usually below technical available bandwidth –Caused by price policy of ISPs –Most often, the rented bandwidth is 1 or 2 Mbit/s (downlink) –On average, the installed broadband access technology allows around 8 Mbit/s (downlink) –Estimated average use of a broadband access: ≤ 10 GByte per month Only around 3-4 % of the rented bandwidth is actually used Regarding the technical available bandwidth at the access points, only around 0,5 % is used

© 2006 H. AlmusTERENA Networking Conference Network evolution Today's mobile networks are evolving to broadband –Number of base stations and feeder lines will increase dramatically –Next step from today's UMTS may require optical cables in the feeder network –Granularity will become comparable to that of the fixed network The fixed network is continuously updated with advanced DSL technologies and optical cables –Most of the connected households and businesses will use WLAN technologies for in-house networking Extended use of WLANs as well as growing bandwidth demands will lead to a convergence of booth networks

© 2006 H. AlmusTERENA Networking Conference Networks & Cell sizes today and tomorrow WLAN Mobile network

© 2006 H. AlmusTERENA Networking Conference Parties involved ISP-VU Internet HU = Home User VU = Visiting User ANP= Access Network Provider ISP= Internet Service Provider RG = Residential Gateway (OBAN extended Access-Router) AP = WLAN Accesspoint AP RG HU VU ISP-HU ANP

© 2006 H. AlmusTERENA Networking Conference OBAN bandwidth management Simple bandwidth management –Home user retains the rented bandwidth and performance, independent from any access and usage by visiting users Conventional sharing concepts are based on a common use of the bandwidth rented by the home user (Boingo, Linkspot etc.) –Use of additional available bandwidth for visiting users –Solution by adapted bandwidth management 2 data paths with fixed, well defined access rates Extended bandwidth management –Bandwidth actually not used by the home user will be available for visiting users in addition to the extended bandwidth statically reserved for visiting users –Realization requires strict prioritization of the private users traffic in the limits of the rented bandwidth The OBAN approach is a provider oriented solution – it requires the involvement of the access network provider! –Solutions as offered by Boingo are just roaming agreements

© 2006 H. AlmusTERENA Networking Conference QoS in OBAN Bandwidth management, prioritization –based on e / WMM –OBAN QoS Broker Knows the capacity of the access network –Traffic policing, priority queuing manages QoS-Profiles for each OBAN user –Integrated in the backend, could be integrated in AAA server –Residential Gateway Capacity Distribution Algorithm (CDA) defines, which capacity an end system (terminal) gets assigned at a given time Traffic policing / shaping, priority queuing to ensure proper use Capacity tracking and adoption according to changing conditions –Terminal Supports traffic shaping, capacity tracking WLAN: –QoS enabled MAC (802.11e/WMM); priorities are mapped to WLAN access categories

© 2006 H. AlmusTERENA Networking Conference Mobility in OBAN Basic objectives of the OBAN project: –„Smart change“ of the IP network as well as seamless roaming between service providers –Single Sign On The user has to authenticate only once –Seamless IP Connectivity Change of network access, IP subnet as well as roaming shall not disturb or (noticeable) interrupt currently used IP services –No loss of TCP connections, SIP session etc. »Supported by use of Mobile IPv4 (MIP)

© 2006 H. AlmusTERENA Networking Conference Security in OBAN Security and privacy protection –Questions and requirements Who must have access to which data? Who isn't allowed to have access to which data? How can a OBAN network be realized in line with local and European laws? –25 country specific laws and regulations regarding service provisioning, protection of private data, encryption etc. Acceptance of OBAN by private and visiting users? –What kind of data security as well as privacy protection has to be offered?

© 2006 H. AlmusTERENA Networking Conference Security Extended requirements Extended protection against manipulation required because –OBAN WLAN APs and RG are located in private homes HU could try to fake an OBAN WLAN AP and to forward modified visiting user data to the RG (Man-in-the-Middle-Attack) HU could also manipulate the RG itself to modify information (e.g. billing relevant date) –OBAN WLAN APs are interconnected to the private network of the HU VUs could attack and try to manipulate OBAN WLAN AP to get access to private data of the HU OBAN networks have to securely separate the data of HUs and VUs –Separated VPNs for HU and VU are required –The identity of the HU has to be hidden to the VUs as well as vice versa OBAN hardware and software components must be protected against manipulation and misuse

© 2006 H. AlmusTERENA Networking Conference Mobility MIP / Handover OBAN has to support a secured data exchange in combination with a change of the used network without service interruption –OBAN project objectives include the support of interactive multimedia services like videoconferencing and VoIP –OBAN tries to achieve handover times less than 120 ms (Layer 3) Typical handover times of 350 ms ore even higher (like 8-10 s in MIP environments) are not acceptable. Consequences: –The handover process including re-authentication has to take place automatically - without any user interaction –The used Mobile IP solution has to be compatible with common encryption techniques (VPN, IPSec and SSL) Encryption must be setup as overlay on top of MIP, end points of encrypted tunnels are terminated in MIP OBAN terminals (notebooks, PDAs) have to support Mobile IP as well as some OBAN specific extensions OBAN users will have to install some OBAN specific software

© 2006 H. AlmusTERENA Networking Conference Handover performance How to minimize the WLAN handover delay? Code optimization alone will not be a solution to the OBAN goal (< 120 ms on Layer 3) WLAN technology doesn’t support “make before break” as used in GSM/UMTS networks Extended mobility management is required –Residential Gateway (RG) acts as access router Extended functions to avoid painful delays (DHCP etc.) –Sophisticated authentication mechanisms To support fast and automated re-authentication –Extended services and functions to be implemented proxy servers mobility broker –Knows about neighbored APs, network configuration –Supports fast re-authentication QoS broker –Knows about currently available QoS on neighbored APs

© 2006 H. AlmusTERENA Networking Conference Authentication Full authentication (via AAA server) when changing AP / roaming is by far to slow Alternate solutions discussed within OBAN 1.Delayed Authentication 1.Data traffic without previous authentication allowed for a limited time period 2.Full authentication done immediately in parallel to initial use 2.Use of Kerberos Tickets 1.Split of authentication process 1.Traditional full authentication via AAA server for the 1st access 2.Specific authentication on shared secrets, partly shared in advance 3.Time-shifted computing 1.Based on mutual authentication between terminal and Residential Gateway in conjunction with a secured information and trusted points Solution 1 –Delayed authentication may be forbidden by law at least in some European countries the ISP has explicitly inform the user about the approach and the risks regarding the initial data exchange Solution 2 and 3 –Use of topographic knowledge required (neighborhood relations) Knowledge about reachable APs, additional information for re-authentication, Protocol extensions (801.X, EAP-xxx)

© 2006 H. AlmusTERENA Networking Conference OBAN proof of concept Field trial (Telenor) –continuously used to test solutions as soon as available, Testbed at TU Berlin –Used for additional functional testing Field Trial in Paris (France Telecom) –scheduled for the final phase of the project to test the integrated OBAN environment Portable Demonstrator –Used for specific tests as well as for demonstration purposes at exhibitions Portable demonstrator: Configuration example for "inter- provider handover” testing

© 2006 H. AlmusTERENA Networking Conference Extended Services IP Zones, SIP-UA, … Different portals for Visiting Users (VU) und Home Users (HU) –VU: location specific offers Exact location of Residential Gateway is known! Local events, special offers, … Taxi stand next door, timetable of nearby located bus stops & undergrounds Navigation: distance to events, friends, …. –HU: may offer specific services to VUs Garage sale today Print Service (if HU is at home) SIP-UA: OBAN aware application –SIP based videoconferencing with automated adaptations Adopt codec used and image size in accordance with available QoS –Information provided by OBAN QoS broker

© 2006 H. AlmusTERENA Networking Conference OBAN project partners The OBAN concepts, ideas and solutions presented are the results of the common efforts of all OBAN partners

© 2006 H. AlmusTERENA Networking Conference Thank you! Questions? More information is available on the OBAN public web pages: