Packet Data Interworking Function Overview
Step
Description
14
After a CHILD_SA is created using the TIA, if the PDIF/FA received 3GPP2_MIP_MODE during the IKEv2 negotiation,
or if MIP_Required subscriber configuration is present in the subscriber profiles, the PDIF/FA sends agent advertisements
to the MS.
15
The MS sends a MIP RRQ (including the NAI extension), an MN-AAA authentication extension, etc., to the FA. The HA
IP address is set to 0 (zero) because the H-AAA assigns the HA. This is the usual NAI without the MAC address of the
WiFi AP in the realm.
16
The PDIF/FA sends a RADIUS access-request to the H-AAA to authenticate the MS credential conveyed in the MN-AAA
authentication extension and requests the assignment of an HA.
17
The H-AAA authenticates the MS successfully and sends the RADIUS access-accept message with the HA IP address.
18
The PDIF/FA forwards the RRQ to the HA.
19
The HA sends an access-request to the H-AAA to retrieve the MN-HA key in order to authenticate the MN-HA extension.
20
The HA receives the MN-HA key and authenticates the extension.
21
The HA assigns the IP address (HoA) for the MS and sends the RRP back to the PDIF/FA.
22
The PDIF/FA sends the HoA IP address to the MS.
23
After the MS obtains the HoA in the RRP, the MS sends the CREATE_CHILD_SA message with the Traffic Selector
payload for Initiator (TSi) set to the HoA. This IKEv2 exchange creates a new IPSec SA.
24
The PDIF/FA sends a RADIUS accounting start message to the H-AAA.
25
The PDIF/FA then updates the subscriber's HSS profile with the indication that the IPSec session is active and the
appropriate IP address.In this case, since it is MIP, it is the HoA assigned by the HA. In the case of simple IP Fallback, it
would be the TIA assigned by the PDIF/FA. The HSS profile is updated using the Profile Update-Request (PUR)
command.
26
PDIF/FA sends Delete payload in the informational message to delete the old IPSec SA associated with the previously
assigned TIA.
Simple IP and Simple IP Fallback
For some simple IP deployments, the PDIF/FA authenticates the MS and provides an IP address for packet data
services. In addition, the PDIF/FA supports Simple IP fallback if the MS abandons mobile IP operations due to not
being able to successfully finish mobile IP registration after the first TIA-based IPSec tunnel is established. These
scenarios are described below.
OL-22938-02
Sample Deployments ▀
Cisco ASR 5000 Series Product Overview ▄