Description
Within the 3GPP specification for LTE WLAN Radio Level Integration with IPsec Tunnel (often abbreviated as LWIP), the term 'LWIP' specifically denotes a Protocol Data Unit (PDU). This LWIP PDU is generated by the LWIP Encapsulation Protocol (LWIPEP) entity in the user equipment (UE) for downlink transmission, and by the eNodeB (eNB) for uplink transmission, destined for transport over a WLAN link. The core function is to securely integrate WLAN as a data radio bearer for LTE traffic. The LWIP PDU is essentially an IP packet that encapsulates the original user data (an IP packet or an Ethernet frame) and is protected by an IPsec Encapsulating Security Payload (ESP) tunnel established directly between the UE and the eNB.
The architecture involves the UE establishing an IPsec ESP tunnel with the eNB over the untrusted WLAN access network. For user data destined to use the LWIP bearer, the UE's LWIPEP entity takes the original uplink IP packet (from the applications), performs any necessary encapsulation (e.g., into an Ethernet frame if required by the WLAN), and then this becomes the payload of a new IP packet. This new outer IP packet is the one that is secured by the IPsec ESP tunnel and routed over the WLAN link to the eNB. This resulting secured packet, ready for transmission on the WLAN, is the LWIP PDU. In the downlink direction, the eNB's LWIPEP entity performs the reverse operation, creating the secured LWIP PDU for transmission to the UE over WLAN.
From a network perspective, the eNB has full control over this data path. It decides which EPS bearers are routed via the LWIP tunnel (WLAN) and which are sent over the conventional LTE-Uu interface. The eNB terminates the IPsec tunnel, decrypts the LWIP PDU, extracts the original user data, and forwards it toward the core network via the S1-U interface. This makes the WLAN link appear as a secure, integrated layer-2 transport for the LTE bearer, managed entirely by the eNB. Key components are the LWIPEP entity, the IPsec security association, and the control-plane signaling that configures the LWIP bearer. The role of the LWIP PDU is to be the standardized, secured container that enables the eNB to use WLAN radio resources as a controlled extension of the LTE radio access network.
Purpose & Motivation
LWIP technology was developed to provide an alternative, secure method for tight radio-level integration of WLAN with LTE, complementing the LWA approach. It addressed the need for a solution that could work with existing, unmodified WLAN access points (untrusted WLAN) without requiring a dedicated WLAN Termination (WT) node as defined for LWA. Prior to LWIP, using untrusted WLAN required routing user traffic through the core network (e.g., via ePDG), which introduced latency and complexity for real-time radio resource management.
The primary problem LWIP solves is enabling the eNB to directly control and securely route user plane traffic over any generic WLAN network, treating it as a virtual radio link. It solves the security concern of transmitting LTE user data over an untrusted IP network (the WLAN) by mandating a direct IPsec tunnel between the UE and eNB. This approach provides a lower-latency path compared to core-network tunneling, allows for faster switching between LTE and WLAN, and gives the eNB the ability to perform efficient traffic steering and aggregation at the radio level. The motivation was to offer operators a flexible deployment option for WLAN integration that did not necessitate upgrades to the WLAN infrastructure itself, lowering the barrier for leveraging existing Wi-Fi deployments to augment cellular capacity.
Key Features
- Defines a specific PDU format for secure transmission over WLAN in an LWIP context
- Relies on an IPsec ESP tunnel established directly between the UE and the eNB
- Enables the eNB to use untrusted, standard WLAN APs as a data path
- Supports bearer-specific routing decisions made by the eNB
- Provides integrity protection and confidentiality for user data over WLAN
- Allows for UE mobility between WLAN and LTE with session continuity managed by the eNB
Evolution Across Releases
Introduced the LWIP architecture and the definition of the LWIP PDU. Defined the LWIPEP entity procedures, the establishment of the IPsec tunnel between UE and eNB, and the control-plane signaling for bearer configuration. Provided the foundation for secure radio-level integration with untrusted WLAN.
Enhanced LWIP mobility procedures and integration with other 3GPP features. Improved support for seamless handover and session continuity between LTE and WLAN links under eNB control.
Introduced further enhancements for efficiency and support for new service requirements, potentially including optimizations for specific traffic types and improved resource management.
Part of 5G-Advanced studies, exploring advanced traffic steering, energy savings, and enhanced performance for integrated access backhaul and user plane scenarios involving WLAN.
Defining Specifications
| Specification | Title |
|---|---|
| TS 23.401 | 3GPP TS 23.401 |
| TS 23.402 | 3GPP TS 23.402 |
| TS 23.729 | 3GPP TS 23.729 |
| TS 29.272 | 3GPP TS 29.272 |
| TS 32.868 | 3GPP TR 32.868 |
| TS 33.401 | 3GPP TR 33.401 |
| TS 36.300 | 3GPP TR 36.300 |
| TS 36.331 | 3GPP TR 36.331 |
| TS 36.361 | 3GPP TR 36.361 |
| TS 36.413 | 3GPP TR 36.413 |
| TS 36.463 | 3GPP TR 36.463 |
| TS 36.464 | 3GPP TR 36.464 |
| TS 36.465 | 3GPP TR 36.465 |