LWIP

LTE WLAN Radio Level Integration with IPsec Tunnel

Protocol →
Introduced in Rel-13 Also in: Core Network

LWIP is a Protocol Data Unit generated for secure transmission over WLAN, representing encapsulated user data routed via an IPsec tunnel between the UE and eNB to enable LTE-controlled WLAN integration.

Category
Protocol
Introduced
Rel-13
Where
Radio Access Network › E-UTRAN (LTE)
Also touches
1 segments
Specifications
13 specs
LWIP Description Purpose Related Classification Detected Changes Specifications

Description

Within the 3GPP specification for LTE WLAN Radio Level Integration with IPsec Tunnel (often abbreviated as LWIP), the term 'LWIP' specifically denotes a Protocol Data Unit (PDU). This LWIP PDU is generated by the LWIP Encapsulation Protocol (LWIPEP) entity in the user equipment (UE) for downlink transmission, and by the eNodeB (eNB) for uplink transmission, destined for transport over a WLAN link. The core function is to securely integrate WLAN as a data radio bearer for LTE traffic. The LWIP PDU is essentially an IP packet that encapsulates the original user data (an IP packet or an Ethernet frame) and is protected by an IPsec Encapsulating Security Payload (ESP) tunnel established directly between the UE and the eNB.

The architecture involves the UE establishing an IPsec ESP tunnel with the eNB over the untrusted WLAN access network. For user data destined to use the LWIP bearer, the UE's LWIPEP entity takes the original uplink IP packet (from the applications), performs any necessary encapsulation (e.g., into an Ethernet frame if required by the WLAN), and then this becomes the payload of a new IP packet. This new outer IP packet is the one that is secured by the IPsec ESP tunnel and routed over the WLAN link to the eNB. This resulting secured packet, ready for transmission on the WLAN, is the LWIP PDU. In the downlink direction, the eNB's LWIPEP entity performs the reverse operation, creating the secured LWIP PDU for transmission to the UE over WLAN.

From a network perspective, the eNB has full control over this data path. It decides which EPS bearers are routed via the LWIP tunnel (WLAN) and which are sent over the conventional LTE-Uu interface. The eNB terminates the IPsec tunnel, decrypts the LWIP PDU, extracts the original user data, and forwards it toward the core network via the S1-U interface. This makes the WLAN link appear as a secure, integrated layer-2 transport for the LTE bearer, managed entirely by the eNB. Key components are the LWIPEP entity, the IPsec security association, and the control-plane signaling that configures the LWIP bearer. The role of the LWIP PDU is to be the standardized, secured container that enables the eNB to use WLAN radio resources as a controlled extension of the LTE radio access network.

Purpose & Motivation

LWIP technology was developed to provide an alternative, secure method for tight radio-level integration of WLAN with LTE, complementing the LWA approach. It addressed the need for a solution that could work with existing, unmodified WLAN access points (untrusted WLAN) without requiring a dedicated WLAN Termination (WT) node as defined for LWA. Prior to LWIP, using untrusted WLAN required routing user traffic through the core network (e.g., via ePDG), which introduced latency and complexity for real-time radio resource management.

The primary problem LWIP solves is enabling the eNB to directly control and securely route user plane traffic over any generic WLAN network, treating it as a virtual radio link. It solves the security concern of transmitting LTE user data over an untrusted IP network (the WLAN) by mandating a direct IPsec tunnel between the UE and eNB. This approach provides a lower-latency path compared to core-network tunneling, allows for faster switching between LTE and WLAN, and gives the eNB the ability to perform efficient traffic steering and aggregation at the radio level. The motivation was to offer operators a flexible deployment option for WLAN integration that did not necessitate upgrades to the WLAN infrastructure itself, lowering the barrier for leveraging existing Wi-Fi deployments to augment cellular capacity.

Classification

Part ofLWA
Specific typesLWALWIPEP
Related approachesIPSecEPDG

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (40 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-13, normative work from Rel-15.

Rel-15 18 changes

In Release 15, the LWIP function saw corrections to the applicability of the Secondary RAT Data Usage report, aligning it with other access technologies like LAA and LWA. Additionally, security for radio link failures was enhanced for UEs using user plane over control plane by specifying the use of NAS level security.

  • Enabling ePDG selection using 5GS TAI information TS 23.402CR2984
  • Introduction of New Radio Access Technology in TS 36.300 TS 36.300CR0998
  • Reliable Data Service with PtP SGi Tunnelling TS 23.401CR3344
  • Use of ARP priority level in addition to QCI for packet handling TS 23.401CR3359
  • Radio efficient handling of large UE radio capabilities at inter-RAT and SRVCC handover TS 23.401CR3423
  • Handling of very large UE radio capabilities for the anticipated EN-DC UEs TS 23.401CR3426

+ 12 more changes

Rel-16 14 changes

In Release 16, the enhancements for LWIP primarily focused on optimizing UE radio capability signaling, rather than introducing new LWIP-specific procedures. Key additions included the formal introduction and handling of a UE Radio Capability ID across various EPS signaling procedures, such as in the Connection Establishment Indication and for paging within a RACS context. This release also expanded support for multiple radio capability formats and improved the linkage for radio capability filtering specific to this identifier.

  • Adds UE Radio Capability ID in signalling procedures TS 23.401CR3503
  • Handling of NB-IOT radio capabilities and RACS in EPS TS 23.401CR3526
  • UE Radio Capability ID allocation in EPS TS 23.401CR3527
  • Deletion of UE Radio Capability ID using GUTI reallocation TS 23.401CR3587
  • Missing the Radio Capability Filtering linkage to the UE Radio Capability ID TS 23.401CR3595
  • UE radio capability for EPS TS 23.401CR3596

+ 8 more changes

Rel-17 5 changes

In Release 17, specific enhancements were made to the handling of UE radio capability information for paging procedures, particularly when the MME changes. The release also introduced corrections to the deletion procedure for PLMN-assigned UE Radio Capability IDs to ensure proper management. Furthermore, clarifications were provided to avoid any unintended linkage between security functions and UE Radio Access Capabilities.

  • Clarification on handling of UE radio capability for paging when MME changes TS 23.401CR3687
  • Handling of radio capabilities across TN and NTN IoT TS 23.401CR3707
  • Avoid linkage between security functions and UE Radio Access Capabilities TS 33.401CR0708
  • Handling of UE Radio Capability for Paging TS 23.401CR3644
  • Correction to deletion procedure for PLMN-assigned UE Radio Capability IDs TS 23.401CR3657
Rel-18 2 changes

In Release 18, the LWIP function received updates focused on procedural clarifications and measurement accuracy. Specifically, corrections were made to the UE radio capability update procedure, and clarifications were provided on the mapping of RSRP thresholds to Coverage Enhancement levels. These enhancements ensure more reliable UE capability signaling and improved radio resource management for integrated LTE-WLAN operation.

  • Correcting the reference for UE radio capability update procedure TS 23.401CR3746
  • Clarification on the mapping of RSRP thresholds to CE levels TS 36.331CR5100
Rel-19 1 change

In Release 19, the LWIP function was updated with a correction to the UE Radio Capability Retrieval procedure. This change ensured the proper handling of UE radio capabilities within the LTE-WLAN radio level integration framework. The update specifically addressed the signaling between the relevant network nodes involved in managing these capabilities for LWIP operation.

  • Correction on UE Radio Capability Retrieval TS 36.413CR1964

Explore further

Broader topics and technologies where LWIP plays a role.

Topics
LTE / LTE-AdvancedLawful InterceptManagement & OperationsRadio Access NetworkCore NetworkSecurity
Technologies
LTE

Defining Specifications

3GPP specifications that define or reference LWIP, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TS 23.401 vj50 Evolved Packet System (EPS) Stage 2 Description Rel-19
TS 23.402 vj00 EPC for Non-3GPP Access (PMIP) Rel-19
TS 23.729 vf00 Unlicensed Spectrum Offloading System Enhancements Rel-15
TS 29.272 vj40 Diameter Interfaces for MME/SGSN Rel-19
TS 32.868 vf00 OAM aspects of LTE-WLAN integration (LWA/LWIP) Rel-15
TS 33.401 vj10 EPS Security Architecture Rel-19
TS 36.300 vj00 E-UTRAN Radio Interface Protocol Architecture Overview Rel-19
TS 36.331 vj00 LTE RRC Protocol Specification Rel-19
TS 36.361 vj00 LWIP Encapsulation Protocol Specification Rel-19
TS 36.413 vj10 S1 Application Protocol (S1AP) Rel-19
TS 36.463 vj00 XwAP Protocol Specification Rel-19
TS 36.464 vj00 Xw Interface User Plane Protocol Rel-19
TS 36.465 vj00 Xw User Plane Protocol Specification Rel-19