Trusted WLAN Access Gateway

Description

The Trusted WLAN Access Gateway (TWAG) is a critical functional entity defined within the 3GPP architecture for trusted, non-3GPP access. It resides within the Trusted WLAN Access Network (TWAN) and serves as the gateway between the WLAN and the 3GPP Evolved Packet Core (EPC). Its primary role is to establish and manage IP connectivity sessions for User Equipment (UE) that connect via a trusted WLAN, such as a carrier-managed Wi-Fi hotspot. The TWAG implements the network-side functionality of the S2a reference point, which connects the TWAN to the Packet Data Network Gateway (PGW) in the EPC. This interface can be realized using either the GPRS Tunnelling Protocol (GTP) or the Proxy Mobile IPv6 (PMIPv6) protocol, allowing for flexible deployment scenarios and interworking with existing core network elements.

Architecturally, the TWAG works in conjunction with the Trusted WLAN AAA Proxy (TWAP) and the Trusted WLAN Access Point (TWAP) functions within the TWAN. When a UE attaches to the trusted WLAN, authentication and authorization are handled via the TWAP and the 3GPP AAA Server. Once authenticated, the TWAG is responsible for establishing a bearer path for the UE's data traffic. It creates a tunnel (GTP or PMIP) over the S2a interface to the PGW, which serves as the anchor point for the UE's IP session. This tunnel carries all user plane traffic, ensuring seamless service continuity and allowing the UE to access packet data services (e.g., IMS, internet) as if it were connected via a 3GPP radio access network.

The TWAG performs essential mobility and session management functions. It manages the binding between the UE's local IP address in the WLAN and its core network IP address (assigned by the PGW). For mobility events, such as handovers between different WLAN access points within the same TWAN or to/from a 3GPP access, the TWAG collaborates with the core network to update the bearer path with minimal disruption. It also interfaces with the Policy and Charging Rules Function (PCRF) via the TWAP or directly (depending on architecture) to enforce quality of service (QoS) and charging policies received from the core network. This ensures that service flows are treated appropriately according to the user's subscription and the requested service.

In summary, the TWAG is the central user-plane gateway in the trusted WLAN interworking architecture. It abstracts the underlying WLAN technology from the core network, presenting it as a trusted access network to the EPC. By providing standardized interfaces and protocols, it enables secure, seamless, and policy-controlled integration of high-performance WLAN into the mobile operator's service portfolio, forming a cornerstone for early Wi-Fi offloading and fixed-mobile convergence strategies.

Purpose & Motivation

The TWAG was introduced to solve the problem of seamless and secure integration of operator-controlled Wi-Fi networks into the 3GPP mobile packet core. Prior to its standardization, Wi-Fi was largely treated as an untrusted, external IP access network, requiring users to establish separate connections (often via VPNs) and resulting in a disjointed user experience with broken session continuity. The primary motivation was to leverage the growing deployment of high-quality WLAN infrastructure as a complementary radio access technology to cellular networks, enabling data offloading and improved capacity.

The creation of the TWAG, as part of the broader Trusted WLAN Access Network (TWAN) concept in 3GPP Release 11, was driven by the need for a standardized architecture. This architecture would allow mobile operators to treat their own or partner Wi-Fi networks as a trusted extension of their radio access network. The key problem it addressed was the lack of a standardized gateway function that could terminate core network protocols (GTP/PMIP) from the WLAN side, enabling tight coupling with the EPC for authentication, policy enforcement, and charging. This was a significant advancement over the untrusted access model defined earlier, which relied on IPsec tunnels initiated from the UE (eSWAG), which was more complex and less scalable.

By providing a network-based gateway, the TWAG enabled several crucial capabilities: seamless access to 3GPP packet data services (like IMS) over WLAN, support for network-controlled mobility and handover to/from 3GPP access, and the application of consistent policy and charging rules regardless of the access technology. This facilitated the operator's vision of Fixed-Mobile Convergence (FMC) and laid the groundwork for more integrated access in later 5G systems. It solved the limitations of previous non-integrated approaches by providing a standardized, secure, and efficient path for user plane traffic from a trusted WLAN directly into the mobile core.

Key Features

• Terminates the S2a interface (GTPv2 or PMIPv6) towards the Packet Data Network Gateway (PGW) in the EPC
• Provides the user plane gateway function for trusted WLAN access, routing UE data traffic to/from the core network
• Supports mobility management, including handovers between WLAN and 3GPP access (e.g., LTE)
• Enforces QoS policies and charging rules received from the PCRF via the TWAP
• Manages per-UE IP session binding between the WLAN local address and the core network IP address
• Works in conjunction with the TWAP for control plane signaling and authentication

Evolution Across Releases

Defining Specifications