Trusted WLAN Access Network

Description

The Trusted WLAN Access Network (TWAN) is not a single device but a logical architectural construct defined by 3GPP. It represents a Wireless Local Area Network (WLAN) that is considered "trusted" by the 3GPP operator's core network. This trust is established because the TWAN implements specific 3GPP-defined interfaces and functions, allowing it to be integrated as a seamless, secure, and policy-controlled access network on par with 3GPP radio access technologies like LTE. The TWAN encompasses the collection of network functions that together provide trusted WLAN access to the Evolved Packet Core (EPC) and, in later releases, the 5G Core (5GC).

The TWAN architecture is built around three key functional entities: the Trusted WLAN Access Gateway (TWAG), the Trusted WLAN AAA Proxy (TWAP), and the underlying WLAN Access Points (APs). The TWAG handles the user plane, establishing GTP or PMIP tunnels over the S2a interface to the Packet Data Network Gateway (PGW) in the EPC. The TWAP handles the control plane, acting as a proxy for Authentication, Authorization, and Accounting (AAA) signaling between the UE/WLAN and the 3GPP AAA Server/Proxy. The WLAN APs provide the actual radio connectivity. These functions can be collocated in a single physical node or distributed. The TWAN connects to the EPC via two main reference points: STa (between TWAP and 3GPP AAA Server for AAA) and S2a (between TWAG and PGW for user data).

From a procedural standpoint, when a UE connects to a TWAN, it undergoes EAP-based authentication against the 3GPP AAA infrastructure using credentials from its USIM card. The TWAP facilitates this process. Upon successful authentication, the TWAG establishes a data bearer for the UE. The PGW assigns an IP address, and all user traffic is routed through the secure tunnel between the TWAG and PGW. This architecture allows the core network to apply consistent policy and charging control (PCC) rules, managed by the Policy and Charging Rules Function (PCRF), to traffic from the TWAN-connected UE. It also enables mobility support, such as handovers of IP sessions between the TWAN and a 3GPP access network (e.g., LTE) without changing the IP address, as the PGW serves as a common anchor.

In the context of 5G, the TWAN concept evolved. The functions were reinterpreted for interconnection with the 5G Core network via the Non-3GPP InterWorking Function (N3IWF) for untrusted access or, more directly, through a Trusted Non-3GPP Gateway Function (TNGF) which subsumes the roles of the TWAG and TWAP for trusted access. This evolution maintains the principle of a trusted non-3GPP access network but aligns it with the service-based architecture and protocols of 5G. Throughout its lifecycle, the TWAN has been pivotal in enabling operators to deploy carrier-grade Wi-Fi as an integral part of their heterogeneous network strategy.

Purpose & Motivation

The TWAN was created to formally define a standardized architecture for integrating operator-managed or partner Wi-Fi networks into the 3GPP mobile ecosystem as a trusted access type. Before its introduction, Wi-Fi was typically an unmanaged, best-effort access network, leading to a fragmented user experience, separate logins, and no integration with mobile services like IMS or seamless mobility. The primary problem was the lack of a network-based, standardized model that could provide security, authentication, policy control, and service continuity equivalent to cellular access.

The development of the TWAN in Release 11 was a strategic response to the explosive growth of Wi-Fi and the need for mobile operators to offload data traffic efficiently while maintaining control over the user experience and service quality. It addressed the limitations of the earlier "untrusted non-3GPP access" model (which required client-initiated IPsec tunnels), which was complex for device implementation and did not support efficient network-based mobility or deep policy integration. The TWAN model shifted the complexity into the network, allowing for a simpler UE and enabling the operator to treat Wi-Fi as a first-class access technology.

By establishing the TWAN as a trusted entity, 3GPP solved several key issues: it enabled seamless authentication using 3GPP credentials (SIM-based), allowed the core network to enforce consistent quality of service and charging policies across cellular and Wi-Fi, and provided a foundation for real access network mobility. This was crucial for enabling services like Voice over Wi-Fi (VoWiFi) with IMS and for realizing true Fixed-Mobile Convergence (FMC), where a user's services are agnostic to the underlying access technology. The TWAN architecture provided the blueprint for the deep integration of WLAN, which later evolved to become a fundamental component of 5G's commitment to supporting heterogeneous access.

Key Features

• Defines a standardized architecture for operator-trusted WLAN integration with 3GPP core networks
• Comprises key functions: TWAG (user plane gateway), TWAP (AAA proxy), and WLAN Access Points
• Supports EAP-AKA/AKA' authentication using 3GPP credentials (USIM) for secure access
• Provides interfaces (S2a, STa) for connectivity to the EPC's PGW and AAA infrastructure
• Enables network-based mobility and session continuity between WLAN and 3GPP access
• Allows application of 3GPP Policy and Charging Control (PCC) rules to WLAN traffic

Evolution Across Releases

Defining Specifications