|
4G/LTE - IP Allocation |
||
|
IP Allocation by ePDG
UE IP allocation and various server IP can be assinged to UE over ePDG. This IP allocation happens during the IKE process when UE first go through ePDG. Overall IKE(key exchanging) protocol sequence in 33.402 is as shown below. (This is from Figure 8.2.2-1). Don't bother looking into each of these steps, only two of the steps in this sequence gets involved in the IP allocation. The simpler version of sequence will be shown after this figure. (If you are really interested in the details of each of these steps, refer to IKE page)
If you have the IP log at the UE and WiFi AP, you may see only following part (the steps happening at core network parts will not be captured at this terminal log). I put the step number in parethesis to match each line on the wireshark to the step number in the figure shown above. This is ISAKMP log that is not decoded. So you would not get the full details from this log except step (1).
If you managed to decode the whole ISAKMP packet including the Encrypted Payload part, you will see the wireshark log as shown below.
To point out only the steps that are involved in IP allocation, it can be summarized as shown below. At step 2, UE can request IP configuration (UE IP, DNS IP and other server IP) and network (ePDG) can allocate all of the requested IP at step 15. (This request and reply process is similar to the IP allocation process by 'PDN Connectivity Request' and 'Activate Default EPS Bearer Request').
Example 1 >
CFG Request (in Step 2 ) ------------------------------------------------------------------------
Internet Security Association and Key Management Protocol Initiator SPI: 63b6607c34cf9e41 Responder SPI: aaaaaaaaaaaaaaaa Next payload: Encrypted and Authenticated (46) Version: 2.0 0010 .... = MjVer: 0x02 .... 0000 = MnVer: 0x00 Exchange type: IKE_AUTH (35) Flags: 0x08 (Initiator, No higher version, Request) .... 1... = Initiator: Initiator ...0 .... = Version: No higher version ..0. .... = Response: Request Message ID: 0x00000001 Length: 428 Type Payload: Encrypted and Authenticated (46) Next payload: Identification - Initiator (35) 0... .... = Critical Bit: Not Critical Payload length: 400 Initialization Vector: 2e25ced9813fef344057cd7c1284b750 (16 bytes) Encrypted Data (368 bytes) Decrypted Data (368 bytes) Contained Data (351 bytes) Type Payload: Identification - Initiator (35) Next payload: Identification - Responder (36) 0... .... = Critical Bit: Not Critical Payload length: 80 ID type: ID_RFC822_ADDR (3) Protocol ID: Unused Port: Unused Identification Data:0001010123456789@5C-A4-8A-1F-59-50 :nai.epc.mnc001.mcc001.3gppnetwork.org ID_FQDN: 0001010123456789@5C-A4-8A-1F-59-50 :nai.epc.mnc001.mcc001.3gppnetwork.org Type Payload: Identification - Responder (36) Next payload: Configuration (47) 0... .... = Critical Bit: Not Critical Payload length: 11 ID type: KEY_ID (11) Protocol ID: Unused Port: Unused Identification Data: ID_KEY_ID: 696d73 Type Payload: Configuration (47) Next payload: Security Association (33) 0... .... = Critical Bit: Not Critical Payload length: 44 Type: CFG_REQUEST (1) Attribute Type: (t=16390,l=0) PRIVATE USE // 16390 indicate IPv6 P-CSCF Type: PRIVATE USE (16390) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 0 Attribut value is empty Attribute Type: (t=10,l=0) INTERNAL_IP6_DNS Type: INTERNAL_IP6_DNS (10) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 0 Attribut value is empty Attribute Type: (t=10,l=0) INTERNAL_IP6_DNS Type: INTERNAL_IP6_DNS (10) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 0 Attribut value is empty Attribute Type: (t=8,l=0) INTERNAL_IP6_ADDRESS Type: INTERNAL_IP6_ADDRESS (8) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 0 Attribut value is empty Attribute Type: (t=16389,l=0) PRIVATE USE // 16389 indicate IPv4 P-CSCF Type: PRIVATE USE (16389) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 0 Attribut value is empty Attribute Type: (t=3,l=0) INTERNAL_IP4_DNS Type: INTERNAL_IP4_DNS (3) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 0 Attribut value is empty Attribute Type: (t=3,l=0) INTERNAL_IP4_DNS Type: INTERNAL_IP4_DNS (3) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 0 Attribut value is empty Attribute Type: (t=2,l=0) INTERNAL_IP4_NETMASK Type: INTERNAL_IP4_NETMASK (2) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 0 Attribut value is empty Attribute Type: (t=1,l=0) INTERNAL_IP4_ADDRESS Type: INTERNAL_IP4_ADDRESS (1) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 0 Attribut value is empty Type Payload: Security Association (33) Next payload: Traffic Selector - Initiator (44) 0... .... = Critical Bit: Not Critical Payload length: 88 Type Payload: Proposal (2) # 1 Next payload: NONE / No Next Payload (0) 0... .... = Critical Bit: Not Critical Payload length: 84 Proposal number: 1 Protocol ID: ESP (3) SPI Size: 4 Proposal transforms: 8 SPI: 217ab815 Type Payload: Transform (3) Next payload: Transform (3) 0... .... = Critical Bit: Not Critical Payload length: 8 Transform Type: Encryption Algorithm (ENCR) (1) Transform ID (ENCR): ENCR_DES (2) Type Payload: Transform (3) Next payload: Transform (3) 0... .... = Critical Bit: Not Critical Payload length: 8 Transform Type: Encryption Algorithm (ENCR) (1) Transform ID (ENCR): ENCR_3DES (3) Type Payload: Transform (3) Next payload: Transform (3) 0... .... = Critical Bit: Not Critical Payload length: 12 Transform Type: Encryption Algorithm (ENCR) (1) Transform ID (ENCR): ENCR_AES_CBC (12) Transform IKE2 Attribute Type (t=14,l=2) Key-Length : 128 1... .... .... .... = Transform IKE2 Format: Type/Value (TV) Transform IKE2 Attribute Type: Key-Length (14) Value: 0080 Key Length: 128 Type Payload: Transform (3) Next payload: Transform (3) 0... .... = Critical Bit: Not Critical Payload length: 12 Transform Type: Encryption Algorithm (ENCR) (1) Transform ID (ENCR): ENCR_AES_CBC (12) Transform IKE2 Attribute Type (t=14,l=2) Key-Length : 256 1... .... .... .... = Transform IKE2 Format: Type/Value (TV) Transform IKE2 Attribute Type: Key-Length (14) Value: 0100 Key Length: 256 Type Payload: Transform (3) Next payload: Transform (3) 0... .... = Critical Bit: Not Critical Payload length: 8 Transform Type: Integrity Algorithm (INTEG) (3) Transform ID (INTEG): AUTH_HMAC_MD5_96 (1) Type Payload: Transform (3) Next payload: Transform (3) 0... .... = Critical Bit: Not Critical Payload length: 8 Transform Type: Integrity Algorithm (INTEG) (3) Transform ID (INTEG): AUTH_AES_XCBC_96 (5) Type Payload: Transform (3) Next payload: Transform (3) 0... .... = Critical Bit: Not Critical Payload length: 8 Transform Type: Integrity Algorithm (INTEG) (3) Transform ID (INTEG): AUTH_HMAC_SHA1_96 (2) Type Payload: Transform (3) Next payload: NONE / No Next Payload (0) 0... .... = Critical Bit: Not Critical Payload length: 8 Transform Type: Extended Sequence Numbers (ESN) (5) Transform ID (ESN): No Extended Sequence Numbers (0) Type Payload: Traffic Selector - Initiator (44) # 2 Next payload: Traffic Selector - Responder (45) 0... .... = Critical Bit: Not Critical Payload length: 64 Number of Traffic Selector: 2 Traffic Selector Type: TS_IPV4_ADDR_RANGE (7) Protocol ID: Unused Selector Length: 16 Start Port: 0 End Port: 65535 Starting Addr: 0.0.0.0 (0.0.0.0) Ending Addr: 255.255.255.255 (255.255.255.255) Traffic Selector Type: TS_IPV6_ADDR_RANGE (8) Protocol ID: Unused Selector Length: 40 Start Port: 0 End Port: 65535 Starting Addr: :: (::) Ending Addr: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff (ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) Type Payload: Traffic Selector - Responder (45) # 2 Next payload: NONE / No Next Payload (0) 0... .... = Critical Bit: Not Critical Payload length: 64 Number of Traffic Selector: 2 Traffic Selector Type: TS_IPV4_ADDR_RANGE (7) Protocol ID: Unused Selector Length: 16 Start Port: 0 End Port: 65535 Starting Addr: 0.0.0.0 (0.0.0.0) Ending Addr: 255.255.255.255 (255.255.255.255) Traffic Selector Type: TS_IPV6_ADDR_RANGE (8) Protocol ID: Unused Selector Length: 40 Start Port: 0 End Port: 65535 Starting Addr: :: (::) Ending Addr: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff (ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
CFG Response (in Step 15 ) ------------------------------------------------------------------------
Internet Security Association and Key Management Protocol Initiator SPI: 63b6607c34cf9e41 Responder SPI: aaaaaaaaaaaaaaaa Next payload: Encrypted and Authenticated (46) Version: 2.0 0010 .... = MjVer: 0x02 .... 0000 = MnVer: 0x00 Exchange type: IKE_AUTH (35) Flags: 0x20 (Responder, No higher version, Response) .... 0... = Initiator: Responder ...0 .... = Version: No higher version ..1. .... = Response: Response Message ID: 0x00000003 Length: 476 Type Payload: Encrypted and Authenticated (46) Next payload: Authentication (39) 0... .... = Critical Bit: Not Critical Payload length: 448 Initialization Vector: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa (16 bytes) Encrypted Data (416 bytes) Decrypted Data (416 bytes) Contained Data (367 bytes) Type Payload: Authentication (39) Next payload: Configuration (47) 0... .... = Critical Bit: Not Critical Payload length: 28 Authentication Method: Shared Key Message Integrity Code (2) Authentication Data: 5d3b1198bca744070d15361c12a611cbdce1c2ed Type Payload: Configuration (47) Next payload: Security Association (33) 0... .... = Critical Bit: Not Critical Payload length: 151 Type: CFG_REPLY (2) Attribute Type: (t=1,l=4) INTERNAL_IP4_ADDRESS Type: INTERNAL_IP4_ADDRESS (1) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 4 Value: c0a80101 INTERNAL IP4 ADDRESS: 192.168.1.1 (192.168.1.1) Attribute Type: (t=2,l=4) INTERNAL_IP4_NETMASK Type: INTERNAL_IP4_NETMASK (2) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 4 Value: ffffff00 INTERNAL IP4 NETMASK: 255.255.255.0 (255.255.255.0) Attribute Type: (t=3,l=4) INTERNAL_IP4_DNS Type: INTERNAL_IP4_DNS (3) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 4 Value: c0a80102 INTERNAL IP4 DNS: 192.168.1.2 (192.168.1.2) Attribute Type: (t=3,l=4) INTERNAL_IP4_DNS Type: INTERNAL_IP4_DNS (3) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 4 Value: c0a80103 INTERNAL IP4 DNS: 192.168.1.3 (192.168.1.3) Attribute Type: (t=16389,l=4) PRIVATE USE // 16389 indicate IPv4 P-CSCF Type: PRIVATE USE (16389) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 4 Value: c0a80102 Attribute Type: (t=8,l=17) INTERNAL_IP6_ADDRESS Type: INTERNAL_IP6_ADDRESS (8) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 17 Value: 2001000000000001000000000000000140 Attribute Type: (t=15,l=17) INTERNAL_IP6_SUBNET Type: INTERNAL_IP6_SUBNET (15) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 17 Value: 2001000000000001000000000000000040 INTERNAL_IP6_SUBNET (IP): 2001:0:0:1:: (2001:0:0:1::) INTERNAL_IP6_SUBNET (PREFIX): 64 Attribute Type: (t=10,l=16) INTERNAL_IP6_DNS Type: INTERNAL_IP6_DNS (10) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 16 Value: 20010000000000010000000000000002 INTERNAL IP6 DNS: 2001:0:0:1::2 (2001:0:0:1::2) Attribute Type: (t=10,l=16) INTERNAL_IP6_DNS Type: INTERNAL_IP6_DNS (10) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 16 Value: 20010000000000010000000000000003 INTERNAL IP6 DNS: 2001:0:0:1::3 (2001:0:0:1::3) Attribute Type: (t=16390,l=17) PRIVATE USE // 16390 indicate IPv6 P-CSCF Type: PRIVATE USE (16390) 0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV) Length: 17 Value: 2001000000000001000000000000000240 Type Payload: Security Association (33) Next payload: Traffic Selector - Initiator (44) 0... .... = Critical Bit: Not Critical Payload length: 44 Type Payload: Proposal (2) # 1 Next payload: NONE / No Next Payload (0) 0... .... = Critical Bit: Not Critical Payload length: 40 Proposal number: 1 Protocol ID: ESP (3) SPI Size: 4 Proposal transforms: 3 SPI: bbbbbbbb Type Payload: Transform (3) Next payload: Transform (3) 0... .... = Critical Bit: Not Critical Payload length: 12 Transform Type: Encryption Algorithm (ENCR) (1) Transform ID (ENCR): ENCR_AES_CBC (12) Transform IKE2 Attribute Type (t=14,l=2) Key-Length : 128 1... .... .... .... = Transform IKE2 Format: Type/Value (TV) Transform IKE2 Attribute Type: Key-Length (14) Value: 0080 Key Length: 128 Type Payload: Transform (3) Next payload: Transform (3) 0... .... = Critical Bit: Not Critical Payload length: 8 Transform Type: Integrity Algorithm (INTEG) (3) Transform ID (INTEG): AUTH_HMAC_SHA1_96 (2) Type Payload: Transform (3) Next payload: NONE / No Next Payload (0) 0... .... = Critical Bit: Not Critical Payload length: 8 Transform Type: Extended Sequence Numbers (ESN) (5) Transform ID (ESN): No Extended Sequence Numbers (0) Type Payload: Traffic Selector - Initiator (44) # 2 Next payload: Traffic Selector - Responder (45) 0... .... = Critical Bit: Not Critical Payload length: 64 Number of Traffic Selector: 2 Traffic Selector Type: TS_IPV4_ADDR_RANGE (7) Protocol ID: Unused Selector Length: 16 Start Port: 0 End Port: 65535 Starting Addr: 0.0.0.0 (0.0.0.0) Ending Addr: 255.255.255.255 (255.255.255.255) Traffic Selector Type: TS_IPV6_ADDR_RANGE (8) Protocol ID: Unused Selector Length: 40 Start Port: 0 End Port: 65535 Starting Addr: 2001:0:0:1:: (2001:0:0:1::) Ending Addr: 2001::1:ffff:ffff:ffff:ffff (2001::1:ffff:ffff:ffff:ffff) Type Payload: Traffic Selector - Responder (45) # 2 Next payload: Notify (41) 0... .... = Critical Bit: Not Critical Payload length: 64 Number of Traffic Selector: 2 Traffic Selector Type: TS_IPV4_ADDR_RANGE (7) Protocol ID: Unused Selector Length: 16 Start Port: 0 End Port: 65535 Starting Addr: 0.0.0.0 (0.0.0.0) Ending Addr: 255.255.255.255 (255.255.255.255) Traffic Selector Type: TS_IPV6_ADDR_RANGE (8) Protocol ID: Unused Selector Length: 40 Start Port: 0 End Port: 65535 Starting Addr: :: (::) Ending Addr: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff (ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) Type Payload: Notify (41) Next payload: Notify (41) 0... .... = Critical Bit: Not Critical Payload length: 8 Protocol ID: ESP (3) SPI Size: 0 Notify Message Type: ESP_TFC_PADDING_NOT_SUPPORTED (16394) Notification DATA: <MISSING> Type Payload: Notify (41) Next payload: NONE / No Next Payload (0) 0... .... = Critical Bit: Not Critical Payload length: 8 Protocol ID: ESP (3) SPI Size: 0 Notify Message Type: NON_FIRST_FRAGMENTS_ALSO (16395) Notification DATA: <MISSING> Padding (48 bytes) Pad Length: 48 Integrity Checksum Data: 9d545b54aaae0a597e1aed4a (12 bytes)[correct]
|
||
