4G/LTE - IP Allocation

 

 

 

 

IP Allocation by ePDG

 

UE IP allocation and various server IP can be assinged to UE over ePDG. This IP allocation happens during the IKE process when UE first go through ePDG. Overall IKE(key exchanging) protocol sequence in 33.402 is as shown below. (This is from Figure 8.2.2-1).

Don't bother looking into each of these steps, only two of the steps in this sequence gets involved in the IP allocation. The simpler version of sequence will be shown after this figure. (If you are really interested in the details of each of these steps, refer to IKE page)

 

 

If you have the IP log at the UE and WiFi AP, you may see only following part (the steps happening at core network parts will not be captured at this terminal log). I put the step number in parethesis to match each line on the wireshark to the step number in the figure shown above. This is ISAKMP log that is not decoded. So you would not get the full details from this log except step (1).

 

 

If you managed to decode the whole ISAKMP packet including the Encrypted Payload part, you will see the wireshark log as shown below.

 

 

To point out only the steps that are involved in IP allocation, it can be summarized as shown below. At step 2, UE can request IP configuration (UE IP, DNS IP and other server IP) and network (ePDG) can allocate all of the requested IP at step 15. (This request and reply process is similar to the IP allocation process by 'PDN Connectivity Request' and 'Activate Default EPS Bearer Request').

 

 

 

Example 1 >

 

CFG Request (in Step 2 ) ------------------------------------------------------------------------

 

Internet Security Association and Key Management Protocol

    Initiator SPI: 63b6607c34cf9e41

    Responder SPI: aaaaaaaaaaaaaaaa

    Next payload: Encrypted and Authenticated (46)

    Version: 2.0

        0010 .... = MjVer: 0x02

        .... 0000 = MnVer: 0x00

    Exchange type: IKE_AUTH (35)

    Flags: 0x08 (Initiator, No higher version, Request)

        .... 1... = Initiator: Initiator

        ...0 .... = Version: No higher version

        ..0. .... = Response: Request

    Message ID: 0x00000001

    Length: 428

    Type Payload: Encrypted and Authenticated (46)

        Next payload: Identification - Initiator (35)

        0... .... = Critical Bit: Not Critical

        Payload length: 400

        Initialization Vector: 2e25ced9813fef344057cd7c1284b750 (16 bytes)

        Encrypted Data (368 bytes)

        Decrypted Data (368 bytes)

            Contained Data (351 bytes)

                Type Payload: Identification - Initiator (35)

                    Next payload: Identification - Responder (36)

                    0... .... = Critical Bit: Not Critical

                    Payload length: 80

                    ID type: ID_RFC822_ADDR (3)

                    Protocol ID: Unused

                    Port: Unused

                    Identification Data:0001010123456789@5C-A4-8A-1F-59-50

                                       :nai.epc.mnc001.mcc001.3gppnetwork.org

                        ID_FQDN: 0001010123456789@5C-A4-8A-1F-59-50

                               :nai.epc.mnc001.mcc001.3gppnetwork.org

                Type Payload: Identification - Responder (36)

                    Next payload: Configuration (47)

                    0... .... = Critical Bit: Not Critical

                    Payload length: 11

                    ID type: KEY_ID (11)

                    Protocol ID: Unused

                    Port: Unused

                    Identification Data:

                        ID_KEY_ID: 696d73

                Type Payload: Configuration (47)

                    Next payload: Security Association (33)

                    0... .... = Critical Bit: Not Critical

                    Payload length: 44

                    Type: CFG_REQUEST (1)

                    Attribute Type: (t=16390,l=0) PRIVATE USE // 16390 indicate IPv6 P-CSCF

                        Type: PRIVATE USE (16390)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 0

                        Attribut value is empty

                    Attribute Type: (t=10,l=0) INTERNAL_IP6_DNS

                        Type: INTERNAL_IP6_DNS (10)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 0

                        Attribut value is empty

                    Attribute Type: (t=10,l=0) INTERNAL_IP6_DNS

                        Type: INTERNAL_IP6_DNS (10)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 0

                        Attribut value is empty

                    Attribute Type: (t=8,l=0) INTERNAL_IP6_ADDRESS

                        Type: INTERNAL_IP6_ADDRESS (8)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 0

                        Attribut value is empty

                    Attribute Type: (t=16389,l=0) PRIVATE USE // 16389 indicate IPv4 P-CSCF

                        Type: PRIVATE USE (16389)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 0

                        Attribut value is empty

                    Attribute Type: (t=3,l=0) INTERNAL_IP4_DNS

                        Type: INTERNAL_IP4_DNS (3)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 0

                        Attribut value is empty

                    Attribute Type: (t=3,l=0) INTERNAL_IP4_DNS

                        Type: INTERNAL_IP4_DNS (3)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 0

                        Attribut value is empty

                    Attribute Type: (t=2,l=0) INTERNAL_IP4_NETMASK

                        Type: INTERNAL_IP4_NETMASK (2)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 0

                        Attribut value is empty

                    Attribute Type: (t=1,l=0) INTERNAL_IP4_ADDRESS

                        Type: INTERNAL_IP4_ADDRESS (1)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 0

                        Attribut value is empty

                Type Payload: Security Association (33)

                    Next payload: Traffic Selector - Initiator (44)

                    0... .... = Critical Bit: Not Critical

                    Payload length: 88

                    Type Payload: Proposal (2) # 1

                        Next payload: NONE / No Next Payload  (0)

                        0... .... = Critical Bit: Not Critical

                        Payload length: 84

                        Proposal number: 1

                        Protocol ID: ESP (3)

                        SPI Size: 4

                        Proposal transforms: 8

                        SPI: 217ab815

                        Type Payload: Transform (3)

                            Next payload: Transform (3)

                            0... .... = Critical Bit: Not Critical

                            Payload length: 8

                            Transform Type: Encryption Algorithm (ENCR) (1)

                            Transform ID (ENCR): ENCR_DES (2)

                        Type Payload: Transform (3)

                            Next payload: Transform (3)

                            0... .... = Critical Bit: Not Critical

                            Payload length: 8

                            Transform Type: Encryption Algorithm (ENCR) (1)

                            Transform ID (ENCR): ENCR_3DES (3)

                        Type Payload: Transform (3)

                            Next payload: Transform (3)

                            0... .... = Critical Bit: Not Critical

                            Payload length: 12

                            Transform Type: Encryption Algorithm (ENCR) (1)

                            Transform ID (ENCR): ENCR_AES_CBC (12)

                            Transform IKE2 Attribute Type (t=14,l=2) Key-Length : 128

                                1... .... .... .... = Transform IKE2 Format: Type/Value (TV)

                                Transform IKE2 Attribute Type: Key-Length (14)

                                Value: 0080

                                Key Length: 128

                        Type Payload: Transform (3)

                            Next payload: Transform (3)

                            0... .... = Critical Bit: Not Critical

                            Payload length: 12

                            Transform Type: Encryption Algorithm (ENCR) (1)

                            Transform ID (ENCR): ENCR_AES_CBC (12)

                            Transform IKE2 Attribute Type (t=14,l=2) Key-Length : 256

                                1... .... .... .... = Transform IKE2 Format: Type/Value (TV)

                                Transform IKE2 Attribute Type: Key-Length (14)

                                Value: 0100

                                Key Length: 256

                        Type Payload: Transform (3)

                            Next payload: Transform (3)

                            0... .... = Critical Bit: Not Critical

                            Payload length: 8

                            Transform Type: Integrity Algorithm (INTEG) (3)

                            Transform ID (INTEG): AUTH_HMAC_MD5_96 (1)

                        Type Payload: Transform (3)

                            Next payload: Transform (3)

                            0... .... = Critical Bit: Not Critical

                            Payload length: 8

                            Transform Type: Integrity Algorithm (INTEG) (3)

                            Transform ID (INTEG): AUTH_AES_XCBC_96 (5)

                        Type Payload: Transform (3)

                            Next payload: Transform (3)

                            0... .... = Critical Bit: Not Critical

                            Payload length: 8

                            Transform Type: Integrity Algorithm (INTEG) (3)

                            Transform ID (INTEG): AUTH_HMAC_SHA1_96 (2)

                        Type Payload: Transform (3)

                            Next payload: NONE / No Next Payload  (0)

                            0... .... = Critical Bit: Not Critical

                            Payload length: 8

                            Transform Type: Extended Sequence Numbers (ESN) (5)

                            Transform ID (ESN): No Extended Sequence Numbers (0)

                Type Payload: Traffic Selector - Initiator (44) # 2

                    Next payload: Traffic Selector - Responder (45)

                    0... .... = Critical Bit: Not Critical

                    Payload length: 64

                    Number of Traffic Selector: 2

                    Traffic Selector Type: TS_IPV4_ADDR_RANGE (7)

                    Protocol ID: Unused

                    Selector Length: 16

                    Start Port: 0

                    End Port: 65535

                    Starting Addr: 0.0.0.0 (0.0.0.0)

                    Ending Addr: 255.255.255.255 (255.255.255.255)

                    Traffic Selector Type: TS_IPV6_ADDR_RANGE (8)

                    Protocol ID: Unused

                    Selector Length: 40

                    Start Port: 0

                    End Port: 65535

                    Starting Addr: :: (::)

                    Ending Addr: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

                                 (ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)

                Type Payload: Traffic Selector - Responder (45) # 2

                    Next payload: NONE / No Next Payload  (0)

                    0... .... = Critical Bit: Not Critical

                    Payload length: 64

                    Number of Traffic Selector: 2

                    Traffic Selector Type: TS_IPV4_ADDR_RANGE (7)

                    Protocol ID: Unused

                    Selector Length: 16

                    Start Port: 0

                    End Port: 65535

                    Starting Addr: 0.0.0.0 (0.0.0.0)

                    Ending Addr: 255.255.255.255 (255.255.255.255)

                    Traffic Selector Type: TS_IPV6_ADDR_RANGE (8)

                    Protocol ID: Unused

                    Selector Length: 40

                    Start Port: 0

                    End Port: 65535

                    Starting Addr: :: (::)

                    Ending Addr: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

                                 (ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)

 

 

CFG Response (in Step 15 ) ------------------------------------------------------------------------

 

Internet Security Association and Key Management Protocol

    Initiator SPI: 63b6607c34cf9e41

    Responder SPI: aaaaaaaaaaaaaaaa

    Next payload: Encrypted and Authenticated (46)

    Version: 2.0

        0010 .... = MjVer: 0x02

        .... 0000 = MnVer: 0x00

    Exchange type: IKE_AUTH (35)

    Flags: 0x20 (Responder, No higher version, Response)

        .... 0... = Initiator: Responder

        ...0 .... = Version: No higher version

        ..1. .... = Response: Response

    Message ID: 0x00000003

    Length: 476

    Type Payload: Encrypted and Authenticated (46)

        Next payload: Authentication (39)

        0... .... = Critical Bit: Not Critical

        Payload length: 448

        Initialization Vector: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa (16 bytes)

        Encrypted Data (416 bytes)

        Decrypted Data (416 bytes)

            Contained Data (367 bytes)

                Type Payload: Authentication (39)

                    Next payload: Configuration (47)

                    0... .... = Critical Bit: Not Critical

                    Payload length: 28

                    Authentication Method: Shared Key Message Integrity Code (2)

                    Authentication Data: 5d3b1198bca744070d15361c12a611cbdce1c2ed

                Type Payload: Configuration (47)

                    Next payload: Security Association (33)

                    0... .... = Critical Bit: Not Critical

                    Payload length: 151

                    Type: CFG_REPLY (2)

                    Attribute Type: (t=1,l=4) INTERNAL_IP4_ADDRESS

                        Type: INTERNAL_IP4_ADDRESS (1)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 4

                        Value: c0a80101

                        INTERNAL IP4 ADDRESS: 192.168.1.1 (192.168.1.1)

                    Attribute Type: (t=2,l=4) INTERNAL_IP4_NETMASK

                        Type: INTERNAL_IP4_NETMASK (2)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 4

                        Value: ffffff00

                        INTERNAL IP4 NETMASK: 255.255.255.0 (255.255.255.0)

                    Attribute Type: (t=3,l=4) INTERNAL_IP4_DNS

                        Type: INTERNAL_IP4_DNS (3)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 4

                        Value: c0a80102

                        INTERNAL IP4 DNS: 192.168.1.2 (192.168.1.2)

                    Attribute Type: (t=3,l=4) INTERNAL_IP4_DNS

                        Type: INTERNAL_IP4_DNS (3)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 4

                        Value: c0a80103

                        INTERNAL IP4 DNS: 192.168.1.3 (192.168.1.3)

                    Attribute Type: (t=16389,l=4) PRIVATE USE // 16389 indicate IPv4 P-CSCF

                        Type: PRIVATE USE (16389)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 4

                        Value: c0a80102

                    Attribute Type: (t=8,l=17) INTERNAL_IP6_ADDRESS

                        Type: INTERNAL_IP6_ADDRESS (8)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 17

                        Value: 2001000000000001000000000000000140

                    Attribute Type: (t=15,l=17) INTERNAL_IP6_SUBNET

                        Type: INTERNAL_IP6_SUBNET (15)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 17

                        Value: 2001000000000001000000000000000040

                        INTERNAL_IP6_SUBNET (IP): 2001:0:0:1:: (2001:0:0:1::)

                        INTERNAL_IP6_SUBNET (PREFIX): 64

                    Attribute Type: (t=10,l=16) INTERNAL_IP6_DNS

                        Type: INTERNAL_IP6_DNS (10)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 16

                        Value: 20010000000000010000000000000002

                        INTERNAL IP6 DNS: 2001:0:0:1::2 (2001:0:0:1::2)

                    Attribute Type: (t=10,l=16) INTERNAL_IP6_DNS

                        Type: INTERNAL_IP6_DNS (10)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 16

                        Value: 20010000000000010000000000000003

                        INTERNAL IP6 DNS: 2001:0:0:1::3 (2001:0:0:1::3)

                    Attribute Type: (t=16390,l=17) PRIVATE USE // 16390 indicate IPv6 P-CSCF

                        Type: PRIVATE USE (16390)

                        0... .... .... .... = Config Attribute Format: Type/Length/Value (TLV)

                        Length: 17

                        Value: 2001000000000001000000000000000240

                Type Payload: Security Association (33)

                    Next payload: Traffic Selector - Initiator (44)

                    0... .... = Critical Bit: Not Critical

                    Payload length: 44

                    Type Payload: Proposal (2) # 1

                        Next payload: NONE / No Next Payload  (0)

                        0... .... = Critical Bit: Not Critical

                        Payload length: 40

                        Proposal number: 1

                        Protocol ID: ESP (3)

                        SPI Size: 4

                        Proposal transforms: 3

                        SPI: bbbbbbbb

                        Type Payload: Transform (3)

                            Next payload: Transform (3)

                            0... .... = Critical Bit: Not Critical

                            Payload length: 12

                            Transform Type: Encryption Algorithm (ENCR) (1)

                            Transform ID (ENCR): ENCR_AES_CBC (12)

                            Transform IKE2 Attribute Type (t=14,l=2) Key-Length : 128

                                1... .... .... .... = Transform IKE2 Format: Type/Value (TV)

                                Transform IKE2 Attribute Type: Key-Length (14)

                                Value: 0080

                                Key Length: 128

                        Type Payload: Transform (3)

                            Next payload: Transform (3)

                            0... .... = Critical Bit: Not Critical

                            Payload length: 8

                            Transform Type: Integrity Algorithm (INTEG) (3)

                            Transform ID (INTEG): AUTH_HMAC_SHA1_96 (2)

                        Type Payload: Transform (3)

                            Next payload: NONE / No Next Payload  (0)

                            0... .... = Critical Bit: Not Critical

                            Payload length: 8

                            Transform Type: Extended Sequence Numbers (ESN) (5)

                            Transform ID (ESN): No Extended Sequence Numbers (0)

                Type Payload: Traffic Selector - Initiator (44) # 2

                    Next payload: Traffic Selector - Responder (45)

                    0... .... = Critical Bit: Not Critical

                    Payload length: 64

                    Number of Traffic Selector: 2

                    Traffic Selector Type: TS_IPV4_ADDR_RANGE (7)

                    Protocol ID: Unused

                    Selector Length: 16

                    Start Port: 0

                    End Port: 65535

                    Starting Addr: 0.0.0.0 (0.0.0.0)

                    Ending Addr: 255.255.255.255 (255.255.255.255)

                    Traffic Selector Type: TS_IPV6_ADDR_RANGE (8)

                    Protocol ID: Unused

                    Selector Length: 40

                    Start Port: 0

                    End Port: 65535

                    Starting Addr: 2001:0:0:1:: (2001:0:0:1::)

                    Ending Addr: 2001::1:ffff:ffff:ffff:ffff (2001::1:ffff:ffff:ffff:ffff)

                Type Payload: Traffic Selector - Responder (45) # 2

                    Next payload: Notify (41)

                    0... .... = Critical Bit: Not Critical

                    Payload length: 64

                    Number of Traffic Selector: 2

                    Traffic Selector Type: TS_IPV4_ADDR_RANGE (7)

                    Protocol ID: Unused

                    Selector Length: 16

                    Start Port: 0

                    End Port: 65535

                    Starting Addr: 0.0.0.0 (0.0.0.0)

                    Ending Addr: 255.255.255.255 (255.255.255.255)

                    Traffic Selector Type: TS_IPV6_ADDR_RANGE (8)

                    Protocol ID: Unused

                    Selector Length: 40

                    Start Port: 0

                    End Port: 65535

                    Starting Addr: :: (::)

                    Ending Addr: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

                                (ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)

                Type Payload: Notify (41)

                    Next payload: Notify (41)

                    0... .... = Critical Bit: Not Critical

                    Payload length: 8

                    Protocol ID: ESP (3)

                    SPI Size: 0

                    Notify Message Type: ESP_TFC_PADDING_NOT_SUPPORTED (16394)

                    Notification DATA: <MISSING>

                Type Payload: Notify (41)

                    Next payload: NONE / No Next Payload  (0)

                    0... .... = Critical Bit: Not Critical

                    Payload length: 8

                    Protocol ID: ESP (3)

                    SPI Size: 0

                    Notify Message Type: NON_FIRST_FRAGMENTS_ALSO (16395)

                    Notification DATA: <MISSING>

            Padding (48 bytes)

            Pad Length: 48

        Integrity Checksum Data: 9d545b54aaae0a597e1aed4a (12 bytes)[correct]