1

CARRIER
WI-FI WHITE PAPER

Wi-Fi in the 5G Era

Strategy Guide
for Operators

APRIL
2021
WWW.APTILO.COM
 2
CARRIER WI-FI

THE AUTHORS
Wi-Fi and 5G are perfectly complementary for delivery of mobility (5G) and high-capacity
indoor coverage (Wi-Fi) - which is why the time for operators to embrace Wi-Fi as a
strategic technology of choice is now.

But it can be a challenge to navigate in this rapidly changing landscape, both in terms of
technology and business strategies. It occurred to us that operators lack a strategy guide for
Wi-Fi in the 5G era. And so we decided to write one.
Claus Hetting
CEO & Chairman Wi-Fi NOW
This is the world’s first strategy guide for operators who know that they will be required to CEO HETTING Consulting
rethink and renew their Wi-Fi strategies to address the challenges of the next decade.

In this paper we dig into the business models and technical architectures that allow service
providers to extract maximum value from vastly improved new Wi-Fi technology. We also
zoom in on how new Wi-Fi technology will converge with 5G.

Navigation
The number of pages may appear daunting. But fear not - you can click on any section or on
the table of contents on the next page to navigate to the individual sections. You can also Jonas Björklund
CTO
speed up your reading by clicking on the summary symbols. And you can always get back to Aptilo Networks
the table of contents again by clicking on the Aptilo logo at the top of each page.

To get more information on a subject, you may also click on the following symbols:

Click to get to a section in this document

Click to go to a web page Johan Terve

VP Marketing
Aptilo Networks

WWW.APTILO.COM
 Click on the headings, subheadings and summary symbols below to go to 3
CARRIER WI-FI
that section. Click on the logo in the upper left corner to go back to this page.

123456
Carrier Wi-Fi's
role in 5G
• The challenges of
profitable 5G
Wi-Fi Technology
Developments
• Wi-Fi 6
Wi-Fi Industry
Initiatives
• WBA OpenRoaming™
Carrier Wi-Fi
Strategies
• How to build a carrier
Wi-Fi footprint
Wi-Fi and 5G
Convergence
• Opportunities today
Enea Solutions
for Wi-Fi and 5G
• Aptilo Carrier Wi-Fi
• Hotspot 2.0/Passpoint • Google’s Orion Wi-Fi • 5G and Wi-Fi • Aptilo IoT Connectivity
• Break organizational • Wi-Fi monetization integration
• Captive Portal API • Telecom Infra Project • Enea 5G solutions
silos strategies • Opportunities for the
• Multipath TCP
• How Wi-Fi future with ATSSS
complements 5G

WWW.APTILO.COM
 4
CARRIER WI-FI

Wi-Fi and 5G are perfectly complementary for delivery of

mobility (5G) and high-capacity indoor wireless services (Wi-Fi).
The time for operators to embrace Wi-Fi in their strategies is now.

Carrier Wi-Fi's role in 5G

“Why Carrier Wi-Fi Is Even
More Relevant in the 5G Era”

WWW.APTILO.COM
 5
CARRIER WI-FI

The challenges of profitable 5G

The world is firmly on the road to ubiquitous
5G networks and services - but how will Wi i in of omes b Wi i de ices
service providers pull off investing in new worldwide b smartphones
networks while sustaining even modest
growth rates and staying profitable under
current market conditions? That is one of the
irst Wi i irst Wi i
mobile telecom industry’s most pressing roduct er ed
questions. hone T ll Wi i ast ma ority
de ice of de ices are
While the global 5G industry will be ramping types Wi i Only
up over the next many years to serve billions
of IoT devices, private or public 5G networks
for industry, self-driving cars, remote surgery,
and more - the real challenge is what to do martphones
now to keep both current and future network
costs as low as possible.
In 2019 - 20 years after Wi-Fi technology was given its name - the 30 billionth Wi-Fi device shipped. When 4G launched in
2009, some people thought that Wi-Fi would be superseded by mobile technology. Now in the 5G era, people have become
We believe one important component of wiser. Strategy Analytics predicts that 17 billion Wi-Fi devices will be in use by 2030 - and that is only within homes.
profitable services in the 5G era is carrier Wi-Fi Source : Wi-Fi Alliance

in all its forms.

WWW.APTILO.COM
 6
CARRIER WI-FI

“4G had 2x growth in

cellular services and
10x growth in mobile
broadband to build
ROI on. 5G will not
have that luxury.”
Global penetration of mobile-cellular telephone and mobile broadband subscriptions.
Source: ITU World Telecommunication / ICT indicators database.

When 4G was about at the same level of But will it be enough?

maturity as 5G is today - which was at
around 2008 or so - global mobile Mobile operators have every reason to
broadband penetration stood at about 7%. begin looking for other cost-effective ways
Today, penetration stands at 69% globally to deliver their services.
with mature markets fully saturated.
It also remains to be seen if mobile
Mobile operators who invested in 4G operators will be able to increase their
technologies had a lot to build their Average Revenue Per Unit (ARPU) when
return-on-investment (ROI) on. They 5G is deployed at scale. Many will probably
doubled the number of cellular see a flattening as opposed to declining
subscriptions and mobile broadband traffic ARPU trend as a major victory. At least
grew by a factor of ten. Now that initially, most consumers may not be in
everybody already has a subscription, immediate need of higher data rates - and
what revenue sources will pay for 5G when they are, they are increasingly
rollout? New 5G services of course, where unlikely to accept paying more for faster
IoT is one of the most promising services.
opportunities.

WWW.APTILO.COM
 7
CARRIER WI-FI

At the same time, consumers will continue

expect unlimited data bundles and high
service quality. Uncapped mobile broadband
data bundles will fuel the need for operators
to actively offload traffic to Wi-Fi. Back in the
day when users had to pay for every
megabyte of data, operators knew that users
were desperately looking for Wi-Fi networks
to connect to wherever they went. Once
users were no longer connected to the
operator's network, they were considered
irrelevant and out of reach. In a world with
unlimited cellular subscriptions - or
practically unlimited with very high data
volume allowances - operators can no longer
take this passive approach.
One of the biggest 5G challenges is building sufficient indoor coverage. The chart above shows the increasing loss in signal as
This is the commercial reality facing mobile the cellular frequency increases. Building penetration is 100x worse than 3G/4G on 95% of the 5G frequency bands.
Source: Datapoints taken from Colin Berkshire, Talking Points Insider, April 2019.
operators today.

Add to this the technical challenges that The indoor coverage challenge already exists in the case of 4G. For example: 20% of
mobile operators face with 5G: Because most buildings in the US are struggling with proper indoor coverage. The problem is exacerbated
5G services operate at relatively high radio in the case of 5G because of the higher frequency bands involved. Initially 3.1-4.9 GHz is a
frequencies, getting indoor coverage right by commonly used frequency range but 5G will also employ the millimetre band above 30 GHz
beaming in radio signals from the outside is a and at such frequencies, line of sight is required for signal reception. Already at the 5G
significant challenge. In the near field of an frequency of 10 GHz the only indoor coverage option is to place your receiving device as
antenna (within 1-2 m) the so-called coupling close to an untreated pane of glass windowpane as possible. Energy-conserving glass used
loss reduces the signal by 75% (-6 dB) for in many new buildings or other forms of treated glass panes will effectively attenuate the
every doubling of the frequency. In addition signal making indoor coverage more or less impossible.
to simple path loss the signal will meet
obstacles on its way and must finally
penetrate the walls of the building itself.

WWW.APTILO.COM
 8
CARRIER WI-FI

Break organizational silos

“Make the most of your Wi-Fi assets”

As approximately 80 percent of wireless data To win in a fiercely competitive market such

traffic is consumed indoors, 5G will drive an disparate departments should instead come
unprecedented need for densification of base together with the single goal of delivering the
stations and indoor solutions. The only absolute best subscriber experience using
reasonable conclusion is that operators must both technologies.
use all technologies and spectra available to
satisfy their subscribers’ insatiable demand for Parts of the mobile industry leadership has
data. been skeptical towards adopting Wi-Fi as
carrier-grade technology because it has been
Aptilo believes that Wi-Fi is the perfect viewed as a best-effort service as a result of
complement to 5G for indoor coverage. Wi-Fi lack of scheduling mechanisms and the use of
is also an essentially untapped resource that unlicensed spectrum.
many operators are working with already and
thus have at their disposal. This is of course Fortunately, Wi-Fi technology is right now
especially the case among operators whose evolving at such a rapid pace that we believe
current organizational structures are a result wireless connectivity in general is on the cusp
of mergers between fixed and mobile service of fundamental change - a paradigm shift.
providers. Soon the Wi-Fi quality shortcomings of the
past will be firmly relegated to the history
Regretfully it is still often the case that staff books.
responsible for fixed and mobile services
continue to work in separate organizational Instead, Wi-Fi will - at least in the case of
departments or ‘silos’. or example: While indoor connectivity - be leading the market in
mobile teams deploy indoor cellular solutions speed, capacity, latency, and overall quality by
at a venue such as a shopping mall, the fixed a wide margin.
services team has already been to the same
location to deploy Wi-Fi.
WWW.APTILO.COM
 9
CARRIER WI-FI

How Wi-Fi complements 5G At Aptilo Networks we never understood

“We believe that carrier Wi-Fi is the perfect complement to why there would ever be a conflict nor any
cellular in the 5G era principally for the following four reasons” real competition between Wi-Fi and 5G.
On the contrary, the two technologies
complement each other perfectly: One is
for mobility and wide area coverage (5G),
the other for high-performance and high-
11. New Wi-Fi technology with the 33. Wi-Fi is the dominant IoT capacity connectivity indoors (Wi-Fi). And
same scheduling capabilities as technology by a wide margin with we cannot think of a single reason why
cellular and lots of new unlicensed around 80% of all IoT devices operators should not use all the tools at
spectrum provides a massive connecting via short-range their disposal to maximize profitability.
boost to Wi-Fi connectivity speed, technologies such as Wi-Fi.
capacity, and quality - and as In October 2020, Aptilo was acquired by
always, Wi-Fi equipment is 44. Carrier-grade service management Enea, one of the world’s leading suppliers of
exceedingly cost efficient. solutions including seamless innovative software for telecommunication
engagement/monetization and cybersecurity. Enea is now one of the
22. As discussed, most 5G operating methods and SIM or certificate- very few vendors in the world offering
frequencies penetrate poorly to based Passpoint connectivity are solutions both within the Wi-Fi and 5G
the indoors and will need Wi-Fi as mature, effective, and ready to be domain.
a complement to deliver seamless adopted by MNOs and ISPs
indoor coverage and capacity - and everywhere. Learn more in the last chapter about how
we know that 80% or more of the we help service providers to
smartphone traffic is already now create innovative services and
consumed indoors. cut cost in their operations.

WWW.APTILO.COM
 CARRIER WI-FI
SUMMARY 10

Why Carrier Wi-Fi Is Even

More Relevant in the 5G Era
 The time for operators to embrace Wi-Fi as a strategy is now.
- Wi-Fi and 5G are perfectly complementary for delivery of mobility (5G) and high-capacity indoor wireless services (Wi-Fi).

 5G will not have the luxury of experiencing subscriber growth of 4G

- 4G experienced 2x growth in cellular services and 10x growth in mobile broadband on which to build ROI.
- According to ITU the penetration of mobile broadband is 69% globally – we believe it is 100% in most mature markets.

 Penetration through buildings is 100x worse on 95% of 5G frequency bands

- Already today – at cellular frequencies of around 2 GHz - 20% of US buildings are struggling with 4G indoor coverage.
- At cellular frequencies of 10 GHz you will likely only achieve coverage in close proximity to untreated windowpanes.

 80% of wireless data traffic is consumed indoors

- 5G will drive an unprecedented need for base station densification and indoor solutions. Why not use Wi-Fi?

 Vast majority of devices are only Wi-Fi-capable

- In 2019 - 20 years after Wi-Fi technology was given its name - the 30 billionth Wi-Fi device was shipped.
- Strategy Analytics predicts that 17 billion Wi-Fi devices will be in use by 2030 - and that is only within homes.

 Operators must break organizational silos between cellular and fixed

- Mergers between fixed and mobile service providers means many operators own Wi-Fi as an underutilized asset
- The fixed side can many times offer indoor coverage through their B2B Wi-Fi services at attractive venues.
- New Wi-Fi technology (Wi-Fi 6) has the same scheduling capabilities as cellular and lots of new unlicensed spectrum.

WWW.APTILO.COM
 11
CARRIER WI-FI

The confluence of a new Wi-Fi 6 standard and huge

amounts of new 6 GHz spectrum has created
unprecedented opportunities for Wi-Fi service providers.
The Passpoint standard has finally approached the
tipping point to a mass market and Multipath TCP is next.

Wi-Fi Technology Developments

“These game-changing
opportunities are available
starting today”

WWW.APTILO.COM
 12
CARRIER WI-FI

Wi-Fi 6

During the past couple of years, the Wi-Fi This means that Wi-Fi performance - including
industry has been blessed with a series of capacities, data rates, latency, and more - as
extraordinary developments. Firstly, a well as Wi- i’s ubiquity and already broad
new and vastly improved Wi-Fi standard applicability are likely to expand by orders
(Wi-Fi 6) has been introduced into the of magnitude. Wi-Fi has in the course of
world. Secondly - and perhaps even the past twenty years grown to dominate
more importantly - a large or, depend- the indoor wireless space regardless of
ing on country, very large swath of whether you measure market presence
new spectrum has been allocated to by traffic volumes, numbers of devices, or
unlicensed use. Each on its own such number of coverage locations. XXXXXXXXX
developments would likely produce
surges in growth and innovation, as well The coming decade will see an unprecedent-
as torrents of new business opportunities. ed expansion of Wi- i’s dominant position as
But the timely confluence of the two leads well as a slew of new applications. Both will be
us to believe that the next few years will be driven by an abundance of new spectrum as well
characterized by an even more radical trans- as powerful - and highly affordable - new Wi-Fi
formation: Something akin to a paradigm shift in technology. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
connectivity.

A paradigm shift
in connectivity
WWW.APTILO.COM
 13
CARRIER WI-FI

A new kind of performance boost: Wi-Fi 6

For the first time in wireless technology history Wi-Fi will
be capable of delivering a quality of service on par with
that of cellular networks.
. G

bps
Wi-Fi 6 is the newest generation of certified Wi-Fi™

atency ms
technology. Wi-Fi 6 is by a wide margin the most

Throughput
comprehensive and expansive reengineering of a Wi-Fi
standard ever. In fact, Wi-Fi 6 comprises so many new
features and performance boost that we have thus far G
only scraped the surface of what this new connectivity . G

standard in time could bring to market in terms of

ncreasing users ncreasing users
innovative new use cases and improvements on existing
applications.
. n . ac . ax
Perhaps the most important Wi-Fi 6 feature is Orthogonal
Wi-Fi 6 (802.11ax) delivers a consistent and linear voice delay when the number of users increase, making it ideal for
Frequency Division Multiple Access (OFDMA), which applications such as voice over Wi-Fi, real-time video conferencing, and more. While data rates of previous Wi-Fi
includes cellular-style scheduling. What in the past has standards quickly deteriorate as a function of number of users or devices, Wi-Fi 6 delivers consistent data
been somewhat of an chille’s eel for Wi-Fi - meaning throughput. Source: Cisco.
the rapid deterioration of data rates and latency as the
number of connected devices increases - will soon be a
thing of the past. OFDMA and scheduling brings
deterministic performance to Wi-Fi for the first time,
which means that Wi-Fi services (for example those
provided by ISPs) can be designed and deployed to
comply with SLAs.

WWW.APTILO.COM
 14
CARRIER WI-FI

Wi-Fi 6 OFDMA also offers multiple other benefits: Wi-Fi 6

Access Points can serve many more devices and delivers
up to four times the data transmission capacity of
previous generation systems. Another benefit is the
ability of Wi-Fi 6 to extend the range of Wi-Fi services at
low data rates rendering it very useful for IoT.
OFDMA Wi-Fi 6 comprises a long list of other valuable features
and functions including UL (uplink) MU-MIMO, 160 MHz
160 MHz Channels channels,1024QAM modulation, and more. Altogether
the Wi-Fi 6 standard is designed to deliver a giant leap
1024QAM modulation forward in high-density connectivity performance and
not least in performance quality. This means Wi-Fi
Up to 4x faster uploads service providers will be able to deliver a vastly
improved Quality of Experience (QoE) to consumers and
professional users at venues such as transportation
Up to 6x faster downloads hubs, stadiums, and malls as well as for the ‘carpeted
enterprise’, hospitality, and Us.
Up to 4x better coverage
In short: Everywhere where there are people
congregating, Wi-Fi will be there - and Wi-Fi 6 will make
Up to 6x better battery life the service much, much better.
Last but not least: There is no doubt that Wi-Fi 6 will
also deliver enormous value within the home and - for
example - for industrial applications.

WWW.APTILO.COM
 15
CARRIER WI-FI

New spectrum & Wi-Fi in the 6 GHz band (Wi-Fi 6E)

Pristine 6 GHz spectrum will boost Wi-Fi speeds
by at least a factor of four and capacities by
even more with latencies as low as 2
milliseconds. This constitutes a paradigm shift Enterprise Grade
in connectivity. Wi i hipments
E

Wi-Fi 6 is in itself a big quality and data rate

improvement over existing Wi-Fi services, most Wa e
of which currently are still based on the Wi-Fi 5 . ax
(802.11ac, 5 GHz services) or even Wi-Fi 4 . ac
(802.11n, 2.4 GHz) legacy standards. Now add
Wa e
to this Wi-Fi 6E, an opportunity for the new
standard to operate in the pristine 6 GHz band. . n
The connectivity experience will improve by an and earlier

order of magnitude in speed and quality.

It is also well documented that the rate of The rate of Wi-Fi 6 market penetration will be very fast, as evidenced by the curve above. By 2023 analysts expect the
market penetration and rollout of both devices vast majority of enterprise-grade access points to be Wi-Fi 6-capable.
and access points supporting the Wi-Fi 6 Source: 650 Group.

standard has thus far well exceeded the pace of

all previous standards. Within a couple of
years, industry analysts expect the vast
majority of enterprise-grade Wi-Fi access
points to be Wi-Fi 6 capable.

WWW.APTILO.COM
 16
CARRIER WI-FI

Wi-Fi on 6 GHz triples available band

The 6 GHz Wi-Fi story is recent - and the date April Chart depicting Wi-Fi channels within the 6 GHz band for the US
23, 2020, will be forever etched into the annals of (bottom) and the EU (top). In the future Wi-Fi 7 standard
(802.11be) 320 MHz channels will be defined. Source: Celeno.
wireless and technology history. On this date the
commissioners of US telecom regulator FCC
(Federal Communications Commission) voted
unanimously five to zero in favor of releasing
1.2 GHz of pristine 6 GHz spectrum to Wi-Fi.

Since then, several other countries have followed

suit. It is largely expected that most countries in
the world will release some parts of the 6 GHz
band as unlicensed spectrum in the course of the
next few years. In the US the full 6 GHz band
(including a section of band extending into 7 GHz)
can already be used for indoor Wi-Fi services (for Chart depicting Wi-Fi channels for the US in 2.4 GHz, 5 GHz, and the
so-called Low Power Indoor or LPI services). new 6 GHz band. The new 6 GHz band more than triples the total
available band for Wi-Fi in the USA and makes room for a total of
seven new 160 MHz channels in 6 GHz. Source: Broadcom
The huge new band allocation more than triples
available Wi-Fi band in the US and will close to
double available bands within the EU. In the US a
total of seven 160 MHz-wide Wi-Fi channels will
be available, while in Europe that number will be
three (see the channel allocation table below).
This means that Wi-Fi devices - including
smartphones, tablets, laptops, etc. - will soon be
operating at multiple gigabits per second of speed
over Wi-Fi.

WWW.APTILO.COM
 17
CARRIER WI-FI

6 GHz Wi-Fi
by Country
One important aspect of Wi-Fi 6 in the 6 using wider channels and hence no real Used in 6 GHz band Used for
GHz band - dubbed Wi-Fi 6E by the Wi-Fi reason not to use them. As a result, Status as of
Alliance - is that only Wi-Fi 6E is certified average enterprise Wi-Fi data rates will be April 2021 500 MHz 1.2 GHz ILP VLP
to operate in the said spectrum and hence at least quadrupled. USA Full ●
no legacy Wi-Fi systems will be around to Brazil Full ● ●
generate interference within the new Wi-Fi 6E technology will in addition deliver
UK Lower ●
band. The quality of 6 GHz Wi-Fi services latencies as low as 2 milliseconds, which -
will therefore likely be close to that of as a starting point - will enable much more South Korea Full ●
cellular - except several multiples faster responsi e and ‘immersi e’ connecti ity Chile Full ●
than most current wide-area coverage 5G experiences, initially for gaming, fast video UAE Lower ●
data rates (with the exception of localized conferencing, AR/VR, and more and
Saudi Arabia Full ●
and outdoor mmWave-based 5G)1. eventually for innovative new wireless
enterprise applications. EU states Q2 2021 ● ●
The interference-free 160 MHz channels in ILP = Indoor Low Power
Wi-Fi 6E means that smartphones and In summary: Based on 480 MHz to 1200 VLP=Very Low Power
other mobile devices will be able to MHz of new unlicensed (free) spectrum,
operate at peak theoretical speeds of Wi-Fi 6E will, depending on country-
more than 2 Gbps or - says chipset maker specific regulations, deliver multi-gigabit
Broadcom - up to 1.4 Gbps at a distance of Wi-Fi speeds and capacities that by a wide
7 meters non-line-of-sight from a Wi-Fi 6E margin will outperform current cellular
access point. systems indoors. And now - for the first
time in Wi-Fi history - the application of
In new enterprise deployments the adage Wi-Fi 6 and 6E technology using OFDMA,
‘eighty is the new twenty’ will apply for means the quality of Wi-Fi services will be
Wi-Fi 6E: Standard 6 GHz Wi-Fi similar to that of cellular.
deployments will use 80 MHz channels
instead of the usual 20 MHz channels
applied today. This is because permitted 1 Current 5G data rates are somewhat of a mixed bag of numbers depending on disparate

power levels (in the US) are defined in frequency allocations across countries and continents. In the US wide-area and lower band 5G
data rates typically range from 50-60 Mbps while millimeter wave 5G by Verizon delivers up to
such a way that there is no penalty for 500 Mbps but only over a very limited area (as reported by OpenSignal, June 2020). The millimeter
wave 5G signal will generally not penetrate to the indoors. In other countries – such as Korea –
up to 350 Mbps of 5G speed have been reported. Wi-Fi 6E peak data rates for smartphones are
expected to exceed 2 Gbps with typical speeds reaching more than 1 Gbps even under non-line-of-
sight conditions within the home. WWW.APTILO.COM
 18
CARRIER WI-FI

The rationale & market need for Wi-Fi 6 & Wi-Fi 6E

Rapid evolution and availability of new technology and
new spectrum is making carrier Wi-Fi inevitable as a
strategic technology of choice for service providers
everywhere.

The idea that Wi-Fi is the dominant indoor wireless

technology is not new. But we believe that Wi- i’s
dominance will be even more pronounced in the 5G era.

It is well known that device data consumption continues

to rise particularly as the result of the increased popular
demand for video streaming and - more recently perhaps
- the explosive demand for collaborative work
applications, such as video conferencing. More than this,
research suggest (see figure) that the need for mobile
networks to ‘offload’ traffic to Wi-Fi will substantially
increase in the 5G era.

In some countries - such as the UK, Japan, and Germany

– ‘Wi- i offload’ percentages meaning the percentage of The increasing percentage of traffic ‘offloaded’ from mobile networks to
smartphone traffic delivered over Wi-Fi networks of any Wi-Fi networks as a function of the cellular generation. Source: Cisco.
kind) are already well above 80%. In connection with the
US decision to allocate all of the 6 GHz band to Wi-Fi, the
FCC cited the need for offload from 5G networks as an
important contributing factor in their decision.

WWW.APTILO.COM
 19
CARRIER WI-FI

Wi i E G
Enterprise onsumer
hipments

Most analysts believe Wi-Fi 6 and Wi-Fi 6E technology will be ramped up quickly and indeed faster than previous
generations of Wi-Fi, specifically because work-from-home connectivity today is business critical for ISPs and
consumers. Such factors will continue to play important roles as drivers of renewed connectivity demand as will
the continued growth in number of devices in the home as well as data consumption.

The next phase in the ramp-up and deployment of new Wi-Fi technology will then be enterprise and carrier-grade
APs and supporting systems. This evolution will happen a little later but also in parallel with the mass-market
deployment of home Wi-Fi 6 and Wi-Fi 6E gateways and systems.

In general, the IEEE 802.11 standardization working group is now aiming for a Wi-Fi technology renewal cycle of
five years, which means full market penetration of Wi-Fi 6 and Wi-Fi 6E into the enterprise and service provider
Wi-Fi markets will sharply rise and come to completion around 2025-26.

WWW.APTILO.COM
 20
CARRIER WI-FI

Meanwhile it is critical to understand that the availability of

pristine new unlicensed spectrum has made the case for
carrier Wi-Fi hugely more compelling. Have a look - for
example - at the graphic to the right picturing the total
licensed spectrum holdings for mobile operators. The
analysis uses the UK as an example.

The most amount of licensed spectrum is held by BT and

totals 295 MHz while H3G is in second place totaling 229.5
MHz. None of the UK’s mobile operators hold more than
300 MHz of total licensed spectrum - and most hold much
less.

The UK recently released 500 MHz of pristine - meaning

unused by legacy Wi-Fi - unlicensed spectrum in the lower
6 GHz band. That slice of Wi-Fi spectrum alone is around
double the amount of licensed band that most UK mobile
operators hold at this time. Add to this the existing 5 GHz
and 2.4 GHz Wi-Fi bands - and we contend that it is
becoming increasingly difficult for operators to reject the
strategic use of carrier Wi-Fi services. Mobile and fixed
operators need to embrace carrier Wi-Fi today to stay
competitive.

In countries where the full 1.2 GHz of 6 GHz spectrum (up to

7.2 GHz) has been released - including the US, Korea, Brazil,
Saudi Arabia, and the Republic of Chile thus far - the
situation is even more extreme. The total amount of
unlicensed spectrum available (some of it available for
outdoor use as well) could be up to 10 times as much as the
licensed spectrum holdings of a single mobile operator.

WWW.APTILO.COM
 21
CARRIER WI-FI

Hotspot 2.0 and Passpoint:

Secure carrier Wi-Fi services
As one of the most important tools in Once provisioned on the phone or
the Wi-Fi toolbox, Passpoint including other Wi-Fi device, Passpoint
SIM authentication is enabling carrier- technology allows users to connect
grade quality and highly monetizable securely, instantly, and automatically to
Wi-Fi services. public (or enterprise) Passpoint-
capable Wi-Fi networks for example at
Outstanding Wi-Fi 6 and Wi-Fi 6E radio public venues such as airports,
technology capable of delivering very stadiums, transport hubs, on aircraft,
high-quality wireless connectivity is an and so on. Passpoint technology also
excellent starting point. But for service facilitates roaming onto Wi-Fi networks
providers, such capabilities must be belonging to other service providers or
transformed into user-friendly, secure, third parties given that roaming
well-defined, and preferably carrier- agreements with the subscriber’s home
class high-speed wireless data services. service provider exist.

To that end the Wi-Fi industry has

developed the Hotspot 2.0 standard,
nowadays more commonly referred to
by its equipment certification name of
Passpoint™.

WWW.APTILO.COM
 22
CARRIER WI-FI

A Passpoint-capable network is defined by Note however that EAP-SIM/AKA

supporting the following functions: authentication and mobile core integration
can also be comfortably be applied outside of
Passpoint • The network (Wi-Fi access point) should
broadcast its capabilities and available services
the full Hotspot 2.0/Passpoint specification.
Aptilo Networks was already providing such
using 802.11u and a protocol called ANQP solutions long before the release of the first
Passpoint-capable devices. This also means
• The network must use 802.1x-based
that EAP-based authentication (SIM/AKA and
authentication and WPA2 or WPA3 for over-
802.11u the-air encryption
TLS/TTLS) is not equivalent to Passpoint as
such.
ANQP • Support for EAP-SIM/AKA (SIM-identity based)
or EAP-TLS/TTLS (certificate-based methods In the USA, Passpoint-capable Wi-Fi services
usually for non-SIM devices) authentication and roaming are fairly readily available for
802.1x Wi-Fi example on the Boingo Wi-Fi network
• Optional Wi-Fi roaming with home operator deployed at many airport locations and on
WPA2/WPA3 billing some public Wi-Fi networks provided by US
cablecos, for example on the former Time
An important component is the capability of
EAP Auth. asspoint ser ices to deli er ‘Wi- i offload’-
Warner Cable public Wi-Fi network today
owned and operated by Charter
type services based on credentials stored in Communications. Today, both Android and
the subscriber’s . This means that carrier iOS operating systems natively support
Wi-Fi services can be integrated into the total Passpoint, and many phones provided by US
service offering of the mobile operator. Read carriers are pre-provisioned to support
more about this in our Wi-Fi and Cellular Passpoint services.
convergence section.
In Europe and elsewhere, Passpoint-capable
In essence Passpoint is designed to create a Wi-Fi services are less common but available
carrier-grade Wi-Fi service with a familiar and from some major carriers in the form of EAP-
seamless user experience similar to that of / K enabled ‘Wi- i offload’ con ergent
cellular networks. mobile services. Most enterprise-grade Wi-Fi
access points are certified according to the
Passpoint specifications.

WWW.APTILO.COM
 23
CARRIER WI-FI

Passpoint exists in three sequential releases: For the first time Passpoint allows operators
to offer B2B customers a tool to engage with
Passpoint Release 1 (R1): The first release visitors. They can do this through a Venue
was introduced in 2012 and all the protocols elease ENG GE ENT U URL, which displays information about the
and standards mentioned above, including Wi-Fi service and at the same time provides
802.11u and ANQP, were included with the offers and local promotions. The R3 version
ability to discover Passpoint enabled elease ON NE GNU O U also includes features for end-users to
networks and automatically connect . u with N approve terms and conditions as well as
to the optimal one. elease E O OT OT . charges for the Wi-Fi service.
lready here since ll too many refer to this
as . or asspoint
Challenges still remain for onboarding of . x E Aptilo believes that Passpoint R3 may have
new devices. Users need to provision Pass- attempted to push the user engagement
point R1 credentials manually by down- used for secure communications between features one step too far. Deploying these
loading a special file that contains profile and the client and the provisioning servers. features through ANQP, locally in the access
credential information. Many service pro- points, will make it harder to maintain
viders use an app to make this process Passpoint R2 requires a separate SSID for central control especially in a multi-vendor
seamless for the user. More or less all mobile Online Sign-Up, either an open SSID or a so- deployment scenario. Because of the
phones and laptops supports Passpoint RI. called OSEN (OSU Server-only Authenticated challenges in management and lack of
This includes Apple iPhones, although Apple L2 Encryption Network). This version also device support there is a risk that R3 will
has never formally certified them. includes enhanced policy control for service never be implemented in carrier Wi-Fi
providers. Device support is very limited. networks.
Passpoint Release 2 (R2): Passpoint R3 also makes roaming much
Released in 2014 this version included the Passpoint Release 3 (R3): R3 was released quicker and easier as the client can indicate,
important Online Sign-Up (OSU) server in 2019 but has not yet been implemented to a Wi-Fi access point, its membership of a
allowing new users to create an account and in a single device (as of April 2021). This roaming consortium.
in a user-friendly way provision Passpoint version includes several new ANQP protocol Security is further improved in R3 with
credentials at the point of access. This elements and improvements in the interaction support up WPA3-Enterprise whereas R2
enables easy ad-hoc sign-up of new users, between operators and end-users. While and R1 only supports up to WPA2-
where they can select the service provider of previous versions have focused entirely on Enterprise. It is also possible to use the
choice if several options exist. To ensure that automatic connection and onboarding of same SSID for both the actual Wi-Fi service
the server is trusted, the client validates the the users, Passpoint R3 aims to enhance (WPA2/WPA3) and the online sign-up
OSU server certificate. Either SOAP-XML or captive portal functions, by leveraging (OSEN) functionality.
OMA-DM messages over HTTPS are then ANQP messaging.

WWW.APTILO.COM
 24
CARRIER WI-FI

Strategies for deploying Passpoint in Passpoint™

the real world SUPPORT
APRIL 2021
As of April 2021, no handsets support the But as a service provider you cannot rely on
latest R3 release of the standard. Some so many unknown parameters.
Android-based phones are R2 certified, but
many are quite old. For example, the latest On a more positive note, it is generally true that R1 ALL
phone certified for R2 from Samsung is the the vast majority of smartphones, tablets and
Galaxy 5S (November 2016). In addition, laptops now support at least Passpoint R1. It is
smartphone vendors usually customize the therefore advisable for operators to create and
Android platform to match own product deploy Wi-Fi services based on R1, possibly
VERY
requirements. So, just because it works with
one endor it doesn’t mean that it works with
with an extension for selective use of R2.
R2
FEW
another. One thing is for certain: Operators who wait
for new standards to be fully deployed and for
The Passpoint certification from Wi-Fi Alliance mobile device manufacturers to adopt them
only certifies the radio protocols. In practice risk waiting for a very long time. It is not only
this means that new releases from R2 and the complexity of the technology that decides R3 NONE
above which include more complex service- whether a handset manufacturer develops
related features cannot be guaranteed to support for standards like Passpoint R2/R3 or
work. At Aptilo we have experienced this not and thus the wait could go on forever.
through the testing conducted by the Fortunately, there is no reason to delay the
Wireless Broadband Alliance (WBA). introduction of carrier-grade Wi-Fi services.

Conversely, it is probably true that devices In the next section we will discuss how
with R2 support that have not been Passpoint Passpoint R1 together with the new Captive
certified also exist, just as R1 is supported in Portal API may be the interim solution that in
iPhones without official certification. the end becomes the permanent pragmatic
solution for Passpoint enabled networks.

WWW.APTILO.COM
 25
CARRIER WI-FI

Captive Portal API: A Pragmatic

Approach to Passpoint
The new (September 2020) Internet The Captive Portal API gives service If the API states the device is in captive
Engineering Task Force (IETF) Captive Portal management platforms, such as the Aptilo mode, the device will open the Captive
API, RFC8908, and RFC8910, is very Service Management Platform™ (SMP), Network Assistant (CNA) browser to log in.
promising. greater control of the Captive Portal flows And, if the API states the device is not in
for traditional hotspots. As a result, users captive mode, the device will proceed
The Captive Portal API will not only improve will experience a more reliable service than directly to Internet.
the user experience in connection with ever before.
traditional Captive Portal implementations.
We believe that the Captive Portal API - in The overall user experience will also benefit
combination with Passpoint R1 - has the hugely by the Captive Portal API. We have
potential to deliver much of the user traditionally designed Access Gateways to
experience that Passpoint R2 and R3 were intercept the user web request and
designed to accomplish. redirected it to a Captive Portal.
With the Captive Portal API, the gateway
The adoption of Captive Portal API among does not need to intercept such requests.
handset manufacturers has also been fast. Instead, when users join the Wi-Fi network
Google was first to support the Captive and receive an IP address via DHCP (or CAPTIVE
Portal API for Android 11 and Apple soon Router Advertisement in IPv6), the DHCP PORTAL
followed with support in iOS14 and macOS server also provides the URL to the Captive
Big Sur. With a critical mass of supporting Portal API. This will trigger the device to
devices in place, adoption across all the query the API to determine if it is in captive
major operating systems appears imminent. mode or not.

WWW.APTILO.COM
 26
CARRIER WI-FI

By using a standardized interaction available during the session. The message

between the device and the captive portal, remains on their lock screen and in their
the device can now reliably determine message history. This makes it easy to go Also for
both its state and auxiliary information back to the Venue Info URL as the message secure
such as the remaining session time or data. history normally is just a swipe away. SSID
This allows the device to take action before
it reaches the limits, allowing the user to The Venue Info URL will appear when the
extend the session in a controlled way. This user connects either manually by selecting
provides a smoother interaction between an open SSID or automatically through a
the device and the Wi-Fi service secure Passpoint-enabled network. The
management system. Previously, with the Venue Info URL will also offer otherwise
guesswork of device-only captive portal anonymous Network Providers a way to
detection and system-only control, the show local information and customized
device was unaware of what was advertising to users that connect through
happening after authentication. This could for instance OpenRoaming or Orion WiFi,
cause sessions that appear to freeze after described later in this paper.
session time or data running out.

Another benefit of the Captive Portal API is Venue URL

that it can also provide a Venue Info URL.
This is an excellent tool allowing service
providers to empower their B2B customers
to engage with users locally with
information and offers. In current
implementations the user receives the link
to the Venue Info URL via an on-screen
system message appearing as a text alert

WWW.APTILO.COM
 27
CARRIER WI-FI

Build from Passpoint R1

The fact that the Captive Portal API also works on secure
Passpoint-enabled networks (802.1x), and that the concept of the
Venue Info URL has many similarities with the Venue URL specified
in Passpoint R3, opens up for new possibilities.

Aptilo believes that the Captive Portal API in combination with

Passpoint R1 will deliver much of the user experience that
Passpoint R2 and R3 were designed to accomplish.

It would make no sense to build special signup flows for the very
few, if any, devices that support an end-to-end Wi-Fi service based
on Passpoint R2/R3.

Devices that have not yet been provisioned for Passpoint R1 by

other means, such as through a SIM-profile (EAP-SIM/AKA) or App
(EAP-TLS/TTLS), will have to be provisioned ad-hoc through a sign-
up portal over an open SSID or in advance via another connection.

The user will then download and install the Passpoint profile in his
or her device with support from device specific instructions at the
portal. The next time the user connects he or she will automatically
connect through Passpoint on a secure SSID (802.1x). The Captive
Portal API can then be used for approval of terms and conditions
for new users or for existing users, if there is a need for an update.
The Venue Info URL can also optionally be used to display venue
specific information and promotions.

WWW.APTILO.COM
 28
CARRIER WI-FI

Add Passpoint R2-R3 Later

Support for Passpoint R2/R3 can be added
later when, or if, a critical mass of device
support has been achieved.

Note that the approval of terms and

conditions has purposely been moved from
the sign-up page to the first connection on
the Passpoint-enabled network. This means
that the process can also be used for
already provisioned devices and devices
with Passpoint R2 support. Users of
Passpoint R1, that sign-up at the site, will
see this as almost one flow since the session
can be terminated right after a user has
installed the profile. A user will then
immediately return as pre-provisioned.

Online signup through the R2 online signup

server (OSU) has many benefits to users
once there is sufficient device support.
A pragmatic approach to Passpoint. Start with Passpoint R1 and then add support for R2 and R3
when there is a critical mass device support. Utilize the Captive Portal API to fill the gaps in
It remains to be seen if the benefits of functionality.
Passpoint R3 terms and conditions and user
engagement features will be significant or if
it would be more beneficial to use the
same processes as with Passpoint R1/R2
capable devices (dotted line in the figure).

WWW.APTILO.COM
 29
CARRIER WI-FI

Multipath TCP : Simultaneous use of

Cellular & Wi-Fi
imultaneous
Tra c

So-called Multipath TCP (MPTCP) Apple uses MPTCP to make sure certain
technology allows IP data traffic to flow apps - currently Siri, Maps, and Music - run
simultaneously over Wi-Fi and 5G as responsively as possible by applying
networks. The result are higher data rates, both Wi-Fi and mobile data services
much improved quality overall, and together and interchangeably. A couple of
gapless handovers between Wi-Fi and years ago Apple made their version of
cellular. MPTCP available for developers via an API
and thus far at least Amazon has chosen
However, MPTCP requires support both in pple’s T function for their lexa
the device and the application server or app.
web page it is connected to. This signifi-
cantly slows down the deployment of this There’s also now a standardi ed
technology. 3GPP function utilizing MPTCP
called ATSSS. Read more about
The only example of an existing this in our Cellular and Wi-Fi
commercial MPTCP implementation is Convergence chapter.
proprietary and resides within pple’s iO
and infrastructure.

WWW.APTILO.COM
 CARRIER WI-FI
SUMMARY 30

Game-Changing Wi-Fi
Technology Developments
 Wi-Fi 6 – A paradigm shift in connectivity
- Wi-Fi 6 features orthogonal frequency division multiple access (OFDMA), which includes cellular-style scheduling.
- OFDMA brings deterministic performance to Wi-Fi for the first time, especially in dense areas with many users.
- Up to 4x faster upload, 6x faster download, 4x better coverage and 6x longer battery life.
- The rate of Wi-Fi 6 market penetration will be very fast, by 2023 most enterprise-grade access points will be Wi-Fi 6-capable.

 Wi-Fi 6E – running on 6 GHz, will triple the available Wi-Fi spectrum

- The availability of pristine new unlicensed spectrum has made the case for carrier Wi-Fi hugely more compelling.
- There will be no interference with legacy Wi-Fi as the 6 GHz band is reserved for Wi-Fi 6E only.
- Enterprise Wi-Fi data rates will be at least quadrupled, and latency will be as low as 2 ms.

 The share of offloaded traffic will only increase with 5G

- According to Cisco the share of offloaded traffic to Wi-Fi will go from 59% in 4G to 71% in 5G.

 Build on Passpoint R1: A pragmatic approach to Passpoint (Hotspot 2.0)

- Passpoint provides a secure and seamless user experience with automatic login (EAP) at encrypted 802.1x Wi-Fi networks.
- In April 2021, all devices supports Passpoint release 1 (R1). A handful devices supports release 2 (R2) and none release 3 (R3).
- Aptilo suggest to use Passpoint R1 in combination with the new IETF Captive Portal API to achieve much of the R2/R3 features.

 Multipath TCP (MPTCP): Simultaneous use of Cellular & Wi-Fi

- Apple already uses MPTCP for Siri, Maps, and Music.
- 3GPP has standardized use of MPTCP in their ATSSS standard (more about that in section 5).

WWW.APTILO.COM
 31
CARRIER WI-FI

The industry is moving in the direction of new technology

and new business models enabling more and better Wi-Fi
everywhere - including for carriers and enterprises.

Wi-Fi Industry Initiatives

WWW.APTILO.COM
 32
CARRIER WI-FI

Industry initiatives for cost-effective

ubiquitous Wi-Fi

Meanwhile the growing mass market popularity of Wi-Fi as well as its

giant leap of evolution to Wi-Fi 6 and Wi-Fi 6E is driving renewed interest
in Wi-Fi roaming, mobile offload, and more.

New initiatives are indicators of an industry-wide desire to bring Wi-Fi

and mobile services together for the benefit of service providers,
consumers, and the ecosystem as a whole. And although similar
initiatives have existed before, we believe that this time there are more
compelling reasons for them to succeed.

WWW.APTILO.COM
 33
CARRIER WI-FI

OpenRoaming by Wireless Broadband Alliance

ad ec
OpenRoaming is a Wi-Fi roaming initiative ENT T O E NETWO K O E and organizations would then be able to offer
E E E E
originally conceived and launched by Cisco their subscribers auto-connect and secure
but since taken over and today operated by access to Wi-Fi at participating Wi-Fi networks.
ssues
the Wireless Broadband Alliance (WBA). In Open oaming
essence OpenRoaming is a Passpoint- er cate Within the OpenRoaming framework
based roaming scheme bringing the term ‘network pro iders’ is used
together ‘identity pro iders’ and Operator
to describe the participating venues
‘network pro iders’ into a so user endor x.com andset nternet ublic
or service providers who own and
user operator.com
called open roaming federation. rands Giants Wi i operate Wi- i networks. ‘Network
pro iders’ can be anything from
mart ity
‘ dentity pro iders’ can be any major carrier Wi-Fi footprints to
organization providing accounts hotel chains, malls, airports, or
actory
for users. The most common and ublic congress centers.
transport
most numerous types of identity pro- otel hopping ospital Enterprise
viders within the context of OpenRoaming Wi-Fi roaming within OpenRoaming can be
are fixed and mobile service providers but in free or paid - the details are up to the roaming
principle anyone providing a user account partners to agree upon. The goal of Open-
can also be an identity provider. Both Now finally, Passpoint is pre-enabled in Roaming is to build renewed popular support
Samsung and Google are identity providers devices from the factory (for OpenRoaming). - among carriers and venues - for ubiquitous
and OpenRoaming is enabled by default in all With this, Passpoint has the potential to Wi-Fi roaming and Passpoint.
Samsung devices from Galaxy S9 and in achieve mass-market success also in practice,
Google Pixel phones with Android 11 and at least for the settlement-free use case We also see a use case for OpenRoaming
above. Apple is largely expected to follow within OpenRoaming. together with ptilo’s Zero-touch Wi-Fi IoT
suit. OpenRoaming is a game changer for the Connectivity invention, more on that in the
live deployment of Passpoint. The industry- Other potential identity providers could in Wi-Fi IoT section.
wide Passpoint project has been in the works theory be Internet giants like Facebook,
since 2014, but the issue has always been Amazon, or Netflix and public networks such Native support in Samsung,
provisioning of Passpoint profiles. as WiFi4EU and Eduroam. Such companies Google and likely soon Apple

WWW.APTILO.COM
 34
CARRIER WI-FI

Google’s Orion WiFi

n the late summer of Google’s rea The venue will be paid for providing the
120 - an in-house technology incubator at ser ice by the person’s ser ice pro ider -
Google - launched Orion WiFi. The concept but probably not only based data volume.
behind Orion WiFi is simple: Public venues It is likely that other factors such as quality
of any kind - restaurants, cafes, malls, and location will affect the amount paid
congress centers, and so on - can receive although Google has not thus far released
payment for making their Wi-Fi available the specifics.
to mobile operator subscribers.
For now (April 2021), Orion WiFi is only
Orion WiFi uses Passpoint for secure auto- available in the US and only works if you
connect to venue Wi-Fi networks as well as are a Google Fi or Republic Wireless
the RadSec protocol (RADIUS over TCP & mobile subscriber. The excellent news is
TLS). One technical requirement is that the that this a new effort to create a platform
venue Wi-Fi network supports Passpoint, where nearly any venue can sign up to a
which means that SMB or consumer-grade service that will pay them to offload
Wi-Fi equipment without Passpoint for the mobile data onto their own Wi-Fi network.
time being will not work with Orion WiFi. If the scheme turns out to be a success,
Orion WiFi may seed the ground for wider
The idea is that a person with a adoption of such types of Wi-Fi & mobile
smartphone (subscribers of participating convergent services based on Passpoint or
MNOs) can walk into an Orion WiFi similar technologies.
participating venue and auto-connect to
the Wi-Fi service.

WWW.APTILO.COM
 35
CARRIER WI-FI

Telecom Infra Project:

Disaggregating Wi-Fi technology
Meanwhile other industry initiatives are is mostly working to develop
aiming at breaking open the markets for disaggregated residential Wi-Fi services
Wi-Fi hardware, software, and services for architectures. TIP is also working on
the purpose of driving up the availability of improved collaborative schemes to
Wi-Fi networks and costs down. facilitate mobile and Wi-Fi convergence
Can hardware and software for Wi-Fi including Wi-Fi offload.
infrastructure be disaggregated - meaning
can the two be made independent or even The work by TIP may eventually lend itself
open sourced? If you ask the Wi-Fi well to reducing the cost and complexity of
subgroup of the Telecom Infra Project (TIP) deploying carrier Wi-Fi networks.
the answer is yes.

The T ‘Open Wi- i nfrastructure’ pro ect

is working to remove the lock-in effects of
proprietary Wi-Fi hardware and software,
and architectures in general, with a view to
reducing network costs and increasing
ubiquity. Thus far the collaborative project
- which is widely supported by Facebook -

WWW.APTILO.COM
 CARRIER WI-FI
SUMMARY 36

Wi-Fi Industry Initiatives

 Industry initiatives for cost-effective ubiquitous Wi-Fi
- New initiatives are indicators of an industry-wide desire to bring Wi-Fi and mobile services together for the benefit of service
providers, consumers, and the ecosystem.
- Similar initiatives have existed before but we believe that this time there are more compelling reasons for them to succeed.

 OpenRoaming by Wireless Broadband Alliance (WBA)

- OpenRoaming is a Passpoint-based roaming scheme bringing together ‘identity pro iders’ and ‘network pro iders’ into a
so-called open roaming federation. For the user, roaming is as seamless as in cellular networks.
- Participating parties do not need to know each other, AAA servers trust each other through a certificate issued by the WBA.
- Both Samsung and Google are identity providers and OpenRoaming is enabled by default in all Samsung devices from Galaxy S9
and in Google Pixel phones with Android 11 and above. This is a game-changer for mass-deployment of Passpoint.

 Google Orion WiFi

- Restaurants, cafes, malls, congress centers, and others are paid for making their Wi-Fi available to mobile operator subscribers
- For now (April 2021), Orion WiFi is only available in the US and if you are a Google Fi or Republic Wireless mobile subscriber.

 Telecom Infra Project (TIP): Disaggregating Wi-Fi technology

- The T ‘Open Wi- i nfrastructure’ pro ect is working to remo e the lock-in effects of proprietary Wi-Fi hardware and software.
- Thus far the collaborative project - which is widely supported by Facebook - is mostly working to develop disaggregated
residential Wi-Fi service architectures.

WWW.APTILO.COM
 37
CARRIER WI-FI

Operator managed Business-to-Business (B2B) Wi-Fi is the

foundation for carrier Wi-Fi both in terms of monetization
and to gain a valuable Wi-Fi footprint for subscribers.

Carrier Wi-Fi Strategies

WWW.APTILO.COM
 38
CARRIER WI-FI

How to build a carrier Wi-Fi footprint

Carrier Wi-Fi footprints, or Wi-Fi network

coverage, can be built or created in a number
of ways of which the most common are
shown in the figure.

As such the methods are independent and

are often used in combination. Aptilo
Networks today serves operator customers
who are using several of the methods
concurrently to build a Wi-Fi footprint.

Operators can use this footprint and add a

secure and Passpoint enabled SSID for their
own subscribers.

WWW.APTILO.COM
 39
CARRIER WI-FI

Operator Managed B2B or B2C Wi-Fi

This is a fully operator-owned and Telkom Indonesia has been using Aptilo
managed Wi-Fi network. In this case the service management solutions for six years
operator owns and manages everything and counting. Good examples of effective
including on-premise Wi-Fi infrastructure, operator managed B2B Wi-Fi service
services, on-boarding, operations, etc. As offerings include the small business Wi-Fi
an example, Aptilo recently provided the services of Aptilo clients NOS Portugal and
Kingdom of ahrain’s atelco with a Swisscom.
service management platform, the Aptilo
SMP, for Batelco themselves to deliver top- For the most part, managed B2B services
quality managed venue Wi-Fi services (B2B provide excellent, high margin revenues.
and B2B2C) to their clients.
Service Wi-Fi
An example of a B2C network of this type Mgmt Hardware
is that of Telkom Indonesia, a giant telco
operating some 400,000 Wi-Fi access
points (including homespots) serving more
than 70 million users (this figure includes
businesses). OPERATOR

WWW.APTILO.COM
 40
CARRIER WI-FI

Operator B2B Cloud Wi-Fi Services

Here the operator provides tools - meaning Cloud-based Software-As-A-Service-
type Wi-Fi service management - for operation of managed enterprise Wi-Fi, while
the B2B customer owns and retains his or her own Wi-Fi infrastructure.
This type of approach is often used for instance in the case of guest Wi-Fi services.

The approach is required when operators want to extend their coverage footprint
and business scope simply because most venues already own and operate their
own Wi-Fi networks.

Conversely, in some cases Aptilo clients have acquired the Wi-Fi network
equipment belonging to certain important customers and locations so as to
convert the service to a fully operator managed B2B Wi-Fi.

Service Wi-Fi
Mgmt Hardware

OPERATOR B2B CUSTOMER

OUTSOURCE TO
OPERATOR

WWW.APTILO.COM
 41
CARRIER WI-FI

Community Wi-Fi (Homespots)

‘ omespots’ or community Wi-Fi means For example: Spectrum Mobile - the
that Wi-Fi-capable residential gateways MVNO services arm of US cableco Charter
(terminating fibre, DSL, or cable Communications - uses such a scheme to
connections in the home) are configured keep their subscribers connected on
to double as public Wi-Fi hotspots in Charter-owned ‘homespots’ as much as
addition to fulfilling their primary role of possible.
delivering residential Wi-Fi services. Such
schemes - which are or have been popular Some service providers also configure their
with US cablecos in particular - are business customers’ Wi-Fi to serve multiple
relatively quick ways of building huge Wi-Fi functions: Wi-Fi for the business at which it
hotspot networks spanning millions of is installed as well as for public Wi-Fi.
locations.
Service Wi-Fi
Homespot services are commonly used for Mgmt Hardware
‘Wi- i offload’ of mobile data from for
example cableco MVNO subscribers.

OPERATOR

WWW.APTILO.COM
 42
CARRIER WI-FI

Third-party Wi-Fi Services & Roaming

Operators with or without own Wi-Fi Aptilo Networks is currently contributing
networks can also choose to partner with to the ongoing international collaborative
third-party Wi-Fi service providers to allow work on the Wireless roadband lliance’s
their subscribers access to specific Wi-Fi OpenRoaming initiative (discussed above)
service footprints, for example for which at some point may allow the means
international travel or Wi-Fi services in the for mobile subscribers to roam onto Wi-Fi
London Underground, with 3UK enabled services at stadiums, malls, or even onto
by ptilo and using irgin edia’s the properties of certain hotel chains.
network, and so on. Some third parties can
also provide roaming onto extensive
airport Wi-Fi networks, for example.

Service Wi-Fi
Mgmt Hardware

OPERATOR NETWORK

WWW.APTILO.COM
 43
CARRIER WI-FI

Operator Wi-Fi monetization

strategies
Based on twenty years of Wi-Fi industry revenues from venues that want to provide
evolution, carrier Wi-Fi monetization carrier-grade Wi-Fi to guests or workers in This strategy is driven by the continuous
strategies are both well-known and order to stay competitive and relevant. increase in demand for quality Wi-Fi
evolving continuously to match B2B and Users receive the free service in return for services by businesses everywhere. Hardly
B2C needs. Aptilo has been actively their engagement with the brand and as a a public or private venue exists without the
participating in this service evolution result of surrendering some personal need for Wi-Fi and so business clients can
process from the start. details. The service providers may even now benefit by offering their clients and
agree to subsidize the B2B Wi-Fi service at staff top-quality carrier-grade Wi-Fi
So how do you monetize Wi-Fi? The particularly attractive venues in return for delivered by expert service providers.
question has loomed large for years securing valuable indoor Wi-Fi footprint for
particularly since, from a consumer point use by their own subscribers.
of view, Wi-Fi is typically offered as a free
amenity. This does however not mean that For years operator managed Wi-Fi has
service providers cannot monetize Wi-Fi been a specialized but growing telecom
services. Apple founder Steve Jobs once market segment. Most Wi-Fi monetization
elegantly pointed out that “if you’re not strategies and methods are not new but in
paying for the product, you are the coming years we expect them to grow
product.” nd this is indeed true both in value and importance as they are
specifically for Wi-Fi. boosted in particular by the mass-market
arrival of new Wi-Fi technology.
The service provider will receive significant

WWW.APTILO.COM
 44
CARRIER WI-FI

Operator B2B Wi-Fi

B2B Wi-Fi offers not only a significant
revenue stream but also a needed service Enterprise
‘stickiness’ that keeps businesses and mart i es partments/
consumers coming back. Aptilo believes o working
B2B Wi-Fi is a business-critical O ces
contribution to an all-encompassing 5G
strategy, which also includes high-speed, etail tadiums
low-latency indoor services delivered over
Wi-Fi.

Businesses want to provide an easy-to-

use, high-quality Wi-Fi service for their
visitors. In many cases venue owners see
value in using Wi-Fi as a means of ealthcare ospitality
engaging with their guests and clients, for
example by asking clients to create and
verify accounts or by presenting them irports ublic
with Internet access sponsorship options, Transport
coupon offers, and so on.
It is a well-established fact that venue owners benefit from
In some cases, venues will still request collecting and analyzing Wi-Fi data. The data can then be used for
payment for Wi-Fi services often according marketing of the enues’ products and ser ices. are must be
to a ‘freemium’-type business model. In exercised so as to act only in accordance with GDPR or other
other cases, venues may accept guests relevant privacy regulations.
accessing their network via Passpoint- When operators provide such sophisticated Wi-Fi-based tools to
based auto-connect Wi-Fi either for free businesses they are typically also engaging their clients at the
or via a paid settlement agreement decision-making level, which in turn is conducive to building
between operators. stronger, higher-value, and more fruitful client relationships.

WWW.APTILO.COM
 45
CARRIER WI-FI

All of these things are not easy for business

owners to accomplish on their own. In
most cases they are best provided by
experts – meaning operators.

If operator B2B Wi-Fi doubles as a service

offered to consumers, then both operators
and consumers will benefit from the high-
capacity deep indoor wireless coverage -
provided of course that Wi-Fi networks are
built in accordance with carrier-grade
quality standards. The same applies for any
businesses relying on the indoor coverage.

Last but not least: Mobile operators can in

some cases leverage the strong demand for
Wi-Fi from businesses to introduce small
B2B Wi- i is a win x . The ser ice pro ider’s department gets a profitable ser ice, business customers get analytics and a
cells or DAS systems into indoor locations tool to engage their visitors, and visitors get a carrier class Wi-Fi service.
owned by such businesses. In some f an additional or asspoint ser ice is implemented for the operator’s subscribers, then the consumer department will
instances, venue owners may more readily receive the benefits of reduced churn and network operations will get much needed indoor coverage.
accept such installations when also
provided with the quality Wi-Fi that their
businesses and their guests need. In this
way operator B2B Wi-Fi can also become
an indirect means of achieving better
indoor cellular coverage.

WWW.APTILO.COM
 46
CARRIER WI-FI

Operator Home Wi-Fi

Residential Wi-Fi delivered by ISPs is right These include for example Wi-Fi services
now one of the most significant growth offered at MDU (Multi Dwelling Unit)
opportunities not just in Wi-Fi but within housing complexes such as senior living
all of the tech world. A big driver is the facilities, long-stay resorts and condomin-
need for much better home connectivity to iums, college campuses, and more.
accommodate an avalanche of devices.
More and more individuals are Wi-Fi services for MDUs - because they are
transforming their homes into work-from- often deployed to cover a wide area
home offices. similar to classic campus Wi-Fi - often
require carrier-grade authentication and
Most ISP-delivered home Wi-Fi services service management so that guests and
are today managed with simple WPA2 or residents can enjoy high-quality, secure,
WPA3 passkey access although in more and reliable Wi-Fi services anywhere on
sophisticated cases smart home services the property and on any connected device
are delivered to Wi-Fi devices at the they choose.
endpoints. For example: A smart home Wi-
Fi configuration app can provision not only We believe the service provider industry in
Internet connectivity but many other coming years will see new products or
services, such as parental controls, security even new companies emerge to serve
monitoring, motion detection, and more. many such specialized MDU (or new
emerging enterprise) segments. Many
In a few relatively new use cases the such new business opportunities will be
classic world of residential Wi-Fi (as driven by the hugely improved and more
provided by ISPs) and public Wi-Fi (such as sophisticated Wi-Fi technology and
managed services enabled by Passpoint or services based on Wi-Fi 6 and Wi-Fi 6E.
SIM-based authentication) are to some
extent merging.

WWW.APTILO.COM
 47
CARRIER WI-FI

Wi-Fi-based IoT
The opportunity for operators to
deliver connectivity services for
IoT devices has long been touted
as one of the most important o not include computers, laptops, xed pho cellphones or tablets.
ounted are ac e nodes/de ices or gateways concentra ng the end
growth segments in telecom. And sensors, not e ery sensor/actuator. and N not counted.
the number of wireless IoT devices
in need of connectivity is indeed
growing at an impressive rate. As
shown in the figure, IoT Analytics
forecasts a growth of the installed
base from 10.0 billion in 2019 to
30.9 billion in 2025. Ericsson’s
slightly more conservative estimate
predicts a growth from 12.6 billion
units in 2020 to a whopping 26.9
billion in 2026.

But here is a perhaps lesser-known

fact: By far the largest proportion Growth in connected IoT devices including Wi-Fi IoT (WLAN).
of IoT devices – approximately 7.5 Source: IoT Analytics
billion out of a total of 11.7 billion
units as of 2020 to be exact, see The number of Wi-Fi-based IoT
the figure above - are short-range, devices is expected to increase to
non-cellular devices. According to more than 7 billion by 2025. This
IoT Analytics, Wi-Fi-based IoT number of course includes devices
devices represent a third of all IoT for the smart home, devices
devices in 2020 and is one of the operated by businesses, and even
fastest growing tech product machinery and automation-type
segments. devices for industrial applications.

WWW.APTILO.COM
 48
CARRIER WI-FI

Connecting billions of IoT devices with solution provider, or operator to sign up

secure and reliable carrier-grade Wi-Fi for the service. The end result would be
services is clearly a big business the onboarding and auto-connection of IoT
opportunity. But it is also a significant devices not only within their own network
challenge for any service provider because but also within the extended coverage
the IoT device market is notoriously footprint enabled by the OpenRoaming
fragmented and dominated by proprietary federation.
solutions. The secure and automatic
onboarding of masses of IoT Wi-Fi devices Because we encourage the industry to
- many of which are ‘headless’ without a participate in this initiative, we have
user interface - has proven less than easy. chosen not to patent the Zero-Touch
innovation. We believe that the time is
Thankfully there are new tools and now for operators to invest in massively
platforms that allow service providers to scalable and standardized onboarding for
achieve effective automatic onboarding. Wi-Fi IoT.
ptilo’s Zero-Touch Wi-Fi IoT
Connectivity™ solution uses certificates For more about the Aptilo solution, go to
(x.509) that already exists in devices to the last section or also to ptilo’s web link
auto-connect Wi-Fi IoT devices to Wi-Fi below).
right out of the box. Aptilo has partnered
with Amazon Web Services (AWS) IoT Core
to deliver an end-to-end, massively
scalable Wi-Fi IoT onboarding solution.

The solution also lends itself well to the

OpenRoaming concept described
previously. In this case the Zero-Touch
ser ice can act as an ‘identity pro ider’ for
IoT devices allowing any enterprise, IoT

WWW.APTILO.COM
 CARRIER WI-FI
SUMMARY 49

Carrier Wi-Fi
 Business-to-business (B2B) Wi-Fi is the foundation for building an indoor Wi-Fi footprint
- Community Wi-Fi and roaming agreements / third-party networks are other options.
- We advise operators to add a secure Passpoint-enabled connectivity across all these networks for subscribers.

 B2B Wi-Fi services are ‘sticky’

- They offer significant re enue streams but also ‘stickiness’ that keeps businesses and consumers coming back.
- Aptilo believes B2B Wi-Fi is a business-critical contribution to an all-encompassing 5G strategy.

 B2B Wi-Fi services are a win x 5

- End-users get Carrier-class Wi-Fi, Venue owners get marketing and analytics, operator B2B department get significant revenues,
consumer department gets reduced churn and network operations gets indoor coverage.

 By far the largest proportion of IoT devices use short range technologies such as Wi-Fi
- Approximately 7.5 billion out of a total of 11.7 billion IoT units as of 2020 are short-range and non-cellular.

 Wi-Fi is one of the fastest growing IoT segments

- The number of Wi-Fi-based IoT devices is expected to increase to more than 7 billion by 2025.

 Manual onboarding of Wi-Fi IoT devices is a potential showstopper for a mass-market

- ptilo’s Zero-Touch Wi-Fi IoT Connectivity initiative will make onboarding automatic. This is not a proprietary solution; We
encourage the industry to follow suit.

WWW.APTILO.COM
 50
CARRIER WI-FI

Business and technical consolidation trends all

point in the same direction: Mobile and fixed
networks are coming together - for the benefit of
everyone in the industry and consumers.

Wi-Fi & Cellular

Convergence

WWW.APTILO.COM
 51
CARRIER WI-FI

Wi-Fi and Cellular Convergence:

Opportunities today
While Wi-Fi and cellular is on a gradual what technologies do and do not belong to
path to technical convergence there can be mobile and fixed wireless services,
no question that corporate fixed-cellular respectively.
convergence aka consolidation has been
happening for a long time already. Some At Aptilo Networks we believe there is
years ago, dominant mobile operators significant untapped business potential in
trended towards acquiring cable and fiber breaking such operator ‘silos’ in order to
operations. More recently fixed service achieve real progress in service and
providers and cablecos have either technological convergence.
acquired mobile operators or have become
MVNOs themselves. Some of these opportunities do not need
big infrastructure investments nor do
All of this is seeding the ground for operators need to wait for new
technology and services convergence in convergence (3GPP) standards or
addition to the more obvious corporate equipment to emerge.
consolidation.

But, as already discussed, if real technical

Wi-Fi and mobile (5G) convergence is to
happen service providers also need to
break free from conventional organizational
‘silos’ and compartmentali ed thinking on

WWW.APTILO.COM
 52
CARRIER WI-FI

Mobile network traffic data may indicate overcapacity.

But that is often only true as a high-level average.
There will always be some cell sites suffering from
congestion and some only serving a handful of
subscribers. Selective Wi-Fi offload is the answer:
Build Wi-Fi capacity where it is needed most and of
course always for indoor coverage.
If regulations allow it, mobile operators may even take
the bold step to replace cellular with Wi-Fi at some U
locations. We ha e
o ercapacity

Here is our suggested list of reasonably simple

network changes that would create a ‘Wi- i offload’ elec e
service and hence a quick new source of revenue for Wi i O oad
operators:

• Create an additional SSID (network name) supporting eplace

the 802.1x protocol on all of your existing Wi-Fi ellular
footprint. with Wi i

• Enable SIM-based Wi-Fi services authentication n

(using the EAP-SIM/AKA protocol).

• Introduce selective offloading of mobile traffic to Wi-

Fi at various locations.

By introducing the right configurations and by

provisioning devices correctly, such a scheme would
create an additional layer of mobile network capacity
using Wi-Fi. But this would of course also require that
mobile and fixed parts of the operator organization
collaborate.

WWW.APTILO.COM
 53
CARRIER WI-FI

Wi-Fi and Cellular Convergence: 5G

and Wi-Fi integration
5G introduces new network architectural
concepts for Wi-Fi integration with the
mobile core (non-3GPP access). In this
section we first explore the basic concepts
of trusted and untrusted Wi-Fi access and
then point out what is new within 5G.

The 3GPP standard primarily offers two

main strategies to integrate Wi-Fi networks
with the mobile core: Trusted and
untrusted non-3GPP (Wi-Fi) access.

WWW.APTILO.COM
 54
CARRIER WI-FI

Untrusted non-3GPP (Wi-Fi) Access

Untrusted non-3GPP (Wi-Fi) access was the device side because it requires an (EAP- / K / K ’ or G-AKA). This
first introduced in the Wi-Fi specification in IPsec client to be reside on the device. The provides the same level of authentication
3GPP Release 6 (2005). At that time Wi-Fi device is connected through a secure IPsec security as in the cellular network. It may
access points featuring advanced security tunnel directly to an IPsec Terminating also be a requirement to interface towards
features were rare. Hence Wi-Fi was Gateway in the Mobile Core, which in turn mobile core network policy functions. In
considered open and unsecure by default. is connected through an encrypted tunnel addition to authentication of the device,
Untrusted access includes any type of Wi- to the Packet Gateway. The Packet the SIM authentication process produces
Fi access that the operator has no control Gateway is used for both cellular and Wi-Fi cryptographic keys. These keys are used for
o er such as public hotspots, subscribers’ traffic. IPsec tunnel establishment and for
home Wi-Fi, and corporate Wi-Fi. It also encryption in the secure Wi-Fi
includes any Wi-Fi that does not provide This integration on the core network side network (802.1x).
sufficient security mechanisms such as also means that Wi-Fi service management
authentication and radio link encryption. platforms, such as the Aptilo Service
Management Platform™ (SMP), must
The untrusted model requires no changes interface with mobile core network
to the Wi-Fi network but has an impact on HLR/HSS/AMF for SIM Authentication

WWW.APTILO.COM
 55
CARRIER WI-FI

Trusted non-3GPP (Wi-Fi) Access

Trusted non-3GPP (Wi-Fi) access was first

introduced with the LTE standard in 3GPP
Release 8 (2008). Trusted access is often
assumed to be operator-built Wi-Fi
access with encryption (enabled by
802.1x) in the Wi-Fi radio access network
(RAN) and a secure authentication
method (EAP). However, it is always up to
the home operator to decide what is to
be considered trusted.

In the case of trusted access, the device

(UE) is connected through a Wireless
Access Gateway in the Wi-Fi core. This
Wireless Access Gateway is in turn
connected through a secure tunnel
directly with the Packet Gateway, used
also for cellular traffic, in the Mobile
Core.

WWW.APTILO.COM
 56
CARRIER WI-FI

Trusted and Untrusted Wi-Fi Function

Wireless Access
3G 4G 5G

Network Integration to 5G Core

WAG TWAG TNGF
Gateway
IPsec
TTG ePDG N3IWF
Termination
Packet
GGSN P-GW UPF
Let us now focus on the new With no operational This reason came in the Gateway
architecture for integration rationale or commercial form of Wi-Fi Calling, which
with 5G Core (5GC). reasons to back-haul Wi-Fi was in their own and their Note that these are just “functions”
Go here for more traffic to the Mobile Core customers’ best interest. and may be delivered as one
information about operators have opted to use combined solution, deployed as
containerized functions, or the same
the integration options secure SIM-based So, are operators likely to
virtual or physical gateway node.”
for the 3G and 4G Core. authentication, sometimes implement the 5G 3GPP
combined with policy standards for Wi-Fi access in
Standardization and network control from the Mobile the future? We believe so,
technology history tells us Core. There is no reason to and there are a few reasons
that not all functions in a exert extra load on the for that. But such
standard will be deployed in Mobile Core when all implementations will take
real networks. They will not required policies for Wi-Fi time. First - as already
be implemented by vendors can be applied locally. discussed in this paper -
and service providers unless operators more than ever
there are good commercial Device manufacturers also need to embrace Wi-Fi in
reasons for it. control much of what is the 5G era. Secondly, a new
possible and implemented. breed of carrier grade Wi-Fi
The 3G and 4G versions of It took almost 10 years for (Wi-Fi 6) is here. Thirdly, the
Wi-Fi data plane integration device manufacturers to new Access Traffic Steering,
is a good example of this. decide to implement the Switching & Splitting (ATSSS)
The vast majority of mobile IPsec client needed for 3GPPP standard will finally
operators have focused on untrusted Wi-Fi access. In give operators a good
local break-out of Wi-Fi their view it simply took that reason to backhaul traffic to
traffic from their secure Wi- long for a good commercial the Mobile Core.
Fi networks (802.1x). reason to materialize.

WWW.APTILO.COM
 57
CARRIER WI-FI

The simplified diagram shows Wi-Fi

service integration with new service-
based 5G Core (5GC) introduced in 3GPP
release 15 (untrusted) and 16 (trusted).

The first thing to observe is that this

architecture is Radio network (RAN)
agnostic since both the Cellular and Wi-Fi
access are using the same interfaces (N1-
N3).

The N1 is a control plane interface

between the device (UE) and the Access
and Mobility Function (AMF). It is
primarily used to transfer information
about the connection, mobility, and
session from the UE to the AMF.

This interface is used both for Cellular The N3 is the data plane interface 5G introduces a new principle for non-
and Wi-Fi (for 5G Capable Devices) and it between the access network and the 3GPP access: Simultaneous connections
is physically transported the same way to User Plane Function (UPF) in the 5G via cellular and Wi-Fi are now possible
the AMF as shown by the N2 interface. Core. The UPF is the packet gateway by using multiple non-access stratum
transporting data to the internet. (NAS) connections over the N1 interface.
The N2 is the control plane interface This is a prerequisite for the new ATSSS
between the access network and the 5G For Cellular, N2 and N3 connect the base standard and the same authentication
Core. It is primarily used for connection station (gNB) with the AMF. For Wi-Fi, procedures, EAP- K ’ and G-AKA, are
management, UE context and Protocol they connect the non-3GPP interworking used for both Cellular and Wi-Fi.
Data Unit (PDU) session management, and gateway functions (N3IWF, TNGF,
and UE mobility management. TWIF) with the AMF.

WWW.APTILO.COM
 58
CARRIER WI-FI

A new protocol, EAP-5G has been The control plane (N1-N2) could also be The trusted WLAN Interworking Function
introduced in order to support NAS provided by one vendor while the data (TWIF) is a new 5G function for
messages over Wi-Fi networks. The IKEv2 plane (N3) is provided by another. interoperability with legacy devices.
and EAP-5G protocols are used to establish This is to resolve the contingency that
an IPsec tunnel for signaling during the The Non-3GPP Interworking Function some devices may support 5G SIM
registration procedure between the device (N3IWF) is the IPsec tunnel terminating authentication but do not support 5G NAS
and the interworking and gateway node for 5G similar to the ePDG for signaling over trusted Wi-Fi access. These
functions. The EAP-5G protocol is then integration with the 4G Core. It is located devices lack the support for the EAP-5G
used to encapsulate NAS messages over in the Mobile Core and communicates with and IKEv2 protocols. 3GPP refer to such
the IKEv2 protocol. the Access and Mobility Function (AMF) devices as non-5G-Capable over WLAN
control plane over the N1 and N2 (N5CW). The TWIF contains the NAS
Another interesting new principle is the interface. For the data plane it protocol stack and exchanges NAS
use of IPsec also for trusted Wi-Fi communicates with the User Plane messages with the AMF on behalf of this
networks. Why would you want to use an Function (UPF) over the N3 interface. type of devices.
IPsec connection - albeit with null
encryption to avoid double encryption - in The trusted non-3GPP Gateway Function The TWIF is located in a trusted
a secure Wi-Fi network? It turns out that (TNGF) is for 5G the equivalent to the environment, often the Wi-Fi Network,
implementations in devices and gateways Wireless Access Gateway (WAG) used for and communicates with the Access and
with dual support for both trusted and trusted access to the 4G Core. The TNGF is Mobility Function (AMF) control plane over
untrusted access will probably be easier to located in a trusted environment, often the the N1 and N2 interface. For the data
implement in this case. Add to this the Wi-Fi network, and communicates with the plane it communicates with the User Plane
benefits of a fixed anchor point in the Access and Mobility Function (AMF) Function (UPF) over the N3 interface.
Mobile Core to facilitate mobility and control plane over the N1 and N2
ATSSS. interface. For the data plane it Just as in the case of TNGF, the device
communicates with the User Plane is connected with the TWIF using
et’s now examine the new functions for Function (UPF) over the N3 interface. As an IPsec tunnel with NULL
non-3GPP access. Again, please note that discussed, the device and the TGNF is encryption.
these functions are not the same thing as connected using an IPsec tunnel with null
physical gateways. In practice, these encryption.
functions could all reside in the same
gateway.

WWW.APTILO.COM
 59
CARRIER WI-FI

Opportunities for the future: Smarter connectivity –ATSSS

The new Access Traffic Steering, Switching & Splitting (ATSSS) function is the
‘Holy Grail’ of mobile data offloading, but its complexity and reliance on device
support means it will likely take years to come to market.

WWW.APTILO.COM
 60
CARRIER WI-FI

Will new and better technology and The capability of such apps or hidden
standards for automatic network selection clients must include at least the solutions
and intelligent convergence between to the following current imperfections in
mobile and Wi-Fi services be developed for switching between Wi-Fi and mobile
the mass market of the future? The short network access:
answer is probably yes. We will address
one of them here, namely the newly • oiding unintentional ‘walk-by’
released Access Traffic Steering, Switching switchover to public Wi-Fi which could
& Splitting (ATSSS) as introduced in 3GPP produce a poor user experience or even
release 16. intermittent loss of connectivity.

But the answer is also that for the most • Policies and thresholds should
part such technologies - including automatically reject or accept handoff
Passpoint with SIM authentication - to Wi-Fi and/or back to cell sites if
already exist. These may not be ideal but either is congested.
are still extensively field-proven and work
well enough to have already been
implemented by dozens of major carriers.

Operators actively choosing Wi-Fi offload

as a strategy and who want more granular
control, often include so-called
connectivity manager clients (apps or
hidden clients) on the device. Such
solutions can be quite sophisticated
depending on to what extent the app, and
hence the operator, can access and control
the communication layer in the de ice’s
operating system.

WWW.APTILO.COM
 61
CARRIER WI-FI

ATSSS -Smarter Connectivity Natively in Device

We think yes - and fortunately, the 3GPP ’ “ ” :
seems to think so as well since they have
introduced ATSSS as part of the 3GPP • Steering: Choosing the best available
Release 16 standard for 5G. network based on speed, cost and
latency.
ATSSS uses the so-called Multipath TCP
(MPTCP) technology described earlier to • Switching: Moving seamlessly between
allow IP data traffic to flow simultaneously 5G and Wi-Fi networks.
over Wi-Fi and 5G networks. The results
are higher data rates, much improved • Splitting: Splitting the traffic over 5G
quality overall, and even gapless and Wi-Fi, the split can be set by
handovers between Wi-Fi and 5G. Since policies.
very few application and web servers
supports MPTCP, the ATSSS specifies a
MTCP Proxy implemented in the 5G core
User Plane Function (UPF). It also specifies
a ATSSS low layer functionality (ATSSS-LL)
to support other protocols such as UDP.

Wouldn’t it be a great step up in The introduction of ATSSS is very good

performance and quality of experience if a news for advanced Wi-Fi service
phone natively could aggregate the data management platforms such as Aptilo
streams from Wi-Fi and cellular into one SMP, as it makes policy management so
stream and perhaps even intelligently steer much more complex.
and switch traffic between the two?

WWW.APTILO.COM
 62
CARRIER WI-FI

ATSSS Steering Modes

These functions, the three “ ”, translate to
four ATSSS standard steering modes that Priority Based: Traffic is transmitted over a
need to be supported in the device and in specified high priority access network (Wi-Fi
the Mobile Core (UPF). or cellular). If this access network becomes
congested, the traffic overflows onto the
Active Standby Active Standby: One access network - other access network. If the high priority
cellular or Wi-Fi - is the active (default) access network becomes unavailable, traffic
access network. The traffic is routed over this switches to the other access network (as in
access network until it becomes unavailable, Active Standby). The determination of
Smallest Delay in which case traffic switches over to the congestion is implementation specific.
other access network. When the active
access network is available again, the traffic Another factor that adds to the complexity in
is switched back. policy management is the large number of
stake holders. A real-world deployment of
Load Balancing Smallest Delay: Traffic is sent over the access ATSSS will need to cater to:
network with the smallest delay. The • Service provider policies
Performance Measurement Function (PMF) • Policies set by the user
determines the latency of each network
! Priority Based • Device vendor policies
connection. The underlying multipath • App provider policies
protocol can also provide measurements. • Enterprise IT policies
Load Balancing: This specifies a fixed We think that ATSSS is a very promising
percentage for the fraction of the traffic that standard. t is at some extent the ‘ oly Grail’
should connect over the 3GPP network with of mobile data offload and with ATSSS,
the rest of the traffic sent on the non-3GPP
operators may finally find a good reason for
network. This mode only applies to QoS backhauling Wi-Fi traffic all the way to the
flows with non-guaranteed bit rate (non- mobile core.
GBR).

WWW.APTILO.COM
 63
CARRIER WI-FI

No Reason To Wait for ATSSS

But for ATSSS to reach mass market, device field-proven systems for cellular and Wi-Fi
support is crucial. An example of a related convergent services, remain available to
standard that never achieved any market any operator who wishes to apply vastly
penetration at all is 3GPP ANDSF, which improved Wi-Fi technology as a part of
was a useful concept but in the end was their network strategy today. Passpoint
never implemented natively in any device. and EAP-SIM based solutions are readily
available and can possibly be comple-
It may take quite a few years more for mented with an app for more granular Opportunities
ATSSS to come to market – or alternatively, control. In other words: Even though a
proprietary forms of largely the same more systematic 3GPP-based approach to are here today!
function incorporated by Apple or others convergence may emerge in coming years,
may in the end supersede the G ’s there is no reason to wait. Excellent
attempts. The ATSSS concept has already convergence solutions exist today.
been tested successfully by Korea Telecom
using a proprietary solution.

In either case there is a good likelihood

that Wi-Fi and 5G data streams will find
new ways of complementing each other -
including using aggregation & gapless
handovers - on the transport layer.

Meanwhile all the benefits of known and

WWW.APTILO.COM
 CARRIER WI-FI
SUMMARY 64

Wi-Fi & Cellular

Convergence
 Mobile and fixed networks are coming together
- More recently fixed service providers and cablecos have either acquired mobile operators or have become MVNOs themselves.
- Convergence opportunities do not need big infrastructure investments nor need to wait for new 3GPP standards or equipment.

 But we have overcapacity in our cellular network…

- That statement will only be true on average as there will always be service areas suffering from congestion and bad coverage.
- Selective Wi-Fi offload is the answer. Operators are advised to add a secure 802.1x SSID across their Wi-Fi networks and to
actively build secure Wi-Fi at congested locations and for indoor coverage.

 Two standard options for non-3GPP (Wi-Fi) Access – with backhauling to mobile core
- Untrusted: A secure IPsec tunnel is established between the device and a gateway in the mobile core.
- Trusted: The device is in a trusted secure Wi-Fi network, connected with the mobile core through a trusted gateway.

 Standards will only be implemented if there are good commercial reasons for it
- Most mobile operators today are using SIM authentication and then just non-standard local break-out and policy control.
- The non-3GPP access which backhauls traffic to the mobile core is mainly used for Wi-Fi Calling, using the untrusted method.

 New concepts for non-3GPP (Wi-Fi) Access in 5G

- 5G is built to be radio (RAN) agnostic. Wi-Fi interworking nodes use the same interfaces to mobile core as 5G base stations.
- IPsec tunnels are used also for trusted non-3GPP (Wi-Fi) access, but they are null encrypted.
- The new ccess Traffic teering, witching plitting T is the ‘ oly Grail’ of mobile data offloading, but its complexity
and reliance on device support means it will likely take years to come to market. ATSSS is using Multipath TCP to provide
simultaneous and optimal connectivity over Wi-Fi and cellular.
WWW.APTILO.COM
 65
CARRIER WI-FI

Enea is one of the very few vendors offering solutions

both in the Wi-Fi and 5G domain. This allows us to
serve our carrier customers even better and with a
unique value proposition.

Enea Solutions for

Wi-Fi and 5G

WWW.APTILO.COM
 66
CARRIER WI-FI

Enea business unit Aptilo -Solutions for Carrier Wi-Fi

ptilo Networks is one of the world’s leading pro iders approaches , the good news is that a field-proven,
of Wi-Fi service management solutions and cloud- mature, and feature-rich Wi-Fi service management
based IoT connectivity control services. The platform already exists. This platform is trusted
company has delivered software and services by over 100 service providers and is ready to
to more than 100 operators that serve help you convert any or all of the afore-
tens of thousands of enterprise custom- mentioned new Wi-Fi service oppor-
ers, and hundreds of millions of end- tunities into profitable, commercial
users and devices. reality. It is called the Aptilo Service
Management Platform - or simply
In October 2020, Aptilo was acqui- the Aptilo SMP™ - and it forms
red by Enea one of the world’s the core of all Aptilo carrier-class
leading suppliers of innovative Wi-Fi solutions.
software for telecommunication
and cybersecurity. The Aptilo SMP - which includes a
AAA, a policy server, a subscriber
Aptilo has for two decades been management module, captive
the industry’s leading pro ider of portal management, charging, ana-
carrier-class Wi-Fi service manage- lytics, and more – has been designed
ment solutions. In this section we to serve as a highly scalable carrier-
give an overview of some of the most class Wi-Fi services platform. It will
important solutions we provide in the apply equally well to multitenancy guest
Wi-Fi space. Wi-Fi use cases for enterprises, manag-
ed corporate Wi-Fi, carrier Wi-Fi offloading, and
As a new era of much faster and much higher- even to advanced IoT connectivity management.
quality Wi-Fi 6 and Wi-Fi 6E connectivity

Aptilo SMP™ WWW.APTILO.COM

 67
CARRIER WI-FI

Aptilo SMP is vendor agnostic so that you

are free to select any or any combination of
your preferred Wi-Fi AP vendors for your
Wi-Fi projects - and in the process even
apply a competitive bid process to drive
down Wi-Fi AP costs. Here is a brief
overview of how the Aptilo SMP becomes
your primary tool capable of addressing
many of the new Wi-Fi business
opportunities detailed in this paper:
Aptilo SMP with SIM Authentication is the
mobile offload function that allows carriers
to authenticate and offer Wi-Fi access to
mobile subscribers based on credentials
stored in their SIM cards. Aptilo SMP also
offers all the service management functions
required to deliver fully compliant Passpoint
network services. It is also possible to
perform integrations towards core network
policy functions and OSS/BSS subsystems.
GDPR compliant functionality for personal data and consent management.
Aptilo SMP Venue Wi-Fi Manager
comprises everything you need to Aptilo Virtual Service Provider solution provides service providers with a highly
create and manage compelling standardized and scalable way to sell managed corporate LAN and Wi-Fi services.
carrier-class B2B Wi-Fi services for clients become ‘ irtual ser ice pro iders’ s and will themsel es ser e their
thousands of business customers from the tenants across many physical locations. Service providers can leverage one infrastructure and
same scalable platform. This includes multi- one SSID while still allowing each of their B2B customers to act as Virtual Service Providers,
tiered management of networks, locations, managing daily operations towards their own business or residential customers (tenants).
captive portals, user flows, Wi-Fi analytics, Tenants get their own private Wi-Fi networks with secure access to internal networked resources
marketing functions as well as a host of such as printers and servers, just as if they had their own network. Ideal Virtual Service Provider
authentication and payment options. It is examples include real estate owners, co-working offices, apartments (MDUs), and shopping malls.
also possible to add our award-winning and All functions mentioned above feature a high degree of B2B customer self-management.

WWW.APTILO.COM
 68
CARRIER WI-FI

Enea business unit Aptilo -Solutions for IoT Connectivity

Aptilo has been closely associated with Wi-

Fi so it is a lesser-known fact is that the
flexible policy engine of the Aptilo SMP
also can be applied as a policy function
(PCRF) for cellular networks. One such
example is the operator Hutchison 3
Scandinavia: Since 2012 they have been
using the Aptilo SMP to control services for
their 2.2 million subscribers.

We have also leveraged this capability to

create ground-breaking IoT connectivity
control solutions for both cellular- and
Wi-Fi-based IoT. In this area we are
primarily offering our solutions as cloud-
based services on Amazon AWS.

WWW.APTILO.COM
 69
CARRIER WI-FI

Granular policies per

customer/de ice
Enterprise
eave your Mobile Core untouched
rotected
and create oT connec vity services by rewall
previously considered unthinkable.
Enterprise
p lo oT ™ oT p lo Zero touch
la orm Wi i oT
Enterprise
standard olicy
ecure N
N extended Tunnels
oT to p lo oT
elf gmt

E T
acket . x
Gateways . lient
Enterprise n
cer cate
O E O E TNE O E TO

Aptilo IoT Connectivity Control Service™ (IoT CCS) is a Aptilo Zero-touch Wi-Fi IoT Connectivity™ uses existing
unique cloud-native solution from Enea. It adds a flexible device certificates to auto-authenticate and connect
layer of IoT security and policy control on top of any mobile Wi-Fi IoT devices to a Wi-Fi network. Devices will securely
infrastructure. Delivered as a service on Amazon AWS, mobile auto-connect to the Wi-Fi network when switched on for the first
operators can go beyond traditional IoT connectivity and provide time and will continue to auto-connect as required. The solution
secure, unified and programmable global IoT connectivity. They interfaces with IoT platforms, currently Amazon Web Services
can allow customers to control authentication, security, policies (AWS) IoT Core, for access to databases with x.509 certificates,
and global connectivity from a single user interface. Manual used for secure management of the device. If the certificate
setup of a secure private connection (APN) typically takes weeks. matches, the device is granted access to the secure 802.1x Wi-Fi
With Aptilo IoT CCS multitenancy virtual APN in place, network through EAP-TLS authentication. A prerequisite is that
enterprises can create their own APN connections in a matter of the device is trying to connect to a ZeroTouch SSID or Passpoint
minutes. service. Aptilo is actively working with IoT chipset vendors such
as Esspresif to implement this as a default feature.

WWW.APTILO.COM
 70
CARRIER WI-FI

Enea 5G Solutions

Avoid vendor lock-in with the cloud-native 5G

functions from Enea.

Enea's complete 5G Data Management portfolio

stores and manages data across all 5G core and edge
functions, supporting multi-vendor 4G/5G
interworking. Our cloud-native suite spans the
common network data layer (NDL), scaling the control
plane with critical 3GPP functions including UDM,
UDR, UDSF, AUSF, PCF and EIR.

The platform agnostic architecture provides support

for any PaaS, private cloud, and public cloud
deployment.

With Private 5G networks fueling a dramatic growth in

Industry 4.0 and related initiatives, the demand for 5G
core solutions with smaller footprint, faster
deployment and proven track-record has never been
greater. To address this market Enea offers the
Enea 5G MicroCore.

WWW.APTILO.COM
 71
CARRIER WI-FI

Enea Stratum -Cloud Native 5G

Network Data Layer (UDR | UDSF)
Stratum provides a cloud native data
manager built for 5G, NFV and IoT. It Stratum scales on demand, consistently
5G Network Data Layer provides performance and scale required delivering performance and resilience
that solves the problem to build telco clouds that can deliver low offering six ’s reliability on three ’s x
latency applications & services, scale to hardware). 3GPP Network functions and
of vendor lock-in billions of devices and integrate with the existing applications can be easily on-
Internet Ecosystem using secure REST APIs. boarded to access any data, anywhere,
Stratum solves the problem of vendor anytime.
lock-in by collapsing all your vendor data
silos into one common Network Data
Layer.

Stratum is a foundation on which to deliver

best in class network functions for 4G and
5G; it enables local and edge deployment
providing standard 3GPP UDR/UDSF
capability with hybrid storage options for
all types of data.

WWW.APTILO.COM
 72
CARRIER WI-FI

Enea Unified Data Manager (UDM)

The Enea Unified Data Manager It allows seamless services for
(UDM) is a hardware-agnostic, converged consumer broadband,
cloud-native network function for IoT apps at the edge, and for
5G and 4G data management. private networking with true cloud-
The software performs the 3GPP native apps in an externalized state. Cloud-Native
functions of Unified Data Manage-
ment (UDM) in 5G networks and
Management
interoperates with any Home of 5G and 4G
Subscriber Server (HSS) in 4G. The
Subscriber Data
solution is a critical component in
multi-vendor and multi-generation
Support for Backend Systems
network architectures, reflecting
the call for a highly automated and Enea Stratum
open architecture, thereby,
providing subscriber keys for Enea Data Manager Custom LDAP Repositories
authentication and encryption of
all user equipment. Databases (Nudr Interface)

As a key solution, UDM is

redefining both networking and
data management. Enea UDM
provides authentication
credentials, user identification,
access authorization, registration,
and subscription management.

WWW.APTILO.COM
 73
CARRIER WI-FI

Enea 5G Policy Control and AAA

Enea Policy Manager (PCF) The Enea Policy Manager can be deployed It also supports all use cases based on 4G
Enhanced Subscriber and Device as a 4G PCRF or a 5G PCF or a combo-node and Wi-Fi access.
Experiences with Full Control of Network consisting of both allowing a smooth
Utilization transition from 4G to 5G. Enea 5G Equipment Identity Register
(5G-EIR)
The Enea Policy Manager is an Enea Access Manager The Enea 5G-EIR is a key solution
independent, best-of-breed Authentication and Authorization on Cloud for authentication of mobile
software product providing the Scale for all System Generations and devices in the network, including
functionality of the 5G Policy Control Access Networks IoT devices preventing misuse of network
Function (PCF) as standardized by 3GPP. It and abuse of paid services. The 5G-EIR is
manages QoS, gating and charging for all The Enea Access Manager provides an independent network component
voice, broadband data and IoT use-cases. the AAA and AUSF functions in 4G coupled via Service Based Interfaces (SBI)
Both static and dynamic policies allow the and 5G networks respectively, with that helps telecom operators protect their
service provider to quickly implement their authentication and service access networks. As a solution, it provides a
business logic in an easy manner, ranging capabilities. The highest standards of mechanism to restrict malicious user
from simple to most complex scenarios security and reliability are essential for terminals in a mobile network. For
without limits. With the integrated Policy cloud-native solutions and provided with operators the solution allows separation of
Builder new uses-cases can be defined this product. The Enea Access Manager is devices and contracts. So, when a listing
easily, leading to a significantly improved cloud native from initial design and builds needs to be done based on a request, the
time-to-market. on more than years’ experience Enea 5G-EIR blocks only the device, rather
delivering subscriber applications to Tier 1 than blocking all services to a subscriber.
The cloud-native Policy Manager can be network operators. With an architecture Through this way, subscribers can enjoy
deployed in containerized and virtualized optimized for virtualization and cloud use of their paid services across their other
environments and configurations including deployments, the Enea Access Manager devices, adding to trust of subscribers
geo-redundancy. The 5G PCF is a fully provides the high availability and scaling towards the operator.
cloud-native product. capabilities required for 5G services.

WWW.APTILO.COM
 CARRIER WI-FI
SUMMARY 74

Enea Solutions for

Wi-Fi and 5G
 Unique value proposition in the 5G era
- Enea is one of the very few vendors offering solutions both in the Wi-Fi and 5G domain. This allows us to serve our carrier
customers even better and with a unique value proposition.

 Enea business unit Aptilo - Solutions for Carrier Wi-Fi

- The Aptilo Service Management Platform™ (SMP) is trusted by over 100 service providers and is ready to help you convert any
or all of the aforementioned new Wi-Fi service opportunities into profitable, commercial reality.
- Aptilo SMP covers everything from SIM authentication and solid integration with the mobile core to multitenancy functions for
B2B Wi-Fi which is essential to gain Wi-Fi footprint for 5G indoor coverage.

 Enea business unit Aptilo - Solutions for IoT Connectivity

- Aptilo SMP also works as a policy function (PCRF) for cellular networks, one example is the operator Hutchison 3 Scandinavia.
- We leverage this capability to create ground-breaking IoT connectivity control services on AWS, for both cellular- and Wi-Fi.
- The Aptilo IoT CCS service for MNOs adds a flexible layer of IoT security and policy control on top of any mobile infrastructure.
- Aptilo Zero-touch Wi-Fi IoT Connectivity™ uses existing device certificates to auto-authenticate and connect Wi-Fi IoT devices.

 Enea 5G Solutions
- Enea offers 5G functions both in the Network Data Layer (UDR + UDSF) and in the Control Plane (5G EIR, NEF, AUSF, PCF, UDM)
- Avoid vendor lock-in with the cloud-native 5G solutions from Enea which offers a clear separation between the network data
layer and applications. Platform agnostic architecture that supports any PaaS, private cloud, and public cloud deployment.

WWW.APTILO.COM
 75

CARRIER

WI-FI
About Aptilo Networks About Enea
Aptilo Networks, an Enea company, is one of the Enea is one of the world’s leading suppliers of
world’s leading providers of Wi-Fi service innovative software for telecommunication and
management solutions and cloud-based IoT cybersecurity. Focus areas are cloud-native, 5G-
connectivity control services. The company has ready products for data management, mobile
delivered software and services to more than 100 video traffic optimization, edge virtualization, and
operators that serve tens of thousands of traffic intelligence. More than 3 billion people rely
enterprise customers, and hundreds of millions of on Enea technologies in their daily lives.
end-users and devices.
Enea is headquartered in Stockholm, Sweden,
and is listed on Nasdaq Stockholm.

WWW.APTILO.COM WWW.ENEA.COM