HPE Aruba Networking Blogs

Passpoint: The Architecture

By Nick Shoemaker, Blog Contributor

Tomorrow's hotel today

In the previous post of this series, I provided an overview of what Passpoint is and why cellular carriers are moving to it, as well as the basic overview of connecting. In this post, I will look at the technical details of Passpoint, how it functions, and ways to tie in systems like Aruba wireless networks to a Passpoint network.

Overview of Passpoint Technology

The Passpoint certification program came from the Wi-Fi Alliance to help carriers offload data and users to local wireless networks and allow mobile device user services like Wi-Fi calling or texting wherever they are. The certification was tied to the IEEE 802.11u ‘HotSpot 2.0’ amendment. According to the Wi-Fi Alliance, Passpoint “improves interworking with external networks, by providing for connection to external networks using common wireless devices such as smartphones and tablet PCs.” In basic terms, how do we take a cellular device and connect it to a local wireless network while still allowing the device to communicate to the carriers’ network?

The network diagram below from Aruba presents a simple layout of the architecture that we will be looking deeper into. The quick description is a client connects to an AP within a network that is broadcasting some sort of Passpoint SSID, i.e. attwifi. The client then associates and, using credentials either on the SIM card within the device or credentials that have been pre-staged on the device by the carrier, the user is authenticated with and handed off to the Guest network within the infrastructure. The user info is then handed off to an Exchange, which then connects to the carriers, such as Verizon, AT&T and so on. The user is now fully connected to the Wi-Fi network, but can still receive all the services the carrier provides, such as Wi-Fi calling and texting as if they were still on the carrier's cellular network.

Solving the Indoor Wireless Coverage Problem: Passpoint and Wi-Fi calling

Solving the indoor wireless coverage problem with Passpoint and Wi-Fi calling

So how do all of these mobile devices that are on a carrier's cellular network know that Passpoint is available to be able to jump to the advertised Wi-Fi network? When we go to the airport, stadium, hotel or other location, there are very few networks running, so how do the devices know what to connect to?

Passpoint Connectivity

Passpoint connectivity is accomplished by some  connectivity and security methods known to wireless networkers. However, there are also some new connectivity and transport methods that some people may not be familiar with. Some of these features we will discuss in the post and others will come later in the series as we get deeper into Passpoint.

Passpoint at its core is a method to make connectivity easier and seamless for the user. The technology also focuses on security to keep user traffic secure in public areas. Connectivity is accomplished using some new protocols for pre-association, not unlike 802.11k in Wi-Fi networks, tied to already existing advertisement services and structures.

With Passpoint, a new protocol known as the Access Network Query Protocol (ANQP) was created to allow devices to query a hotspot for pre-association information and parameters to determine connectivity, i.e. what carrier networks are being provided, security parameters for the network, etc. As with 802.11k in Wi-Fi networks, this pre-association information can help the client with connectivity decisions, which helps to improve battery life because decisions are made before association to the hotspot.

This ANQP is being delivered inside the existing Generic Advertisement Service (GAS) communication back to the GAS server, which is connected back to the core network infrastructure. This GAS server varies based on implementation, but in the Aruba implementation of Passpoint the GAS server is located on the mobility  controller.

The ANQP provides a number of elements within the beacons including:

  • Name information for the venue
  • Network authentication types
  • IP address availability
  • Domain name list
  • Hotspot friendly name
  • Hotspot WAN metrics
  • Hotspot connection capability

There are many more elements available as well, but even with this abbreviated list you can see how much of this information can speed up connectivity and help with saving time of the device having to connect to a network to find out if there are even IP addresses available. Most of these elements were defined in the 802.11u amendment, while some were added by the Wi-Fi Alliance for compatibility.

In my next post, I will dig deeper into the ANQP, the beacon elements and how ut all ties together.