Advanced Access Controls

1
Advanced Access Controls
3GPP2, Hawaii, December 2011
2
Outline

• Changing Role of Access Controls
• Device/service classification driven by access
  tolerance
• Implementation, Provisioning and Operational
  Impacts
• Conclusion

3

• Changing Role of Access Controls

4
Access Channel and M2M

• Number of M2M devices expected to be very large
• Industry is using 50 billion as a benchmark
• Access frequency estimates are uncertain
• Initial applications such as smart electric grid
  may not be high
• However, applications may migrate to more
  frequent access, such as health and wellness,
  smart highways, etc.
• Many M2M applications will have small payload
• New web-based apps proliferate (soc. net., cloud
  computing), and have ACH behavior different than
  in voice-centric past
• Consequence Access channel throughput will
  likely be bottleneck for M2M communication
• Additionally, MTC applications may exhibit access
  persistence behavior different than humans
• Steps must be taken now to ensure that this
  bottleneck does not choke off cdma2000 system
  throughput

5
Traffic Ingress Control

• In traffic congestion, the following phenomenon
  occurs
• Service requests that cannot be served by the AN
  are rejected
• User or user agent may try again repeatedly,
  adding to attempts that cannot be served (M2M may
  exacerbate this compared with humans)
• Access channel occupancy and probe collision rate
  increase
• As congestion increases, the pent-up demand
  further increases
• Reverse link receiver performance deteriorates as
  RoT rises
• Effect is cumulative as new users access attempts
  add to the volume of repeat attempts, further
  increasing probe collision probability
• Futile attempts add to the RL interference and,
  due to connection denials, contribute to FL
  control channel congestion
• The role of access controls is to throttle down
  access attempts, so that this vicious cycle does
  not set in
• This is somewhat different than the traditional
  usage of access control protecting CN from
  deluge of registrations at network cold restart
• In a properly dimensioned network ACH overload
  will be rare, but it may occur in
  uncontrolled/unplanned circumstances

6
HRPD Access Control Loop
To account for unplanned circumstances in which
ACH congestion may occur, access controls should
be always-on and running in closed loop
Access Attempts
q1
Periodic Operations
ACH occupancy
Ratio of un-served/served access attempts

• q2

RL Receiver Rise over Thermal (ROT)
p(0) f0(q1, .. qN) p(1) f2(q1, .. qN) p(11)
f3(q1, .. qN)
q3
p(0)? APers.0 p(2)? APers.2 p(11)?
APers.11
Access Parameters Message
q4
FL Packet Queuing Delays
q5
MAC Index Use Rate

• HRPD terminology used
• 1xRTT conceptually similar

qN
AN Statistics
7
HRPD Access Persistence

• APersistence range 0 .. 63 determines p
  probability to transmit
• p is controlled by AN, can vary dynamically with
  network load
• Unit of deferral in table is a function of access
  parameter settings

8

• Device/Service Classification by Access Deferral
  Tolerance

9
Access Control Overview

• Purpose of access controls is to control traffic
  ingress at the source
• First line of defense
• Additional admission controls exist in the access
  network after access probe has been allowed to be
  transmitted
• This is accomplished by grouping mobiles in
  classes, and controlling each class access
  independently
• Implies access prioritization (degrees of
  tolerance of access deferral, willingness to pay)
• Traditionally, this was left out of the core
  PHY/MAC specs
• Original HRPD specs contain only 4 classes (one
  of which is test, i.e., for operator personnel
  use)
• Other radio access technologies nominally have
  more classes, but many of them are effectively
  uniform e.g. 10 classes randomly hashed across
  mobiles have no differentiation of access delay
  tolerance (e.g. in LTE, 10 classes are
  effectively collapsed into one)
• Recognizing shortage of Access Classes, HRPD
  recently added 8 new distinct classes in Rev. C.

10
Advanced Access Class Alloc.

• Proposal (Stage 2/3 to finalize details)
  Systematically assign Access Class based on
  access deferral tolerance
• Conceptually not new, since access prioritization
  is implied in the current spec, though not
  spelled out.
• HRPD concept for stochastic access controls
  applies systematically to broad range of access
  deferrals and priorities
• Possible class allocation on next slide (12
  classes assumed)
• Number of classes agreed could be lower or higher
  (e.g., more can be reserved for future use)
• Proposal may seem far reaching and futuristic,
  however
• Classes may be gradually introduced, while
  adhering to a structure that will work long term,
  and avoid roaming incompatibility pitfalls
• Implementation, provisioning, operations impacts
  addressed on later slides

11
Possible Access Class Alloc.
Class Description Example App.
0 (Reserved)
1 Extremely low deferral tolerance (50 ms) Smart highway MTC
2 Low deferral tolerance (200 - 500 ms) Adv. medical MTC
3 Human scale deferral tolerance (1 - 2 s) Human-induced apps
4 Deferral tolerance 30 - 60 s Inventory control
5 Deferral tolerance 15 min. Calendar update
6 Deferral tolerance gt 1 hr Utility meters
78 (Reserved)
9 X access deferral prob. in excess of Y s Premium users (gold)
10 W access deferral prob. in excess of Z s Medium expediency
11 (Reserved)

Usage Tier
Pay Tier
Note Deferral performance numbers are nominal,
could be violated when access congested
12
Usefulness of Access Control

• Signs of the changing role of access controls
  are here already
• Recent reports of a network collapse in an Asian
  country a single third-party app took the
  voice-call success rate down to 10 percent
  seems to bear a hallmark of access channel
  overload, though exact circumstances are not
  known.
• During January 2009 presidential inauguration,
  access channel was positively identified as
  culprit causing very high blocking rate despite
  COWs
• Access controls are not a cure-all
• This point needs to be acknowledged If network
  capacity is inadequate, so that it often
  saturates, access controls will not be too useful
• However, well designed access controls can
  optimize operators network (not lead to
  over-built deployed network)
• Helps smooth traffic in an optimal way, by taking
  into consideration application sensitivity to
  access deferral

13
Use Case 1 Illustration of Human Inter-user
Priority

• Conference center in downtown business district
  of a major city hosts a large evening conference
  event
• Nearby landmarks include
• A major college campus and a high school
• A movie theater multiplex and a live performance
  hall
• A busy interstate freeway runs adjacent to the
  convention center
• At conference recess, network access attempts
  increase dramatically, as participants turn on
  and start using their wireless devices nearly
  simultaneously
• Likewise with performance hall break between acts
• Similar occurs with movie goers (a major
  blockbuster fills up projection halls)
• Football game at the high school causes
  concentration of active young users of wireless
  communication services similar with college
  attendees
• Rainy and foggy weather causes congestion on the
  nearby freeway
• Wireless network operator engaged well tuned
  access controls, thus
• Smart highway M2M applications run smoothly and
  help prevent any highway accidents
• Users with lower priority (less expensive)
  subscriptions (e.g. students) are pushed back
  with access attempts and experience somewhat
  sluggish performance
• Business users with high priority (costlier)
  subscriptions do not experience noticeable
  performance degradation.

14
Use Case 2 M2M Access Storm

• During the evening rush hour, an electric outage
  occurring in a large section of a major city is
  caused by gale winds, triggering access storm
• Many electric power grid control devices engage
  to minimize impact (prevent large area electric
  grid collapse)
• Electric car charging stations signal no power,
  as a warning to commuters
• Irrigation systems, security alarm systems, etc.,
  signal no power, transition to battery backup
• Refrigerators signal no power warnings en masse
• Frequency of phone calls and web-app activity
  increases, as family members coordinate their
  evening activity during unusual circumstances
• Wireless network operator engaged well tuned
  access controls, thus
• Grid control device access is not deferred,
  preventing potentially widespread impact
• Other M2M devices of various classes experience
  access deferrals of varying degrees, commensurate
  with their access deferral tolerance, e.g.
• Irrigation systems (most deferral)
• Refrigerators and other non-critical appliances
• Security alarm systems (least deferral)
• Most human users dont experience noticeable
  performance degradation

15

• Implementation, Provisioning and Operational
  Impacts

16
Implementation Steps

• Standardization
• HRPD Access Classes expanded already
• Precise allocation of classes should be included
  (e.g., in a Technical Report to be referenced in
  C.S0024-C)
• MS/AT/Device implementation
• MS/AT/M2M Device can already receive access
  control messages, and implement access rules
  (deferral) as outlined on slide 7
• Work on the access rules driven by application is
  necessary (much of it is implementation, not
  standards issue)
• Provisioning of EAB classes
• AN implementation
• Implementation of control messages for defined
  access classes
• Development, testing, and deployment of control
  algorithm

Most complex tasks in red elaborated in
subsequent slides
17
Device Provisioning (1/3)

• Provisioning of basic classes 0 9 (1x) and
  default (HRPD) has been automatic
• Randomly hashed, typically by assigning the last
  digit of IMSI as Access Class in 1X
• Pre-setting default class in HRPD
• Provisioning of classes 1115 (1x) and 13 (HRPD)
  must be specific to subscription
• OTA provisioning may be used (automatic
  provisioning does not work)
• Operator may extend the same form of provisioning
  to additional classes (may be OK for small
  volumes)
• Due to scale, ways should be sought to ease
  provisioning burden for M2M devices

18
Device Provisioning (2/3)

• Some approaches to simplify Device provisioning
• Many devices can be provisioned at time of
  manufacture (ref. slide 11)
• Class 3 Mobile phones when manufactured
  (contracted with vendor)
• Class 6 Utility meter MTC modules when
  manufactured/installed
• Class 2 Specialized medical devices when
  equipped with M2M modules
• At activation
• Prior to activation, MS/AT can be assigned a
  default EAB class
• When activated, network assigns appropriate
  class, in accordance with MS subscription profile
• Network provisions the MS/AT accordingly using
  OTA procedures
• Access Class assignment is effectively an
  integral part of device activation provisioning

19
Device Provisioning (3/3)

• It may be desirable to provision AC on the basis
  on type of service
• Smartphone when used for voice uses Class 3
• Smartphone runs an application (e.g. Calendar
  Outlook), with tolerance of updates of several
  minutes, not 1-2 seconds for voice calls
• To implement this service-oriented access
  controls, device OSs as well as considerable
  number of popular applications must support it
• Operator can defer this until eco-systems of OS
  and app. developers is mature
• In conclusion
• Although it may seem complex at the first glance,
  operator can have considerable control over
  degree and complexity of AC provisioning
• If classes 1115 (1x) are deployed, operator can
  expand that approach
• Operator can gradually expand to ever more
  sophisticated provisioning, introducing new
  access classes over time
• Access classes for specialized devices, such as
  many types of M2M devices, can be provisioned at
  the point of manufacture, thus considerably
  lessening the provisioning burden

20
Access Control Algorithm

• Implementation of control algorithm in the AN is
  a complex task
• See slide 6 for algorithm components
• Critical question How does the AN combine
  various indications of congestion level to come
  up with effective access backoff algorithm which
  protects the RAN/CN, while not overreaching
  (needlessly impeding access)
• Little, if anything, is subject to
  standardization
• Primarily an internal RAN function controlled
  with OAMP parameters
• Complexity is marginally increased with number of
  access classes
• Bulk of work is fine tuning and testing control
  loop
• Rest is primarily a policy question for the
  operator how to treat access classes relative
  to each other
• Policy 1 Impede least deferral-sensitive class
  aggressively before affecting other classes
• Policy 2 Proportionally impede some or all
  classes
• Controls can be initially deployed with flexible
  parameters allowing adjustments and fine tuning
• Control algorithm can be adjusted/refined over
  time

21

• Conclusion

22
Summary

• Changing role of access control
• Smartphone proliferation, M2M growth require that
  operators invest in sophisticated closed loop
  access controls
• Not just for network restart anymore
• Should be viewed as asset, not liability Access
  is not impeded to devices that really need it at
  critical times
• Access Control implementation can be gradual
• Introduce support of only a few access deferral
  tolerance classes initially
• Use easy provisioning techniques such as by
  device manufacturer
• Keep other classes in reserve until mass market
  for corresponding services materialize (e.g. for
  low access deferral class for smart highways)
• Access Control critical for long term planning
• Without a solid foundation and comprehensive long
  term approach, the industry can find itself
  scrambling to address issues with many devices
  already deployed and unable to adequately control
  them
• Avoid drastic impact such as what we are now
  witnessing with smartphones