SWm (application id: 16777264)

The SWm interface is a key reference point in the 3GPP architecture, designed to facilitate communication between the evolved Packet Data Gateway (ePDG) and the 3GPP AAA Server or 3GPP AAA Proxy. This interface is essential for managing security, authentication, and mobility for User Equipment (UE) that connects to the Evolved Packet Core (EPC) through untrusted non-3GPP access networks, such as Wi-Fi.

The SWm interface serves several crucial functions within the EPC, particularly in scenarios where the UE accesses the network via untrusted non-3GPP IP access. These functions include:

• Authentication and Authorization: The SWm interface is responsible for the authentication and authorization of the UE when it attempts to connect to the EPC via untrusted networks like Wi-Fi. This ensures that only authorized users can access the core network services.
• Mobility Management: The SWm interface facilitates the exchange of mobility-related parameters, particularly when the UE attaches to the EPC using the S2b reference point. It handles the transfer of necessary information for Proxy Mobile IPv6 (PMIPv6) or GPRS Tunneling Protocol version 2 (GTPv2) based mobility management.
• IP Address Information Exchange: The SWm interface may also be used to convey the Home Agent (HA) IP address or Fully Qualified Domain Name (FQDN) from the AAA server to the ePDG for Home Agent discovery based on the IKEv2 protocol. This is critical in scenarios involving Dual-Stack Mobile IPv6 (DSMIPv6) related mobility.

SWm interface workflow:

1. Connection Initiation: The UE initiates a connection to the EPC through an untrusted Wi-Fi network. This triggers an IKEv2 tunnel establishment request sent to the ePDG.
2. Authentication Request: The ePDG forwards the UE’s authentication request to the 3GPP AAA Server/Proxy via the SWm interface. The request includes the UE’s credentials, such as its Network Access Identifier (NAI).
3. Processing and Authorization: The 3GPP AAA Server verifies the UE’s credentials. If the verification is successful, the server sends an authorization response back to the ePDG, confirming that the UE is allowed to access the network.
4. Mobility Parameter Exchange: The SWm interface facilitates the exchange of necessary mobility parameters, including information related to the Packet Data Network Gateway (PDN GW) such as its FQDN or IP address.
5. IPsec Security Association (SA) Establishment: Following successful authentication and authorization, an IPsec Security Association is established between the UE and the ePDG, ensuring a secure communication channel.
6. Session Management: The SWm interface continues to support session management, particularly in maintaining session continuity as the UE moves between different networks or access points.

For complete technical specification of SWm interface in Diameter protocol please refer to: [3GPP TS 29.273]