manualshive.com logo in svg

Cisco ASR 5000 Series, Product Overview

The Cisco ASR 5000 Series is a cutting-edge networking solution for enhanced connectivity. Ensure smooth installation and management of this product by downloading the comprehensive "Installation And Administration Manual" for free from 88.208.23.73:8080. This comprehensive manual provides step-by-step instructions and crucial insights for optimal utilization of the ASR 5000 Series.

Share
Download
background image

Content Filtering Support Overview   

▀  Category-based Content Filtering Support 

 

▄  Cisco ASR 5000 Series Product Overview

 

OL-22938-02   

Apart from the advantages described previously, Category-based Content Filtering service reduces the requirement of 
over-provisioning of capacity at neighboring gateway routers. It also eliminates requirements of external Server Load 
Balancers and enhances the accuracy in subscriber charging records. 

The Category-based Content Filtering solution has the following logical functions: 

 

 

Deep Packet Inspection (DPI) for Content Rating (event detection and content extraction) 

 

Content Rating Policy Enforcement; for example, permit, discard, deny, redirect 

 

Content-ware accounting CF-EDR generation for events of interest 

 

ECS and Content Filtering Application 

The Category-based Content Filtering subsystem is integrated within the Enhanced Charging Service (ECS) subsystem. 
Although it is not necessary to provision content-based charging in conjunction with content filtering, it is highly 
desirable as it enables a single point of deep-packet inspection for both services. It also enables a single policy decision 
and enforcement point for both services thereby streamlining the required number of signaling interactions with external 
AAA/Policy Manager servers. Utilizing both services also increases billing accuracy of charging records by insuring 
that mobile subscribers are only charged for visited sites content. 

 

The Category-based Content Filtering solution uses Content Filtering Policy to analyze the content requested by 
subscribers. Content Filtering Policy provides a decision point for analyzed content on the basis of its category and 
priority. 

The Category-based Content Filtering solution also utilizes ECS rulebases in order to determine the correct policy 
decision and enforcement action such as accept, block, redirect, or replace. Rulebase names are retrieved during initial 
authentication from the AAA/Policy Manager. Some possible examples of rulebase names include Consumer, 
Enterprise, Child, Teen, Adult, and Sport. Rulebase names are used by the ECS subsystem to instantiate the particular 
rule definition that applies for a particular session. Rulebase work in conjunction with a content filtering policy and only 
one content filtering policy can be associated with a rulebase. 

Important:

 

 

For more information on rulebases and rule definitions, refer to the 

Enhanced Charging Services 

Administration Guide

The ECS subsystem includes L3–L7 deep packet inspection capabilities. It correlates all L3 packets with higher layer 
criteria such as URL detection within an HTTP header, it also provides stateful packet inspection for complex protocols 
like FTP, RTSP, and SIP that open ports for the data path. 

The Content Filtering subsystem uses the deep-packet inspection capabilities of ECS for URL/URI extraction. 

ECS functionality is managed by the following components: 

 

 

Session Controller (SessCtrl)

: The SessCtrl runs on the primary SPC/SMC and is responsible for managing 

ECS and Content Filtering services. 

 

Session Manager (SessMgr)

: A single SessMgr treats ECS charging and Content Filtering that is applicable to 

common subscriber sessions. 

 

Summary of Contents for ASR 5000 Series

Page 1: ......

Page 2: ...correct the interference by using one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help Modifications to this product not authorized by Cisco c...

Page 3: ...to Peer Features xliii SCM Features xliv IMS Architecture xliv Interrogating CSCF xliv Emergency CSCF Supported xliv New Features and Functionality Base Software xlv Call Types Supported xlv Emergency Call Support xlv MSRP Support xlv Shared Initial Filter Criteria SiFC xlv New Features and Functionality Licensed Enhanced Feature Support xlv IPv4 IPv6 Interworking xlvi IPv6 Support xlvi Supported ...

Page 4: ...nd PPC 88 Packet Services Card PSC Description 89 Packet Services Card 2 PSC2 Description 91 Interoperability 91 Redundancy 91 Capacity 92 Power Estimate 92 Packet Processor Card PPC Description 94 Redundancy 94 Capacity 94 Power Estimate 94 ASR 5000 Line Cards 96 Switch Processor I O Card 96 Management LAN Interfaces 98 Console Port 98 BITS Timing 99 Central Office Alarm Interface 99 Redundancy C...

Page 5: ...Profile Management 149 Inter ASN Handovers 150 Supported Features 151 Simple IPv4 Support 151 DHCP Proxy Server 151 ASN Gateway Micro Mobility 152 Uncontrolled Handovers 152 Controlled Handovers 152 WiMAX R4 Inter ASN Mobility Management 153 WiMAX R3 CSN Anchored Mobility Management 153 Proxy Mobile IPv4 PMIPv4 154 Client Mobile IPv4 CMIPv4 154 Authenticator 154 EAP Authentication Methods 154 Supp...

Page 6: ...91 Uncontrolled Anchor ASN Gateway to Non Anchor ASN Gateway Handover 196 RADIUS based Prepaid Accounting for WiMax 198 Obtaining More Quota after the Quota is Reached 198 Applying HTTP Redirection Rule when Quota is Reached 200 Applying HTTP Redirection Rule CoA is Received 202 Terminating the Call when Quota is Reached 204 CSN Procedure Flows 206 PMIP4 Connection Setup and Call Flow with DHCP Pr...

Page 7: ...Access Control List Support 244 IP Policy Forwarding 245 Description 245 AAA Server Groups 245 Description 245 Overlapping IP Address Pool Support 246 Routing Protocol Support 246 Description 246 Management System Overview 247 Description 248 Bulk Statistics Support 248 Description 248 Threshold Crossing Alerts TCA Support 249 Description 250 IP Header Compression Van Jacobson 250 Description 251 ...

Page 8: ...s 283 Product Description 284 Product Specification 285 Licenses 285 Hardware Requirements 285 ASR 5000 Platform System Hardware Components 285 Operating System Requirements 286 Network Deployment and Interfaces 287 GGSN in the GPRS UMTS Data Network 287 Supported Interfaces 288 Features and Functionality Base Software 291 16 000 SGSN Support 292 AAA Server Groups 292 Access Control List Support 2...

Page 9: ...erage 323 Proxy Mobile IP 324 Session Persistence 324 Session Recovery Support 325 Traffic Policing and Rate Limiting 326 Web Element Management System 327 How GGSN Works 329 PDP Context Processing 329 Dynamic IP Address Assignment 330 Subscriber Session Call Flows 331 Transparent Session IP Call Flow 332 Non Transparent IP Session Call Flow 333 Network Initiated Session Call Flow 336 PPP Direct A...

Page 10: ... System Requirements 386 Network Deployment s 387 HRPD Serving Gateway in an eHRPD Network 387 Supported Logical Network Interfaces Reference Points 388 Features and Functionality Base Software 392 Subscriber Session Management Features 392 Proxy Mobile IPv6 S2a 392 Mobile IP Registration Revocation 393 Session Recovery Support 393 Non Optimized Inter HSGW Session Handover 394 Quality of Service M...

Page 11: ...s 420 IETF References 421 Object Management Group OMG Standards 421 IP Services Gateway Overview 423 Introduction 424 Service Modes 425 RADIUS Server Mode 425 RADIUS Proxy 426 RADIUS Snoop Mode 426 In line Services 428 Enhanced Charging Service 428 Content Filtering 428 Peer to Peer 428 Enhanced Feature Support 429 IMS Authorization Service 429 Content Service Steering 430 Multiple IPSG Services 4...

Page 12: ... Services 456 Lawful Intercept 457 Diameter Authentication Failure Handling 457 Online Upgrade 458 The Active Standby Upgrade Model 458 Operation Over a Common IPv4 Network 460 Operation Over a Common IPv6 Network 461 Other Devices 462 Session Recovery Support 463 IPSec IKEv2 464 Simple IP Fallback 464 Simple IP 465 Proxy Mobile IP 465 Multiple Authentication in a Proxy Mobile IP Network 465 AAA G...

Page 13: ...ures Not Supported in This Release 489 How the PDG TTG Works 490 TTG Connection Establishment 490 Supported Standards 494 3GPP References 494 IETF References 495 PDN Gateway Overview 497 eHRPD Network Summary 498 eHRPD Network Components 499 Evolved Access Network eAN 499 Evolved Packet Control Function ePCF 500 HRPD Serving Gateway HSGW 500 SAE Network Summary 501 E UTRAN EPC Network Components 5...

Page 14: ...ce 545 Features and Functionality Inline Service Support 547 Content Filtering 547 Integrated Adult Content Filter 547 ICAP Interface 548 Peer to Peer Detection 548 Features and Functionality External Application Support 550 Web Element Management System 550 Features and Functionality Optional Enhanced Feature Software 552 Inter Chassis Session Recovery 552 IP Security IPSec Encryption 553 Traffic...

Page 15: ... Software 589 Call Abort Handling 589 Call Forking 589 Call Types Supported 589 Early IMS Security 590 Emergency Call Support 590 Error Handling 590 Future proof Solution 590 Intelligent Integration 590 Interworking Function 590 MSRP Support 591 Presence Enabled 591 Redirection 591 Redundancy and Session Recovery 591 Registration Event Package 591 Signaling Compression SigComp 591 SIP Denial of Se...

Page 16: ...teway in the E UTRAN EPC Network 624 Supported Logical Network Interfaces Reference Points 625 Features and Functionality Base Software 629 Subscriber Session Management Features 629 IPv6 Capabilities 629 Lawful Intercept 630 Subscriber Level Trace 630 Session Recovery Support 631 Quality of Service Management Features 632 QoS Bearer Management 632 Network Access and Charging Management Features 6...

Page 17: ...erfaces 660 SGSN and Dual Access SGSN Deployments 660 SGSN GGSN Deployments 661 SGSN Logical Network Interfaces 662 Features and Functionality Basic 666 All IP Network AIPN 666 SS7 Support 667 PDP Context Support 667 Mobility Management 668 GPRS Attach 668 GPRS Detach 668 Paging 669 Service Request 669 Authentication 669 P TMSI Reallocation 669 Identity Request 670 Location Management 670 Multiple...

Page 18: ...ivation Process 694 MS Initiated Detach Procedure 695 Supported Standards 697 IETF Requests for Comments RFCs 697 3GPP Standards 697 ITU Standards 699 Object Management Group OMG Standards 699 Content Filtering Support Overview 701 Introduction 702 Supported Platforms and Products 703 Licenses 704 URL Blacklisting 704 Category based Content Filtering 704 URL Blacklisting Support 705 URL Blacklisti...

Page 19: ...k 735 Rule Definitions 736 Routing Ruledefs and Packet Inspection 738 Charging Ruledefs and the Charging Engine 740 Group of Ruledefs 740 Rulebase 741 Enhanced Services in ECS 742 Session Control in ECS 742 Time and Flow based Bearer Charging in ECS 743 Content Filtering Support 744 Content Filtering Server Group Support 744 In line Content Filtering Support 744 IP Readdressing Feature 745 Next ho...

Page 20: ...n Recovery Architecture 774 Impact on xDR File Naming 774 Impact on xDR File Content 775 External Storage System Overview 777 Overview 778 Local Short Term External Storage System 779 System Requirements 781 ASR 5000 System Requirements 781 ESS System Requirements 781 Minimum System Recommendations for Stand alone Deployment of L ESS 781 Minimum System Recommendations for Cluster Deployment of L E...

Page 21: ...ress Allocation 824 NAT IP Address Deallocation 825 NAT Port chunk Allocation and Deallocation 825 NAT Port chunk Allocation 825 NAT Port chunk Deallocation 825 NAT IP Address Port Allocation Failure 826 TCP 2MSL Timer 826 NAT Binding Records 827 NAT Binding Updates 828 CoA NAT Query 828 Firewall and NAT Policy 829 Disabling NAT Policy 830 Updating Firewall and NAT Policy in Mid session 830 Target...

Page 22: ...nt 866 Reachability Management 866 Network Operation Management Functions 866 Overload Management in MME 867 Radio Resource Management Functions 867 Mobile Equipment Identity Check 867 Multiple PDN Support 868 System Management Features 868 Management System Overview 868 Bulk Statistics Support 870 Threshold Crossing Alerts TCA Support 870 NAS Signalling Security 871 Features and Functionality Lic...

Page 23: ...04 Winny 904 FastTrack 904 Gadu Gadu 904 Other Limitations 904 Personal Stateful Firewall Overview 907 Supported Platforms and Products 908 Licenses 909 Overview 910 Supported Features 911 Protection against Denial of Service Attacks 911 Types of Denial of Service Attacks 911 Protection against Port Scanning 913 Application level Gateway Support 913 Stateful Packet Inspection and Filtering Support...

Page 24: ...tistics Server 939 Script Server 940 PostgreSQL Database Server 940 WEM Logger 941 Technical Specifications 943 Physical Dimensions 944 Chassis 944 Application Cards 944 Line Cards 944 Fan Tray Assemblies 945 Lower Fan Tray 945 Upper Fan Tray 945 Power Filter Unit 945 Weight Specifications 946 Power Specifications 947 Estimating Power Requirements 947 Mounting Requirements 948 Interface Specificat...

Page 25: ... and CLC2 with Multi Mode Interface 964 Safety Electrical and Environmental Certifications 967 Federal Communications Commission Warning 968 ICS Notice 968 Laser Notice 968 Safety Certifications 969 Electrical Certifications 970 Environmental Certifications 971 Environmental Specifications 973 Environmental Information 974 Storage Temperature and Humidity 974 Operating Temperature and Humidity 974...

Page 26: ......

Page 27: ...5000 Series Product Overview OL 22938 02 About this Guide This document pertains to features and functionality that run on and or that are related to the Cisco ASR 5000 Chassis formerly the Starent Networks ST40 ...

Page 28: ...typeface represents displays that appear on your terminal screen for example Text represented as This typeface represents commands that you enter for example This document always gives the full form of a command in lowercase letters Commands are not case sensitive Text represented as a This typeface represents a variable that is part of a command for example slot_number is a variable representing ...

Page 29: ...y or may not choose to use are surrounded by square brackets With some commands there may be a group of variables from which the user chooses one These are called alternative variables and are documented by separating each variable with a vertical bar also known as a pipe filter Pipe filters can be used in conjunction with required or optional keywords or variables For example OR ...

Page 30: ...ease contact your local sales or service representative for additional information For Existing Customers with support contracts through Starent Networks Refer to the support area of https support starentnetworks com for up to date product documentation or to submit a service request A valid username and password is required to this site Please contact your local sales or service representative fo...

Page 31: ... 5000 Series Product Overview OL 22938 02 New In Release 10 0 This chapter provides information on the major features and functionality added to the software with this release Topics covered in this chapter are ...

Page 32: ...lane Management Functions Iuh User plane Transport Bearer Handling Iu Link Management Functions Important This is an indicative list of features supported in this release Kindly contact your local Cisco representative for more information on supported features Description The Home NodeB Gateway is the HNB access network gateway used to connect the Home NodeBs HNBs to access the existing wireless n...

Page 33: ...sco ASR 5000 Series Product Overview OL 22938 02 Figure 1 HNB GW Deployment in 3G UMTS Network For more information on this product refer HNB Gateway in UMTS Networks chapter of this guide License Keys Requires separate product license key ...

Page 34: ...New In Release 10 0 Content Filtering in Release 10 0 Cisco ASR 5000 Series Product Overview OL 22938 02 Content Filtering in Release 10 0 This section in development ...

Page 35: ...New In Release 10 0 ECS Features Cisco ASR 5000 Series Product Overview OL 22938 02 ECS Features This section in development ...

Page 36: ...L 22938 02 eHRPD Features This section contains information on new 9 0 features that pertain to the HRPD Serving Gateway HSGW and the PDN Gateway P GW supporting eHRPD network services New HSGW Features This section in development New P GW Features This section in development ...

Page 37: ...New In Release 10 0 ESS Features Cisco ASR 5000 Series Product Overview OL 22938 02 ESS Features This section in development ...

Page 38: ...New In Release 10 0 GSS Features Cisco ASR 5000 Series Product Overview OL 22938 02 GSS Features This section in development ...

Page 39: ...New In Release 10 0 HA Features Cisco ASR 5000 Series Product Overview OL 22938 02 HA Features This section in development ...

Page 40: ...New In Release 10 0 inPilot Features Cisco ASR 5000 Series Product Overview OL 22938 02 inPilot Features This section in development ...

Page 41: ...oduct Overview OL 22938 02 LTE SAE Features This section contains information on new 10 0 features that pertain to the PDN Gateway P GW the Mobility Management Entity MME and the Serving Gateway S GW supporting LTE SAE network services This section in development ...

Page 42: ...New In Release 10 0 PDSN Features Cisco ASR 5000 Series Product Overview OL 22938 02 PDSN Features This section in development ...

Page 43: ...New In Release 10 0 Peer to Peer Features Cisco ASR 5000 Series Product Overview OL 22938 02 Peer to Peer Features This section in development ...

Page 44: ...CSCF The I CSCF can now be incorporated into the Serving CSCF only There are no longer any I CSCF features supported by an integrated Proxy I CSCF Emergency CSCF Supported The Emergency CSCF E CSCF is a network element in IMS which is responsible for routing an emergency call to a Public Safety Answering Point PSAP To identify the next hop PSAP E CSCF interacts with the Location Retrieval Function...

Page 45: ...s to a Public Safety Answering Point PSAP Emergency Call Support P CSCF gives priority to emergency calls especially in a congested network In addition P CSCF rejects new calls to any user who is in an emergency call MSRP Support The SCM supports Message Session Relay Protocol MSRP session and page modes Shared Initial Filter Criteria SiFC If both the HSS and the S CSCF support this feature subset...

Page 46: ...g A CSCF service can be configured with v6 addresses to support an all v6 network Important For this feature you may bind a CSCF service to either an IPv4 address or to an IPv6 address but not both simultaneously The following diagram shows the implementation where CSCF supports only IPv4 Figure 2 IPv4 Configuration With IPv6 support the configuration supported would look like the following diagra...

Page 47: ...rently supports the following Release 8 3GPP specifications Most 3GPP specifications are also used for 3GPP2 support any specifications that are unique to 3GPP2 would be listed under Release 8 3GPP2 References TS 23 167 IP Multimedia Subsystem IMS emergency sessions TS 24 229 IP multimedia call control protocol based on Session Initiation Protocol SIP and Session Description Protocol SDP Stage 3 T...

Page 48: ...New In Release 10 0 SCM Features Cisco ASR 5000 Series Product Overview OL 22938 02 ...

Page 49: ...New In Release 10 0 SGSN Features Cisco ASR 5000 Series Product Overview OL 22938 02 SGSN Features This section in development ...

Page 50: ......

Page 51: ...ts The ASR 5000 is a high performance carrier grade platform that offers industry leading wireless data capacity while enabling numerous integrated applications for additional revenue generation Large high demand multimedia applications require an ever increasing amount of processing power and memory The ASR 5000 has been designed to address these needs and provide a scalable platform to meet the ...

Page 52: ...nformation may be lost in the event of a hardware or software failure even though the system remains operational 1 1 card level redundancy for Switch Processor Input Output SPIO and all types of line cards 1 1 port level redundancy for SPIO and all types of line cards Integrated hardware and software redundancy with automatic failover features Optional session recovery support for the following ca...

Page 53: ...acteristics of the System Cisco ASR 5000 Series Product Overview OL 22938 02 32 Gbps Control Bus 140 Gbps Redundancy Bus Operating System Linux based Application hosting capabilities Modular distributed processing Robust development environment ...

Page 54: ...ocated as distributed network functions supporting paging procedures for idle mode entry and exit and location update Provides multiple host support behind a WiMAX Customer Premise Equipment CPE through one primary airlink sessionProvides optional base station monitoring feature to monitor base stations attached to it Wireless data service support for 3G CDMA2000 and GPRS UMTS and for 2 5G 3G GPRS...

Page 55: ...mit and transmit them once the traffic flow comes below the exceed limit Dynamic QoS Renegotiation ECS support required Provides the ability to manage the risk of bandwidth mis appropriation This feature allows the Enhanced Charging Service ECS to analyze application traffic and triggers QoS renegotiation with the AGW to optimize service performance It provides Network Controlled QoS NCQoS and tra...

Page 56: ...s to operator It eliminates unnecessary replication of data on UMTS wireless networks by transmitting a single stream of data to multiple users Integrated control node function Eliminates processing bottlenecksIntelligently distributes processing across multiple system processors for increased throughput Session Recovery optional licensed feature Recovers all fully established sessions upon single...

Page 57: ...igration to next generation data services using the same chassisScalable hardware and software components allow you to cost effectively add capacity as your subscriber base increases Web based element management Reduces operational complexityImproves overall system management accuracy and securityAllows for remote monitoring and configuration using SNMPv1 and CORBAProvides security for management ...

Page 58: ......

Page 59: ...oduct Service and Feature Licenses This chapter provides information regarding Cisco Systems licensed products services and features The following sections are included Supported Product_License Quick Reference Session Use and Feature Use Licenses Default Licenses ...

Page 60: ...Content Filtering ICAP Interface Support GGSN Content Filtering ICAP Interface Dynamic QoS Renegotiation Traffic Class based QoS and Network Controlled QoS GGSN GGSN Dynamic QoS Renegotiation Dynamic Mobile IP Key Update DMU PDSN Dynamic Mobile IP Key Update Enhanced Content Charging PDSN HA ASN GW GGSN Enhanced Charging Bundle 1 Enhanced Content Charging GGSN Enhanced Charging Bundle 2 Gx Interfa...

Page 61: ...2TP LAC L2TP Network Server PDSN LNS GGSN LNS L2TP LNS MIP NAT Traversal HA MIP NAT Traversal Multi Protocol Label Switching MPLS GGSN MPLS Multimedia Broadcast and Multicast Service GGSN MBMS MSID and PCF Zone Based Call Redirection HA PDSN RAN Optimization Bundle 1 Peer to Peer Detection PDSN HA GGSN ASNGW Peer to Peer Detection Traffic Policing and Shaping ASN GW GGSN HA HSGW PDSN P GW SCM S GW...

Page 62: ...GGSN FA IPSG ASN GW FA PDIF Proxy MIP Remote Address based RADIUS Accounting PDSN GGSN IPSG ASN GW PDIF HA Destination Based Accounting Session Recovery PDSN GGSN SGSN IPSG ASN GW SCM PDIF HA Session Recovery Ty Interface Support PDSN HA Dynamic Policy Interface VLANs ASN GW GGSN HA HSGW IPSG PDIF PDSN P GW SCM SGSN S GW Layer 2 Traffic Management WiMAX Paging Controller ASN GW WiMAX Paging Contro...

Page 63: ...Groups and MIP NAT Traversal Gateway GPRS Support Node GGSN Includes RADIUS AAA Server Groups HRPD Serving Gateway HSGW Includes Dynamic Policy Interface Session Recovery IPv6 Intelligent Traffic Control and Enhanced Charging Bundle 2 PDN Gateway P GW Includes Dynamic Policy Interface Lawful Intercept Session Recovery RADIUS AAA Server Groups IPv6 Intelligent Traffic Control and Enhanced Charging ...

Page 64: ... DHCP IPv6 this is enabled by default Lawful Intercept Enhanced Lawful Intercept In line services usage Dynamic Mobile IP Key Update Per Subscriber Traffic Policing Shaping GGSN Dynamic QoS Renegotiation Inter chassis Session Recovery Dynamic QoS Traffic Policing RADIUS AAA Server Groups Always On RP Flow Control User Layer 3 Tunneling HA DNS Intercept Proxy IP Security IPSec Proxy Mobile IP Mobil...

Page 65: ...s associated with both SPC SMC cards in a redundant SPC configuration ensuring correct support for the system in case of an SPC SMC failover This license is unique to each system and its respective SPC SMC based CompactFlash cards Session use licenses can be upgraded remotely to increase system session capacity as new PAC PSC cards are added Important In the event that an SPC SMC requires replacem...

Page 66: ... invalid license key is specified in the configuration file a set of default limited session use and feature licenses is installed The following Exec Mode command lists the license information The following shows the license information for a system with no license key installed Notice that the session use licenses for PDSN HA GGSN and L2TP LNS are limited to 10 000 sessions ...

Page 67: ...Product Service and Feature Licenses Default Licenses Cisco ASR 5000 Series Product Overview OL 22938 02 ...

Page 68: ......

Page 69: ...Cisco ASR 5000 Series Product Overview OL 22938 02 Chapter 3 ASR 5000 Hardware Platform Overview This chapter provides information on the hardware components that comprise the ASR 5000 ...

Page 70: ...very may reduce subscriber session capacity performance and data throughput Important For Release 9 0 only PDSN and HA are supported on the PPC Component Supported Cisco Systems Product Minimum per Chassis Minimum for Redundant Chassis Configuration Maximum per Chassis System Management Card SMC 1 2 2 Packet Processor Card PPC Data application card 1 2 14 Packet Services Card PSC Data application ...

Page 71: ...essions and accounting information may be lost in the event of a hardware or software failure even though the system remains operational The physical maximum number of half height line cards you can install is 28 however redundant configurations may use fewer than the physical maximum number of line cards since they are not required behind standby PSCs or PSC2s The 10 Gigabit Ethernet Line Card is...

Page 72: ...ng equipment Refer to the Mounting Options section for additional information 3 Upper fan tray Draws air up through the chassis for cooling and ventilation It then exhausts air through the vents at the upper rear of the chassis Refer to the Fan Tray Assemblies section for additional information 4 Upper bezel Covers the upper fan tray bay 5 Lower fan tray cover Secures the lower fan tray assembly i...

Page 73: ...sis Descriptions Slot Numbering ASR 5000 chassis feature a 48 slot design with 16 front loading slots for application cards and 32 rear loading slots 16 upper and 16 lower for line cards Figure 6 Front Slot Numbering Scheme for Application Cards The rear of the chassis features a half slot design that supports up to 32 line cards ...

Page 74: ...ot 1 must have a corresponding line card in Slot 17 The redundant line card for this configuration would be placed in Slot 33 This establishes a directly mapped communication path through the chassis midplane between the application and line cards To help identify which rear slot corresponds with the front loaded application card note that the upper rear slot numbers are equal to the slot number o...

Page 75: ...hassis installed has approximately 5 5 inches 13 97 cm 3 14 RMUs of vertical space remaining To ensure all Central Office CO requirements and regulations are met Nortel Networks currently mounts two PDSN 16000 shelves in a PTE 2000 frame measuring 600 mm 23 6 inch wide by 900 mm 35 4 inch deep by 2125 mm 6 97 feet high There are two options for mounting the chassis in a standard equipment rack or ...

Page 76: ...Ethernet Line Card XGLC is a full height line card that takes up the upper and lower slots in the back of the chassis Use the upper slot number only when referring to installed XGLCs Slot numbering for other half height lines cards is maintained 17 to 32 and 33 to 48 regardless of the number of installed XGLCs 6 Chassis slot number 48 lower left most line card slot The following sections provide d...

Page 77: ... Bus supports management access to each component within the chassis It provides a communication path from each SMC to every card in the system supporting a 1 Mbps transfer rate to each card This allows the SMCs to manage several low level system functions such as supplying power monitoring temperature board status pending card removals and data path errors and controlling redundant secondary path...

Page 78: ...2 Slot 16 Each RCC facilitates 28 links One link with each of the 14 PSC PSC2 slots One link with each of the 14 packet processing card slots The RCC in slot 40 supports line card slots 17 23 and 26 32 upper rear slots The RCC in slot 41 supports line card slots 33 39 and 42 48 lower rear slots Each serial link facilitates up to 5 Gbps symbol rate equivalent to 4 Gbps of user data traffic in each ...

Page 79: ... TDM traffic requirements are addressed using the system s data fabric SPIO Cross Connect Bus To provide redundancy between Switch Processor I O SPIO cards the system possesses a physical interconnect between the ports on the SPIOs This cross connect allows management traffic or alarm outputs to be migrated from an active SPIO experiencing a failure to the redundant SPIO While it is recommended th...

Page 80: ...er to ensure maximum power feed redundancy The maximum input operating voltage range of the PFU is 40 VDC to 60 VDC the nominal rage is 48 VDC to 60 VDC Important In the event that the CO has AC power only a separate rack mount AC to DC converter is required The following drawing shows the PFU and its connectors Refer to the Cabling the Power Filter Units chapter for information on installing and ...

Page 81: ...Overview Power Filter Units Cisco ASR 5000 Series Product Overview OL 22938 02 Item Description 4 Power filter unit handle 5 Circuit breaker On Off rated at 165A 6 Power LED See Replacing the Chassis Power Filter Unit for details ...

Page 82: ...tomatically adjusted based on temperature or failover situations Thermal sensors monitor temperatures within the chassis In the event of a fan failure or other temperature related condition the Switch Management Card SMC notifies all operable fans in the system to switch to high speed and generates an alarm Lower Fan Tray The lower fan tray assembly contains multiple fans and pulls air into the ch...

Page 83: ... system Temperature sensors measure the temperature at various points throughout the chassis The system monitors this information and if it detects a clogged filter generates a maintenance alarm Figure 12 Particulate Air Filter Important A replacement air filter is shipped with each chassis It is recommended that a minimum of one replacement air filter for each deployed chassis be kept on site Thi...

Page 84: ...8 02 Figure 13 Upper Fan Tray Assembly Chassis Airflow Airflow within the chassis is designed per Telcordia recommendations to ensure the proper vertical convection cooling of the system Detailed information is located in the Chassis Air Flow section in Environmental Specifications chapter of this guide ...

Page 85: ... access memory RAM There is a single PC card slot on the SMC that supports removable ATA Type I or Type II PCMCIA cards for temporary storage Use these cards to load and store configuration data software updates buffer accounting information and store diagnostic or troubleshooting information There is also a type II CompactFlash slot on the SMC that hosts configuration files software images and th...

Page 86: ...ble 7 System Management Card SMC Item Description 1 Card Ejector Levers Use to insert remove card to from chassis 2 Interlock Switch When pulled downward the interlock switch notifies the system to safely power down card prior to removal 3 Card Level Status LEDs Show the status of the card See Applying Power and Verifying Installation for definitions ...

Page 87: ...HD RAID commands in the Command Line Interface Reference to configure RAID RAID control mechanisms allow xDR charging data to be written to the hard disks on both the active and standby SMCs for later upload to a suitable local or remote storage server Configuring CDR EDR and UDR storage is described in the Command Line Interface Reference Event logs related to disk and RAID include disk name seri...

Page 88: ...es in different contexts Important For Release 9 0 the PPC card is limited to CDMA and HA functionality Specialized hardware engines support parallel distributed processing for compression classification traffic scheduling forwarding packet filtering and statistics The packet processing cards use control processors to perform packet processing operations and a dedicated high speed network processi...

Page 89: ...session processing The hardware encryption components are part of the standard PSC hardware To take advantage of the distributed processing capabilities of the system you can add additional PSCs to the chassis without their supporting line cards if desired This results in increased packet handling and control transaction processing capabilities Another advantage is a decrease in CPU utilization wh...

Page 90: ...8 PSC Callout Descriptions Number Description 1 Card Ejector Levers Use to insert remove card to from chassis 2 Interlock Switch When pulled downward the interlock switch notifies the system to safely power down card prior to removal 3 Card Level Status LEDs Show the current status of the card See Applying Power and Verifying Installation for definitions ...

Page 91: ...ssors to perform register accesses to the FPGA and some components attached to it and also allows DMA operations between the NPU and the control processors memory A statistics engine is provided in the FPGA Two reduced latency DRAM RLDRAM chips attached to the FPGA provide 64MB of storage for counters The PSC2 has a 2 5 G bps based security processor that provides the highest performance for crypt...

Page 92: ...tion Cards Cisco ASR 5000 Series Product Overview OL 22938 02 Capacity 3 million SAU and 6 million PDP contexts 2 million PDSN sessions 6 million HA sessions Power Estimate 325W Maximum The front panel of the PSC2 and its major components is shown below ...

Page 93: ... 9 PSC2 Callout Descriptions Number Description 1 Card Ejector Levers Use to insert remove card to from chassis 2 Interlock Switch When pulled downward the interlock switch notifies the system to safely power down card prior to removal 3 Card Level Status LEDs Show the current status of the card See Applying Power and Verifying Installation for definitions ...

Page 94: ...fabric interface The traffic destined for the line cards or RCC is diverted from the NPU interface and sent over the serial links DT2 FPGA also connects to the control processors subsystem via a PCI E bus The PCI E interface allows the control processors to perform register accesses to the FPGA and some components attached to it and also allows DMA operations between the NPU and the control proces...

Page 95: ... PPC Callout Descriptions Number Description 1 Card Ejector Levers Use to insert remove card to from chassis 2 Interlock Switch When pulled downward the interlock switch notifies the system to safely power down card prior to removal 3 Card Level Status LEDs Show the current status of the card See Applying Power and Verifying Installation for definitions ...

Page 96: ...t CO alarming and BITS timing input SPIOs are installed in chassis slots 24 and 25 behind SMCs During normal operation the SPIO in slot 24 works with the active SMC in slot 8 The SPIO in slot 25 serves as a redundant component In the event that the SMC in slot 8 fails the redundant SMC in slot 9 becomes active and works with the SPIO in slot 24 If the SPIO in slot 24 should fail the redundant SPIO...

Page 97: ...IO Callout Definitions Number Description 1 Card Ejector Levers Use to insert remove card to or from the chassis 2 Interlock Switch When pulled downward the interlock switch notifies the system to safely power down card prior to removal 3 Card Level Status LEDs Show the status of the card See the Applying Power and Verifying Installation for definitions ...

Page 98: ...management LAN interfaces connect the system to the carrier s management network and subsequent applications normally located remotely in a Network Operations Center NOC You can use the RJ 45 10 100 1000 Mbps Ethernet interfaces or optical SFP Gigabit Ethernet interfaces When using the RJ 45 interfaces CAT5 shielded twisted pair cabling is recommended Important Use shielded cabling whenever possib...

Page 99: ...Closed devices indicating minor major and critical alarms Pin outs and a sample wiring diagram for this interface are shown in Technical Specifications chapter later in this guide A CO alarm cable is shipped with the product so you can connect the CO Alarm interfaces on the SPIO card to your alarming devices The Y cable design ensures CO alarm redundancy by connecting to both primary and secondary...

Page 100: ...C Callout Definitions Number Description 1 Card Ejector Levers Use to insert remove a card to and from the chassis 2 Interlock Switch When pulled downward the interlock switch notifies the system to safely power down card prior to removal 3 Card Level Status LEDs Show the status of the card See Applying Power and Verifying Installation for definitions ...

Page 101: ...100Base Tx full or half duplex Ethernet on CAT 5 shielded twisted pair STP or unshielded twisted pair UTP cable 10Base T full or half duplex Ethernet on CAT 3 4 or 5 STP or UTP cable Important Use shielded cabling whenever possible to further protect the chassis and its installed components from ESD or other transient voltage damage The Ethernet 10 100 Line Card can be installed in chassis slots 1...

Page 102: ...o insert remove card to from chassis 2 Interlock Switch When pulled downward the interlock switch notifies the system to safely power down card prior to removal 3 Card Level Status LEDs Show the status of the card See Applying Power and Verifying Installation for definitions 4 RJ 45 10 100 Ethernet Interfaces Eight auto sensing RJ 45 interfaces for R P interface connectivity carrying user data Por...

Page 103: ...08 4 feet 10 Kilometers Minimum Tx Power 9 5 dBm Rx Sensitivity 19 dBm 1000Base T Ethernet 1000 Copper RJ 45 Operates in full duplex up to 100 meters of CAT 5 Shielded Twisted Pair STP cable with BER less than 10e 10 Important Class 1 Laser Compliance Notice This product has been tested and found to comply with the limits for Class 1 laser devices for IEC825 EN60825 and 21CFR1040 specifications WA...

Page 104: ...e card is commonly referred to as the Quad GigE Line Card or the QGLC The QGLC is installed directly behind its associated packet processing card to provide network connectivity to the packet data network There are several different versions of Small Form factor Pluggable SFP modules available Table 16 SFP Modules Supported by the QGLC Module Type Card Identification Interface Type Cable Specifica...

Page 105: ... 10e 10 Important Class 1 Laser Compliance Notice This product has been tested and found to comply with the limits for Class 1 laser devices for IEC825 EN60825 and 21CFR1040 specifications WARNING Only trained and qualified personnel should install replace or service this equipment Invisible laser radiation may be emitted from the aperture of the port when no cable is connected Avoid exposure to l...

Page 106: ...nterlock switch notifies system to safely power down card prior to removal 3 Card Level Status LEDs Show the status of the card See Applying Power and Verifying Installation for definitions 4 Gigabit Ethernet Interface s Gigabit Ethernet GE SFP modules 1000Base SX 1000Base LX and 1000Base T interfaces are supported depending on the SFP module installed 10 Gigabit Ethernet Line Card The 10 Gigabit ...

Page 107: ...d Another way to perform a firmware upgrade is via the System Management Bus with 1 Mbps throughput which connects the SMC to every card in the system Install XGLCs in chassis slots 17 through 23 and 26 through 32 These cards should always be installed directly behind their respective packet processing cards but they are not required behind any redundant packet processing cards those operating in ...

Page 108: ...Size microns Range 9 32808 4 feet 10 Kilometers Minimum Tx Power 11 0 dBm Rx Sensitivity 19 dBm Important Class 1 Laser Compliance Notice This product has been tested and found to comply with the limits for Class 1 laser devices for IEC825 EN60825 and 21CFR1040 specifications WARNING Only trained and qualified personnel should install replace or service this equipment Invisible laser radiation may...

Page 109: ...able 19 10 Gigabit Ethernet Line Card GLC Callout Definitions Number Description 1 Card Ejector Levers Use to insert remove card to from chassis 2 Interlock Switch When pulled downward the interlock switch notifies system to safely power down card prior to removal 3 Card Level Status LEDs Show the status of the card See Applying Power and Verifying Installation for definitions ...

Page 110: ...nous Transport Signal 1 operating at 51 84 Mbit s exactly one third of an STM 1 STS 3c The OLC OLC2 concatenates three STS 1 OC 1 frames to provide transmission speeds up to 155 52 Mb s with payload rates of 149 76 Mb s and overhead rates of 5 76 Mb s The OLC OLC2 optical fiber line cards support network connectivity through Iu or IuPS interfaces to the UMTS Terrestrial Radio Access Network UTRAN ...

Page 111: ...ers Cladding Diameter 125 micrometers Range Short 2 kilometers Min Max Tx Power 19 dBm 14 dBm Rx Sensitivity 30 dBm Install the OLC OLC2 directly behind its respective Active packet processing card You may optionally install an OLC OLC2 behind a redundant packet processing card those operating in Standby mode As with other line cards install the Optical ATM Line Card in slots 17 through 23 26 thro...

Page 112: ...0 Line Cards Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 24 OLC Optical ATM Line Card R u n F a i l A c t iv e S t a n d b y 1 3 2 4 1 2 3 4 R e d A l a r m Y e ll o w A l a r m L i n k 1 SFP SFP SFP ATM POS OC 3 xxxx 4 1 1 5 6 3 2 ...

Page 113: ...Callout Definitions Number Description 1 Card Ejector Levers Use to insert remove card to from chassis 2 Interlock Switch When pulled downward the interlock switch notifies the system to safely power down card prior to removal 3 Card Level Status LEDs Show the status of the card See the Applying Power and Verifying Installation for definitions 4 Port connectors Fiber LC duplex female connector 5 P...

Page 114: ...ed with our SGSN products to provide frame relay Channelized Line Card CLC In North America the card supplies ANSI SONET STS 3 optical OC 3 signaling In Europe the card supplies SDH STM 1 optical OC 3 The transmission rate for the card is 155 52 Mb s with 84 SONET channels supplying T1 and 63 SDH channels supplying E1 Each CLC provides one optical fiber physical interface port The port is populate...

Page 115: ...micrometers Cladding Diameter 125 micrometers Range Intermediate 21 kilometers Attenuation 0 25 dB KM Min Max Tx Power 15 dBm 8 dBm Rx Sensitivity 28 dBm Multi mode Optical Fiber Channelized STM 1 OC 3 Multi Mode Multi mode Fiber LC duplex female connector Fiber Types Multi mode optical fiber Wavelength 1310 nm Core Size 62 5 micrometers Cladding Diameter 125 micrometers Range Short 2 kilometers M...

Page 116: ...view ASR 5000 Line Cards Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 26 CLC Channelized Line Card R u n F a il A c t iv e S t a n d b y 1 1 2 R e d A l a r m Y e ll o w A la r m L in k SFP STM 1 OC 3 xxxx 4 1 1 5 6 3 2 ...

Page 117: ...llout Definitions Number Description 1 Card Ejector Levers Use to insert remove card to from chassis 2 Interlock Switch When pulled downward the interlock switch notifies the system to safely power down card prior to removal 3 Card Level Status LEDs Show the status of the card See the Applying Power and Verifying Installation for definitions 4 Port connectors Fiber LC duplex female connector 5 Por...

Page 118: ... Interface for the Synchronous Digital Hierarchy SDH December 2003 ITU T Recommendation G 747 Second Order Digital Multiplex Equipment Operating at 6312 kbit s and Multiplexing Three Tributaries at 2048 kbit s 1993 ITU T Recommendation G 751 Digital Multiplex Equipment Operating at the Third Order Bit Rate of 34 368 kbit s and the Fourth Order Bit Rate of 139 264 kbit s and Using Positive Justific...

Page 119: ...for Instrumentation Performance Measurements on Digital Transmission Equipment May 1996 ITU T Recommendation O 151 Error Performance Measuring Equipment Operating at the Primary Rate and Above October 1992 ITU T Recommendation O 152 Error Performance Measuring Equipment for Bit Rates of 64 kbit s and N x 64 kbit s October 1992 ITU T Recommendation O 153 Basic Parameters for the Measurement of Erro...

Page 120: ...efore the upper attaching screw on the card will properly align with the screw hole in the chassis When you pull the interlock downward it allows the upper ejector lever to be operated This sliding lock mechanism provides notification to the system before you physically remove a card from the chassis This allows the system time to migrate various processes on the particular operational card The up...

Page 121: ...er NPU Manager Session Managers In line Service Managers VPN Manager SYNC Control Paths Primary Management Card Boot Configuration Switch Fabric Resource Manager High Availability Tasks Controller Tasks VPN Port Session Signaling Boot Configuratio n Switch Fabric Resource Manager High Availability Tasks Controller Tasks VPN Port Session Signaling Secondary Management Card The software architecture...

Page 122: ...n with little or no disruption of service This unique architecture allows the system to perform at the highest level of resiliency and protects the user s data sessions while ensuring complete accounting data integrity Promotes internal location transparency Processes can be distributed across the system to fit the needs of the network model and specific process requirements For example most tasks...

Page 123: ...ic error detection and recovery tasks Controller tasks These tasks often referred to as Controllers serve several different purposes These include Monitoring the state of their subordinate managers and allowing for intra manager communication within the same subsystem Enabling inter subsystem communication by communicating with controllers belonging to other subsystems Controller tasks mask the di...

Page 124: ...em on the standby management card Shared Configuration Task SCT Subsystem Provides the system with a facility to set retrieve and be notified of system configuration parameter changes This subsystem is primarily responsible for storing configuration data for the applications running within the system The SCT subsystem runs only on the activeSMC and synchronizes the information it contains with the...

Page 125: ... in failover situations The CSP subsystem runs only on the active SMC and synchronizes the information it contains with the mirrored SCT subsystem on the standby management card It is started by the SIT subsystem and monitored by the HAT subsystem for failures Session Subsystem The Session subsystem is responsible for performing and monitoring the processing of a mobile subscriber s data flows Ses...

Page 126: ......

Page 127: ...e of downtime and every dropped session represents lost revenue to the wireless operator resulting in potential customer loss and reduced profitability With this understanding we have developed a system that exceeds the availability features found in the majority of today s wireless and wireline access devices ...

Page 128: ...t for up to 14 total PSCs or PSC2s Important 1 1 redundancy is supported for these cards however some subscriber sessions and accounting information may be lost in the event of a hardware or software failure even though the system remains operational 1 1 Optical ATM line card LC redundancy OLC and OLC2 1 1 Channelized STM 1 OC 3 line card LC redundancy CLC and CLC2 1 1 Quad Gigabit Ethernet Line C...

Page 129: ...ch is a full height line card that populates both the upper and lower slots of the chassis uses a side by side redundancy scheme Refer to the Hardware Installation and Administration Guide for more information 26 Optical ATM line cards 13 active and 13 standby OLC and OLC2 26 Channelized line cards 13 active and 13 standby CLC and CLC2 2 RCCs 2 standby This configuration allows for the highest ses...

Page 130: ...46 45 43 44 42 41 40 39 38 37 36 35 34 33 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 PFU 2 PFU 1 Chassis Airflow Exhaust from Upper Fan Tray Maintenance and Failure Scenarios The following table shows various maintenance and failure scenarios involving the SMC and SPIO cards and explains how each situation is resolved Table 22 Service Assurance Features for the SMC and SPIO Hardware Failure S...

Page 131: ...eplacement or configuration change the state of the repaired SMC or SPIO does not automatically return to the active state This migration must occur through manual intervention by a system administrative user With the ability of performing on line process migration supporting 1 1 SMC and SPIO redundancy and utilizing the fully redundant switching fabric and control bus single points of failure are...

Page 132: ...s enabled No impact No impact 1 sec interrupt 1 sec interrupt 1 This does not apply to for deployments containing only 1 active processing card Important If the session recovery feature is enabled then a processing card hardware failure will not cause any loss of fully established HA subscriber sessions This feature does however require a minimum processing card configuration per chassis of three ...

Page 133: ...Data Effect on User Sessions Effect on the flow of Data Packets Effect on Control Transactions Processing Cards Session Manager Task failure Cleanup process performs automatically and process is restarted AAA Acct _Stop record is generated for all sessions in the affected subgroup Affected subgroup sessions are lost For PSC PSC2 up to 13200 for PDSN 13200 for PDIF 13200 for ASN GW 26400 for HA and...

Page 134: ...tware or hardware failure Interchassis Session Recovery The Interchassis Session Recovery feature provides the highest possible availability for continuous call processing without interrupting subscriber services This is accomplished through the use of redundant chassis The chassis are configured as primary and backup with one being active and one inactive Both chassis are connected to the AAA ser...

Page 135: ...able shows the MTBF characteristics of each major component of the system Table 26 Mean Time Between Failure Statistics Part Number Description MTBF Hours MTBF Years Fpmh Failure per million hours 600 00 1111 Chassis with Midplane 16 386 995 1869 38 0 061 600 00 3026 System Management Card 104 372 11 91 9 58 600 00 3025 Packet Services Card PSC or PSC2 102 294 11 68 9 78 600 00 5052 10 Gigabit Eth...

Page 136: ...ility calculations based on reliability modeling for the ASR 5000 platform Table 27 Platform Service Availability Calculations Platform Operational Uptime Yearly Downtime MTTF minutes Hours Years ASR 5000 99 999978 0 12 14 077 473 1605 91 One suggestion to help improve overall system availability is to institute an on site spares program wherein key components are housed locally with the deployed ...

Page 137: ...r field engineering resources to perform such duties Based on industry leading redundancy and failover features found in the system the following minimum spare parts levels for any planned deployment are recommended Table 28 Recommended FRU Parts Sparing Quantities Component Name Minimum number of spares For every n number of deployed components ASR 5000 Chassis with Midplane 1 20 System Managemen...

Page 138: ......

Page 139: ...Base TX 1000 Base TX or 1000 Base SX management interfaces on the SPIO Client Server model supports any browser i e Microsoft Internet Explorer v5 0 and above or Netscape v4 7 or above and others Supports Common Object Request Broker Architecture CORBA protocol Secure Sockets Layer SSL for encryption of management data and Simple Network Management Protocol version 1 SNMPv1 for fault management Pr...

Page 140: ... Element Manager functions The system provides element management applications that can easily be integrated using standards based protocols CORBA and SNMPv1 into higher level management systems giving wireless operators the ability to integrate the system into their overall network service and business management systems Overview information about each of these methods follows For detailed inform...

Page 141: ...ing figure shows this separation Figure 33 Separation of Management Data From User Data Additionally the system uses the local context solely for system management purposes Contexts are described in this document s Glossary but basically they provide a way to host multiple virtual service or configuration parameter groups in a single physical device To ensure OOB management users are required to c...

Page 142: ...mmand modes Exec execute Mode supporting basic commands that allow users to maneuver around system and perform monitoring functions Config configuration Mode providing global system configuration and context and service specific configuration functions Differentiated administrative user privileges Inspector users have minimal read only privileges Operator users have read only privileges They can m...

Page 143: ...s Product Overview OL 22938 02 Interactive context sensitive Help providing two levels of help for CLI commands keywords and variables For more detailed information reference Command Line Interface Overview chapter in the System Administration and Configuration Reference ...

Page 144: ...based server application works with clients using virtually any Java enabled web browser to remotely manage the network elements within the system using the Common Object Request Broker Architecture CORBA standard The Secure Sockets Layer SSL protocol can be used to encrypt management data traffic between the client and the server The following figure shows the Web Element Manager application s to...

Page 145: ...38 02 In addition to its element management capabilities the Web Element Manager can be integrated with higher layer network service and business management applications using its northbound CORBA interface For more information on Web Element Manager application refer Web Element Manager Overview section ...

Page 146: ......

Page 147: ... 1 or later Important The ASN Gateway is a licensed product and requires an Access Service Network Gateway support license ASN Gateway provides the following functionality all of which is integrated into the chassis ASN mobility Extensible Authentication Protocol EAP user authentication Authentication Authorization Accounting AAA client DHCP proxy server Connectivity Service Network CSN mobility I...

Page 148: ... edge of an ASN and is the link to the CSN Each ASN Gateway can concentrate traffic from multiple radio base stations This reduces the number of devices to manage and minimizes connection set up latency by decreasing the number of call handovers in the network Figure 35 Basic ASN Gateway Network Connectivity Service Network CSN ASN Gateway Acess Service Network ASN WiMAX SS MS WiMAX Base Station T...

Page 149: ...s in pass through mode for EAP authentication between the EAP client the mobile station and the EAP AAA server After successful EAP authentication the AAA server sends the master session key MSK to the ASN Gateway The ASN Gateway as authenticator performs authorization key AK context management It derives the AK from the MSK and sends it to the base station As part of the AK context other informat...

Page 150: ...text to a target base station and when requested changes the data path To minimize latency and packet loss the ASN Gateway implements data integrity through bi casting or multi casting For paging buffering is also supported A foreign agent maintains the IP connectivity if the mobile subscriber initiates an inter ASN handover The ASN Gateway supports either Proxy Mobile IP PMIP or Client Mobile IP ...

Page 151: ... and provides ASN anchored mobility for fixed nomadic or portable mobility applications A Simple IP architecture removes dependencies for separate foreign agent and home agent functions ASN Gateway handles simultaneous combinations of Simple IP Mobile IP or Proxy Mobile IP calls A Simple IP model permits the ASN to be combined or split from the CSN depending upon the need for roaming The Simple IP...

Page 152: ...stablishment of a new R6 GRE bearer connection to the target base station It is referred to as an L2 operation because the previously assigned IP address for the binding remains the same on the anchor authenticator data path ASN Gateway while the L2 BSID Ethernet MAC address is updated for the target base station Uncontrolled handovers are supported for both Simple IP or Mobile IP use cases With u...

Page 153: ...th the anchor gateway session and non anchor gateway sessions are counted towards the session license separately Licensed session limits are enforced based on the total number of anchor and non anchor sessions WiMAX R3 CSN Anchored Mobility Management The R3 reference point defines a set of control plane protocols between the Access Service Network ASN and Connectivity Service Network CSN to suppo...

Page 154: ... both gateways only the subscriber needs to be re authenticated The RADIUS client for authentication and accounting is collocated with the authenticator function The ASN Gateway acts as an EAP relay and is agnostic to the EAP method EAP transport between the ASN Gateway and the base station is performed as a control exchange The base station functions as an EAP relay converting Pair wise Master Ke...

Page 155: ...access device and an EAP server component on AAA The size of the pre shared key can be up to 256 bytes EAP Transport Layer Security EAP TLS EAP TLS is an asymmetric authentication method that uses X 509 digital certificates for example public private key pairs and enables device based authentication EAP Tunneled Transport Layer Security EAP TTLS EAP TTLS is a multi level authentication scheme to e...

Page 156: ...hallenge response mechanisms similar to other EAP methods It verifies credentials for users of Removable User Identity Modules R UIMs WiMAX Prepaid Accounting The system supports prepaid accounting for clients on the ASN Gateway Clients can communicate directly to a home AAA server or be proxied through a visited network s AAA server The following figure shows a typical prepaid network topology Fi...

Page 157: ...stem functioning as either an ASN Gateway Simple IP or home agent Mobile IP serves as an access function AF and monitors new data sessions or sessions already in progress While monitoring the system intercepts and duplicates session content and forwards it to a delivery function DF over an extensible proprietary interface The DF delivers the intercepted content to one or more collection functions ...

Page 158: ...returning a hotlining filter rule to the ASN Gateway ASN GW hotlining support uses the standard attribute Filter ID along with the session identification parameters User Name Calling Station ID and AAA Session ID An IP address is assigned during initial network entry The ASN Gateway uses the redirect address associated with the filter rule to hotline the call to a web activation portal The user pr...

Page 159: ... user experience via end to end differentiated QoS connection oriented services and stringent treatment for isochronous voice and delay sensitive multimedia applications over broadband WiMAX networks This feature also enables service convergence and is the foundation for delivery of IMS service control ASN Gateway Intra Chassis Session Recovery This feature enables the system to recover from singl...

Page 160: ...hored for example on the ASN Gateway for Simple IP sessions and on the home agent for Mobile IP sessions For more information about ECS refer to the Enhanced Charging Services Administration Guide Multi host Support ASN Gateway s multi host feature provides multiple host connectivity A WiMAX CPE modem supports multiple IP hosts in fixed nomadic applications The modem shares a single WiMAX airlink ...

Page 161: ...re is no authentication for each assigned IP address and no validation of MAC addresses contained in DHCP requests except to make sure that they are unique across all subscribers connected to the DHCP proxy server IP Address Allocation through DHCP The dynamic IP address allocation procedure for primary node and secondary hosts is described below After the initial network entry for WiMAX CPE is co...

Page 162: ...ASN Gateway Overview Supported Features Cisco ASR 5000 Series Product Overview OL 22938 02 The auxiliary IP addresses can be assigned and freed any time during the call via DHCP messages ...

Page 163: ...e functions may be in a single physical device or distributed over multiple physical devices to meet functional and interoperability requirements The following figure shows a high level example of WiMAX network architecture Figure 39 WiMAX Network Architecture WiMAX Base Station Internet Enterprise ASN Gateway ASN Gateway Acess Service Network ASN Another CSN Another ASN Home Agent HA Connectivity...

Page 164: ...CSN tunneling In addition to the above mandatory functions for a portable and mobile environment the ASN supports the following functions ASN anchor mobility CSN anchor mobility Paging and location management The ASN has the following network elements The WiMAX base station which is a logical entity that embodies a full instance of the WiMAX Medium Access Control MAC layer and physical layer in co...

Page 165: ...tivity Service Network CSN The Connectivity Service Network CSN is a set of network functions that provide IP connectivity services to the WiMAX subscriber A CSN provides the following functions SS MS IP address and endpoint parameter allocation for user sessions Internet access AAA proxy or server Policy and admission control based on user subscription profiles ASN CSN tunneling support WiMAX sub...

Page 166: ...ient Mobile IP CMIP R4 Reference Point Consists of the set of control and bearer plane protocols originating and terminating in various functional entities of an ASN that coordinate MS mobility between ASNs and ASN Gateways R4 is the only interoperable RP between similar or heterogeneous ASNs R5 Reference Point Consists of the set of control plane and bearer plane protocols for internetworking bet...

Page 167: ...target base station ASN Gateway Architecture and Deployment Profiles The ASN Gateway is part of the Access Service Network ASN within the WiMAX network The ASN Gateway comprises logical and functional elements that provide different functionality in an ASN ASN profiles provide a framework for interoperability among entities within an ASN At a high level the WiMAX forum has defined groups of functi...

Page 168: ...erview OL 22938 02 Figure 41 Functional view of ASN Gateway Profile C ASN Gateway R3 R4 R6 Authenticator Data Path Function Context Function P MIP Client AAA Client MIP Foreign Agent MIP FA Service Flow Authorization DHCP Proxy Relay Key Distributor Paging Controller Location Register ...

Page 169: ...a mobile user s home network through communications with the home agent HA No redirection is required when mobile users connect to an ASN Gateway that serves their home network The following figure shows an example of a network configuration in which the ASN Gateway FA and HA are separate systems Figure 42 ASN Gateway FA and HA Network Deployment Configuration Example MN R6 ASN GW FA Foreign AAA H...

Page 170: ...Product Overview OL 22938 02 Figure 43 Co located ASN Gateway FA and HA Network Deployment Configuration Example R6 Combined ASN GW FA and HA Foreign AAA Home AAA IP Network WiMAX BS ASN GW FA HA R4 AAA Carrier 1 Network Carrier 2 Network R3 MN R6 R4 WiMAX BS MN Internet or PDN R3 R3 ...

Page 171: ...ons for a given MS As shown in the following figure the anchor ASN Gateway hosts the following functions Authenticator includes Accounting Client Anchor DP function DHCP proxy PMIP client MIP FA Anchor SFA DHCP proxy function The ASN Gateway service IP address is the R6 and R4 tunnel endpoint and handles both R6 and R4 traffic Anchor Session The following identifiers identify the anchor ASN Gatewa...

Page 172: ...following functions Serving DP Function The subscriber data is not processed in the non anchor GW It relays the subscriber data to anchor ASN Gateway over R4 When the inner IP packet emerges from R6 tunnel at the non anchor ASN Gateway the packet is sent over R4 data path tunnel to the Anchor ASN Gateway Serving SFA Function No packet classification is performed in this function It provides only t...

Page 173: ... the request is set to HO The Destination ID in the message does not match the destination IP address of the message It needs to match the anchor ASN Gateway ID in the message if an R6 and R4 Data Path setup is intended The anchor ASN Gateway is one of the peer ASN Gateway configured in the ASN Gateway service Initial Network Entry and Data Path Establishment without Authentication This section de...

Page 174: ...s Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 44 Initial Network Entry and Data Session Establishment without Authentication Call Flow ASN BS ASN GW Authenticator MS SS 1 3 5 4 11 6 13 7 8 DATA 9 10 2 15 CSN PDN Internet 12 14 16 16 ...

Page 175: ...ent Request to ASN Gateway 9 ASN Gateway sends MS Attachment Response to ASN BS and reserves the resource 10 ASN BS sends Registration Response to MS 11 ASN BS sends MS Attachment Acknowledgement to ASN Gateway 12 ASN Gateway sends Path Registration Request to ASN BS 13 ASN BS creates 802 16 connection and establishes path with MS 14 ASN BS sends Path Registration Response to ASN Gateway and ASN G...

Page 176: ...thenticator MS SS 1 2 4 3 7 10 5 11 15 14 12 16 13 6 8 CSN PDN Internet 9 DATA Table 30 Initial Network Entry and Data Session Establishment with Authentication Call Flow Description Step Description 1 MS performs initial ranging with the BS Ranging is a process by which an MS becomes time aligned with the BS The MS is synchronized with the BS at the successful completion of ranging and is ready t...

Page 177: ...nt authenticator 11 AAA client authenticator sends MS Info Report to BS and BS sends Registration Response REG RESP to MS and MS Info Report Acknowledge to AAA client authenticator 12 ASN Gateway sends Path Registration Request to ASN BS 13 ASN BS creates 802 16e connection and establishes path with MS 14 ASN BS sends Path Registration Response to ASN Gateway and ASN Gateway creates service flow w...

Page 178: ...ne Interface Reference MS Triggered Network Exit This section describes the procedure of MS Triggered network exit for a WiMAX Subscriber Station SS or MS in normal mode The following figure provides a high level view of the steps involved for network exit of an SS MS in normal mode The following table explains each step in detail Figure 46 MS Triggered Network Exit Call Flow ASN BS ASN GW FA Auth...

Page 179: ...to AAA 6 AAA replies with Accounting Stop Response message to ASN Gateway 7 ASN Gateway FA replies with Path_Dereg_Response message to ASN BS 8 ASN BS sends DREG_CMD message to MS including Action Code 0x04 9 ASN BS sends R6 Path_Dereg_Ack to the ASN Gateway and related entities releases the retained MS context and the assigned data path resource for the MS Network Triggered Network Exit This sect...

Page 180: ...cription 1 Network entities such as AAA Server ASN Gateway FA HA trigger Session Release Trigger to ASN BS This can be from H AAA ServerAnchor ASN Gateway FA HAServing ASN BS etc 2 ASN BS sends DREG_CMD message to MS including Action Code 0x00 to indicate MS existing network 3 IP session for DHCP MIP release starts between MS and network entities 4 MS sends DREG_REQ to ASN BS with De Registration_...

Page 181: ...ta path resource for the MS Intra ASN Gateway Handover This section describes the handover procedure between two ASN BSs connected to one ASN Gateway The ASN Gateway supports following types of handover Intra anchor ASN Gateway Uncontrolled Handover Intra Non anchor ASN Gateway Uncontrolled Handover Intra anchor ASN Gateway Controlled Handover Intra Non anchor ASN Gateway Controlled Handover Detai...

Page 182: ... ASN BS Anchor ASN GW MS SS DATA 2 4 5 6 1 3 7 8 9 10 11 12 13 14 15 Target ASN BS Table 33 Intra ASN Gateway Uncontrolled Handover Call Flow Description Step Description 1 MS sends RNG REQ message to target ASN BS 2 Target ASN BS sends Context Request message to anchor ASN Gateway for this MS 3 Anchor ASN Gateway forwards Context Request message to serving ASN BS ...

Page 183: ...ount Update message to anchor ASN Gateway 12 Anchor ASN Gateway replies with CMAC Key Count Update ACK message to target ASN BS 13 Anchor ASN Gateway sends Path_De Reg_Req message to release data path to serving BS 14 Serving ASN BS sends Path_De Reg_Rsp message to anchor ASN Gateway 15 R6 GRE data path terminated between serving ASN BS and anchor ASN Gateway Intra anchor ASN Gateway Controlled Ha...

Page 184: ... MS initiated handover request MOB_MSHO_REQ the serving BS sends HO_Req messages to target BS selected by MS and starts R8_HO_Req timer 3 Targeted BS tests the acceptability of the requested HO by comparing the amount of available resources and required bandwidth QoS parameters in the HO request received from serving BS 4 Once a target BS accepts the request it sends the HO_Rsp message to the serv...

Page 185: ... Authenticator MN Data Path Established 1 2 3 9 11 12 13 14 15 R6 DP Established 16 DP De registration Process 17 Target ASN BS Data Path Established 6 8 4 5 7 10 Network Re entry Completion R8_HO_Req_Timer Mob_Ho_Ind HO Conf HO Ack MAC_Context Req MAC_Context Req MAC_Context Rep MAC_Context Rep Auth_Context Req Auth_Context Rep RNG Req DP_Reg Req DP_Reg Rsp DP_Reg Ack Key_Count Update Key_Count A...

Page 186: ...fers Authentication Context information to target BS 10 MS starts ranging with target BS and sends RNG REQ to the target BS and network reentry completed 11 Target BS sends Data Path Registration Request to anchor ASN Gateway 12 Anchor ASN Gateway sends Data Path Registration Response to target BS 13 Target BS sends Data Path Registration Ack message to Anchor ASN Gateway and R6 data path is estab...

Page 187: ...erving BS sends HO_Req messages to target BS from its peer list and starts R8_HO_Req timer 2 Targeted BS tests the acceptability of the requested HO by comparing the amount of available resources and required bandwidth QoS parameters in the HO request received from serving BS 3 Once a target BS accepts the request it sends the HO_Rsp message to the serving BS 4 Serving BS sends MOB_MSHO_RSP respon...

Page 188: ... DP De registration Process 17 Target ASN BS Data Path Established 6 8 4 5 7 10 Network Re entry Completion R8_HO_Req_Timer HO Conf HO Ack MAC_Context Req MAC_Context Req MAC_Context Rep MAC_Context Rep Auth_Context Req Auth_Context Rep RNG Req DP_Reg Req DP_Reg Rsp DP_Reg Ack Key_Count Update Key_Count Ack Table 37 BS initiated Uncontrolled Intra ASN Gateway Handover Action Phase Description Step...

Page 189: ...nd R6 data path established 14 Target BS sends CMAC Key count Update message to anchor ASN Gateway 15 Anchor ASN Gateway sends CMAC Key Count Update Ack message to target BS and handover completed 16 Anchor AS NGW starts Data Path De registration process with serving BS 17 Serving BS releases all resources and terminates data path with MS Inter ASN Gateway Handover This section describes the proce...

Page 190: ... Gateway to Anchor ASN Gateway Handover Uncontrolled Non Anchor ASN Gateway to Non Anchor ASN Gateway Handover ASN Gateway Function for Handovers An ASN Gateway configured for inter ASN Gateway handovers requires the following functionality to support the handover via an R4 interface The following figure provides a high level view of the components and functions distribution in ASN Gateway ...

Page 191: ...lient Accounting DHCP Proxy Relay Serving Service Flow Auth S SFA Proxy MIP Client Serving Data Path Function S DPF Mobile IP Foreign Agent MIP FA Context Function Paging Controller Location Updator R6 R4 Anchor ASN GW Controlled Anchor ASN Gateway to Non Anchor ASN Gateway Handover For Controlled handovers the ASN Gateway provides and or supports the following functions Message Relay The ASN Gate...

Page 192: ... Report messages This retrieval is also stateless The context retrieval operation can be performed at any time during the lifetime of a call Data Path Registration After Pre Registration the target BS performs Data Path Registration Data Path Registration is performed using a 3 way handshake If Pre Registration has occurred the Data Path Registration messages do not contain any service flow inform...

Page 193: ...B_MSHO REQ message to the serving ASN BS 2 Serving ASN BS sends a Handover Request message to the target ASN BS 3 Target ASN BS sends a Context Request message to the target non anchor ASN Gateway for this MS 4 Target non anchor ASN Gateway forwards the Context Request message to the anchor ASN Gateway 5 Anchor ASN Gateway sends a Context Report message to the target non anchor ASN Gateway 6 Targe...

Page 194: ...tion is optional 11 Target ASN BS sends a Path Pre Registration Acknowledge message to the target non anchor ASN Gateway Pre registration is optional 12 Target non anchor ASN Gateway forwards the Path Pre Registration Acknowledge message to the anchor ASN Gateway Pre registration is optional 13 Target BS sends a Handover Response message to the serving BS 14 Serving BS sends a MOB_BSHO RSP message...

Page 195: ...ge to the target ASN BS 3 Target ASN BS sends a Handover Acknowledge message to the serving ASN BS 4 MS moves off of the serving ASN Gateway and re enters the network through target ASN BS 5 Target ASN BS sends a Path Registration Request message to the target non anchor ASN Gateway 6 Target non anchor ASN Gateway forwards the Path Registration Request message to the anchor ASN Gateway 7 Anchor AS...

Page 196: ...r ASN Gateway 12 Target ASN BS sends a Handover Complete message to the serving ASN BS 13 Anchor ASN Gateway sends receives Path De Reg Req Rsp Ack messages to release the data path to from Serving BS 14 R6 GRE data path terminated between Serving ASN BS and Anchor ASN Gateway Uncontrolled Anchor ASN Gateway to Non Anchor ASN Gateway Handover The following figure and table provides a high level vi...

Page 197: ... Handover Procedure Description Step Description 1 MS sends RNG REQ message to target ASN BS 2 Target ASN BS sends Context Request message to serving ASN BS 3 Serving ASN BS sends Context Report message with MS context information to target ASN BS 4 Target ASN BS sends Context Request message to target non anchor ASN Gateway 5 Target non anchor ASN Gateway forwards Context Request message to ancho...

Page 198: ...ages to release data path to from serving BS 18 R6 GRE data path terminated between Serving ASN BS and anchor ASN Gateway RADIUS based Prepaid Accounting for WiMax Online accounting is set up by the exchange of RADIUS Access Request and Access Accept packets The initial Access Request packet from the ASN GW and or the home agent includes a prepaid accounting capability PPAC vendor specific attribu...

Page 199: ... Table 41 Call Flow Showing How Additional Quota is Obtained Step Description 1 During network entry a NAS sends an Access Request packet to the HCSN If the NAS supports a PPC the NAS includes the PPAC attributes indicating it prepaid capabilities 2 If the subscriber session is a prepaid session the PPS HAAA assigns the initial prepaid quota s by including one or more PPAQ attributes in the Access...

Page 200: ...he final quota is indicated by the presence of the Terminate Action subtype The Terminate Action subtype includes the action for the PPC to take once the quota is reached 7 The quota expires The PPC sends an Authorize Only Access Request packet to indicate that the quota has expired 8 The PPS responds with an Access Accept If there are additional resources the PPS allocates additional quotas and t...

Page 201: ...rection Access Accept with Termination Action Redirect Filter and HTTP Redirection Rule User recharged PPS updates AAA server with recharged quota attributes for the MS Normal Internet traffic CoA from AAA server to PPAC with HTTP Redirection Rule to clear and with new quota attributes in PPAQ Table 42 Call Flow for Applying HTTP Redirection Rule on Quota Reach Step Description 1 The Volume or Dur...

Page 202: ...ing this period the MS recharges from the portal 5 The PPC sends updated quota attributes to the AAA server based on the MS recharge from the portal 6 The AAA server sends a CoA message to the PPC home agent with the new quota attributes in PPAQ and also sends the HTTP Redirection Rule to clear the HTTP Redirection rule at the PPC 7 Normal traffic including HTTP traffic is allowed per the new quot...

Page 203: ...om portal during HTTP redirection CoA with HTTP Redirection Rule User recharged PPS updates AAA server with recharged quota attributes for the MS Normal Internet traffic CoA from AAA server to PPAC with HTTP Redirection Rule to clear and with new quota attributes in PPAQ Table 43 Call Flow for Applying HTTP Redirection Rule Received by CoA Step Description 1 The PPS updates the AAA server so that ...

Page 204: ...edirection Rule to clear the HTTP Redirection rule at the PPC 6 Normal traffic including HTTP traffic is allowed per the new quota attributes Terminating the Call when Quota is Reached The following figure and table provide a high level view of the steps involved in allocating additional quotas for prepaid calls once the original quota is reached Figure 60 Call Flow for Terminating the Call on Quo...

Page 205: ...action is Request More Quota step 2 occurs next If termination action is Terminate step 4 occurs next 2 If the termination action is Request More Quota the PPC sends an Online Access Request to the AAA server and waits for Access Accept 3 The PPC receives the Access Accept which contains no additional quota attributes 4 Session is terminated at the PPC home agent and at the ASN GW 5 The PPC sends ...

Page 206: ...ng of ASN Gateway in CSN procedure Following procedures are discussed in this section PMIP4 Connection Setup and Call Flow with DHCP Proxy This section describes the CSN procedure of simple IP with DHCP proxy triggering PMIPv4 for a WiMAX subscriber The following figure and table provide a high level view of the steps involved in PMIP4 connection and call flow of an SS MS ...

Page 207: ...in ASN Procedures 2 MS sends DHCP DISCOVER message to DHCP Proxy co located with ASN Gateway to discover a DHCP server for IP host configuration 3 Upon receiving the DHCP DISCOVER message the DHCP Proxy in the NAS triggers the PMIP4 client to initiate 8 the Mobile IPv4 Registration procedure The PMIP4 client uses the HoA information and constructs a Mobile IPv4 Registration Request message and sen...

Page 208: ...FA forwards the message to the PMIP4 client The PMIP4 client passes this information to the DHCP proxy 6 The DHCP proxy sends the DHCP OFFER message to the MS 7 MS sends a DHCP REQUEST to the DHCP Proxy with the information received in the DHCP OFFER 8 The DHCP Proxy acknowledges the use of this IP address and other configuration parameters by sending the DHCP ACK message 9 WiMAX session establish...

Page 209: ... MS sending DHCP Release message to the ASN GS or DHCP proxy has expired on lease time or FA initiates session release 2 ASN Gateway initiates the session release with PMIPv4 client by sending FA_Revoke_Req and sends PMIP De Reg RRQ Registration Revocation message to CSN HA 3 CSN HA starts release of MIP binding 4 CSN HA sends PMIP De Reg RRQ Registration Revocation message to ASN Gateway and PMIP...

Page 210: ...nario between WiMAX and 3GPP legacy networks with reference points and interfaces Figure 63 ASN Gateway with 3GPP Overlay Wi Gi Wp Wn ASN R6 WiMAX Elements BS BS 3GPP Network WiMAX SS MS R1 R6 ASN GW CSN R4 ASN GW HA R3 R3 CSN IWU Wa 3GPPAAA Server WAG PDG 3GPP PS Services Wu ASN Gateway Interoperability with 3GPP2 Overlay The following figure shows a typical interoperability scenario between WiMA...

Page 211: ... of this feature the HA can be configured for 3GPP2 HA service 3GPP HA service WiMAX HA service A combination of 3GPP2 and WiMAX HA services The above configurations provide the session continuity capability that enables a dual mode device a multi radio device to continue its active data session as it changes its active network attachment from 3GPP2 to Wimax and vice versa with no perceived impact...

Page 212: ...provisioned basis or at the time of MS dynamic service subscription Manual Mode The NSP Enumeration List is presented to the user for selection Each entry presents only the verbose NSP name to the user If more than one NAP can be used to establish a direct connection with a NSP the MS may indicate each of the candidate NAPs along with the NSP or verbose NSP name to the user in the following order ...

Page 213: ...he selected NSP If no NSP is found the MS behavior is implementation dependent ASN GW and NAP ID NSP ID Process Following is an overview of NAP ID and NSP ID process from the ASN GW s perspective 1 NAP NSP advertisement BS advertises the available NAP NSP to MS The MS chooses one of the preferred NAP NSPs and performs INE with that NAP NSP The BS MS supports this function the ASN GW does not play ...

Page 214: ...to the uplink data path The ASNGW includes the tunnel endpoint TLV in the data path messages to BS or from the non anchor GW to the anchor GW and vice versa to support the handoff functionality After receiving the tunnel endpoint TLV within the data path messages the BS forwards all the uplink data traffic to the same address No Handoff INE For the control and data path setup for the INE the BS AS...

Page 215: ...he anchor GW specifies the tunnel endpoint to receive the uplink traffic in the DP Reg Rsp message AT1 and AT2 are the data tunnel endpoints on the anchor and non anchor GWs respectively to negotiate R6 control traffic SB1 and TB1 are the control addresses on the SBS and TBS respectively Intra ASNGW Handoff For intra ASNGW handoff during INE the ASNGW specifies the different data tunnel endpoint f...

Page 216: ...tailed Protocols and Procedures Release 1 0 0 Draft March 28 2007 WiMAX Forum IEEE Standards IEEE 802 16e D12 September 2005 Local and Metropolitan Area Networks Part 16 Air Interface for Fixed Broadband Wireless Access Systems Feb 2006 802 1Q VLAN Standard IETF References RFC 1701 Generic Routing Encapsulation GRE October 1994 RFC 2131 Dynamic Host Configuration Protocol DHCP March 1997 RFC 2794 ...

Page 217: ...ort For Extensible Authentication Protocol EAP September 2003 RFC 3588 Diameter Base Protocol September 2003 RFC 3748 Extensible Authentication Protocol June 2004 RFC 1918 NWG Stage 2 Architecture 121505 RFC 3115 Mobile IP Vendor Organization specific Extensions Object Management Group OMG Standards CORBA 2 6 Specification 01 09 35 Object Management Group ...

Page 218: ......

Page 219: ...stry Overview The ASN Paging Controller and Location Registry PC LR provides paging and location updates to WiMAX subscribers in IEEE 802 16 Mobile WiMAX radio access networks This service can be used as a standalone product or in combination with ASN Gateway as co located services on the same chassis ...

Page 220: ...er data traffic Each ASN Gateway can concentrate traffic from many radio base stations This reduces the required number of devices under management and minimizes connection set up latency by decreasing the number of call hand offs in the network Paging and Idle Mode Operation maintains a track and alert for MSs when they are in idle mode to save battery power Paging is executed to alert MSs when t...

Page 221: ...paging controller PG in ASN GW retrieves the location from the LR and alerts the paging agent in PA in the base station to signal to the mobile station Location information for idle mode subscribers is maintained in a location register central database that is co located on an anchor paging controller Idle mode can be initiated by the mobile device or the network The paging controller retains subs...

Page 222: ...lular system to keep the mobile device reachable when it is inactive It enables mobility in addition to conserving battery life Idle mode paging also eliminates the requirements of independent VLRs HLRs when it is supported as an integrated function in the ASN Gateway system Licenses The ASN PC LR service is a separate product from the ASN Gateway You must purchase the WiMAX Paging Controller Loca...

Page 223: ... The information for each MS includes MS paging information about each MS that has registered in the past in the network but is currently in idle mode Current paging group ID PGID PAGING_CYCLE PAGING_OFFSET Last reported BSID Last reported relay PCID MS service flow information Idle mode retention information for each MS in idle mode Information about the service flows associated with the MS An in...

Page 224: ... anchor ASN Gateway acting as the anchor PC function for the MS and the HMAC CMAC tuple 2 The serving ASN BS sends an R6 LU_Req message to the serving ASN Gateway and starts timer TR6_LU_Req The message may include the PG ID Paging Offset and Paging Cycle TLVs if the serving ASN BS proposes an update to these parameters 3 The serving ASN Gateway associated with the local Paging Controller sends an...

Page 225: ...SN to update it with the latest CMAC Key Count 9 The serving ASN BS sends an R6 LU_Cnf message to the serving ASN Gateway with Location Update TLV indicating success Upon receipt of the message the serving ASN Gateway stops timer TR6_LU_Conf 10 The serving ASN Gateway sends an R4 LU_Cnf message with a successful LU indication to the anchor PC and stops timer TR6_LU_Req Upon receipt of the message ...

Page 226: ...tion Update Status TLV set to Accept MS Info AK Context anchor PC ID and the old anchor PC ID TLV The message may include the paging information TLVs if they were included in the corresponding R4 message 9 Based on the AK and AK context received from the current anchor PC the serving BS associated with local PC relay PC successfully authenticates the RNG_REQ message received from the MS The servin...

Page 227: ... ASN clears its LR context for the MS 17 This step is optional If the anchor PC ASN receives CMAC Key Count TLV update in LU_Cnf message it should perform an R4 CMAC Key Count Update procedure with the authenticator ASN to update it with the latest CMAC Key Count Refer to section 4 13 for the call flow Paging Operation This section describes the paging operation for a WiMAX MS The following figure...

Page 228: ...Function DPF sends an R4 Initiate_Paging_Req message to the anchor PC LR to request paging Optionally the R4 Initiate_Paging_Req message contains the QoS parameters of the flow for which the data arrived at the anchor DPF This helps set priority treatment of the paging operation based on the QoS parameters and flow types The anchor DPF may have policies for triggering paging based on the QoS param...

Page 229: ...SN Gateway starts timer TR6_Paging_Announce 6 Once the Paging Agent PA at the BS receives the Paging_Announce message with the requested action set to Start it extracts the relevant paging parameters for the MS Paging Cycle Paging Offset It then initiates the paging action requested by sending out MOB PAG_ADV message over the airlink as per the indicated paging cycle and the paging offset The opti...

Page 230: ...y Overview Introduction Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 68 MS Initiated Idle Mode Entry Procedure Flow ASN BS ASN GW Local PC MS SS 1 2 3 6 4 ASN GW PC Authenticator DPF Serving ASN 7 8 Anchor ASN 5 9 10 11 12 13 14 15 ...

Page 231: ...enticator and anchor PC LR are collocated in the same ASN Gateway 6 According to the reported information in R4 IM_Entry_State_Change_Rsp based on the content of Idle mode authorization indication IE the anchor PC updates the LR with current MS location information PGID and other parameters and sends back R4 IM_Entry_State_Change_Rsp message to the serving ASN Gateway When this message is received...

Page 232: ...sp_ADPFt and the serving BS PA updates the anchor authenticator with the CMAC Key count for the MS via the serving ASN Gateway as per the CMAC Key count update procedure The anchor authenticator acknowledges the CMAC update for the MS Optionally this procedure may be invoked anytime after step 11 MS Initiated Idle Mode Exit This section describes the MS initiated idle mode exit procedure for a WiM...

Page 233: ... PC MS SS 1 2 3 6 4 ASN GW PC Authenticator DPF Serving ASN 7 9 Anchor ASN 5 10 11 8 Table 51 MS Initiated Idle Mode Exit Procedure Flow Description Step Description 1 MS initiates exit procedure from IDLE mode and sends RNG_REQ to the serving ASN BS The Ranging Purpose Indication TLV is set to 1 and the PC ID TLV is included thus indicating that the MS intends to Re Entry from Idle Mode ...

Page 234: ...opped This step is optional if the anchor authenticator and the anchor PC LR are collocated in the same ASN Gateway 6 The anchor PC LR sends R4 IM_Exit_State_Change_Rsp to the relay PC Once the relay PC receives this message Timer TR4_IM_Exit_Ctx_Req is stopped R4 IM_Exit_State_Change_Rsp contains the stored information for the MS at the anchor PC 7 The serving ASN Gateway retrieves the MS context...

Page 235: ... and Location Registry Overview Supported Platforms and Software Cisco ASR 5000 Series Product Overview OL 22938 02 Supported Platforms and Software ASN PC LR is available for all chassis running StarOS Release 8 0 or later ...

Page 236: ......

Page 237: ...ket Data Support Node PDSN in CDMA 2000 wireless data networks This overview provides general information about the PDSN including Product Description Product Specifications Features and FunctionalityBase Software Features and Functionality Optional Enhanced Software Features CDMA2000 Data Network Deployment Configurations Understanding Simple IP and Mobile IP Supported Standards ...

Page 238: ... s Point to Point Protocol PPP session and then routes data to and from the Packet Data Network PDN on behalf of the subscriber The PDN could consist of Wireless Application Protocol WAP servers or it could be the Internet When supporting Mobile IP and or Proxy Mobile IP data applications the system can be configured to perform the role of the PDSN Foreign Agent FA and or the Home Agent HA within ...

Page 239: ...o support CDMA2000 wireless data services on the system System Management Cards SMCs Provides full system control and management of all cards within the ASR 5000 platform Up to two SMC can be installed one active one redundant Packet Services Cards PSCs Within the ASR 5000 platform PSCs provide high speed multi threaded PPP processing capabilities to support either PDSN FA or HA services Up to 14 ...

Page 240: ...y Crossbar Cards RCCs Installed in the lower rear chassis slots directly behind the SMCs RCCs utilize 5 Gbps serial links to ensure connectivity between Ethernet 10 100 or Ethernet 1000 line cards QGLCs and every PSC in the system for redundancy Two RCCs can be installed to provide redundancy for all line cards and PSCs Important Additional information pertaining to each of the application and lin...

Page 241: ...erview Bulk Statistics Support Threshold Crossing Alerts TCA Support IP Header Compression Van Jacobson DSCP Marking Gx and Gy Support The PDSN supports 3GPP Release 8 standards based policy interface with the Policy and Charging Rules Function PCRF The policy interface is based on a subset 3GPP 29 212 based Gx interface specification The PDSN policy interface fully supports installation modificat...

Page 242: ...by configuring multiple weighted sets of servers The configuration allows Policy support to be enabled on a per subscriber APN basis The policy features supported on PDSN and GGSN will be quite similar On PDSN the Gx will only be supported for Simple IP calls On PDSN additional event triggers rat type change and location change will be supported On PDSN Gy standard DCCA based credit control is sup...

Page 243: ... been selected all subsequent AAA messages for the session will be delivered to the same server In the event that a single server becomes unreachable the system attempts to communicate with the other servers that are configured The system also provides configurable parameters that specify how it should behave should all of the RADIUS AAA servers become unreachable The system provides an additional...

Page 244: ...of packets into and out of the system They are configured on a per context basis and consist of rules ACL rules or filters that control the action taken on packets that match the filter criteria Once configured an ACL can be applied to any of the following An individual interface All traffic facilitated by a context known as a policy ACL An individual subscriber All subscriber sessions facilitated...

Page 245: ... configuration a nexthop forwarding address is specified and all data packets for that subscriber are forwarded to the specified nexthop destination ACL based Policy Forwarding gives you more control on redirecting data packets By configuring an Access Control List ACL you can forward data packets from a context or an interface by different criteria such as source or destination IP address ICMP ty...

Page 246: ...ing mechanism provides an efficient mechanism for ensuring the delivery of subscriber data packets Description The following routing mechanisms and protocols are supported by the system Static Routes The system supports the configuration of static network routes on a per context basis Network routes are defined by specifying an IP address and mask for the route the name of the interface in the cur...

Page 247: ...ter Autonomous System AS paths Route Maps Route maps are used for detailed control over the manipulation of routes during route selection or route advertisement by a routing protocol and in route redistribution between routing protocols This detailed control is achieved using IP Prefix Lists Route Access Lists and AS Path Access Lists to specify IP addresses address ranges and Autonomous System Pa...

Page 248: ...BA protocol and Simple Network Management Protocol version 1 SNMPv1 for fault management Provides complete Fault Configuration Accounting Performance and Security FCAPS capabilities Can be easily integrated with higher level network service and business layer applications using the Object Management Group s OMG s Interface Definition Language IDL Important For more information on command line inte...

Page 249: ...nd graphing The Bulk Statistics Server component of the Web Element Manager parses collected statistics and stores the information in the PostgreSQL database If XML file generation and transfer is required this element generates the XML output and can send it to a Northbound NMS or an alternate bulk statistics server for further processing Additionally if archiving of the collected statistics is d...

Page 250: ...yed SNMP traps are supported in both Alert and Alarm modes Logs The system provides a facility called threshold for which active and event logs can be generated As with other system facilities logs are generated Log messages pertaining to the condition of a monitored value are generated with a severity level of WARNING Logs are supported in both the Alert and the Alarm models Alarm System High thr...

Page 251: ...rs of IPv4 TCP packets to improve performance over low speed serial links By default IP header compression using the VJ algorithm is enabled for subscribers You can also turn off IP header compression for a subscriber Important For more information on IP header compression support refer IP Header Compression chapter in System Enhanced Feature Configuration Guide DSCP Marking Provides support for m...

Page 252: ...reventing a fully connected user session from being disconnected Description Session recovery is performed by mirroring key software processes e g session manager and AAA manager within the system These mirrored processes remain in an idle state in standby mode wherein they perform no processing until they may be needed in the case of a software failure e g a session manager task aborts The system...

Page 253: ... following standards RFC 2460 Internet Protocol Version 6 IPv6 Specification RFC 2461 Neighbor Discovery for IPv6 RFC 2462 IPv6 Stateless Address Autoconfiguration RFC 3314 Recommendations for IPv6 in 3GPP Standards RFC 3316 Internet Protocol Version 6 IPv6 for Some Second and Third Generation Cellular Hosts RFC 3056 Connection of IPv6 domains via IPv4 clouds 3GPP TS 23 060 General Packet Radio Se...

Page 254: ...p in the PDSN running a LAC service L2TP establishes L2TP control tunnels between LAC and LNS before tunneling the subscriber PPP connections as L2TP sessions The LAC service is based on the same architecture as the PDSN and benefits from dynamic resource allocation and distributed message and data processing This design allows the LAC service to support over 4000 setups per second or a maximum of...

Page 255: ...ions with an HA identified by information stored in the subscriber s profile on behalf of the MN i e the MN is only responsible for maintaining the IP PDP context with the PDSN no Agent Advertisement messages are communicated with the MN The MN is assigned an IP address by either the HA an AAA server or on a static basis The address is stored in a Mobile Binding Record MBR stored on the HA Therefo...

Page 256: ...from the system to an LNS secure gateway over an IPSec tunnel Important For more information on IPSec support refer IP Security chapter in System Enhanced Feature Configuration Guide Traffic Policing and Rate Limiting Allows the operator to proportion the network and support Service level Agreements SLAs for customers Description The Traffic Policing Shaping feature enables configuring and enforci...

Page 257: ... and is marked red and the violation counter is incremented by one There are enough tokens in the PBS bucket to allow a packet to pass but not in the CBS bucket then the packet is considered to be in excess and is marked yellow the PBS bucket is decremented by the packet size and the exceed counter is incremented by one There are more tokens present in the CBS bucket than the size of the packet th...

Page 258: ...context and or chassis wide basis Important For more information on intelligent traffic control support refer Intelligent Traffic Control chapter in System Enhanced Feature Configuration Guide Dynamic RADIUS Extensions Change of Authorization Dynamic RADIUS extension support provide operators with greater control over subscriber PDP contexts by providing the ability to dynamically redirect data tr...

Page 259: ... performing Fault Configuration Accounting Performance and Security FCAPS management of the ASR 5000 Description The Web Element Manager is a Common Object Request Broker Architecture CORBA based application that provides complete Fault Configuration Accounting Performance and Security FCAPS management capability for the system For maximum flexibility and scalability the Web Element Manager applic...

Page 260: ...DSN FA serves as an integral part of a CDMA2000 network by providing the packet processing and re direction to the mobile user s home network through communications with the HA In cases where the mobile user connects to a PDSN that serves their home network no re direction is required The following figure depicts a sample network configuration wherein the PDSN FA and HA are separate systems Figure...

Page 261: ...nternet or a corporate intranet AAA Interfaces Using the LAN ports located on the Switch Processor I O SPIO and Ethernet line cards these interfaces carry AAA messages to and from RADIUS accounting and authentication servers The SPIO supports RADIUS capable management interfaces using either copper or fiber Ethernet connectivity through two auto sensing 10 100 1000 Mbps Ethernet interfaces or two ...

Page 262: ...Co located PDSN FA and HA Configuration Example It should be noted that all interfaces defined within the 3GPP2 standards for 1x deployments exist in this configuration as they are described in the two previous sections This configuration can support communications to external or standalone PDSNs FAs and or HAs using all prescribed standards ...

Page 263: ...ovides a mobility solution for subscribers whose Mobile Nodes MNs do not support the Mobile IP protocol The PDSN FA proxy the Mobile IP tunnel with the HA on behalf of the MS The subscriber receives an IP address from either the service provider or from their home network As the subscriber roams through the network the IP address is maintained providing the subscriber with the opportunity to use I...

Page 264: ... to establish a communications session between the MN and the PDSN Once a PPP session is established the Mobile Node MN and end host communicate using IP packets The following figure and table provides a high level view of the steps required to make a Simple IP call that is initiated by the MN to an end host Users should keep in mind that steps 2 3 11 and 12 in the call flow are related to the Rad...

Page 265: ...n Step Description 1 Mobile Node MN secures a traffic channel over the airlink with the RAN through the BSC PCF 2 The PCF and PDSN establish the R P interface for the session 3 The PDSN and MN negotiate Link Control Protocol LCP 4 Upon successful LCP negotiation the MN sends a PPP Authentication Request message to the PDSN 5 The PDSN sends an Access Request message to the RADIUS AAA server ...

Page 266: ...dress Mobile IP allows mobility in a dynamic method that allows nodes to maintain ongoing communications while changing links as the user traverses the global Internet from various locations outside their home network In Mobile IP the Mobile Node MN receives an IP address either static or dynamic called the home address assigned by its Home Agent HA A distinct advantage with Mobile IP is that MNs ...

Page 267: ...tant The chassis simultaneously supports GRE protocols with key in accordance with RFC 1701 RFC 2784 and Legacy GRE protocols without key in accordance to RFC 2002 Another advantage of GRE tunneling over IP in IP tunneling is that GRE tunneling can be used even when conflicting addresses are in use across multiple contexts for the tunneled data Communications between the FA and HA can be done in e...

Page 268: ... to the MN s care of address by forward tunneling In this case the MN sends packets to the FA which are transported using conventional IP routing methods A key advantage of triangular routing is that reverse tunneling is not required eliminating the need to encapsulate and de capsulate packets a second time during a Mobile IP session since only a forward tunnel exists between the HA and PDSN FA A ...

Page 269: ...2938 02 Figure 75 Mobile IP FA and HA Tunneling Transport Methods How Mobile IP Works As described earlier Mobile IP uses three basic communications protocols PPP IP and Tunneled IP in the form of IP in IP or GRE tunnels The following figure depicts where each of these protocols are used in a basic Mobile IP call ...

Page 270: ...unneled IP either IP in IP or GRE tunneling Communication between the HA and End Host can be achieved using the Internet or a private IP network and can use any IP protocol The following figure provides a high level view of the steps required to make a Mobile IP call that is initiated by the MN to a HA and table that follows explains each step in detail Users should keep in mind that steps in the ...

Page 271: ...CDMA2000 Wireless Data Services Understanding Simple IP and Mobile IP Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 77 Mobile IP Call Flow ...

Page 272: ...he home AAA server to authenticate the MN subscriber 13 The home AAA server returns an Access Accept message to the HA 14 Upon receiving response from home AAA the HA sends a reply to the PDSN FA establishing a forward tunnel Note that the reply includes a Home Address an IP address for the MN 15 The PDSN FA sends an Accounting Start message to the visitor AAA server The visitor AAA server proxies...

Page 273: ...e provider s network each time a hand off occurs the MN will receive the same IP address stored in the MBR on the HA Note that unlike Mobile IP capable MNs that can perform multiple sessions over a single PPP link Proxy Mobile IP allows only a single session over the PPP link In addition simultaneous Mobile and Simple IP sessions will not be supported for an MN by an FA currently facilitating a Pr...

Page 274: ...CDMA2000 Wireless Data Services Understanding Simple IP and Mobile IP Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 78 AAA PDSN Assigned IP Address Proxy Mobile IP Call Flow ...

Page 275: ...ter index SPI 10 While the FA is communicating with the HA the MN may send additional IPCP Configuration Request messages 11 The HA responds with a Proxy Mobile IP Registration Response after validating the home address against it s pool s The HA also creates a Mobile Binding Record MBR for the subscriber session 12 The MN and the PDSN FA negotiate IPCP The result is that the MN is assigned the ho...

Page 276: ...CDMA2000 Wireless Data Services Understanding Simple IP and Mobile IP Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 79 HA Assigned IP Address Proxy Mobile IP Call Flow ...

Page 277: ... the IP address of the FA the care of address and the FA HA extension Security Parameter Index SPI 10 While the FA is communicating with the HA the MN may send additional IPCP Configuration Request messages 11 The HA responds with a Proxy Mobile IP Registration Response The response includes an IP address from one of its locally configured pools to assign to the MN its Home Address The HA also cre...

Page 278: ...ernets MIB II March 1991 RFC 1215 A Convention for Defining Traps for use with the SNMP March 1991 RFC 1224 Techniques for Managing Asynchronously Generated Alerts May 1991 RFC 1256 ICMP Router Discovery Messages September 1991 RFC 1305 Network Time Protocol Version 3 Specification Implementation and Analysis March 1992 RFC 1332 The PPP Internet Protocol Control Protocol IPCP May 1992 RFC 1398 Def...

Page 279: ...ncapsulation within IP October 1996 RFC 2005 Applicability Statement for IP Mobility Support October 1996 RFC 2118 Microsoft Point to Point Compression MPPC Protocol March 1997 RFC 2136 Dynamic Updates in the Domain Name System DNS UPDATE RFC 2211 Specification of the Controlled Load Network Element Service RFC 2246 The Transport Layer Security TLS Protocol Version 1 0 January 1999 RFC 2290 Mobile...

Page 280: ...00 RFC 2866 RADIUS Accounting June 2000 RFC 2867 RADIUS Accounting Modifications for Tunnel Protocol Support June 2000 RFC 2868 RADIUS Attributes for Tunnel Protocol Support June 2000 RFC 2869 RADIUS Extensions June 2000 RFC 3007 Secure Domain Name System DNS Dynamic Update November 2000 RFC 3012 Mobile IPv4 Challenge Response Extensions November 2000 RFC 3095 Robust Header Compression ROHC Framew...

Page 281: ...ce Options for Wideband Spread Spectrum Systems TIA EIA IS 707 A 5 Packet Data Services TIA EIA IS 707 A 9 High Speed Packet Data Services TIA EIA IS 2000 5 Upper Layer Layer 3 Signaling for CDMA2000 Spread Spectrum Systems TIA EIA IS 2001 Interoperability Specifications IOS for CDMA2000 Access Network Interfaces TIA EIA TSB100 Wireless Network Reference Model TIA EIA TSB115 CDMA2000 Wireless IP A...

Page 282: ...k Standard December 10 1999 3GPP2 P R0001 TSB115 Version 1 0 0 Wireless IP Architecture Based on IETF Protocols July 14 2000 3GPP2 3GPP2 X S0011 005 C Version 1 0 0 CDMA2000 Wireless IP Network Standard Accounting Services and 3GPP2 RADIUS VSAs August 2003 3GPP2 X S0011 006 C Version 1 0 0 CDMA2000 Wireless IP Network Standard PrePaid Packet Data Service Date August 2003 3GPP2 TSGA A S0013 c v0 4 ...

Page 283: ...y GPRS Support Node GGSN in General Packet Radio Service GPRS or Universal Mobile Telecommunications System UMTS wireless data networks This overview provides general information about the GGSN including Product Description Product Specification Network Deployment and Interfaces Features and Functionality Base Software Features and Functionality Optional Enhanced Feature Software How GGSN Works Su...

Page 284: ...PNs configured on the system Each APN consists of a set of parameters that dictate how subscriber authentication and IP address assignment is to be handled for that APN In addition to providing basic GGSN functionality as described above the system can be configured to support Mobile IP and or Proxy Mobile IP data applications in order to provide mobility for subscriber IP PDP contexts When suppor...

Page 285: ... 5000 platform in GGSN service Important For more information on requirement of licenses for optional enhanced features refer to Features and Functionality Optional Enhanced Feature Software section Hardware Requirements Information in this section describes the hardware required to enable the GGSN service ASR 5000 Platform System Hardware Components The following application and line cards are re...

Page 286: ...the packet data network 10 Gig E Line Cards XGLCs The 10 Gigabit Ethernet Line Card is used in the ASR 5000 system only and is commonly referred to as the XGLC The XGLC supports higher speed connections to packet core equipment increases effective throughput between the ASR 5000 and the packet core network and reduces the number of physical ports needed on the ASR 5000 The one port XGLC supports t...

Page 287: ... in GPRS UMTS network The following information is provided in this section GGSN in the GPRSUMTS Data Network Supported Interfaces GGSN in the GPRS UMTS Data Network The figures that follow display simplified network views of the GGSN in a GPRS UMTS network and the system supporting Mobile IP and Proxy Mobile IP function both the GGSN Foreign Agent FA and GGSN FA Home Agent HA combinations respect...

Page 288: ...oyment and Interfaces Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 82 Combined GGSN FA Deployment for Mobile IP and or Proxy Mobile IP Support Figure 83 Combined GGSN FA HA Deployment for Mobile IP and or Proxy Mobile IP Support Supported Interfaces ...

Page 289: ...rn will communicate with the HLR using MAP over Signaling System 7 SS7 One Gc interface can be configured per system context Gi This is the interface used by the GGSN to communicate with Packet Data Networks PDNs external to the PLMN Examples of PDNs are the Internet or corporate intranets Inbound packets received on this interface could initiate a network requested PDP context if the intended MS ...

Page 290: ...ep packet inspection Important This interface is supported through Enhanced Charging Service For more information on this support refer Enhanced Charging Service Administration Guide GRE This new protocol interface in GGSN platform adds one additional protocol to support mobile users to connect to their enterprise networks Generic Routing Encapsulation GRE GRE Tunneling is a common technique to en...

Page 291: ...res 16 000 SGSN Support AAA Server Groups Access Control List Support ANSI T1 276 Compliance APN Support Bulk Statistics Support Direct Tunnel Support DHCP Support DSCP Marking Generic Corporate APN GTPP Support Host Route Advertisement IP Policy Forwarding IP Header Compression Van Jacobson Management System Overview Overlapping IP Address Pool Support Per APN Configuration to Swap out Gn to Gi A...

Page 292: ...the entire chassis A total of 128 servers can be assigned to an individual server group Up to 1 600 accounting authentication and or mediation servers are supported per chassis and may be distributed across a maximum of 1 000 APNs This feature also enables the AAA servers to be distributed across multiple APN within the same context Important Due to additional memory requirements this service can ...

Page 293: ...ents NE In particular it specifies guidelines for password strength storage and maintenance security measures ANSI T1 276 specifies several measures for password security These measures include Password strength guidelines Password storage guidelines for network elements Password maintenance e g periodic forced password changes These measures are applicable to the ASR 5000 and the Web Element Mana...

Page 294: ...the subscriber may be authenticated authorized with an AAA server The GGSN allows the AAA server to return VSAs Vendor Specific Attributes that override any all of the APN configuration This allows different subscriber tier profiles to be configured in the AAA server and passed to the GGSN during subscriber authentication authorization The GGSN s Virtual APN feature allows the carrier to use a sin...

Page 295: ...cs Server component of the Web Element Manager parses collected statistics and stores the information in the PostgreSQL database If XML file generation and transfer is required this element generates the XML output and can send it to a Northbound NMS or an alternate bulk statistics server for further processing Additionally if archiving of the collected statistics is desired the Bulk Statistics se...

Page 296: ...ansaction capabilities ensuring system control plane capacity will not be a capacity limiting factor once Direct Tunnel is deployed DHCP Support Dynamic IP address assignment to subscriber IP PDP contexts using the Dynamic Host Control Protocol as defined by the following standards RFC 2131 Dynamic Host Configuration Protocol RFC 2132 DHCP Options and BOOTP Vendor Extensions As described in the PD...

Page 297: ...ble DSCP marking for Uplink and Downlink direction based on Allocation Retention Priority in addition to the current priorities Generic Corporate APN Any operator may not be aware of the IP address that a corporation may assign to subscribers through AAA or DHCP and the traffic is sent from the GGSN to the corporation over a tunnel this feature allows the operator to terminate such users Normally ...

Page 298: ...N can be configured on a per APN basis based on whether the subscriber is visiting roaming or home By default the GGSN always accepts the charging characteristics from the SGSN They must always be provided by the SGSN for GTPv1 requests for primary PDP contexts If they are not provided for secondary PDP contexts the GGSN re uses those from the primary If the system is configured to reject the char...

Page 299: ... Next Hop Forwarding Forwards data packets based on the IP pool from which a subscriber obtains an IP address ACL based Policy Forwarding Forwards data packets based on policies defined in Access Control Lists ACLs and applied to contexts or interfaces Subscriber specific Next Hop Forwarding Forwards all packets for a specific subscriber The simplest way to forward subscriber data is to use IP Poo...

Page 300: ...n IPv4 Native IPv6 support on the Gi interface allows support for packets coming from or destined to a mobile over the Gi interface IPv6 address assignment is supported from a dynamic or static pool via standard 3GPP attributes The GGSN can communicate using DIAMETER as the transport protocol for Gx to the AAA Overlapping address space or resource pools are supported if they are in different VPNs ...

Page 301: ...MPv6 as defined by RFC 4443 The GGSN replies to the link local configured IP address and the all hosts IP address Native IPv6 Routing allows the forwarding of IPv6 packets between IPv6 Networks The forwarding lookup is based on a longest prefix match of the destination IPv6 address The GGSN supports configuration of IPv6 routes to directly attached next hops via an IPv6 Interface Management System...

Page 302: ... e Microsoft Internet Explorer v5 0 and above or Netscape v4 7 or above and others Supports Common Object Request Broker Architecture CORBA protocol and Simple Network Management Protocol version 1 SNMPv1 for fault management Provides complete Fault Configuration Accounting Performance and Security FCAPS capabilities Can be easily integrated with higher level network service and business layer app...

Page 303: ...nfiguration so overlapping pools must be configured in the APN for this feature to be used When a PDP context is created the IP addresses is either assigned from the IP pool in this case the forwarding rules are also configured into the GGSN at this point If the address is assigned statically when the GGSN confirms the IP address from the pool configured in the APN the forwarding rules are also ap...

Page 304: ...plication used by the subscriber a configuration option has been added to the GGSN replace the Gn APN with the Gi virtual APN in emitted G CDRs When virtual APNs are used the operator can specify via EMS or a configuration command that the Gi APN should be used in the Access Point Name Network Identifier field of emitted G CDRs instead of the Gn APN Port Insensitive Rule for Enhanced Charging Serv...

Page 305: ...PN is configurable for the DiffServ ToS value to use for each of the 3GPP traffic classes Alternatively you can configure pass through whereby the ToS value will pass through unchanged In the downlink direction the ToS value of the subscriber packet is not changed but you can configure what to use for the ToS value of the outer GTP tunnel The value for ToS is configurable for each of the 3GPP traf...

Page 306: ...d on the system and it selects servers from this list depending on the server selection algorithm round robin first server Instead of having a single list of servers per context this feature provides the ability to configure multiple server groups Each server group in turn consists of a list of servers This feature works in following way All RADIUS authentication accounting servers configured at t...

Page 307: ...IUS server The next hop address determines the interface and VLAN to use Traffic from the server is identified as belonging to a certain NAS IP by the port VLAN combination The number of Radius NAS IP addresses that can be configured is limited by the number of loopback addresses that can be configured Important For more information on VLAN support refer VLANs chapter in System Enhanced Feature Co...

Page 308: ...IP Prefix list filters routes based upon IP prefixes AS Path Access Lists A basic building block used for Border Gateway Protocol BGP routing these lists filter Autonomous System AS paths Route Maps Route maps are used for detailed control over the manipulation of routes during route selection or route advertisement by a routing protocol and in route redistribution between routing protocols This d...

Page 309: ...ability the operator can configure threshold on these resources whereby should the resource depletion cross the configured threshold a SNMP Trap would be sent The following thresholding models are supported by the system Alert A value is monitored and an alert condition occurs when the value reaches or exceeds the configured high threshold within the specified polling interval The alert is generat...

Page 310: ...rview OL 22938 02 alarms are reported to the system s alarm subsystem and are viewable through the Alarm Management menu in the Web Element Manager The Alarm System is used only in conjunction with the Alarm model Important For more information on threshold crossing alert configuration refer Thresholding Configuration Guide ...

Page 311: ...ery IP Security IPSec IPv6 Support L2TP LAC Support L2TP LNS Support Lawful Intercept Mobile IP Home and Foreign Agents Mobile IP NAT Traversal Multimedia Broadcast Multicast Services Support Overcharging Protection on Loss of Coverage Proxy Mobile IP Session Persistence Session Recovery Support Traffic Policing and Rate Limiting Web Element Management System Common Gateway Access Support Common G...

Page 312: ... Extensions to Remote Authentication Dial In User Service RADIUS July 2003 standard The system supports the configuration and use of the following dynamic RADIUS extensions Change of Authorization The system supports CoA messages from the AAA server to change data filters associated with a subscriber session The CoA request message from the AAA server must contain attributes to identify NAS and th...

Page 313: ... domain known as VRF To differentiate the tunnels between same set of local and remote ends GRE Key will be used as a differentiation GRE Tunneling is a common technique to enable multi protocol local networks over a single protocol backbone to connect non contiguous networks and allow virtual private networks across WANs This mechanism encapsulates data packets from one protocol inside a differen...

Page 314: ...o ASR 5000 Series Product Overview OL 22938 02 Figure 86 GRE Deployment Scenario IPv4 Network GRE Tunnel Mobile Node GGSN Corporate B gateway Corporate B network Corporate A network Corporate A gateway GRE Tunnel Access Network Gx Interface Support Gx interface support on the system enables the wireless operator to ...

Page 315: ...e goal of the Gx interface is to provide network based QoS control as well as dynamic charging rules on a per bearer basis The Gx interface is in particular needed to control and charge multimedia applications The Gx interface is located between the GGSN and the E PDF PCRF It is a Diameter based interface and provides the functions provided earlier by the Gx and Go interfaces QoS control based on ...

Page 316: ...er data is sent from the active chassis to the inactive chassis If the active chassis handling the call traffic goes out of service the inactive chassis transitions to the active state and continues processing the call traffic without interrupting the subscriber session The chassis determines which is active through a propriety TCP based connection called a redundancy link This link is used to exc...

Page 317: ...pping is meant for multiple customers using the same IP address for AAA DHCP servers The AAA and DHCP control messages are sent over IPSec tunnels and AAA DHCP packets required to be encrypted are decided as per the ACL configuration done for specific session IPSec can be implemented on the system for the following applications PDN Access Subscriber IP traffic is routed over an IPSec tunnel from t...

Page 318: ...eyond what is currently possible in IPv4 Native IPv6 support on the Gi interface allows support for packets coming from or destined to a mobile over the Gi interface IPv6 address assignment is supported from a dynamic or static pool via standard 3GPP attributes The GGSN can communicate using Diameter as the transport protocol for Gx to the AAA Overlapping address space or resource pools are suppor...

Page 319: ...pports a subset of IPv6 Neighbor Discovery as defined by RFC 2461 including the following The GGSN uses IPv6 Neighbor Discovery to learn the Ethernet link layer addresses of the directly connected next hop gateway The GGSN supports configuration of the static IPv6 neighbor next hop gateway Link local addresses will be automatically added to Ethernet type interfaces The GGSN performs Unsolicited Ne...

Page 320: ...used as a standalone or running alongside a GGSN service in the same platform terminating L2TP services in a cost effective and seamless manner L2TP establishes L2TP control tunnels between LAC and LNS before tunneling the subscriber PPP connections as L2TP sessions There can be a maximum of up to 65535 sessions in a single tunnel and up to 500 000 sessions per LNS The LNS architecture is similar ...

Page 321: ... or later this feature enhanced to allow 20 000 LI targets to be provisioned as well as monitored Caution This capacity improvement impacts performance over various network scenario and in order to reach the full target of 20000 LI targets it is required that the used platform have at least 12 active packet processing cards installed Important For more information on this feature support refer Law...

Page 322: ... could not be recovered Session Idle timer expiry when configured to send Revocation Any other condition under which a binding is terminated due to local policy duplicate IMSI detected duplicate home address requested Important For more information on Mobile IP HA service and FA service configuration refer HA Administration Guide and GGSN Administration Guide respectively Mobile IP NAT Traversal T...

Page 323: ...M SC Important For more information on this feature refer Multicast Broadcast Service chapter in System Enhanced Feature Configuration Guide Overcharging Protection on Loss of Coverage This solution provides the ability to configure mobile carriers to maximize their network solutions and balancing the requirements to accurately bill their customer Considerin a scenario where a mobile is streaming ...

Page 324: ...y roam between WiLAN and 3G cellular access networks This type of inter technology roaming is ordinarily not possible as wireline access networks do not include SGSNs to permit inter SGSN call hand offs with cellular access networks The Cisco Session Persistence Solution maintains consistent user identities and application transparency for your mobile subscribers as they roam across bearer access ...

Page 325: ...n the case of a software failure e g a session manager task aborts The system spawns new instances of standby mode session and AAA managers for each active Control Processor CP being used Additionally other key system level software tasks such as VPN manager are performed on a physically separate packet processing card to ensure that a double software fault e g session manager and VPN manager fail...

Page 326: ...placed in the subscriber s bucket Note that the committed burst size CBS equals the peak burst size PBS for each subscriber Tokens are removed from the subscriber s bucket based on the size of the packets being transmitted received Every time a packet arrives the system determines how many tokens need to be added returned to a subscriber s CBS and PBS bucket This value is derived by computing the ...

Page 327: ...rface GUI for performing Fault Configuration Accounting Performance and Security FCAPS management of the ASR 5000 The Web Element Manager is a Common Object Request Broker Architecture CORBA based application that provides complete Fault Configuration Accounting Performance and Security FCAPS management capability for the system For maximum flexibility and scalability the Web Element Manager appli...

Page 328: ...ures and Functionality Optional Enhanced Feature Software Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 88 Web Element Manager Network Interfaces Important For more information on on WEM support refer WEM Installation and Administration Guide ...

Page 329: ...contexts Accounting protocol Support is provided for using either the GTPP or Remote Authentication Dial In User Service RADIUS protocols In addition an option is provided to disable accounting if desired Authentication protocol Support is provided for using any of the following Challenge Handshake Authentication Protocol CHAP Microsoft CHAP MSCHAP Password Authentication Protocol PAP Mobile Stati...

Page 330: ...affic class A total of 11 PDP contexts are supported per subscriber These could be all primaries or 1 Primary and 10 secondaries or any combination of primary and secondary Note that there must be at least one primary PDP context in order for secondaries to come up Dynamic IP Address Assignment IP addresses for PDP contexts can either be static an IP address is permanently assigned to the MS or dy...

Page 331: ...ork initiated sessions the GGSN will initiate the process of paging the MS and establishing a PDP context PPP Direct Access The GGSN terminates the subscriber s PPP session and provides subscriber authentication services for the data session Either a static or dynamic IP address can be assigned to the MS in this scenario Virtual Dialup Access The GGSN functions as an LAC encapsulates subscriber pa...

Page 332: ...ld learn through router advertisement messages from the GGSN Additionally this section also provides information about the process used by the system to dynamically assign IP addresses to the MS Transparent Session IP Call Flow The following figure and the text that follows describe the call flow for a successful transparent data session Figure 89 Transparent IP Session Call Flow ...

Page 333: ...se will contain information elements such as the PDP Address representing either the static address requested by the MS or the address assigned by the GGSN the TEID used to reference PDP Address and PDP configuration options specified by the GGSN 5 The SGSN returns an Activate PDP Context Accept response to the MS The MS can now send and receive data to or from the PDN until the session is closed ...

Page 334: ...es through the process of attaching itself to the GPRS UMTS network 2 The Terminal Equipment TE aspect of the MS sends AT commands to the Mobile Terminal MT aspect of the MS to place it into PPP mode The Link Control Protocol LCP is then used to configure the Maximum Receive Unit size and the authentication protocol Challenge Handshake Authentication Protocol CHAP Password Authentication ...

Page 335: ... Access Request message to an AAA server If the MS required the dynamic assignment of an IP address i e the PDP Address received from the mobile was null the GGSN will assign one The IP address assignment methods supported by the system GGSN are described in the Dynamic IP Address Assignment section of this chapter 6 If the GGSN authenticated the subscriber to an AAA server the AAA server responds...

Page 336: ...gement Network Initiated Session Call Flow The following figure and the text that follows describe the call flow for a successful network initiated data session Figure 91 Network initiated Session Call Flow 1 An IP Packet Data Unit PDU is received by the GGSN from the PDN The GGSN determines if it is configured to support network initiated sessions If not it will discard the packet If so it will b...

Page 337: ...icated in the GGSN s request 6 The SGSN sends a Request PDP Context Activation message to the MS containing the information supplied by the GGSN 7 The MS begins the PDP Context Activation procedure as described in step 2 through step 5 of the Transparent Session IP Call Flow section of this chapter Upon PDP context establishment the MS can send and receive data to or from the PDN until the session...

Page 338: ... goes through the process of attaching itself to the GPRS UMTS network 2 The MS sends an Activate PDP Context Request message that is received by an SGSN The message contains information about the subscriber such as the Network layer Service Access Point Identifier NSAPI PDP Type PDP Address Access Point Name APN Quality of Service QoS requested and PDP configuration options ...

Page 339: ...P address to the MS and completes the PPP negotiation process More information about IP addressing for PDP contexts is located in the PDP Context Processing and Dynamic IP Address Assignment sections of this chapter Once the PPP negotiation process is complete the MS can send and receive data 10 The MS can terminate the data session at any time To terminate the session the MS sends a Deactivate PD...

Page 340: ...DP Context Request message that is received by an SGSN The message contains information about the subscriber such as the Network layer Service Access Point Identifier NSAPI PDP Type PDP Address Access Point Name APN Quality of Service QoS requested and PDP configuration options 3 The SGSN authenticates the request message and sends a Create PDP Context Request message to a GGSN using the GPRS Tunn...

Page 341: ...nnel facilitated by the GGSN 9 The MS can terminate the data session at any time To terminate the session the MS sends a Deactivate PDP Context Request message that is received by the SGSN 10 The SGSN sends a Delete PDP Context Request message to the GGSN facilitating the data session The message includes the information elements necessary to identify the PDP context 11 The GGSN removes the PDP co...

Page 342: ...ion MS goes through the process of attaching itself to the GPRS UMTS network 2 The MS sends an Activate PDP Context Request message that is received by an SGSN The message contains information about the subscriber such as the Network layer Service Access Point Identifier NSAPI PDP Type PDP Address Access Point Name APN Quality of Service QoS requested and PDP configuration options ...

Page 343: ...e MS 6 The MS sends IP packets which are received by the GGSN 7 The GGSN encapsulates the IP packets from the MS using IP in IP and tunnels them to the subscriber s corporate network All data sent and received by the MS over the IP in IP tunnel facilitated by the GGSN 8 The MS can terminate the data session at any time To terminate the session the MS sends a Deactivate PDP Context Request message ...

Page 344: ...GGSN Support in GPRS UMTS Wireless Data Services How GGSN Works Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 95 Mobile IP Call Flow ...

Page 345: ...SN determines if it can facilitate the session in terms of memory or CPU resources configuration etc and creates a new entry in its PDP context list and provides a Charging ID for the session From the APN specified in the message the GGSN determines how to handle the PDP context including whether or not Mobile IP should be used If authentication is required the GGSN attempts to authenticate the su...

Page 346: ...sends a Registration Request message to the GGSN FA with a requested lifetime of 0 18 The FA component forwards the request to the HA 19 The HA sends a Registration Reply to the FA accepting the request 20 The GGSN FA forwards the response to the MN 21 The MS sends a Deactivate PDP Context Request message that is received by the SGSN 22 The SGSN sends a Delete PDP Context Request message to the GG...

Page 347: ...s Data Services How GGSN Works Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 96 HA Assigned IP Address Proxy Mobile IP Call Flow 1 The Mobile Station MS goes through the process of attaching itself to the GPRS UMTS network ...

Page 348: ...specified in the message the GGSN determines whether or not the subscriber is to be authenticated if Proxy Mobile IP is to be supported for the subscriber and if so the IP address of the HA to contact Note that Proxy Mobile IP support can also be determined by attributes in the user s profile Attributes in the user s profile supersede APN settings If authentication is required the GGSN attempts to...

Page 349: ...P context from memory and the FA sends a Proxy Mobile IP Deregistration Request message to the HA 17 The GGSN returns a Delete PDP Context Response message to the SGSN 18 The HA replies to the FA with a Proxy Mobile IP Deregistration Request Response 19 The HA sends a RADIUS Accounting Stop request to the AAA server which the AAA server responds to 20 The SGSN returns a Deactivate PDP Context Acce...

Page 350: ...SP the MS must obtain an IPv6 global or site local unicast address 2 After the GGSN sends a create PDP context response message to the SGSN it starts sending router advertisements periodically on the new MS GGSN link established by the PDP context 3 When creating a global or site local unicast address the MS may use the interface identifier received during the PDP context activation or it generate...

Page 351: ...oject Technical Specification Group Services and System Aspects Multimedia Broadcast Multicast Service MBMS Architecture and functional description Release 7 3GPP TS 24 008 v7 11 0 2001 06 Mobile radio interface layer 3 specification Core Network Protocols Stage 3 Release 1999 as an additional reference for GPRS UMTS procedures 3GPP TS 29 060 v7 9 0 2008 09 3rd Generation Partnership Project Techn...

Page 352: ...ions Release 7 3GPP TS 32 403 V7 1 0 Technical Specification Performance measurements UMTS and combined UMTS GSM 3GPP TS 33 106 V7 0 1 2001 06 3rd Generation Partnership Project Technical Specification Group Services and System Aspects 3G security Lawful Interception requirements Release 7 3GPP TS 33 107 V7 7 0 2007 09 3rd Generation Partnership Project Technical Specification Group Services and S...

Page 353: ... 2 of the Simple Network Management Protocol SNMPv2 January 1996 RFC 1906 Transport Mappings for Version 2 of the Simple Network Management Protocol SNMPv2 January 1996 RFC 1907 Management Information Base for Version 2 of the Simple Network Management Protocol SNMPv2 January 1996 RFC 1908 Coexistence between Version 1 and Version 2 of the Internet standard Network Management Framework January 199...

Page 354: ... for the Simple Network Management Protocol SNMP April 1999 RFC 2573 SNMP Applications April 1999 RFC 2574 User based Security Model USM for version 3 of the Simple Network Management Protocol SNMPv3 April 1999 RFC 2597 Assured Forwarding PHB Group June 1999 RFC 2598 Expedited Forwarding PHB June 1999 RFC 2618 RADIUS Authentication Client MIB June 1999 RFC 2620 RADIUS Accounting Client MIB June 19...

Page 355: ...ation Partnership Project 3GPP Standards September 2002 RFC 3316 Internet Protocol Version 6 IPv6 for Some Second and Third Generation Cellular Hosts April 2003 RFC 3706 A Traffic Based Method of Detecting Dead Internet Key Exchange IKE Peers February 2004 RFC 3543 Registration Revocation in Mobile IPv4 August 2003 RFC 3588 Diameter Base Protocol September 2003 RFC 4006 Diameter Credit Control App...

Page 356: ......

Page 357: ...h using the Mobile IP MIP standard Such transactions are performed through the use of virtual private networks that create MIP tunnels between the HA and FA When functioning as an HA the system can either be located within the carrier s 3G network or in an external enterprise or ISP network Regardless the FA terminates the mobile subscriber s PPP session and then routes data to and from the approp...

Page 358: ...hassis slots directly behind the SMCs SPIOs provide connectivity for local and remote management Central Office CO alarms Up to two SPIOs can be installed one active one redundant Ethernet 10 100 and or Ethernet 1000 Quad Ethernet 1000 Line Cards Installed directly behind processing cards these cards provide the RP AAA PDN and Pi interfaces to elements in the data network Up to 26 line cards shoul...

Page 359: ... Overview Product Specifications Cisco ASR 5000 Series Product Overview OL 22938 02 Operating System Requirements The HA is available for all Cisco ASR 5000 platforms running StarOS Release 10 0 or later ...

Page 360: ... II March 1991 RFC 1215 A Convention for Defining Traps for use with the SNMP March 1991 RFC 1224 Techniques for Managing Asynchronously Generated Alerts May 1991 RFC 1256 ICMP Router Discovery Messages September 1991 RFC 1305 Network Time Protocol Version 3 Specification Implementation and Analysis March 1992 RFC 1332 The PPP Internet Protocol Control Protocol IPCP May 1992 RFC 1398 Definitions o...

Page 361: ...on within IP October 1996 RFC 2005 Applicability Statement for IP Mobility Support October 1996 RFC 2118 Microsoft Point to Point Compression MPPC Protocol March 1997 RFC 2136 Dynamic Updates in the Domain Name System DNS UPDATE RFC 2211 Specification of the Controlled Load Network Element Service RFC 2246 The Transport Layer Security TLS Protocol Version 1 0 January 1999 RFC 2290 Mobile IPv4 Conf...

Page 362: ...6 RADIUS Accounting June 2000 RFC 2867 RADIUS Accounting Modifications for Tunnel Protocol Support June 2000 RFC 2868 RADIUS Attributes for Tunnel Protocol Support June 2000 RFC 2869 RADIUS Extensions June 2000 RFC 3007 Secure Domain Name System DNS Dynamic Update November 2000 RFC 3012 Mobile IPv4 Challenge Response Extensions November 2000 RFC 3095 Robust Header Compression ROHC Framework and fo...

Page 363: ...0 Series Product Overview OL 22938 02 RFC 4005 Diameter Network Access Server Application August 2005 RFC 4006 Diameter Credit Control Application August 2005 Draft Generalized Key Distribution Extensions for Mobile IP Draft AAA Keys for Mobile IP ...

Page 364: ...PDSN FA are separate systems Figure 98 PDSN FA and HA Network Deployment Configuration Example The HA allows mobile nodes to be reached or served by their home network through its home address even when the mobile node is not attached to its home network The HA performs this function through interaction with an FA that the mobile node is communicating with using the Mobile IP protocol Such transac...

Page 365: ...t line cards While most carriers will configure separate AAA interfaces to allow for out of band RADIUS messaging for system administrative users and other operations personnel it is possible to use a single AAA interface hosted on the Ethernet line cards to support a single RADIUS server that supports both management users and network users Important Subscriber AAA interfaces should always be con...

Page 366: ...ling by itself is a technology that enables one network to send its data via another network s connections Tunneling works by encapsulating a network protocol within a packet carried by the second network Tunneling is also called encapsulation Service providers typically use tunneling for two purposes first to transport otherwise un routable packets across the IP network and second to provide data...

Page 367: ... also known as IP Protocol 47 Important The chassis simultaneously supports GRE protocols with key in accordance with RFC 1701 RFC 2784 and Legacy GRE protocols without key in accordance to RFC 2002 Another advantage of GRE tunneling over IP in IP tunneling is that GRE tunneling can be used even when conflicting addresses are in use across multiple contexts for the tunneled data Communications bet...

Page 368: ... care of address by forward tunneling In this case the MN sends packets to the FA which are transported using conventional IP routing methods A key advantage of triangular routing is that reverse tunneling is not required eliminating the need to encapsulate and de capsulate packets a second time during a Mobile IP session since only a forward tunnel exists between the HA and PDSN FA A disadvantage...

Page 369: ...re 100 Mobile IP FA and HA Tunneling Transport Methods How Mobile IP Works As described earlier Mobile IP uses three basic communications protocols PPP IP and Tunneled IP in the form of IP in IP or GRE tunnels The following figure depicts where each of these protocols are used in a basic Mobile IP call ...

Page 370: ... IP in IP or GRE tunneling Communication between the HA and End Host can be achieved using the Internet or a private IP network and can use any IP protocol The following figure provides a high level view of the steps required to make a Mobile IP call that is initiated by the MN to a HA The following table explains each step in detail Users should keep in mind that steps in the call flow related to...

Page 371: ...HA Overview Network Deployment Configurations Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 102 Mobile IP Call Flow ...

Page 372: ...server to authenticate the MN subscriber 13 The home AAA server returns an Access Accept message to the HA 14 Upon receiving response from home AAA the HA sends a reply to the PDSN FA establishing a forward tunnel Note that the reply includes a Home Address an IP address for the MN 15 The PDSN FA sends an Accounting Start message to the visitor AAA server The visitor AAA server proxies messages to...

Page 373: ...isitor network performs as a Foreign Agent FA establishing a virtual session with the MN s HA Each time the MN registers with a different PDSN FA the FA assigns the MN a care of address Packets are then encapsulated into IP tunnels and transported between FA HA and the MN Session Continuity Support for 3GPP2 and WiMAX Handoffs HA provides this feature for seamless session mobility for WiMAX subscr...

Page 374: ......

Page 375: ...lved High Rate Packet Data eHRPD wireless data networks This overview provides general information about the HSGW including eHRPD Network Summary Product Description Product Specifications Network Deployment s Features and Functionality Base Software Features and Functionality External Application Support Features and Functionality Optional Enhanced Feature Software Call Session Procedure Flows Su...

Page 376: ...llowing the network to perform mobility management instead of the mobile node This form of mobility is known as Proxy Mobile IPv6 PMIPv6 The eHRPD network s main function is to provide interworking of the mobile node with the Evolved Packet System EPS The EPS is a 3GPP Enhanced UMTS Terrestrial Radio Access Network Evolved Packet Core E UTRAN EPC The E UTRAN EPC is the core data network of the 4G ...

Page 377: ...n entity in the radio access network that manages the relay of packets between the eAN and the HSGW The ePCF supports operations for the EPS eHRPD RAN in addition to legacy packet control functions The ePCF supports the following Main service connection over SO59 Uses PDN MUX and allows multiplexing data belonging to multiple PDNs Signaling over Main A10 LCP messages for PPP link establishment EAP...

Page 378: ...S1 MME connection to MME Basic functions supported include Radio resource management radio bearer control and scheduling IP header compression and encryption of user data stream Selection of MME at UE attachment if not determined by information sent from the UE Scheduling and transmission of paging messages originated from the MME Scheduling and transmission of broadcast information originated fro...

Page 379: ...CM IDLE mode downlink packet buffering and initiation of network triggered service request procedure lawful intercept packet routing and forwarding transport level packet marking in the uplink and the downlink e g setting the DiffServ Code Point Accounting Handling of Router Solicitation and Router Advertisement messages if PMIP based S5 and S8 are used MAG for PMIP based S5 and S8 PDN Gateway P G...

Page 380: ...HRPD Serving Gateway Overview eHRPD Network Summary Cisco ASR 5000 Series Product Overview OL 22938 02 DHCPv4 and DHCPv6 functions client relay and server LMA for PMIP6 ...

Page 381: ... and QCI Downlink bearer binding based on policy information Uplink bearer binding verification with packet dropping of UL traffic that does not comply with established uplink policy MAG functions for S2a mobility i e Network based mobility based on PMIPv6 Support for IPv4 and IPv6 address assignment EAP Authenticator function Policy enforcement functions defined for the Gxa interface Robust Heade...

Page 382: ...02 Figure 103 eHRPD Basic Network Topology Internet Enterprise eAN ePCF A10 A11 SGi eHRPD S2a Gxa STa S GW S1 U S5 S8 S11 Gx Gxc S1 MME eNodeB S6a MME PCRF 3GPP AAA S6b SWx HSS OFCS Rf Rf S101 S103 P GW OCS Gy HSGW Basic Features Authentication The HSGW supports the following authentication features ...

Page 383: ...DNs IPv4 IPv6 or IPv4v6 IPv6 addressing Interface Identifier assigned during initial attach and used by UE to generate it s link local address HSGW sends the assigned 64 bit prefix in RA to the UE Configure the 128 bits IPv6 address using IPv6 SLAAC RFC 4862 Optional IPv6 parameter configuration via stateless DHCPv6 Not supported IPv4 address IPv4 address allocation during attach Deferred address ...

Page 384: ...upports the following AAA policy and charging features EAP Authentication STa Rf Diameter Accounting AAA Server Groups Dynamic Policy and Charging Gxa Reference Interface Intelligent Traffic Control For more information on policy and charging features refer to the Network Access and Charging Management Features section in this overview ...

Page 385: ...e HSGW services Platforms The HSGW service operates on the ASR 5000 platform Components The following application and line cards are required to support HSGW functionality on an ASR 5000 System Management Cards SMCs Provides full system control and management of all cards within the chassis Up to two SMCs can be installed one active one redundant Packet Services Cards PSCs The PSCs provide high sp...

Page 386: ...other network elements Redundancy Crossbar Cards RCCs Installed in the lower rear chassis slots directly behind the SPCs SMCs RCCs utilize 5 Gbps serial links to ensure connectivity between Ethernet 10 100 or Ethernet 1000 line cards and every PSC in the system for redundancy Two RCCs can be installed to provide redundancy for all line cards and PSCs Important Additional information pertaining to ...

Page 387: ...D network HRPD Serving Gateway in an eHRPD Network The following figure displays a simplified network view of the HSGW in an eHRPD network and how it interconnects with a 3GPP Evolved UTRAN Evolved Packet Core network The interfaces shown in the following graphic are standards based and are presented for informational purposes only For information on interfaces supported by Cisco Systems HSGW refe...

Page 388: ...TRAN EPC S GW S1 U S5 S8 S11 Gx Gxc S1 MME eNodeB S6a MME PCRF 3GPP AAA S6b SWx HSS Signaling Interface Bearer Interface OFCS Rf Rf S101 S103 P GW OCS Gy HSGW Supported Logical Network Interfaces Reference Points The HSGW supports many of the standards based logical network interfaces or reference points The graphic below and following text define the supported interfaces Basic protocol stacks are...

Page 389: ...erface exists between the Evolved Access Network Evolved Packet Control Function eAN ePCF and the HSGW and implements the A10 signaling and A11 bearer protocols defined in 3GPP2 specifications eAN ePCF A10 A11 HSGW L1 L2 A10 L1 L2 A10 S2a Interface This reference point supports the bearer interface by providing signaling and mobility support between a trusted non 3GPP access point HSGW and the PDN...

Page 390: ...6 IPv4 IPv6 Transport L1 L2 IPv4 IPv6 IPv4 IPv6 Transport UDP UDP GRE STa Interface This signaling interface supports Diameter transactions between a 3GPP2 AAA proxy and a 3GPP AAA server This interface is used for UE authentication and authorization Supported protocols Transport Layer TCP SCTP Network Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet HSGW STa 3GPP AAA L1 L2 Diameter IPv...

Page 391: ...ace This signalling interface supports the transfer of policy control information QoS between the HSGW BBERF and a PCRF Supported protocols Transport Layer TCP SCTP Network Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet HSGW Gxa PCRF L1 L2 Diameter IPv4 IPv6 L1 L2 IPv4 IPv6 TCP SCTP TCP SCTP Diameter ...

Page 392: ...mized Inter HSGW Session Handover Proxy Mobile IPv6 S2a Provides a mobility management protocol to enable a single LTE EPC core network to provide the call anchor point for user sessions as the subscriber roams between native EUTRAN and non native e HRPD access networks S2a represents the trusted non 3GPP interface between the LTE EPC core network and the evolved HRPD network anchored on the HSGW ...

Page 393: ...ed with mobile node for whatever reason Session renegotiation Administrative clearing of calls Session Manager software task outage resulting in the loss of HSGW sessions sessions that could not be recovered Important Registration Revocation functionality is also supported for Proxy Mobile IP However only the P GW can initiate the revocation for Proxy MIP calls For more information on MIP registra...

Page 394: ...er to the Session Recovery chapter in the System Enhanced Feature Configuration Guide Non Optimized Inter HSGW Session Handover Enables non optimized roaming between two eHRPD access networks that lack a relationship of trust and when there are no SLAs in place for low latency hand offs Inter HSGW hand overs without context transfers are designed for cases in which the user roams between two eHRPD...

Page 395: ...iated and UE initiated dedicated bearer establishment In the StarOS 9 0 release the HSGW will support only UE initiated bearer creation with negotiated QoS and flow mapping procedures After the initial establishment of the e HRPD radio connection the UE AT uses the A11 signaling to establish the default PDN connection with the HSGW As in the existing EV DO Rev A network the UE uses RSVP setup proc...

Page 396: ...he UE and back end 3GPP AAA server On successful verification of user credentials the 3GPP AAA server obtains the Cipher Key and Integrity Key from the HSS It uses these keys to derive the Master Session Keys MSK that are returned on EAP Success to the HSGW The HSGW uses the MSK to derive the Pair wise Mobility Keys PMK that are returned in the Main A10 connection to the e PCF The RAN uses these k...

Page 397: ... customers Enables each corporate customer to maintain its own AAA servers with its own unique configurable parameters and custom dictionaries This feature provides support for up to 800 AAA server groups and 800 NAS IP addresses that can be provisioned within a single context or across the entire chassis A total of 128 servers can be assigned to an individual server group Up to 1 600 accounting a...

Page 398: ...map and policy group commands Currently ITC does not include an external policy server interface ITC provides per subscriber per flow traffic policing to control bandwidth and session quotas Flow based traffic policing enables the configuring and enforcing bandwidth limitations on individual subscribers which can be enforced on a per flow basis on the downlink and the uplink directions Flow based ...

Page 399: ...e MAG runs a single node level Proxy Mobile IPv6 tunnel for all user sessions toward the LMA function of the PDN GW When a user wants to establish multiple PDN connections the MAG brings up the multiple PDN connections over the same PMIPv6 session to one or more PDN GW LMA s The PDN GW in turn allocates separate IP addresses Home Network Prefixes for each PDN connection and each one can run one or...

Page 400: ...gh CPU or memory utilization and are quickly resolved However continuous or large numbers of these conditions within a specific time interval may have an impact the system s ability to service subscriber sessions Congestion control helps identify such conditions and invokes policies for addressing the situation Congestion control operation is based on configuring the following Congestion Condition...

Page 401: ...e Configuration Guide System Management Features This section describes following features Management System Bulk Statistics Support Threshold Crossing Alerts TCA Support ANSI T1 276 Compliance Management System The system s management capabilities are designed around the Telecommunications Management Network TMN model for management focusing on providing superior quality network element NE and el...

Page 402: ...interfaces on the SPIO Client Server model supports any browser i e Microsoft Internet Explorer v5 0 and above or Netscape v4 7 or above and others Supports Common Object Request Broker Architecture CORBA protocol and Simple Network Management Protocol version 1 SNMPv1 for fault management Provides complete Fault Configuration Accounting Performance and Security FCAPS capabilities Can be easily in...

Page 403: ...ormation on command line interface based management refer to the Command Line Interface Reference and P GW Administration Guide Bulk Statistics Support The system s support for bulk statistics allows operators to choose to view not only statistics that are of importance to them but also to configure the format in which it is presented This simplifies the post processing of statistical data since i...

Page 404: ...tistics Server component of the Web Element Manager parses collected statistics and stores the information in the PostgreSQL database If XML file generation and transfer is required this element generates the XML output and can send it to a Northbound NMS or an alternate bulk statistics server for further processing Additionally if archiving of the collected statistics is desired the Bulk Statisti...

Page 405: ... Alarm models Alarm System High threshold alarms generated within the specified polling interval are considered outstanding until a the condition no longer exists or a condition clear alarm is generated Outstanding alarms are reported to the system s alarm subsystem and are viewable through the Alarm Management menu in the Web Element Manager The Alarm System is used only in conjunction with the A...

Page 406: ...CAPS management for the ASR 5000 The Web Element Manager is a Common Object Request Broker Architecture CORBA based application that provides complete fault configuration accounting performance and security FCAPS management capability for the system For maximum flexibility and scalability the Web Element Manager application implements a client server architecture This architecture allows remote cl...

Page 407: ...22938 02 Figure 107 Web Element Manager Network Interfaces License Keys A license key is required in order to use the Web Element Manager application Please contact your local Sales or Support representative for more information Important For more information on WEM support refer to the WEM Installation and Administration Guide ...

Page 408: ...Pv6 datagrams using the RTP profile over S067 auxiliary A10 connections The e HRPD application uses pre established SO67 A10 connections for VoIP bearers A header compression context is allocated for the first time when a new SO67 A10 connection request comes with negotiated ROHC parameters In order to optimize memory allocation and system performance the HSGW uses configured inactivity time of tr...

Page 409: ...uffer excesses to be delivered at a later time Traffic Policing Traffic policing enables the configuring and enforcing of bandwidth limitations on individual subscribers and or APNs of a particular traffic class in 3GPP 3GPP2 service Bandwidth enforcement is configured and enforced independently on the downlink and the uplink directions A Token Bucket Algorithm a modified trTCM RFC2698 is used to ...

Page 410: ...ices IP Security IPSec is a suite of protocols that interact with one another to provide secure private communications across IP networks These protocols allow the system to establish and maintain secure tunnels with peer security gateways For IPv4 IKEv1 is used and for IPv6 IKEv2 is supported IPSec can be implemented on the system for the following applications PDN Access Subscriber IP traffic is...

Page 411: ...ocedure flows for different stages of session setup The following topics and procedure flows are included Initial Attach with IPv6IPv4 Access PMIPv6 Lifetime Extension without Handover PDN Connection Release Initiated by UE PDN Connection Release Initiated by HSGW PDN Connection Release Initiated by P GW Initial Attach with IPv6 IPv4 Access This section describes the procedure of initial attach an...

Page 412: ... Attach with IPv6 IPv4 Access Call Flow eAN ePCF HSGW MAG Session Setup P GW LMA 3GPP AAA UE LCP PPP EAP IMSI NAI EAP IMSI NAI A11 RRP A11 SUP A11 SUA PPP VSNPC Conf Req PBU PBA PPP VSNPC Conf Ack PPP VSNPC Conf Req PDNID PPP VSNPC Conf Ack PDNID RA prefix assigned HNP A11 RRQ IMSI RS 1 2a 2b 3a 3b 3c 4a 4b 5a 5b 5c 5d 5e 5f 6 7 ...

Page 413: ... the eAN PCF 4b The eAN PCF responds with an A11 Session Update Acknowledgement SUA 5a The UE initiates a PDN connection by sending a PPP VSNCP Conf Req message to the HSGW The message includes the PDNID of the PDN APN PDN Type IPv6 IPv4 PDSN Address and optionally PCO options the UE is expecting from the network 5b The HSGW sends a PBU to the P GW 5c The P GW processes the PBU from the HSGW assig...

Page 414: ...nection with the P GW where PDNID x and an APN with assigned HNP 2 The HSGW MAG service registration lifetime nears expiration and triggers a renewal request for the LMA 3 The MAG service sends a Proxy Binding Update PBU to the P GW LMA service with the following attributes Lifetime MNID APN ATT HRPD HNP 4 The P GW LMA service updates the Binding Cache Entry BCE with the new granted lifetime 5 The...

Page 415: ...VSNCP Term Req with PDNID x 3 The HSGW starts disconnecting the PDN connection and sends a PPP VSNCP Term Ack to the UE also with PDNID x 4 The HSGW begins the tear down of the PMIP session by sending a PBU Deregistration to the P GW with the following attributes Lifetime 0 MNID APN ATT HRPD HNP The PBU Deregistration message should contain all the mobility options that were present in the initial...

Page 416: ...Flow eAN ePCF HSGW MAG P GW LMA UE PPP VSNCP Term Req Attached 1 PPP VSNCP Term Ack 4 PBU 5 PBA 6 RA PMIPv6 Tunnel MAG Release Trigger 3 7 2 Table 61 PDN Connection Release by the HSGW Call Flow Description Step Description 1 The UE is attached to the EPC and has a PDN connection with the P GW for PDN ID x and APN with assigned HNP 2 The HSGW MAG service triggers a disconnect of the PDN connection...

Page 417: ...ifetime 0 MNID APN HNP The PBU Deregistration message should contain all the mobility options that were present in the initial PBU that created the binding 6 The P GW looks up the BCE based on the HNP deletes the binding and responds to the HSGW with a Deregistration PBA with the same attributes Lifetime 0 MNID APN ATT HRPD HNP 7 The HSGW optionally sends a Router Advertisement RA with assigned HN...

Page 418: ...and has a PDN connection with the P GW for PDN ID x and APN with assigned HNP 2 A PGW trigger causes a disconnect of the PDN connection for PDNID x and the PGW sends a Binding Revocation Indication BRI message to the HSGW with the following attributes MNID APN HNP 3 The HSGW responds to the BRI message with a Binding Revocation Acknowledgement BRA message with the sane attributes MNID APN HNP 4 Th...

Page 419: ...ing Gateway Overview Call Session Procedure Flows Cisco ASR 5000 Series Product Overview OL 22938 02 Step Description 7 The HSGW optionally sends a Router Advertisement RA with assigned HNP and prefix lifetime 0 ...

Page 420: ...g Interface 3GPP2 References X P0057 0 v0 11 0 E UTRAN eHRPD Connectivity and Interworking Core Network Aspects X S0057 0 v1 0 E UTRAN eHRPD Connectivity and Interworking Core Network Aspects A S0008 C v1 0 Interoperability Specification IOS for High Rate Packet Data HRPD Radio Access Network Interfaces with Session Control in the Access Network August 2007 HRPD IOS A S0009 C v1 0 Interoperability...

Page 421: ...ember 2007 Mobile IPv6 Vendor Specific Option RFC 5213 August 2008 Proxy Mobile IPv6 Internet Draft draft ietf netlmm pmip6 ipv4 support 09 txt IPv4 Support for Proxy Mobile IPv6 Internet Draft draft ietf netlmm grekey option 06 txt GRE Key Option for Proxy Mobile IPv6 Internet Draft draft meghana netlmm pmipv6 mipv4 00 Proxy Mobile IPv6 and Mobile IPv4 interworking Internet Draft draft ietf mip6 ...

Page 422: ......

Page 423: ...erview OL 22938 02 Chapter 13 IP Services Gateway Overview This chapter provides an overview of the IP Services Gateway IPSG This chapter covers the following topics Introduction Service Modes In line Services Enhanced Feature Support ...

Page 424: ...ervice capable GGSNs PDSNs HAs and other subscriber management devices The IPSG can provide per subscriber services such as enhanced charging stateful firewall traffic performance optimization and others The IPSG allows the carrier to roll out advanced services without requiring a replacement of the HA PDSN GGSN or other access gateways and eliminates the need to add multiple servers to support ad...

Page 425: ...RADIUS accounting response message back to the access gateway The IPSG has three reference points sn si and sr The sn interface transmits receives data packets to from the access gateway GGSN HA PDSN etc The si interface transmits receives data packets to from the Internet or a packet data network The sr interface receives RADIUS accounting requests from the access gateway The system inspects the ...

Page 426: ...pects RADIUS accounting request packets sent to a RADIUS server through the IPSG As shown in the following figure the IPSG has three reference points sn si and sr The sn interface transmits receives data packets to from the access gateway GGSN HA PDSN etc The si interface transmits receives data packets to from the Internet or a packet data network The sr interface receives RADIUS accounting reque...

Page 427: ...ce Modes Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 115 IPSG Message Data Flow RADIUS Snoop Mode Mobile Station RADIUS Server Access Gateway GGSN PDSN HA IPSG Acct Req sr sn si IP Data IP Data Acct Resp Acct Req Internet ...

Page 428: ... enhanced services For more information refer to the Enhanced Charging Service Administration Guide Content Filtering Content Filtering is an in line service feature that filters HTTP and WAP requests from mobile subscribers based on the URLs in the requests This enables operators to filter and control the content that an individual subscriber can access so that subscribers are inadvertently not e...

Page 429: ...ber To facilitate this the IPSG supports the R7 Gx interface to a Policy Control and Charging Rule Function PCRF For detailed information on the Gx Interface support refer to the Gx Interface Support chapter of the System Enhanced Feature Configuration Guide Note the following for IPSG Only single bearer session concept is supported Multiple bearer concept is not applicable Only PCRF binding is ap...

Page 430: ...ill be routed on to the destination address If subscriber policy entitlements indicate filtering is required for a subscriber CSS will be used to steer subscriber sessions to the Content Filtering in line service If a subscriber is using a mobile application with protocol type not supported their session will bypass the Content Filtering Service and will be efficiently routed on to destination add...

Page 431: ...scusses the features and functions of Packet Data Interworking Function PDIF software It includes the following topics Product Description Product Specifications Interfaces Sample Deployments Features and Functionality Base Software Features and Functionality Licensed Enhanced Feature Support Supported Standards and RFCs ...

Page 432: ...omain local default subscriber or the corresponding Diameter AVP or RADIUS Access Accept If this is not present establishing a simple IP session is permitted Proxy MIP is documented in the System Enhanced Features Configuration Guide Although not required for Proxy MIP this manual documents Proxy MIP with a custom designed feature called multiple authentication Multi Auth Instead of the more usual...

Page 433: ...Input Outputs SPIOs Installed in the upper rear chassis slots directly behind the SMCs SPIOs provide connectivity for local and remote management Up to 2 SPIOs can be installed one active one redundant Line Cards Installed directly behind the PSCs these cards provide the physical interfaces from the PDIF to various elements in the network Up to 26 line cards can be installed for a fully loaded sys...

Page 434: ... Power Filter Unit PFU 2 2 2 Upper Fan Tray Assembly 1 1 1 Lower Fan Tray Assembly 1 1 1 Line Cards Fast Ethernet 10 100 Line Card FELC 1 2 28 Gigabit Ethernet Line Card GELC 1 2 28 Quad Gigabit Ethernet Line Card QGLC 1 2 28 For full descriptions and for more information on installing populating and maintaining the ASR 5000 and its hardware refer to the Hardware Installation and Administration Gu...

Page 435: ...new IP header is created ahead of the AH and or ESP IPSec headers The original IP header is left intact 2 The Diameter interface In a mobile IP network the IMS Sh interface is used for MAC address validation with the HSS as well as HSS subscriber profile updates In a Proxy MIP network using multiple authentication the HSS server is used to authenticate the device during Stage 1 authentication usin...

Page 436: ...4 The home agent interface This interface is used for Proxy mobile IP and mobile IP subscribers All mobile station packets are tunneled to the HA through this interface This interface is not used for simple IP subscribers 5 The simple IP interface This interface provides internet access for simple IP users ...

Page 437: ...ure below the PDIF FA supports the Fixed Mobile Convergence FMC application which employs a Dual Mode Handset DMH to provide a VoIP solution over an IP based WiFi broadband network The DMH can access the traditional CDMA voice and data networks over the Radio Access Network RAN Over the RAN the DMH implements circuit switched voice and standard mobile IP MIP data over EVDO Rev A using the services...

Page 438: ... PDIF FA to the HA through the second IPSec tunnel In this scenario the PDIF FA forwards all the packets between the DMH and the HA From there voice packets are delivered to the Session Initiation Protocol SIP infrastructure while data is delivered to the Internet or other appropriate destinations Mobile IP Native Simple IP Call Minimum Requirements The following provides the minimum requirements ...

Page 439: ...duct Overview OL 22938 02 Figure 119 Mobile IP Session Setup over IPSec Table 64 Mobile IP over IPSec Call Flow Description Step Description 1 After the MS learns the IP address of the PDIF the MS and the PDIF FA exchange IKE_SA_INIT messages to negotiate an acceptable cryptographic suite ...

Page 440: ... received from the H AAA 8 The MS verifies the authentication parameters in the EAP Request AKA Challenge message and if the verification is successful it responds to the challenge with an IKE_AUTH Request message to the PDIF FA The main payload of this message is the EAP Response AKA Challenge message 9 The PDIF FA forwards the EAP Response AKA Challenge message to the H AAA via a RADIUS access r...

Page 441: ...uthenticates the extension 21 The HA assigns the IP address HoA for the MS and sends the RRP back to the PDIF FA 22 The PDIF FA sends the HoA IP address to the MS 23 After the MS obtains the HoA in the RRP the MS sends the CREATE_CHILD_SA message with the Traffic Selector payload for Initiator TSi set to the HoA This IKEv2 exchange creates a new IPSec SA 24 The PDIF FA sends a RADIUS accounting st...

Page 442: ...PSec SA with a TIA is established as shown above Under normal situations the MS successfully finishes mobile IP and establishes a new IPSec tunnel However if mobile IP fails and simple IP fallback mode is enabled the MS can revert to simple IP fallback mode and start using the TIA as the source IP address for all communication Important Simple IP fallback is disabled by default Use the command in ...

Page 443: ...to the PDIF The PDIF sends an authentication request to the AAA server over the RADIUS interface 3 The AAA server authenticates successfully and sends the IP address of the HA 4 The PDIF forwards the RRQ message to the HA 5 The HA denies the request The PDIF forwards the denial code to the MS 6 The session setup timer expires and the PDIF goes into fallback mode The PDIF sends a RADIUS Accounting ...

Page 444: ...P Fallback must be defined in the CLI configuration For example The MS has to request MIP by sending an RRQ message to the PDIF FA If the MS indicated an intent to use mobile IP or was configured with the MIP_Required parameter but failed to send an RRQ message the IPSec session would be disconnected rather than completing a simple IP fallback call On supported networks the PDIF FA only assumes si...

Page 445: ...egistration Revocation CHILD SA Rekey Support Denial of Service DoS Protection Cookie Challenge MAC Address Validation RADIUS Accounting Special RADIUS Attribute Handling IPv6 Support IPv6 Neighbor Discovery IPv6 Static Routing Port Switch On L3 Fail for IPv6 IKEv2 Keep Alive Dead Peer Detection DPD Congestion Control and Overload Disconnect SCTP Stream Control Transmission Protocol Support X 509 ...

Page 446: ...tion request is sent and a Deregistration response is received the PDIF resumes the new session setup by sending a proxy MIP Registration request This setup procedure continues after the PDIF receives a proxy MIP Deregistration response from the HA IMSI based duplicate session detection is supported per source PDIF context The PDIF requires only one source context to be configured per PDIF therefo...

Page 447: ...Rekey Support During Child SA Security Association rekeying there exists momentarily 500ms or less two Child SAs This is to make sure that transient packets for the old Child SA are still processed and not dropped PDIF initiated rekeying is disabled by default This is the recommended setting although rekeying can be enabled through the Crypto Configuration Payload mode commands By default rekey re...

Page 448: ...e Step Description 1 The MS places a call to the WiFi AP 2 The WiFi AP returns the IP address of the PDIF 3 The MS sends an IKE_SA_INIT request message 4 The PDIF sends the Notify cookie payload to the MS to request retransmission of the IKE_SA_INIT request message to include the Notify cookie payload in the message 5 Upon receipt of the retransmitted message the PDIF verifies the cookie payload a...

Page 449: ...starts EAP authentication through IKEv2 AUTH procedures If configured to do so the PDIF removes the MAC address from the NAI when sending authentication requests to external RADIUS servers If the embedded MAC address is not removed the authentication check fails because the AAA server cannot accommodate embedded MAC addresses If the MAC address is not in the list the MAC address authorization fail...

Page 450: ...corresponding access protocols Configurable in the PDIF service NAS Port Type The 3GPP2 X P0028 200 standard requires this value to be set as 5 Virtual Controlled through the RADIUS dictionary Service Type Cisco specifies a Service Type of framed for PDIF messages Controlled through the RADIUS dictionary Framed Protocol There is no attribute value defined for IPSec Cisco specifies a value of PPP f...

Page 451: ...6 interfaces communicate with the Diameter servers PDIF supports the configuration of 32 IPv6 Ethernet interfaces and 32 IPv6 loopback interfaces per context One configured CIDR global or site local IPv6 address per interface Support for auto configuration of link local address based on an assigned MAC address If the MAC address changes the link local addresses are updated accordingly If a virtual...

Page 452: ...n also disable DPD and the PDIF FA does not initiate DPD exchanges with the MS when disabled However the PDIF FA always responds to DPD availability checks initiated by the MS regardless of the PDIF FA idle timer configuration Important For a number of failure scenarios involving Dead Peer Detection refer to the Troubleshooting chapter Congestion Control and Overload Disconnect Congestion control ...

Page 453: ...al certificate is an electronic credit card that establishes one s credentials when doing business or other transactions on the Web Some digital certificates conform to ITU T standard X 509 for a Public Key Infrastructure PKI and Privilege Management Infrastructure PMI X 509 specifies among other things standard formats for public key certificates certificate revocation lists attribute certificate...

Page 454: ...onality Base Software Cisco ASR 5000 Series Product Overview OL 22938 02 Important For more information including full definitions for each of the trigger behaviors see Configuring Crypto Template in Configuration and also see the Command Line Interface Reference ...

Page 455: ...er to the Managing License Keys section of Software Management Operations in the System Administration Guide This section describes the following features PDIF Service Multiple PDIF Services Lawful Intercept Diameter Authentication Failure Handling Online Upgrade Operation Over a Common IPv4 Network Operation Over a Common IPv6 Network Session Recovery Support IPSec IKEv2 Simple IP Fallback Simple...

Page 456: ...t functionalities are configured Max sessions The maximum number of subscriber sessions allowed by this PDIF service PDIF supports a domain template for storing domain related configuration The domain name is taken from the received NAI and searched in the domain template database 3GPP2 serving PCF address This configurable specifies what value in the RADIUS attribute when sending authentication a...

Page 457: ...fied by information such as their Mobile Station Integrated Services Digital Network MSISDN number or their International Mobile Subscriber Identification IMSI number Once the target has been identified the system functioning as either a GGSN or HA serves as an Access Function AF and performs monitoring for both new PDP contexts or PDP contexts that are already in progress While monitoring the sys...

Page 458: ...assis For example upgrading from Release 8 1 to 8 2 is supported Support for a chassis running greater differences in software versions would be qualified by Cisco on an as needed basis Important Refer to the Maintenance chapter in this guide for information on how to perform the upgrade The online upgrade process calls for a spare ASR 5000 to temporarily perform the services currently being provi...

Page 459: ...n egress contexts are usually SRP activated resources The result is that only the currently active chassis enables the SRP activated resources The activate command is Important Ingress and egress contexts could be the same context The SRP context must be a separate context In the network diagram below each ingress context has loopback interface A defined which is SRP activated PDIF service A is bo...

Page 460: ...terface Operation Over a Common IPv4 Network The PDIF supports L2 switching to enable carriers not using dynamic routing between the core nodes to perform an online upgrade In the example below the SRP virtual MAC address is configured for the SRP activated loopback address for the subnet This allows the standby chassis to seamlessly assume the active role in the network after a switchover Attache...

Page 461: ...ck IPv6 addresses are configured as Diameter endpoints The customer can SRP activate these loopback addresses and upon SRP switchover the HSS SLF still sees the same Diameter peer endpoint No new Diameter peer configuration to the HSS SLF is required With SRP switchover operation in effect the PDIF shuts down all the SCTP connections to the HSS SLF Then the former backup PDIF immediately creates n...

Page 462: ...l port in the switch changes due to the switchover operation by G ARP The rest of the ASR 5000 information IP address and MAC address remains the same Diameter Server The MS sees two PDIFs as the same entity However upon switchover the SCTP connection is disconnected and then a new SCTP connection with ASR 5000 is established immediately If an L3 switch exists between the PDIF and Diameter server ...

Page 463: ...ey system level software tasks such as VPN manager are performed on a physically separate Packet Services Card PSC PSC2 to ensure that a double software fault the session manager and the VPN manager fail at same time on same card for example cannot occur The PSC used to host the VPN manager process is in active mode and is reserved by the operating system for this sole use when session recovery is...

Page 464: ...n the subsequent IKEv2 AUTH exchange In this case the MS may only go through the first authentication which is EAP AKA authentication After EAP AKA authentication if proxy mip required is configured for the session either through the domain or the default subscriber or the corresponding Diameter AVP the PDIF will establish a proxy mobile IP session with the HA The assigned IP address is normally d...

Page 465: ...its Allows an MS that does not support mobile IP to have the same roaming benefits of one that does The PDIF communicates with the HA and acts as if the PDIF itself were the handset Proxy mobile IP is configured through the configuration or the corresponding Diameter AVP or RADIUS Access Accept messages If neither are present the PDIF establishes a simple IP session and the PDIF routes the call to...

Page 466: ...ad across multiple contexts or all groups can be configured within a single VPN context A maximum of 320 RADIUS servers is allowed on the chassis When the command is issued this number becomes 800 AAA groups and 1600 RADIUS servers configured within the chassis The PDIF service allows you to specify a different AAA group for each authentication phase A given AAA group supports either Diameter or R...

Page 467: ...A group and thereafter only one protocol either RADIUS or Diameter is used There are cases where the domain template may not be associated with a given NAI In such cases the default AAA groups are used for authentication Since authentication happens in two phases and each using Diameter and RADIUS AAA groups respectively there needs to be two default AAA groups one for Diameter authentication and ...

Page 468: ...yload marked with the critical bit set the PDIF returns UNSUPPORTED_PAYLOAD Otherwise the PDIF ignores it and processes the IKE packet as if the payload was never received This is non standard MS behavior Important The multiple authentication process in a proxy mobile IP network is described in Proxy MIP in the System Enhanced Features Guide Session Recovery The session recovery feature provides r...

Page 469: ...manager on a backup PSC Important For more information refer to the PDIF Session Recovery chapter in the System Enhanced Features Configuration Guide Intelligent Packet Monitoring System IPMS The IPMS provides a control packet capture database and query facility It provides the functions to assist operators to analyze and investigate call related events at a later time Important IPMS is described ...

Page 470: ...on changes made to the existing traffic class configuration will apply to new calls only There is no hard limit to the maximum number of allowed traffic classes but the recommended limit is 50 When incoming traffic from a UE does not match any of the configured traffic selectors the PDIF does not reject the traffic Instead the PDIF keeps a per call counter to record the number of packets that do n...

Page 471: ... Multimedia Domain Sh Interface Based on Diameter Protocol Protocol Details Stage 3 X S0016 000 B v1 0 3GPP2 MMS Specification Overview Multimedia Messaging System Specification X S0016 000 C v1 0 Multimedia Messaging Service Overview X S0028 000 0 v1 0 cdma2000 Packet Data Services Wireless Local Area Network WLAN Interworking List of Parts X S0028 100 0 v1 0 cdma2000 Packet Data Services Wireles...

Page 472: ...e Authentication Protocol Method for 3rd Generation Authentication and Key Agreement RFC 4301 December 2005 Security Architecture for the Internet Protocol RFC 4302 December 2005 IP Authentication Header RFC 4303 December 2005 IP Encapsulating Security Payload ESP RFC 4305 December 2005 Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload ESP and Authentication He...

Page 473: ...tains general overview information about the Packet Data Gateway Tunnel Termination Gateway PDG TTG including Product Description Product Specifications Network Deployment s and Interfaces Features and Functionality Features Not Supported in This Release How the PDG TTG Works Supported Standards ...

Page 474: ...ork enhance in building wireless coverage and make use of existing backhaul infrastructure to reduce the cost of carrying wireless calls The TTG is a network element that enables PDG functionality for existing GGSN deployments The TTG and a subset of existing GGSN functions work together to provide PDG functionality to the subscriber UEs in the WLAN Summary of PDG TTG Features and Functions The TT...

Page 475: ...llowing application and line cards are required to support the PDG TTG on the ASR 5000 System Management Cards SMCs Provides full system control and management of all cards within the ASR 5000 Up to two SMCs can be installed one active one redundant Packet Services Cards PSCs PSC2s Provide high speed multi threaded PDP context processing capabilities for 2 5G and 3G services Up to 14 PSCs PSC2s ca...

Page 476: ...Redundancy Crossbar Cards RCCs Installed in the lower rear chassis slots directly behind the SMCs RCCs utilize 5 Gbps serial links to ensure connectivity between Ethernet 10 100 or Ethernet 1000 line cards and every PSC PSC2 in the system for redundancy Two RCCs can be installed to provide redundancy for all line cards and PSCs PSC2s Important Additional information pertaining to each of the appli...

Page 477: ...e TTG working together with a currently deployed GGSN In this implementation only a subset of the GGSN functionality is used Figure 127 The TTG and GGSN in a PDG Implementation PDG PDN Internet TTG Wm WLAN UE Wu Gn GGSN Subset of GGSN functions 3GPP AAA Gi In the implementation above the TTG terminates a secure IPSec tunnel for each WLAN UE subscriber session established over the Wu reference poin...

Page 478: ...is reference point to retrieve tunneling attributes and UE IP configuration parameters Gn TTG mode only The Gn reference point is located between the TTG and the GGSN To provide PDG functionality in existing GGSN deployments the TTG functions as an SGSN For every IPSec tunnel that is established between the TTG and a WLAN UE the TTG initiates a PDP context and a corresponding GTP tunnel over the G...

Page 479: ...ultiple APN Support for IPSec Access Lawful Intercept IMS Emergency Call Handling IPSec Session Recovery Support Congestion Control Bulk Statistics Threshold Crossing Alerts PDG Service The PDG service provides both PDG and TTG functionality operating in either PDG mode or TTG mode The PDG service enables the UEs in the WLAN to connect with the core network elements via a secure IPSec interface Du...

Page 480: ...er untrusted WLANs with connectivity to the Internet or managed networks In TTG mode the system terminates an IPSec tunnel for each WLAN UE subscriber session established over the Wu reference point The TTG also establishes a corresponding GTP tunnel over the Gn reference point to the GGSN The TTG and a subset of GGSN functions work together to provide PDG functionality to the WLAN UEs In this con...

Page 481: ...dwidth enforcement is configured and enforced independently in the downlink and uplink directions When configured in the Subscriber Configuration Mode of the system s CLI the PDG TTG performs traffic policing However if the GGSN changes the QoS via an Update PDP Context Request the PDG TTG uses the QoS values from the GGSN Per RFC 2698 a Token Bucket Algorithm is used to implement the traffic poli...

Page 482: ...DSCP Marking for IPSec Access The Differentiated Service Code Point DSCP marking feature on the PDG TTG provides support for more granular configuration of DSCP marking The PDG TTG functioning as a TTG can perform DSCP marking of packets sent over the Wu interface in the downlink direction to the WLAN UEs and over the Gn interface in the uplink direction to the GGSN In the PDG Service Configuratio...

Page 483: ... the PDG TTG provides a wide range of configuration options via AAA server groups which allow a number of RADIUS Diameter parameters to be configured in support of the PDG service Currently two types of authentication load balancing methods are supported first server and round robin The first server method sends requests to the highest priority active server A request will be sent to a different s...

Page 484: ...fast re authentication is successful After the successful fast re authentication the PDG TTG assigns the UE with the same IP address The SGTP service running on the PDG TTG identifies the original session and replicates the same session using the same IP address assignment The PDG TTG then deletes the original session SA The AAA server falls back to full authentication in the following scenarios W...

Page 485: ...ntexts the system intercepts CC and IRI for each of them The DF in turn delivers the intercepted content to one or more Collection Functions CFs For more information about the lawful intercept feature see the Lawful Intercept Configuration Guide IMS Emergency Call Handling The PDG TTG supports IMS emergency call handling per 3GPP TS 33 234 This feature is enabled by configuring a special WLAN acce...

Page 486: ...otentially degrade performance when the system is under heavy load Typically these conditions are temporary for example high CPU or memory utilization and are quickly resolved However continuous or large numbers of these conditions within a specific time interval may have an impact on the system s ability to service subscriber sessions Congestion control helps identify such conditions and invokes ...

Page 487: ...r Users can specify the format of the file name file headers and or footers to include information such as the date system host name system uptime the IP address of the system generating the statistics available for only for headers and footers and or the time that the file was generated When the Web Element Manager is used as the receiver it is capable of further processing the statistics data th...

Page 488: ...ches or exceeds the configured high threshold within the specified polling interval The alert is generated then generated and or sent again at the end of the polling interval Thresholding reports conditions using one of the following mechanisms SNMP traps SNMP traps have been created that indicate the condition high threshold crossing and or clear of each of the monitored values Generation of spec...

Page 489: ...rted in This Release Cisco ASR 5000 Series Product Overview OL 22938 02 Features Not Supported in This Release The following features are not supported in this PDG TTG software release Link aggregation IPv6 MPLS NAT Firewall Peer to Peer ...

Page 490: ...PDG TTG Works This section describes the PDG TTG during connection establishment TTG Connection Establishment The figure below shows the message flow during TTG connection establishment The table that follows the figure describes each step in the message flow Figure 128 TTG Connection Establishment ...

Page 491: ...AUTH Response EAP Success 11 IKE_AUTH Request 12 Create PDP Context Request GGSN allocates IP address 13 Create PDP Context Response IP address TTG establishes IPSec SA GTP tunnel and link between them for user traffic 14 IKE_AUTH Response CP IP address DNS addresses etc 15 User data Table 70 TTG Connection Establishment Step Description 1 After receiving the IP address of the TTG from the WiFi ac...

Page 492: ...ions for tunnel setup The TTG starts the session setup timer upon receiving the IKE_AUTH Request from the UE Note that the TTG sends the W APN received in the IDr payload in IKEv2 messages as is to the AAA server This helps the AAA server to look up the authorization database based on the W APN name When sending messages to the HLR or HSS the AAA server maps the W APN name into the real APN config...

Page 493: ...s authorized to establish a tunnel The IKE SA counter for that W APN is incremented If the maximum number of IKE SAs for that W APN is exceeded the AAA server sends an indication to the TTG that established the oldest active IKE SA it could be the same TTG or a different one to delete the oldest established IKE SA The AAA server then updates the counters tracking the active IKE SAs for the W APN a...

Page 494: ...pects Mobility between 3GPP Wireless Local Area Network WLAN interworking and 3GPP systems Release 8 3GPP TS 24 234 V8 3 0 Group Core Network and Terminals 3GPP System to Wireless Local Area Network WLAN interworking WLAN User Equipment WLAN UE to network protocols Stage 3 Release 8 3GPP TS 29 060 V7 9 0 3rd Generation Partnership Project Technical Specification Group Core Network and Terminals Ge...

Page 495: ...s RFC 4186 January 2006 Extensible Authentication Protocol Method for Global System for Mobile Communications GSM Subscriber Identity Modules EAP SIM RFC 4187 January 2006 Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement EAP AKA RFC 4301 December 2005 Security Architecture for the Internet Protocol RFC 4302 December 2005 IP Authentication Header RFC 430...

Page 496: ......

Page 497: ...m Architecture Evolution LTE SAE wireless data networks This overview provides general information about the P GW including eHRPD Network Summary SAE Network Summary Product Description Product Specifications Network Deployment s Features and Functionality Base Software Features and Functionality Inline Service Support Features and Functionality External Application Support Features and Functional...

Page 498: ...ssages to a home agent The primary difference in an evolved HRPD eHRPD network is the use of network mobility via proxy allowing the network to perform mobility management instead of the mobile node This form of mobility is known as Proxy Mobile IPv6 PMIPv6 One of the eHRPD network s functions is to provide interworking of the mobile node with the 3GPP Evolved Packet Core EPC The EPC is a high ban...

Page 499: ...HRPD P GW eHRPD Network Components The eHRPD network is comprised of the following components Evolved Access Network eAN The eAN is a logical entity in the radio access network used for radio communications with an access terminal mobile device The eAN is equivalent to a base station in 1x systems The eAN supports operations for EPS eHRPD RAN in addition to legacy access network capabilities ...

Page 500: ...t EAP messages used for authentication VSNCP messages for establishment of PDNs VSNP for establishment of EPS bearers and QoS mappings RSVP HRPD Serving Gateway HSGW The HSGW is the entity that terminates the HRPD access network interface from the eAN PCF The HSGW functionality provides interworking of the AT with the 3GPP EPS architecture and protocols specified in 23 402 mobility policy control ...

Page 501: ...atency for a variety of radio access technologies SAE defines the packet network supporting the high bandwidth radio network as the Evolved Packet Core EPC The EPC provides mobility between 3GPP GSM UMTS and LTE and non 3GPP radio access technologies including CDMA WiMAX WiFi High Rate Packet Data HRPD evolved HRPD and ETSI defined TISPAN networks The following figure shows the interworking of the...

Page 502: ...5000 Series Product Overview OL 22938 02 Internet S GW eNodeB MME PCRF 3GPP AAA HSS OCS OFCS EPC E UTRAN P GW Non 3GPP SGSN GERAN UTRAN Enterprise ePDG WLAN E UTRAN EPC Network Components The E UTRAN EPC network is comprised of the following components ...

Page 503: ...the MME Scheduling and transmission of broadcast information originated from the MME or OA M Measurement measurement reporting configuration for mobility and scheduling Mobility Management Entity MME The MME is the key control node for the LTE access network The MME provides the following basic functions NAS signalling signalling security UE access in ECM IDLE state including control and execution...

Page 504: ...nk e g setting the DiffServ Code Point Accounting Handling of Router Solicitation and Router Advertisement messages if PMIP based S5 and S8 are used MAG for PMIP based S5 and S8 PDN Gateway P GW For each UE associated with the EPS there is at least one P GW providing access to the requested PDN If a UE is accessing multiple PDNs there may be more than one P GW for that UE The P GW provides the fol...

Page 505: ...g multiple PDNs there may be more than one P GW for that UE The P GW provides connectivity to the UE to external packet data networks by being the point of exit and entry of traffic for the UE A UE may have simultaneous connectivity with more than one P GW for accessing multiple PDNs The P GW performs policy enforcement packet filtering for each user charging support lawful interception and packet...

Page 506: ...A S6b SWx HSS OFCS Rf Rf S101 S103 HSGW OCS Gy P GW Another key role of the P GW is to act as the anchor for mobility between 3GPP and non 3GPP technologies such as WiMAX and 3GPP2 CDMA 1X and EvDO P GW functions include Mobility anchor for mobility between 3GPP access systems and non 3GPP access systems This is sometimes referred to as the SAE Anchor function Policy enforcement gating and rate en...

Page 507: ...k Down link rate enforcement based on Aggregate Maximum Bit Rate AMBR The following are additional P GW functions when supporting non 3GPP access eHRPD P GW includes the function of a Local Mobility Anchor LMA according to draft ietf netlmm proxymip6 if PMIP based S5 or S8 is used The P GW includes the function of a DSMIPv6 Home Agent as described in draft ietf mip6 nemo v4traversal if S2c is used...

Page 508: ...le for this product P GW Software License 10k Sessions 600 00 7642 P GW Software License 1k Sessions 600 00 7649 Hardware Requirements Information in this section describes the hardware required to enable P GW services Platforms The P GW service operates on the following platforms ASR 5000 Chassis Components The following application and line cards are required to support P GW functionality on an ...

Page 509: ...can be installed for a fully loaded system with 13 active PSCs PSC2s 13 in the upper rear slots and 13 in the lower rear slots for redundancy Redundant PSCs do not require line cards Ethernet 10 100 and or Ethernet 1000 line cards for IP connections to other network elements Redundancy Crossbar Cards RCCs Installed in the lower rear chassis slots directly behind the SPCs SMCs RCCs utilize 5 Gbps s...

Page 510: ...n describes the supported interfaces and the deployment scenarios of a PDN Gateway PDN Gateway Supporting eHRPD to E UTRAN EPC Connectivity The following figure displays a simplified network view of the P GW supporting an eHRPD network and how it interconnects with other 3GPP Evolved UTRAN Evolved Packet Core network devices ...

Page 511: ...A11 SGi eHRPD S2a Gxa STa E UTRAN EPC S GW S1 U S5 S8 S11 Gx Gxc S1 MME eNodeB S6a MME PCRF 3GPP AAA S6b SWx HSS Signaling Interface Bearer Interface OFCS Rf Rf S101 S103 HSGW OCS Gy P GW Supported Logical Network Interfaces Reference Points The following figure displays the network interfaces between a PDN Gateway other E UTRAN network devices a packet data network and an HSGW in an eHRPD network...

Page 512: ...face Internet Enterprise S GW S5 S8 SGi Gx eHRPD HSGW S2a PCRF S6b OFCS Rf OCS 3GPP AAA Gy P GW The P GW provides the following logical network interfaces in support of eHRPD to E UTRAN EPC connectivity S5 S8 Interface This reference point provides tunneling and management between the S GW and the P GW The S8 interface is used for roaming scenarios The S5 interface is used for non roaming Supporte...

Page 513: ...rt L1 L2 IPv4 IPv6 IPv4 IPv6 Transport UDP UDP GTP C U S2a Interface This reference point supports the bearer interface by providing signaling and mobility support between a trusted non 3GPP access point HSGW and the PDN Gateway It is based on Proxy Mobile IP but also supports Client Mobile IPv4 FA mode which allows connectivity to trusted non 3GPP IP access points that do not support PMIP Support...

Page 514: ...mobility and to retrieve static QoS profiles for UEs for non 3GPP access in the event that dynamic PCC is not supported Supported protocols Transport Layer TCP SCTP Network Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet P GW S6b AAA L1 L2 Diameter IPv4 IPv6 L1 L2 IPv4 IPv6 TCP SCTP TCP SCTP Diameter SGi Interface This reference point provides connectivity between the P GW and a packet...

Page 515: ...nd charging rules information QoS between the Policy and Charging Enforcement Function PCEF on the P GW and a Policy and Charging Rules Function PCRF server Supported protocols Transport Layer TCP SCTP Network Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet P GW Gx PCRF L1 L2 Diameter IPv4 IPv6 L1 L2 IPv4 IPv6 TCP SCTP TCP SCTP Diameter For more information on the Gx interface refer to...

Page 516: ...Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet P GW Rf OFCS L1 L2 Diameter IPv4 IPv6 L1 L2 IPv4 IPv6 TCP TCP Diameter For more information on Rf accounting refer to the section in the Features and Functionality Base Software section of this guide Gy Interface The Gy reference interface enables online accounting functions on the P GW in accordance with 3GPP Release 8 specifications Sup...

Page 517: ...e PDN Gateway in the E UTRAN EPC Network The following figure displays a simplified network view of the P GW and how it interconnects with other 3GPP Evolved UTRAN Evolved Packet Core network devices Figure 132 P GW in the E UTRAN EPC Network E UTRAN EPC S GW S1 U S5 S8 S11 Gx Gxc S1 MME eNodeB S6a MME PCRF 3GPP AAA S6b SWx HSS Signaling Interface Bearer Interface OFCS OCS Gy Internet SGi S2b S2c ...

Page 518: ...een a PDN Gateway other E UTRAN network devices a packet data network and an HSGW in an eHRPD network Figure 133 P GW Interfaces in the E UTRAN EPC Network E UTRAN EPC Internet Enterprise S GW S5 S8 SGi Gx PCRF 3GPP AAA S6b Signaling Interface Bearer Interface OCS Gy P GW OFCS Rf Gz The P GW provides the following logical network interfaces in support of eHRPD to E UTRAN EPC connectivity S5 S8 Int...

Page 519: ...4 IPv6 Data Link Layer ARP Physical Layer Ethernet S GW S5 S8 GTP P GW L1 L2 GTP C U IPv4 IPv6 IPv4 IPv6 Transport L1 L2 IPv4 IPv6 IPv4 IPv6 Transport UDP UDP GTP C U S6b Interface This reference point between a P GW and a 3GPP AAA server proxy is used for mobility related authentication It may also be used to retrieve and request parameters related to mobility and to retrieve static QoS profiles ...

Page 520: ...and or an internal IMS service provisioning network Supported protocols Transport Layer TCP UDP Network Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet P GW SGi Packet NW L1 L2 IPv4 IPv6 L1 L2 IPv4 IPv6 Transport Transport Gx Interface This signalling interface supports the transfer of policy control and charging rules information QoS between the Policy and Charging Enforcement Functio...

Page 521: ...e P GW in accordance with 3GPP Release 8 specifications Supported protocols Transport Layer TCP Network Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet P GW Gy OCS L1 L2 Diameter IPv4 IPv6 L1 L2 IPv4 IPv6 TCP TCP Diameter For more information on the Gy interface and online accounting refer to Gy Interface Support in the Features and Functionality Base Software section of this guide Gz ...

Page 522: ... Rf Interface The Rf reference interface enables offline accounting functions on the P GW in accordance with 3GPP Release 8 specifications The P GW collects charging information for each mobile subscriber UE pertaining to the radio network usage Supported protocols Transport Layer TCP Network Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet P GW Rf OFCS L1 L2 Diameter IPv4 IPv6 L1 L2 IP...

Page 523: ...d described in this section Subscriber Session Management Features Quality of Service Management Features Network Access and Charging Management Features Network Operation Management Functions System Management Features Subscriber Session Management Features This section describes the following features IPv6 Capabilities Source IP Address Validation Default and Dedicated EPC Bearers Lawful Interce...

Page 524: ...the PDN GW by mitigating the potential for unwanted spoofing or man in the middle attacks The P GW includes local IPv4 IPv6 address pools for assigning IP addresses to UE s on a per PDN basis The P GW defends its provisioned address bindings by insuring that traffic is received from the host address that it has awareness of In the event that traffic is received from a non authorized host the P GW ...

Page 525: ...ntrol events as mandated by a court ordered warrant from a law enforcement agency In accordance with 3GPP TS 33 108 Release 8 requirements the Cisco P GW supports the Lawful Intercept Access Function for intercepting control and data messages of mobile targets Law Enforcement Agencies request the network operator to start the interception of a particular mobile user based on court ordered subpoena...

Page 526: ...en the user attaches to the EUTRAN cell and MME in the visited network the requested APN name in the S6a NAS signaling is used by the HSS in the H PLMN to select the local S GW and P GWs in the visited EPC network Subscriber Level Trace Provides a 3GPP standards based session level trace function for call debugging and testing new functions and access terminals in an LTE environment As a complemen...

Page 527: ...interface between the LTE EPC core network and the evolved HRPD network anchored on the HSGW In the e HRPD network network based mobility provides mobility for IPv6 nodes without host involvement Proxy Mobile IPv6 extends Mobile IPv6 signaling messages and reuses the HA function now known as LMA on the P GW This approach does not require the mobile node to be involved in the exchange of signaling ...

Page 528: ... a hardware or software fault within the system preventing a fully connected user session from being disconnected In the telecommunications industry over 90 percent of all equipment failures are software related With robust hardware failover and redundancy protection any card level hardware failures on the system can quickly be corrected However software failures can occur for numerous reasons man...

Page 529: ... minimum transmission rate in order to offer constant bit rate services for applications such as interactive voice that require deterministic low delay service treatment Maximum Bit Rate MBR The MBR attribute provides a configurable burst rate that limits the bit rate that can be expected to be provided by a GBR bearer e g excess traffic may get discarded by a rate shaping function The MBR may be ...

Page 530: ...gured traffic class and Allocation Retention Priority Table 71 Default DSCP Value Matrix Allocation Priority 1 2 3 Traffic Handling Priority 1 ef ef ef 2 af21 af21 af21 3 af21 af21 af21 Network Access and Charging Management Features This section describes the following features Enhanced Charging Service ECS Online Offline Charging AAA Server Groups Dynamic Policy Charging Control Gx Reference Int...

Page 531: ...Packet Inspection inspection of the layer 3 IP header and layer 4 e g UDP or TCP header information Deep Packet Inspection inspection of layer 7 and 7 information Deep packet inspection functionality includes Detection of URI Uniform Resource Identifier information at level 7 e g HTTP WTP RTSP Uniform Resource Locators URLs Identification of true destination in the case of terminating proxies wher...

Page 532: ...dditional chargeable events Support for Multiple Services DCCA supports the usage of multiple services within one subscriber session Multiple Service support includes 1 ability to identify and process the service or group of services that are subject to different cost structures 2 independent credit control of multiple services in a single credit control sub session Refer to the Diameter Credit Co...

Page 533: ...d performs event based charging without the interference of the service platforms Important This functionality is available for use with the Enhanced Charging Service which requires a session use license For more information on ECS refer to the Enhanced Charging Service Administration Guide Content Service Steering Content Service Steering CSS directs selective subscriber traffic into the ECS subs...

Page 534: ...in comma separated values CSV format generated as defined in traffic analysis rules Important This functionality is available for use with the Enhanced Charging Service which requires a session use license For more information on ECS refer to the Enhanced Charging Service Administration Guide Diameter Credit Control Application Provides a pre paid billing mechanism for real time cost and credit co...

Page 535: ...erface for real time content based charging of data services It is based on the 3GPP standards and relies on quota allocation It provides an online charging interface that works with the ECS deep packet inspection feature With Gy customer traffic can be gated and billed in an online or prepaid style Both time and volume based charging models are supported In all of these models differentiated rate...

Page 536: ...ecifications The Gy Ro reference interface uses Diameter transport and IPv6 addressing Online charging is a process whereby charging information for network resource usage must be obtained by the network in order for resource usage to occur This authorization is granted by the Online Charging System OCS upon request from the network The P GW uses a charging characteristics profile to determine whe...

Page 537: ...fer the ability to FTP S FTP charging records between the CDF and CGF server CDR records include information such as Record Type Served IMSI ChargingID APN Name TimeStamp Call Duration Served MSISDN PLMN ID etc The ASR 5000 platform offers a local directory to enable temporary file storage and buffer charging records in persistent memory located on a pair of dual redundant RAID hard disks Each dri...

Page 538: ...icy Control represents the ability to dynamically authorize and control services and application flows between a Policy Charging Enforcement Function PCEF on the P GW and the PCRF Policy control enables a centralized and decoupled service control architecture to regulate the way in which services are provisioned and allocated at the bearer resource layer The StarOS 9 0 release includes enhancement...

Page 539: ...lity and if the S GW needs to connect to a non collocated P GW for the required PDN connectivity The S8 reference interface is an inter PLMN reference point providing user and control plane between the S GW in the V PLMN and the P GW in the H PLMN It is based on the Gp reference point as defined between SGSN and GGSN S8a is the inter PLMN variant of S5 S6b E UTRAN EPC The S6b reference interface i...

Page 540: ...G function on the HSGW provides the proxy mobility agent and performs the signalling and mobility management with the LMA on behalf of the attached subscriber device Multiple PDN Support Enables an APN based user experience that enables separate connections to be allocated for different services including IMS Internet walled garden services or off deck content services The MAG function on the S GW...

Page 541: ...ntrol is enabled Port specific Thresholds If you set port specific thresholds when any individual port specific threshold is reached congestion control is enabled system wide Service Congestion Policies Congestion policies are configurable for each service These policies dictate how services respond when the system detects that a congestion condition threshold has been crossed Important For more i...

Page 542: ...em to operate the system more efficiently There are multiple ways to manage the system either locally or remotely using its out of band management interfaces These include Using the command line interface CLI Remote login using Telnet and Secure Shell SSH access to CLI through SPIO card s Ethernet management interfaces Local login through the Console port on SPIO card using an RS 232 serial connec...

Page 543: ...Management System section in this chapter Important For more information on command line interface based management refer to the Command Line Interface Reference Bulk Statistics Support The system s support for bulk statistics allows operators to choose to view not only statistics that are of importance to them but also to configure the format in which it is presented This simplifies the post proc...

Page 544: ...footers and or the time that the file was generated When the Web Element Manager is used as the receiver it is capable of further processing the statistics data through XML parsing archiving and graphing The Bulk Statistics Server component of the Web Element Manager parses collected statistics and stores the information in the PostgreSQL database If XML file generation and transfer is required th...

Page 545: ...stem provides a facility called threshold for which active and event logs can be generated As with other system facilities logs are generated Log messages pertaining to the condition of a monitored value are generated with a severity level of WARNING Logs are supported in both the Alert and the Alarm models Alarm System High threshold alarms generated within the specified polling interval are cons...

Page 546: ...roduct Overview OL 22938 02 variety of authentication methods such as RADIUS and SSH which are dependent on external elements ANSI T1 276 compliance in such cases will be the domain of the external element ANSI T1 276 guidelines will only be implemented for locally configured operators ...

Page 547: ...ts are transferred via the Integrated Content Adaptation Protocol ICAP with subscriber identification information to the external ACF server which provides the category rating database and content decision functions Integrated Adult Content Filter Provides a value added service to prevent unintended viewing of objectionable content that exploits underage children Content Filtering offers mobile op...

Page 548: ...on Allows operators to identify P2P traffic in the network and applying appropriate controlling functions to ensure fair distribution of bandwidth to all subscribers Peer to Peer P2P is a term used in two slightly different contexts At a functional level it means protocols that interact in a peering manner in contrast to client server manner There is no clear differentiation between the function o...

Page 549: ... ASR 5000 Series Product Overview OL 22938 02 Cisco s P2P detection technology makes use of innovative and highly accurate protocol behavioral detection techniques Important For more information on peer to peer detection refer to the Peer to Peer Detection Administration Guide ...

Page 550: ...nagement of the ASR 5000 The Web Element Manager is a Common Object Request Broker Architecture CORBA based application that provides complete fault configuration accounting performance and security FCAPS management capability for the system For maximum flexibility and scalability the Web Element Manager application implements a client server architecture This architecture allows remote clients wi...

Page 551: ...tionality External Application Support Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 135 Web Element Manager Network Interfaces Important For more information on WEM support refer to the WEM Installation and Administration Guide ...

Page 552: ...C switchover and all established sessions for supported call types are recovered without any loss of session Even though Cisco provides excellent intra chassis redundancy with these two schemes certain catastrophic failures which can cause total chassis outages such as IP routing failures line cuts loss of power or physical destruction of the chassis cannot be protected by this scheme In such case...

Page 553: ...int duration checkpoint data is collected on the session The checkpoint parameter determines the amount of time a session must be active before it is included in the checkpoint message License Keys The part number and cost will be determined two months before First Customer Shipment Important For more information on inter chassis session recovery support refer to the Interchassis Session Recovery ...

Page 554: ...uring the sampling interval Burst size The maximum number of bytes that can be transmitted received for the subscriber during the sampling interval for both committed CBS and peak PBS rate conditions This represents the maximum number of tokens that can be placed in the subscriber s bucket Note that the committed burst size CBS equals the peak burst size PBS for each subscriber The system can be c...

Page 555: ...Ns provide greater flexibility in the configuration and use of contexts and services VLANs are configured as tags on a per port basis and allow more complex configurations to be implemented The VLAN tag allows a single physical port to be bound to multiple logical interfaces that can be configured in different contexts Therefore each Ethernet port can be viewed as containing many logical ports whe...

Page 556: ...ay Call Session Procedures in an eHRPD Network GTP PDN Gateway Call Session Procedures in an LTE SAE Network PMIPv6 PDN Gateway Call Session Procedures in an eHRPD Network The following topics and procedure flows are included Initial Attach with IPv6IPv4 Access PMIPv6 Lifetime Extension without Handover PDN Connection Release Initiated by UE PDN Connection Release Initiated by HSGW PDN Connection ...

Page 557: ...h with IPv6 IPv4 Access Call Flow eAN ePCF HSGW MAG Session Setup P GW LMA 3GPP AAA UE LCP PPP EAP IMSI NAI EAP IMSI NAI A11 RRP A11 SUP A11 SUA PPP VSNPC Conf Req PBU PBA PPP VSNPC Conf Ack PPP VSNPC Conf Req PDNID PPP VSNPC Conf Ack PDNID RA prefix assigned HNP A11 RRQ IMSI RS 1 2a 2b 3a 3b 3c 4a 4b 5a 5b 5c 5d 5e 5f 6 7 ...

Page 558: ...AN PCF 4b The eAN PCF responds with an A11 Session Update Acknowledgement SUA 5a The UE initiates a PDN connection by sending a PPP VSNCP Conf Req message to the HSGW The message includes the PDNID of the PDN APN PDN Type IPv6 IPv4 PDSN Address and optionally PCO options the UE is expecting from the network 5b The HSGW sends a PBU to the P GW 5c The P GW processes the PBU from the HSGW assigns an ...

Page 559: ...n with the P GW where PDNID x and an APN with assigned HNP 2 The HSGW MAG service registration lifetime nears expiration and triggers a renewal request for the LMA 3 The MAG service sends a Proxy Binding Update PBU to the P GW LMA service with the following attributes Lifetime MNID APN ATT HRPD HNP 4 The P GW LMA service updates the Binding Cache Entry BCE with the new granted lifetime 5 The P GW ...

Page 560: ...Term Req with PDNID x 3 The HSGW starts disconnecting the PDN connection and sends a PPP VSNCP Term Ack to the UE also with PDNID x 4 The HSGW begins the tear down of the PMIP session by sending a PBU Deregistration to the P GW with the following attributes Lifetime 0 MNID APN ATT HRPD HNP The PBU Deregistration message should contain all the mobility options that were present in the initial PBU t...

Page 561: ...Release by the HSGW Call Flow eAN ePCF HSGW MAG P GW LMA UE PPP VSNCP Term Req Attached 1 PPP VSNCP Term Ack 4 PBU 5 PBA 6 RA PMIPv6 Tunnel MAG Release Trigger 3 7 2 Table 75 PDN Connection Release by the HSGW Call Flow Description Step Description 1 The UE is attached to the EPC and has a PDN connection with the P GW for PDN ID x and APN with assigned HNP 2 The HSGW MAG service triggers a disconn...

Page 562: ...he following attributes Lifetime 0 MNID APN HNP The PBU Deregistration message should contain all the mobility options that were present in the initial PBU that created the binding 6 The P GW looks up the BCE based on the HNP deletes the binding and responds to the HSGW with a Deregistration PBA with the same attributes Lifetime 0 MNID APN ATT HRPD HNP 7 The HSGW optionally sends a Router Advertis...

Page 563: ... 1 The UE is attached to the EPC and has a PDN connection with the P GW for PDN ID x and APN with assigned HNP 2 A PGW trigger causes a disconnect of the PDN connection for PDNID x and the PGW sends a Binding Revocation Indication BRI message to the HSGW with the following attributes MNID APN HNP 3 The HSGW responds to the BRI message with a Binding Revocation Acknowledgement BRA message with the ...

Page 564: ...he HSGW optionally sends a Router Advertisement RA with assigned HNP and prefix lifetime 0 GTP PDN Gateway Call Session Procedures in an LTE SAE Network The following topics and procedure flows are included Subscriber initiated Attach initial Subscriber initiated Detach Subscriber initiated Attach initial This section describes the procedure of an initial attach to the EPC network by a subscriber ...

Page 565: ...earer Est Rsp Radio Bearer Est Req Create Default Bearer Rsp PCRF Interactions Create Default Bearer Req eNodeB MME S GW UE PDN P GW PCRF HSS 1 Identity Req Identity Rsp Authentication Security ME Identity Update Location Insert Subscriber Data Insert Subscriber Data Ack Update Location Ack Uplink Data 1st Downlink Data 1st Downlink Data Update Location Req Update Location Rsp Data 2 3 Attach Req ...

Page 566: ...ose APNs is the Default APN and the EPS subscribed QoS profile for each permitted APN 8 The MME validates the UE s presence in the new TA If due to regional subscription restrictions or access restrictions the UE is not allowed to attach in the TA the MME rejects the Attach Request with an appropriate cause and may return an Insert Subscriber Data Ack message to the HSS If subscription checking fa...

Page 567: ...n Management Configuration IE Protocol Configuration Options message to the eNodeB 17 The eNodeB sends Radio Bearer Establishment Request including the EPS Radio Bearer Identity to the UE The Attach Accept message is also sent along to the UE 18 The UE sends the Radio Bearer Establishment Response to the eNodeB In this message the Attach Complete message EPS Bearer Identity is included 19 The eNod...

Page 568: ... situation or not 2 The active EPS Bearers in the S GW regarding this particular UE are deactivated by the MME sending a Delete Bearer Request TEID message to the S GW 3 The S GW sends a Delete Bearer Request TEID message to the P GW 4 The P GW acknowledges with a Delete Bearer Response TEID message 5 The P GW may interact with the PCRF to indicate to the PCRF that EPS Bearer is released if PCRF i...

Page 569: ...ice description Stage 2 3GPP TS 24 008 Mobile radio interface Layer 3 specification Core network protocols 3GPP TS 24 229 IP Multimedia Call Control Protocol based on SIP and SDP Stage 3 3GPP TS 27 060 Mobile Station MS supporting Packet Switched Services 3GPP TS 29 061 Interworking between the Public Land Mobile Network PLMN supporting packet based services and Packet Data Networks PDN 3GPP TS 29...

Page 570: ... Internet Protocol Version 6 IPv6 Specification RFC 2698 A Two Rate Three Color Marker RFC 2784 Generic Routing Encapsulation GRE RFC 2890 Key and Sequence Number Extensions to GRE RFC 3319 Dynamic Host Configuration Protocol DHCPv6 Options for Session Initiation Protocol SIP Servers RFC 3588 Diameter Base Protocol RFC 3775 Mobility Support in IPv6 RFC 3646 DNS Configuration options for Dynamic Ho...

Page 571: ...net Draft draft ietf netlmm pmip6 ipv4 support 02 txt IPv4 Support for Proxy Mobile IPv6 Internet Draft draft ietf netlmm grekey option 01 txt GRE Key Option for Proxy Mobile IPv6 work in progress Internet Draft draft ietf mext binding revocation 02 txt Binding Revocation for IPv6 Mobility work in progress Object Management Group OMG Standards CORBA 2 6 Specification 01 09 35 Object Management Gro...

Page 572: ......

Page 573: ...er contains general overview information about the Session Control Manager SCM including Product Description Product Specifications Network Deployments and Interfaces Features and Functionality Base Software Features and Functionality Licensed Enhanced Feature Support How the SCM Works Supported Standards ...

Page 574: ...tion and enforcement Multimedia Call Detail Records CDRs Per subscriber service facilitation SIP Application level Gateway ALG Media relay Mitigate SIP Denial of Service DoS Prevent registration hijacking Prevent theft of service The SCM consists of multiple IMS components that can be integrated into a single ASR 5000 platform or distributed as standalone network elements IETF compliant SIP Proxy ...

Page 575: ...igure below When the SCM acts as an Access Border Gateway A BG it uses the RFC3261 P CSCF to provide a SIP IMS control plane access border as well as a bearer access border control function Therefore the A BG provides all session border control functions for all SIP UEs attempting to access the mobile network from a network outside of the operator s control and operations Figure 143 IMS Service De...

Page 576: ... 02 Figure 144 IMS CSCF Components BSC PCF Gateway A10 A11 A8 A9 Application Servers P CSCF I CSCF S CSCF Home Subscriber Server CSCFs E CSCF LRF In addition the SCM may act as an Access Border Gateway A BG The following figure shows the general interaction between the A BG and the supporting servers ...

Page 577: ...sage manipulation to allow for localized services traffic weather reports news directory services etc initiating the breakout of emergency service calls Topology Hiding Inter network Gateway THIG Quality of Service QoS authorization number conversions for local dialing plans terminate IPSec tunnels The P CSCF is the handset s first point of entry into the IMS and is also the outbound proxy for SIP...

Page 578: ...ne subscriber profile information using DIAMETER Important The I CSCF is incorporated into the S CSCF I CSCF Interfaces The following diagram shows the interfaces reference points associated with the I CSCF ENUM Server S CSCF P CSCF HSS I CSCF Transit Functions CDF Cx Mw ENUM Rf SIP Serving CSCF The Serving CSCF S CSCF is the access point to services provided to the subscriber Service examples inc...

Page 579: ...located to the user If there is no previously allocated S CSCF the HSS returns a set of S CSCF capabilities that the I CSCF uses to select the S CSCF E 164 Address Translation Translates the E 164 address contained in all Request URIs having the SIP URI with user phone parameter format into the Tel URI format before performing the HSS Location Query In the event the user does not exist and if conf...

Page 580: ...CDRs for its interactions Upon completing a Cx query the I CSCF sends an Accounting Request with the Accounting Record Type set to EVENT The CDF acknowledges the data received and creates an I CSCF CDR Emergency CSCF The Emergency CSCF E CSCF is a network element in IMS which is responsible for routing an emergency call to a Public Safety Answering Point PSAP To identify the next hop PSAP E CSCF i...

Page 581: ... authentication procedures SIP message checking Prevent Registration Hijacking Authenticate Re Register S CSCF Early IMS Security DoS attack prevention impersonating a server UA authentication prevent server impersonation AKA authentication mechanism further protection Prevent Message Tampering IPSec Prevent Early Session Tear Down Early IMS Security prevents a different user releasing existing se...

Page 582: ...CSCF Stateful session and subscriber aware control Signaling Compression Decompression SIGCOMP Auto discovery subscriber privacy network security call fraud prevention thwarting network overload conditions SIP Message Handling Forking error handling and discard header stripping and insertion Multiple public user identities Logical Interfaces IETF SIP Proxy Registrar 3GPP Mw Gm Rx Rf Cx Sh Dx MI 3G...

Page 583: ...IOs Installed in the upper rear chassis slots directly behind the SMCs SPIOs provide connectivity for local and remote management Central Office CO alarms Up to two SPIOs can be installed one active one redundant Line Cards Installed directly behind PSC PSC2 these cards provide the physical interfaces to elements in the GPRS UMTS data network Up to 26 line cards can be installed for a fully loaded...

Page 584: ...ion Control Manager Overview Product Specifications Cisco ASR 5000 Series Product Overview OL 22938 02 Operating System Requirements The SCM is available for the ASR 5000 running StarOS Release 8 1 or later ...

Page 585: ...lability As shown in the figure below the SCM supports a number of interfaces used to communicate with other components in an IMS environment and supports the interface used to bridge the CDMA network Figure 146 CDMA2000 CSCF A BG HA SCM Deployment Example BSC PCF PDSN UE CSCFs PCRF Mw Gm Dx S I CSCF Sh S CSCF HSS Cx S I CSCF SLF BTS Tx P CSCF A BG LRF CSCF E I P S A BG HA OFCS MI E CSCF Rf Logica...

Page 586: ... Home Subscriber Server HSS The Cx interface is used to authenticate subscribers provides server assignments push user profile information from the HSS to the S CSCF and when necessary transmit a network initiated de registration Dx The reference point between the S I CSCF and Subscriber Location Function SLF The Dx interface is used to proxy queries to a subscriber data server such as an HSS in w...

Page 587: ...rk Figure 147 GSM UMTS CSCF A BG GGSN SCM Deployment Example CSCFs LRF PCRF CSCF E I P S A BG GGSN Mw Gm UMTS Access Network Dx S I CSCF Sh S CSCF HSS C x S I CSCF Rx P CSCF A BG OFCS Rf MI E CSCF Logical Network Interfaces Reference Points Interfaces used to support IMS in a UMTS network can be defined within two categories SIP and DIAMETER The SCM incorporates standards based interfaces for both...

Page 588: ...d when necessary transmit a network initiated de registration Dx The reference point between the S I CSCF and Subscriber Location Function SLF The Dx interface is used to proxy queries to a subscriber data server such as an HSS in which subscription data for a user can be found The SLF receives a query for the subscriber data server looks up the address of appropriate subscriber data server and pr...

Page 589: ...on UE registration Call Types Supported In the IMS architecture telephony features are normally provided by an external application server Providing these features with the S CSCF Reduces the need for an additional SIP AS Simplifies the network architecture Improves latency for call setup and feature invocation The following call types are supported Directory service toll free long distance intern...

Page 590: ...uable rack space and require numerous network interfaces while also introducing additional control hops in the network that add call setup latency When operators deploy IMS MMD profitability will improve because a seamless on ramp will be provided by simultaneously supporting 3GPP 3GPP2 based standards P CSCF functionality and IETF SIP standards Intelligent Integration For deployed platforms no ne...

Page 591: ...redirect messages In addition to supporting redirection as per 3GPP it supports call redirection to other chassis in the network based on configuration in case of system overload Redundancy and Session Recovery When enabled provides automatic failover of existing CSCF sessions due to hardware or software faults The system recovers from a single hardware or software fault with minimal interruption ...

Page 592: ... SIP based sessions and execute additional value added functions As the logical anchor point within the packet core the SCM improves the user experience with device and location independence and enhances subscriber control and policy enforcement with faster more intelligent decisions for multimedia services Furthermore as Fixed Mobile Convergence takes hold it will be especially important to incor...

Page 593: ...aud prevention network security and thwarting of network overload conditions Shared Initial Filter Criteria SiFC If both the HSS and the S CSCF support this feature subsets of iFC may be shared by several service profiles The HSS downloads the unique identifiers of the shared iFC sets to the S CSCF The S CSCF uses a locally administered database to map the downloaded identifiers onto the shared iF...

Page 594: ...the S CSCF the call is forwarded by the S CSCF on Not Registered indication The feature detects and eliminates call forward loops if the History Info header is present It also terminates forwarding if forwarding causes the forward attempts to be more than the number specified in the Max Forwards header Call Forward Unconditional CFU This feature unconditionally forwards the call The check for loca...

Page 595: ... such as CG or POL The SCM translates these codes to a ten digit directory number and routes the call Outbound Call Restrictions Dialing Permissions This feature restricts subscribers from initiating certain outbound calls For example if a subscriber attempts to make an international call and is not permitted to the S CSCF rejects the call Short Code Dialing This feature allows the subscriber to d...

Page 596: ...hover and all established sessions for supported call types are recovered without any loss of session Even though Cisco Systems provides excellent intra chassis redundancy with these two schemes certain catastrophic failures which can cause total chassis outages such as IP routing failures line cuts loss of power or physical destruction of the chassis cannot be protected by this scheme In such cas...

Page 597: ...chassis if that chassis were to become active Once a session exceeds the checkpoint duration checkpoint data is collected on the session The checkpoint parameter determines the amount of time a session must be active before it is included in the checkpoint message Important For more information on interchassis session recovery support refer to the Interchassis Session Recovery chapter in the Syste...

Page 598: ...e supported simultaneously on the same P CSCF node P CSCF will provide IPv4 IPv6 interworking functionality between IPv6 only UEs and IPv4 only core network elements I S CSCF by acting as a dual stack To achieve the dual stack behavior P CSCF will be configured in two services with the first service V6 SVC listening on an IPv6 address and the second service V4 SVC listening on an IPv4 address SIP ...

Page 599: ...s to be done If no route entry is found then a DNS query on request uri domain is done for both A and AAAA type records If DNS response yields only an IPv4 address then this is also the case for performing IPv4 IPv6 interworking Headers such as Via Path etc are automatically set to IPv4 bind address of P CSCF V4 SVC Remaining headers will be not be altered and sent as is toward the S CSCF The IPv4...

Page 600: ...tionality Licensed Enhanced Feature Support Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 151 IPv4 Configuration With IPv6 support the configuration supported would look like the following diagram The DNS server could be either IPv4 or IPv6 ...

Page 601: ...tances of standby mode session and AAA managers for each active Control Processor CP being used Additionally other key system level software tasks such as VPN manager are performed on a physically separate Packet Services Card PSC PSC2 to ensure that a double software fault e g session manager and VPN manager fails at same time on same card cannot occur The PSC PSC2 used to host the VPN manager pr...

Page 602: ...on manager and AAA manager tasks on the newly activated PSC perform session recovery Session Call state information is saved in the peer AAA manager task because each AAA manager and session manager task is paired together These pairs are started on physically different PSCs PSC2s to ensure task recovery Important Session Recovery is supported for either IPv4 or IPv6 traffic Important For more inf...

Page 603: ...rmit Deny 2 com nexthop cscf 2 com 1 com 2 com Translation Match No match Route Rejected CSCF Access Control Lists Access Control Lists ACLs are a set of rules that are applied during CSCF session establishment A typical use of these rules is to accept or deny registration or session establishment requests ACLs may be tied to subscribers and or the whole service Subscriber based ACLs can also be i...

Page 604: ...Signaling Compression SigComp is a solution for compressing decompressing messages generated by application protocols such as SIP The P CSCF component of the SCM uses SigComp to reduce call setup times on the access network typically between the P CSCF and the UE The following features are supported SigComp Detection P CSCF detects if the UE supports SigComp and compresses messages it sends to the...

Page 605: ...Security aspects of early IP Multimedia Subsystem IMS TS 33 978 Security aspects of early IP Multimedia Subsystem IMS Release 7 3GPP References Important The SCM currently supports the following Release 7 3GPP specifications Most 3GPP specifications are also used for 3GPP2 support any specifications that are unique to 3GPP2 are listed under Release 7 3GPP2 References TR 23 806 Voice call continuit...

Page 606: ...Protocol SIP and Session Description Protocol SDP Stage 3 TS 24 341 Support of SMS over IP networks Stage 3 TS 26 114 IP Multimedia Subsystem IMS Multimedia telephony Media handling and interaction TS 26 141 IP Multimedia System IMS Messaging and Presence Media formats and codecs TS 26 234 Transparent end to end Packet switched Streaming Service PSS Protocols and codecs TS 26 235 Packet switched c...

Page 607: ...Multimedia Domain IP Multimedia Subsystem Charging Architecture X S0013 007 A v1 0 All IP Core Network Multimedia Domain IP Multimedia Subsystem Charging Architecture X S0013 008 0 All IP Core Network Multimedia Domain IP Multimedia Subsystem Accounting Information Flows and Protocol X S0013 008 A All IP Core Network Multimedia Domain IP Multimedia Subsystem Offline Accounting Information Flows an...

Page 608: ...ne 2002 Session Initiation Protocol SIP Locating SIP Servers RFC 3264 June 2002 An Offer Answer Model with Session Description Protocol SDP RFC 3265 June 2002 Session Initiation Protocol SIP Specific Event Notification RFC 3310 September 2002 Hypertext Transfer Protocol HTTP Digest Authentication Using Authentication and Key Agreement AKA RFC 3311 September 2002 The Session Initiation Protocol SIP...

Page 609: ... Initiation Protocol SIP RFC 3840 August 2004 Indicating User Agent Capabilities in the Session Initiation Protocol SIP RFC 3841 August 2004 Caller Preferences for the Session Initiation Protocol SIP RFC 3842 August 2004 A Message Summary and Message Waiting Indication Event Package for the Session Initiation Protocol SIP RFC 3856 August 2004 A Presence Event Package for the Session Initiation Pro...

Page 610: ...col RFC 4975 September 2007 Message Session Relay Protocol MSRP RFC 5031 January 2008 A Uniform Resource Name URN for Emergency and Other Well Known Services RFC 5049 December 2007 Applying Signaling Compression SigComp to the Session Initiation Protocol SIP RFC 5112 January 2008 The Presence Specific Static Dictionary for Signaling Compression Sigcomp draft ietf sip outbound 11 November 2007 Mana...

Page 611: ... Architecture Evolution LTE SAE wireless data networks This overview provides general information about the S GW including eHRPD Network Summary SAE Network Summary Product Description Product Specifications Network Deployment s Features and Functionality Base Software Features and Functionality External Application Support Features and Functionality Optional Enhanced Feature Software How the Serv...

Page 612: ...messages to a home agent The primary difference in an evolved HRPD eHRPD network is the use of network mobility via proxy allowing the network to perform mobility management instead of the mobile node This form of mobility is known as Proxy Mobile IPv6 PMIPv6 One of the eHRPD network s functions is to provide interworking of the mobile node with the 3GPP Evolved Packet Core EPC The EPC is a high b...

Page 613: ... eHRPD P GW eHRPD Network Components The eHRPD network is comprised of the following components Evolved Access Network eAN The eAN is a logical entity in the radio access network used for radio communications with an access terminal mobile device The eAN is equivalent to a base station in 1x systems The eAN supports operations for EPS eHRPD RAN in addition to legacy access network capabilities ...

Page 614: ...ent EAP messages used for authentication VSNCP messages for establishment of PDNs VSNP for establishment of EPS bearers and QoS mappings RSVP HRPD Serving Gateway HSGW The HSGW is the entity that terminates the HRPD access network interface from the eAN PCF The HSGW functionality provides interworking of the AT with the 3GPP EPS architecture and protocols specified in 23 402 mobility policy contro...

Page 615: ... latency for a variety of radio access technologies SAE defines the packet network supporting the high bandwidth radio network as the Evolved Packet Core EPC The EPC provides mobility between 3GPP GSM UMTS and LTE and non 3GPP radio access technologies including CDMA WiMAX WiFi High Rate Packet Data HRPD evolved HRPD and ETSI defined TISPAN networks The following figure shows the interworking of t...

Page 616: ...R 5000 Series Product Overview OL 22938 02 Internet S GW eNodeB MME PCRF 3GPP AAA HSS OCS OFCS EPC E UTRAN P GW Non 3GPP SGSN GERAN UTRAN Enterprise ePDG WLAN E UTRAN EPC Network Components The E UTRAN EPC network is comprised of the following components ...

Page 617: ...ated from the MME or OA M Measurement measurement reporting configuration for mobility and scheduling Mobility Management Entity MME The MME is the key control node for the LTE access network The MME provides the following basic functions NAS signalling signalling security UE access in ECM IDLE state including control and execution of paging retransmission Tracking Area TA list management PGW and ...

Page 618: ...ter Solicitation and Router Advertisement messages if PMIP based S5 S8 is used MAG for PMIP based S5 and S8 PDN Gateway P GW For each UE associated with the EPS there is at least one P GW providing access to the requested PDN If a UE is accessing multiple PDNs there may be more than one P GW for that UE The P GW provides the following basic functions Terminates the interface towards the PDN SGi P ...

Page 619: ...controlling the data traffic are received on the S GW from the MME which determines the S GW that will best serve the UE for the session Every UE accessing the EPC is associated with a single S GW The S GW is also involved in mobility by forwarding down link data during a handover from the E UTRAN to the eHRPD network An interface from the eAN ePCF to an MME provides signaling that creates a GRE t...

Page 620: ...S GW for both GTP based and PMIP based network sessions include packet routing and forwarding providing the local mobility anchor point for inter eNodeB handover and assisting the eNodeB reordering function by sending one or more end marker packets to the source eNodeB immediately after switching the path mobility anchoring for inter 3GPP mobility terminating the S4 interface from an SGSN and rela...

Page 621: ...co ASR 5000 Series Product Overview OL 22938 02 replicating user traffic in the event that Lawful Interception is required transport level packet marking user accounting and QCI granularity for charging uplink and downlink charging per UE PDN and QCI ...

Page 622: ...645 Hardware Requirements Information in this section describes the hardware required to enable S GW services Platforms The S GW service operates on the ASR 5000 Series platform Components The following application and line cards are required to support S GW functionality on an ASR 5000 platform System Management Cards SMCs Provides full system control and management of all cards within the ASR 50...

Page 623: ...edundancy Redundant PSCs do not require line cards Ethernet 10 100 and or Ethernet 1000 line cards for IP connections to other network elements Redundancy Crossbar Cards RCCs Installed in the lower rear chassis slots directly behind the SPCs SMCs RCCs utilize 5 Gbps serial links to ensure connectivity between Ethernet 10 100 or Ethernet 1000 line cards and every PSC in the system for redundancy Tw...

Page 624: ...he E UTRAN EPC Network The following figure displays a simplified network view of the S GW and how it interconnects with other 3GPP Evolved UTRAN Evolved Packet Core network devices Figure 155 S GW in the E UTRAN EPC Network Internet SGi E UTRAN EPC S1 U S5 S8 S11 Gx Gxc S1 MME eNodeB S6a MME PCRF 3GPP AAA S6b SWx HSS Signaling Interface Bearer Interface OFCS P GW OCS Gy S GW S2b S2c Enterprise Tr...

Page 625: ...S11 Gxc eNodeB MME PCRF Signaling Interface Bearer Interface S GW The S GW provides the following logical network interfaces in support of the E UTRAN EPC network S4 Interface This reference point not shown in the figure above provides tunneling and management between the S GW and an SGSN S5 S8 Interface This reference point provides tunneling bearer channel and management signaling channel betwee...

Page 626: ...hernet S GW S5 S8 GTP P GW L1 L2 GTP C U IPv4 IPv6 IPv4 IPv6 Transport L1 L2 IPv4 IPv6 IPv4 IPv6 Transport UDP UDP GTP C U S1 U Interface This reference point provides bearer channel tunneling between the eNodeB and the S GW It also supports eNodeB path switching during handovers Supported protocols Transport Layer UDP TCP Tunneling IPv4 or IPv6 GTP U bearer channel Network Layer IPv4 IPv6 Data Li...

Page 627: ...ed protocols Transport Layer UDP TCP Tunneling IPv4 or IPv6 GTP C control channel Network Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet eNodeB S1 U S GW L1 L2 GTP U IPv4 IPv6 IPv4 IPv6 Transport L1 L2 IPv4 IPv6 IPv4 IPv6 Transport UDP UDP GTP U Gxc Interface This signaling interface supports the transfer of policy control and charging rules information QoS between the Bearer Binding ...

Page 628: ...eployment s Cisco ASR 5000 Series Product Overview OL 22938 02 Transport Layer UDP TCP Network Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet S GW Gxc PCRF L1 L2 Diameter IPv4 IPv6 L1 L2 IPv4 IPv6 TCP SCTP TCP SCTP Diameter ...

Page 629: ...tion Subscriber Session Management Features Quality of Service Management Features Network Access and Charging Management Features Network Operation Management Functions System Management Features Subscriber Session Management Features This section describes the following features IPv6 Capabilities Lawful Intercept Subscriber Level Trace Session Recovery Support IPv6 Capabilities Enables increased...

Page 630: ...erring Intercept Related Information IRI to a Delivery Function Mediation server Intercepted events include QoS information if available bearer activation Default and Dedicated bearer start of intercept with bearer active bearer modification bearer deactivation and UE requested bearer resource modification X3 content delivery Includes intercepted call content for all default and dedicated EPS bear...

Page 631: ...rovide connectivity to the TCE Trace activation is based on IMSI or IMEI Once a subscriber level trace request is activated it can be propagated via the S5 S8 signaling to provision the corresponding trace for the same subscriber call on the P GW The trace configuration will only be propagated if the P GW is specified in the list of configured Network Element types received by the S GW Trace confi...

Page 632: ...te constructs QoS Class Identifier QCI An operator provisioned value that controls bearer level packet forwarding treatments e g scheduling weights admission thresholds queue management thresholds link layer protocol configuration etc The Cisco EPC gateways also support the ability to map the QCI values to DiffServ codepoints in the outer GTP tunnel header of the S5 S8 connection Additionally the ...

Page 633: ...s is enabled the GGSN service on the P GW records G CDRs to record user access to external networks To provide subscriber level accounting the Cisco S GW supports integrated Charging Transfer Functions CTF and Charging Data Functions CDF Each gateway uses Charging ID s to distinguish between default and dedicated bearers within subscriber sessions The Ga Gz reference interface between the CDF and ...

Page 634: ...vides the control plane protocol GTP Cv2 between the MME and S GW As with all GTP based interfaces S11 relies on UDP IP transport A GTP tunnel is identified in each node with a Tunnel Endpoint ID TEID IP address and UDP port number The TEID values are exchanged between the tunnel endpoints using GTP C There is one GTP C tunnel between the MME and S GW for each mobile terminal The GTP protocol prov...

Page 635: ...ants to establish multiple PDN connections the MAG brings up the multiple PDN connections over the same PMIPv6 session to one or more P GW LMAs The P GW in turn allocates separate IP addresses Home Network Prefixes for each PDN connection and each one can run one or multiple EPC default dedicated bearers To request the various PDN connections the MAG includes a common MN ID and separate Home Netwo...

Page 636: ...ol Lists IP access control lists allow you to set up rules that control the flow of packets into and out of the system based on a variety of IP packet parameters IP access lists or Access Control Lists ACLs as they are commonly referred to are used to control the flow of packets into and out of the system They are configured on a per context basis and consist of rules ACL rules or filters that con...

Page 637: ...er locally or remotely using its out of band management interfaces These include Using the Command Line Interface CLI Remote login using Telnet and Secure Shell SSH access to CLI through SPIO card s Ethernet management interfaces Local login through the console port on SPIO card using an RS 232 serial connection Using the Web Element Manager application Supports communications through 10 Base T 10...

Page 638: ...stem section in this chapter Important For more information on command line interface based management refer to the Command Line Interface Reference and P GW Administration Guide Bulk Statistics Support The system s support for bulk statistics allows operators to choose to view not only statistics that are of importance to them but also to configure the format in which it is presented This simplif...

Page 639: ...ough XML parsing archiving and graphing The Bulk Statistics Server component of the Web Element Manager parses collected statistics and stores the information in the PostgreSQL database If XML file generation and transfer is required this element generates the XML output and can send it to a Northbound NMS or an alternate bulk statistics server for further processing Additionally if archiving of t...

Page 640: ...lue are generated with a severity level of WARNING Logs are supported in both the Alert and the Alarm models Alarm System High threshold alarms generated within the specified polling interval are considered outstanding until a the condition no longer exists or a condition clear alarm is generated Outstanding alarms are reported to the system s alarm subsystem and are viewable through the Alarm Man...

Page 641: ...s and Functionality Base Software Cisco ASR 5000 Series Product Overview OL 22938 02 compliance in such cases will be the domain of the external element ANSI T1 276 guidelines will only be implemented for locally configured operators ...

Page 642: ...ity FCAPS management of the ASR 5000 Platform The Web Element Manager is a Common Object Request Broker Architecture CORBA based application that provides complete fault configuration accounting performance and security FCAPS management capability for the system For maximum flexibility and scalability the Web Element Manager application implements a client server architecture This architecture all...

Page 643: ...nctionality External Application Support Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 158 Web Element Manager Network Interfaces Important For more information on WEM support refer to the WEM Installation and Administration Guide ...

Page 644: ...c encryption using IPv4 addressing IPSec enables the following two use cases Encryption of S8 sessions and EPS bearers in roaming applications where the P GW is located in a separate administrative domain from the S GW IPSec ESP security in accordance with 3GPP TS 33 210 is provided for S1 control plane S1 bearer plane and S1 management plane traffic Encryption of traffic over the S1 reference int...

Page 645: ...ed Lower the IP Precedence The packet s ToS bit is set to 0 thus downgrading it to Best Effort prior to passing the packet Note that if the packet s ToS bit was already set to 0 this action is equivalent to Transmit Traffic Shaping Traffic Shaping is a rate limiting method similar to the Traffic Policing but provides a buffer facility for packets exceeded the configured limit Once the packet excee...

Page 646: ...erent stages of session setup and disconnect The S GW supports the following network flows GTP Serving Gateway CallSession Procedures in an LTE SAE Network GTP Serving Gateway Call Session Procedures in an LTE SAE Network The following topics and procedure flows are included Subscriber initiated Attach initial Subscriber initiated Detach Subscriber initiated Attach initial This section describes t...

Page 647: ...io Bearer Est Rsp Radio Bearer Est Req Create Default Bearer Rsp PCRF Interactions Create Default Bearer Req eNodeB MME S GW UE PDN P GW PCRF HSS 1 Identity Req Identity Rsp Authentication Security ME Identity Update Location Insert Subscriber Data Insert Subscriber Data Ack Update Location Ack Uplink Data 1st Downlink Data 1st Downlink Data Update Location Req Update Location Rsp Data 2 3 Attach ...

Page 648: ...f those APNs is the Default APN and the EPS subscribed QoS profile for each permitted APN 8 The MME validates the UE s presence in the new TA If due to regional subscription restrictions or access restrictions the UE is not allowed to attach in the TA the MME rejects the Attach Request with an appropriate cause and may return an Insert Subscriber Data Ack message to the HSS If subscription checkin...

Page 649: ...ssion Management Configuration IE Protocol Configuration Options message to the eNodeB 17 The eNodeB sends Radio Bearer Establishment Request including the EPS Radio Bearer Identity to the UE The Attach Accept message is also sent along to the UE 18 The UE sends the Radio Bearer Establishment Response to the eNodeB In this message the Attach Complete message EPS Bearer Identity is included 19 The ...

Page 650: ... off situation or not 2 The active EPS Bearers in the S GW regarding this particular UE are deactivated by the MME sending a Delete Bearer Request TEID message to the S GW 3 The S GW sends a Delete Bearer Request TEID message to the P GW 4 The P GW acknowledges with a Delete Bearer Response TEID message 5 The P GW may interact with the PCRF to indicate to the PCRF that EPS Bearer is released if PC...

Page 651: ...dio Service GPRS Service description Stage 2 3GPP TS 24 008 Mobile radio interface Layer 3 specification Core network protocols 3GPP TS 24 229 IP Multimedia Call Control Protocol based on SIP and SDP Stage 3 3GPP TS 29 210 Gx application 3GPP TS 29 212 Policy and Charging Control over Gx reference point 3GPP TS 29 213 Policy and Charging Control signaling flows and QoS 3GPP TS 29 214 Policy and Ch...

Page 652: ...Network E UTRAN S1 data transport 3GPP2 References X P0057 0 v0 11 0 E UTRAN eHRPD Connectivity and Interworking Core Network Aspects IETF References RFC 768 User Datagram Protocol STD 6 RFC 791 Internet Protocol STD 5 RFC 2131 Dynamic Host Configuration Protocol RFC 2460 Internet Protocol Version 6 IPv6 Specification RFC 2698 A Two Rate Three Color Marker RFC 2784 Generic Routing Encapsulation GR...

Page 653: ...et Draft draft ietf netlmm proxymip6 07 txt Proxy Mobile IPv6 Internet Draft draft ietf netlmm grekey option 01 txt GRE Key Option for Proxy Mobile IPv6 work in progress Internet Draft draft ietf mext binding revocation 02 txt Binding Revocation for IPv6 Mobility work in progress Object Management Group OMG Standards CORBA 2 6 Specification 01 09 35 Object Management Group ...

Page 654: ......

Page 655: ...ter contains general overview information about the Serving GPRS Support Node SGSN including sections for Product Description Product Specifications Network Deployments and Interfaces Features and Functionality Basic Software Features and Functionality Enhanced and Licensed How the SGSN Works Supported Standards ...

Page 656: ...on registers HLR via a Gr interface and mobile visitor location registers VLRs via a Gs interface to register a subscriber s user equipment UE or to authenticate retrieve or update subscriber profile information Support Gd interface to provide short message service SMS and other text based network services for attached subscribers Activate and manage IPv4 IPv6 or point to point protocol PPP type p...

Page 657: ...atures that also require license keys be acquired and installed for their use The following feature licenses are available for use with the SGSN SGSN Software License 10K Sessions SGSN Software License 1K Sessions Direct Tunnel Support Gd Interface support for SMS Lawful Intercept QoS Traffic Policing Session Recovery SGSN Pooling Iu or Gb Flex Flex Hardware Requirements Information in this sectio...

Page 658: ... network environment the system supports multiple types of line cards simultaneously if needed Various types of Ethernet line cards provide IP connections Ethernet 10 100 line cards Ethernet 1000 line cards 4 port Quad Gig E line cards QGLCs 10 Gigabit Ethernet line cards XGLCs Optical ATM over SDH SONET Line Cards OLC or OLC2 ATM POS OC 3 Single Mode or Multi Mode optical fiber line cards providi...

Page 659: ...ration Optimal usage of the high capacity system Reduced latency in the control and data paths Simplification of network architecture Single platform view maintained even in the presence of multiple services Fewer IP addresses needed No internal interfaces Combined SGSN GGSN serve other SGSNs and GGSNs with no loss of functionality Hand offs between 2 5G and 3G networks can re use the same SAU sta...

Page 660: ...S a standalone GGSN network devices in another PLMN an SMS server center and a standalone SGSN SGSN and Dual Access SGSN Deployments SGSNs and GGSNs work in conjunction within the GPRS UMTS network As indicated earlier in the section on System Configuration Options the flexible architecture of the ASR 5000 enables a single chassis to reduce hardware requirements by supporting integrated co locatio...

Page 661: ...G SGSNs IP based GPR UMTS Public Land Mobile Network PLMN UTRAN Node B RNC BTS PCU BSC BSS A bis UE UE Gb Gp IuPS Gs SGSN Gn Gr Gn GGSN PDN Gi Gf Ga Gd 2 5G or 3G SGSN UDP GGSN in different PLMN SGSN GGSN Deployments The co location of the SGSN and the GGSN in the same chassis facilitates handover Again it can be any type of SGSN 2 5G or 3G with the GGSN ...

Page 662: ... PS This means enhanced performance future proof scaling and reduction of inter connectivity complexity The all IP functionality is key to facilitating evolution to the next generation technology requirements The SGSN provides the following functions over the logical network interfaces illustrated above IuPS The SGSN provides an IP over ATM IP over AAL5 over ATM interface between the SGSN and the ...

Page 663: ...n Gb This is the SGSN s interface to the base station system BSS in a 2G radio access network RAN It connects the SGSN via UDP IP via an Ethernet interface or Frame Relay via a Channelized SDH or SONET interface Gb IP is the preferred interface as it improves control plane scaling as well as facilitates the deployment of SGSN Pools Some of the procedures supported across this interface are BSS GSM...

Page 664: ...y depending on whether the peer HLR EIR SMSC GMLC is SIGTRAN enabled or not SCTP Multi Homing supported to facilitate network resiliency M3UA operates in ASP IPSP client server and single double ended modes Multiple load shared M3UA ASP instances for high performance and redundancy Works over Ethernet IPoA interface Ga The SGSN uses the Ga interface with GTP Prime GTPP to communicate with the char...

Page 665: ...ing CS paging initiated by the MSC This interface uses Signaling Connection Control Part SCCP connectionless service and BSSAP application protocols Gf Interface is used by the SGSN to communicate with the equipment identity register EIR which keeps a listing of UE specifically mobile phones being monitored The SGSN s Gf interface implementation supports functions such as International Mobile Equi...

Page 666: ...tem RNS Relocation 3G only Equivalent PLMN Network Sharing Session Management Charging Overcharging Protection NPU FastPath Operator Policy Default APN VLR Pooling via the Gs Interface HSPA Fallback Local QoS Capping Tracking Usage of GEA Encryption Algorithms All IP Network AIPN AIPN provides enhanced performance future proof scaling and reduction of inter connectivity complexity In accordance wi...

Page 667: ...CI B ISDN Inter Carrier Interface China TTC Telecommunication Technology Committee Japan NTT Japan SS7 protocol stack components supported MTP2 MTP3 SCCP with BSSAP and RANAP ISUP TCAP and MAP PDP Context Support Support for subscriber primary and secondary Packet Data Protocol PDP contexts in compliance with 3GPP standards ensure complete end to end GPRS connectivity The SGSN supports a total of ...

Page 668: ...nism prevents MNs that were detached due to inactivity from re attaching for a configured period of time Such MNs are remembered by the in memory data VLR until the record needs to be purged Attach Rate Throttle It is unlikely that the SGSN would become a bottleneck because of the SGSN s high signaling rates However other nodes in the network may not scale commensurately To provide network overloa...

Page 669: ... check PLMN restriction Roaming restrictions Authentication The SGSN authenticates the subscriber via the authentication procedure This procedure is invoked on attaches PDP activations inter SGSN routing Area Updates RAUs and optionally on configurable periodic RAUs The procedure requires the SGSN to retrieve authentication quintets triplets from the HLR AuC and issuing an authentication and ciphe...

Page 670: ...ovides a great opportunity to convert high impact Inter SGSN RAUs to lower impact Intra SGSN RAUs The SGSN provides functionality to enforce the following RAU restrictions Prohibition of GPRS services Enforce identity request Enforce IMEI check PLMN restriction Roaming restrictions The SGSN also provides functionality to optionally supply the following information to the MN P TMSI Signature and Al...

Page 671: ... by an inter SGSN RAU This feature is configured through the Operator Policy Configuration Mode Equivalent PLMN This feature is useful when an operator deploys both GPRS UMTS access in the same radio area and each radio system broadcasts different PLMN codes It is also useful when operators have different PLMN codes in different geographical areas and the operators networks in the various geograph...

Page 672: ...arate network nodes for example GGSN HLR Figure 163 GWCN type Network Sharing Core Network Operator A Core Network Operator B Core Network Operator C Shared MSC SGSN Shared MSC SGSN Shared MSC SGSN RNC RNC RNC Radio Access Network Operator X Iu With the GWCN configuration the SGSN supports two scenarios GWCN with non supporting UE GWCN with supporting UE MOCN Configuration In the multi operator co...

Page 673: ...UE MOCN with supporting UE Implementation To facilitate network sharing the SGSN implements the following key features Multiple virtual SGSN services in a single physical node Sharing operators can implement independent policies such as roaming agreements Equivalent PLMN configuration RNC identity configuration allows RNC ID MCC MNC instead of just RNC ID Configuration for network sharing is accom...

Page 674: ...er attached subscriber The PDP context types supported are PDP type IPv4 PDP type IPv6 PDP type PPP Both dynamic and static addresses for the PDP contexts are supported The SGSN provides configuration to control the duration of active and inactive PDP contexts When activating a PDP context the SGSN can establish the GTP U data plane from the RNC through the SGSN to the GGSN or directly between the...

Page 675: ... SGSN When PDP contexts are retained the SGSN is capable of receiving downlink packets on them When PDP contexts are preserved the RABs can be restored on a service request from the MN without having to go through the PDP context establishment process again The service request is issued by the MN either when it has some data to send or in response to a paging request on downlink data from the SGSN...

Page 676: ...the mobile did not respond the SGSN would simply drop the packets without notifying the GGSN the G CDR would have increased counts but the S CDR would not causing overcharges when operators charged the subscribers based on the G CDR Now operators can accommodate this situation they can configure the SGSN to set QoS to 0kbps upon detecting the loss of radio coverage The overcharging protection feat...

Page 677: ...olicy Configuration Mode chapter of the Command Line Interface Reference for the command to configure the GTPC private extension and refer to the IuPS Service Configuratioin Mode chapter of the Command Line Interface Reference to configure the LORC Cause IE NPU FastPath NPU FastPath s proprietary internal direct tunnel optimizes resource usage and reduces latency when processing GTP U packets This...

Page 678: ...o down or be disengaged so that packets temporarily do not move through FastPath when either an Intra SGSN RAU or an Iu Connection Release occurs If FastPath cannot be established the NPU forwards the GTP U packets to a CPU for processing and they are processed like all other packets FastPath can not be established for subscriber PDP sessions if Traffic Policing Shaping is enabled Subscriber Monit...

Page 679: ...nd HLRs By configuring an operator policy the operator fine tunes any desired restrictions or limitations needed to control call handling and this can be done for a group of callers within a defined IMSI range or per subscriber For example on APN resolution DNS servers can be configured to return a list of IP addresses of GGSNs However this only allows the implementation of an equal weight round r...

Page 680: ... ranges are defined using the command documented in the SGSN Operator Policy Configuration Mode chapter of the Command Line Interface Reference The system supports up to 1000 operator policies including the operator policy named default All operator policies must be configured by the user to define limitations to be applied but for the default policy there is no command defined IMSI range filter t...

Page 681: ...tivation is successful Refer to the SGSN Operator Policy Configuration Mode in the Command Line Interface Reference for the command to configure this feature VLR Pooling via the Gs Interface VLR Pooling also known as Gs Pooling helps to reduce call delays and call dropping when the MS UE is in motion by routing a service request to a core network CN node with availbale resources VLR pools are conf...

Page 682: ... 3GPP release specific compliance either release 7 for HSPA rates or pre release 7 for HSPA rates For configuration details refer to the RNC Configuration Mode chapter in the Command Line Interface Reference Local QoS Capping The operator can configure a cap or limit for the QoS bit rate The SGSN can now be configured to cap the QoS bit rate parameter when the subscribed QoS provided by the HLR is...

Page 683: ... specifications All of these features require the purchase of an additional license to implement the functionality on the SGSN The following is an alphabetical list of the enhanced features Direct Tunnel Lawful Intercept QoS Traffic Policing per Subscriber Session Recovery SGSN Pooling and Iu Flex Gb Flex Short Message Service SMS over Gd Direct Tunnel In accordance with standards one tunnel funct...

Page 684: ...ct tunnel at PDP context activation using an Update PDP Context Request towards the GGSN This means a significant increase in control plane load on both the SGSN and GGSN components of the packet core Hence deployment requires highly scalable GGSNs since the volume and frequency of Update PDP Context messages to the GGSN will increase substantially The system s platform capabilities ensure control...

Page 685: ...rn delivers the intercepted content to one or more Collection Functions CFs Some commands for lawful intercept configuration and operations are described in the Command Line Interface Reference For detailed information please contact your account representative QoS Traffic Policing per Subscriber Traffic policing enables the operator to configure and enforce bandwidth limitations on individual PDP...

Page 686: ... SGSN can police uplink and downlink traffic according to predefined QoS negotiated limits fixed on the basis of individual contexts either primary or secondary The SGSN employs the Two Rate Three Color Marker RFC2698 algorithm for traffic policing The algorithm meters an IP packet stream and marks its packets either green yellow or red depending upon the following variables PIR Peak Information R...

Page 687: ...ring key software processes e g session manager and AAA manager within the system These mirrored processes remain in an idle state in standby mode until they may be needed in the case of a software failure e g a session manager task aborts The system spawns new instances of standby mode session and AAA managers for each active control processor CP being used As well other key system level software...

Page 688: ...e and session recovery configuration refer to the Session Recovery chapter in the System Enhanced Feature Configuration Guide SGSN Pooling and Iu Flex Gb Flex This implementation allows carriers to load balance sessions among pooled SGSNs to improve reliability and efficiency of call handling and to use Iu Flex Gb Flex to provide carriers with deterministic failure recovery The SGSN with its high ...

Page 689: ... store and forward In the reverse the SGSN awaits messages from the SMSC via MAP MT FORWARD REQUESTs and checks the subscriber state before relaying them to the target MS UE The SGSN will employ both the Page procedure and MNRG mobile not reachable for GPRS flags in an attempt to deliver messages to subscribers that are absent The SGSN supports charging for SMS messages and lawful intercept of SMS...

Page 690: ... section illustrates some of the GPRS mobility management GMM and session management SM procedures the SGSN implements as part of the call handling process All SGSN call flows are compliant with those defined by 3GPP TS 23 060 First Time GPRS Attach The following outlines the setup procedure for a UE that is making an initial attach ...

Page 691: ...ure can connect an MS via a BSS through the Gb interface 2 5G setup or it can connect a UE via a UTRAN through the Iu interface in a 3G network with the following process Table 87 First Time GPRS Attach Procedure Step Description 1 The MS UE sends an Attach Request message to the SGSN Included in the message is information such as Routing area and location area information Mobile network identity ...

Page 692: ... and GPRS subscription data c The New SGSN validates the MS UE in new routing area If invalid The SGSN rejects the Attach Request with the appropriate cause code If valid The SGSN creates a new MM context for the MS UE and sends a Insert Subscriber Data Ack back to the HLR d The HLR sends a Update Location Ack to the SGSN after it successfully clears the old MM context and creates new one 4 The SG...

Page 693: ...sponse containing the IP address of a GGSN 3 The SGSN sends a Create PDP Context Request message to the GGSN containing the information needed to authenticate the subscriber and establish a PDP context 4 If required the GGSN performs authentication of the subscriber 5 If the MS UE requires an IP address the GGSN may allocate one dynamically via DHCP 6 The GGSN sends a Create PDP Context Response m...

Page 694: ...hic above Table 89 Network Invites MS UE to Activate PDP Context Step Description 1 The GGSN receives a PDU with a static PDP address that the GGSN knows is for an MS UE in its PLMN 2 The GGSN uses the IMSI in place of the PDP address and sends an SRI send routing information for GPRS to the HLR The HLR sends an SRI response back to the GGSN The response may include the access of the target SGSN a...

Page 695: ... preceding procedure MS Initiated Detach Procedure This process is initiated by the MS UE for a range of reasons and results in the MS UE becoming inactive as far as the network is concerned Figure 172 MS Initiated Combined GPRS IMSI Detach 2 2 3 1 MS UE SGSN GGSN MSC VLR The following table provides details for the activity involved in each step noted in the diagram above Table 90 MS Initiated Co...

Page 696: ...ponse back to the SGSN The SGSN stops generating S CDR info at the end of the PDP context 3 The SGSN sends a IMSI Detach Indication message to the MSC VLR 4 The SGSN sends a GPRS Detach Indication message to the MSC VLR The SGSN stops generating M CDR upon GPRS Detach 5 If the detach is not due to a UE switch off the SGSN sends a Detach Accept message to the UE 6 Since the UE GPRS Detached the SGS...

Page 697: ... Services and System Aspects Operator Determined Barring ODB Release 8 3GPP TS 23 060 v7 4 0 2007 03 3rd Generation Partnership Project Technical Specification Group Services and System Aspects General Packet Radio Service GPRS Service description Stage 2 3GPP TS 23 107 v7 0 0 2007 06 3rd Generation Partnership Project Technical Specification Group Services and System Aspects Quality of Service Qo...

Page 698: ...Service GPRS GPRS Tunnelling Protocol GTP across the Gn and Gp interface 3GPP TS 29 202 v8 0 0 2007 06 3rd Generation Partnership Project Technical Specification Group Core Network SS7 signaling Transport in Core Network Stage 3 3GPP TS 32 215 v5 9 0 2007 10 3rd Generation Partnership Project Technical Specification Group Services and System Aspects Telecommunication management Charging management...

Page 699: ... 3GPP TS 29 016 v7 0 0 2007 08 and 3GPP TS 25 410 v7 0 0 2006 03 Q713 3GPP TS 29 002 v6 15 0 2007 12 3GPP TS 29 016 v7 0 0 2007 08 and 3GPP TS 25 410 v7 0 0 2006 03 Q714 3GPP TS 29 002 v6 15 0 2007 12 3GPP TS 29 016 v7 0 0 2007 08 and 3GPP TS 25 410 v7 0 0 2006 03 Q715 3GPP TS 29 002 v6 15 0 2007 12 3GPP TS 29 016 v7 0 0 2007 08 and 3GPP TS 25 410 v7 0 0 2006 03 Q716 3GPP TS 29 002 v6 15 0 2007 12...

Page 700: ......

Page 701: ...rview of the Content Filtering In line Service feature This chapter covers the following topics Introduction Supported Platforms and Products Licenses URL Blacklisting Support Category based Content Filtering Support Content Filtering Server Group Support External Storage System Minimum System Requirements and Recommendations ...

Page 702: ...s to all subscribers so that they are inadvertently not exposed to such universally unacceptable content Category based Static Content Filtering In Category based Static Content Filtering all HTTP WAP URLs in subscriber requests are matched against a static URL categorization database Action is taken based on a URL s category and the action configured for that category in the subscriber s content ...

Page 703: ...view Supported Platforms and Products Cisco ASR 5000 Series Product Overview OL 22938 02 Supported Platforms and Products Content Filtering is an in line service supported on ASR5000 running 3GPP 3GPP2 and LTE core network services ...

Page 704: ...ent Filtering Service 1k Sessions For information on license requirements for any customer specific features please contact your local sales service representative Important External Content Filtering Server support through Internet Content Adaptation Protocol ICAP interface is a licensed feature requiring a separate license For more information see the ICAP Interface Support chapter of the System...

Page 705: ...nloaded and converted into a non human readable optimized format OPTBLDB and then made available in the system Once in place all HTTP and WAP requests from subscribers are inspected in order to determine the requested destination URL URI If the URL URI is not present in the blacklist then the request is passed on as usual If the URL URI is present in the blacklist the request is dropped or the flo...

Page 706: ... URL Blacklisting Solution Components The URL Blacklisting solution uses the deep packet inspection capabilities of ECS for URL URI extraction ECS functionality is managed by the following components Session Controller SessCtrl The SessCtrl runs on the primary SPC SMC and is responsible for managing ECS and URL Blacklisting services Session Manager SessMgr A single SessMgr treats ECS charging and ...

Page 707: ...lacklisting database management functions Downloads the URL Blacklist database cumulative csv from the specified source at configured schedule Converts the URL Blacklist database cumulative csv file to Starent Format Master Database SFMDB file Computes OPTBLDB suitable for updating the system Distributes OPTBLDB OPTBLDB INC files to the chassis automatically at configured interval How URL Blacklis...

Page 708: ...his holds true for standby managers as well i e when standby managers come up the Blacklist database is loaded onto them Whenever a SessMgr is killed standby manager which already has the Blacklist database loaded takes its place and a new standby manager is created which loads the Blacklist database as part of SessMgr getting started for the first time If SessCtrl is killed while recovering it ch...

Page 709: ... addition the out of line model requires all subscriber sessions to be steered to the adjunct Content Filtering platform for policy enforcement regardless of whether this additional processing is needed This leads to increased bandwidth provisioning requirements on gateway routers To facilitate network simplicity it makes sense to leverage the benefits of deep packet inspection at a single policy ...

Page 710: ...uses Content Filtering Policy to analyze the content requested by subscribers Content Filtering Policy provides a decision point for analyzed content on the basis of its category and priority The Category based Content Filtering solution also utilizes ECS rulebases in order to determine the correct policy decision and enforcement action such as accept block redirect or replace Rulebase names are r...

Page 711: ...ntent Filtering solution uses the following components Content Filtering Subsystem in ECS Content Rating Rules Update Server Master Content Rating Database Server MCRDBS ECS Storage System ESS RADIUS Server Policy Manager Web Element Manager WEM inPilot The following figure shows a high level view of the Category based Content Filtering architecture with ECS and other components in a deployment sc...

Page 712: ...sk Static Rating DB Session Manager DPI EDR UDR Files OPTCMDB and OPTCMDB INC Files Session Controller Task Database Load Update OPTCM DB Info EDRs UDRs CF Database Updates MCRDB Server WEM Server L ESS SFTP SFTP MS SS inPilot Reporting Server SFTP EDRs UDRs Category based Content Filtering Subsystem The Content Filtering solution comprises the following content rating and category databases Stati...

Page 713: ...ontent Rating Master Database OPTCMDB volumes from its peer SRDB task If the peer SRDB task is not in loading state then the OPTCMDB loading is done through SessCtrl to the recovered SRDB task Rater Package Model Files The real time analyzer requires a model file that defines the features which are necessary to classify a Web page as belonging to a specific category and language A model file per c...

Page 714: ...Storage System The local external storage server is a part of ECS Storage System in the ECS solution architecture The L ESS is a storage application running on redundant highly available servers that collect and process EDRs and UDRs from which billing events and reports are generated Either the system pushes the EDR UDR files to the L ESS or the L ESS fetches them from the system and processes th...

Page 715: ...the Web Element Manager Installation and Administration Guide WEM server must be set up with access to the following networks Internet To communicate with the Master Content Rating Database Server MCRDBS which provides update files For Category based Content Filtering the WEM application includes the following features Single point of management for a large Content Filtering Service operator deplo...

Page 716: ... volume hits Rating summary volume hits Top N Reports Top N Subscribers by volume hits Top N URLs by volume hits The CF EDR files are pushed from L ESS to inPilot at a configured time interval and stored in a specified data directory on the inPilot server It can also create the files from CF EDRs for unrated URLs which can be pulled by WEM Important For more information on the reports refer to the...

Page 717: ...ct Overview OL 22938 02 Figure 175 Content Filtering Call Flow Policy Manager AAA MN SS 1 10 5 12 9 DATA CSN PDN Internet System with ECS CF System 2 3 4 6 7 8 11 13 14 15 16 Step 1 MS requests for registration to the system Step 2 System processes MS related information with Content Filtering subsystem ...

Page 718: ...st from subscriber on the basis of its category At anytime only one content filtering policy can be associated with a rulebase SN1 Rulebase Name This custom attribute contain information such as consumer business name child adult teen etc The rulebase name identifies the particular rule definitions to apply Rulebase definitions are used in ECS as the basis for deriving charging actions such as pre...

Page 719: ...ver address in the bearer data stream and returns an HTTP error message to the subscriber s mobile The redirect address is as specified in the subscriber s content filtering policy The redirect server may prompt the subscriber to send additional security credentials in order to access the requested content terminate flow The system gracefully terminates the TCP connection between the subscriber an...

Page 720: ...ure is enabled If enabled the URL is extracted from the incoming request and is matched with the local Blacklist database If a match is found for the URL in the Blacklist database the packets are subjected to the blacklisting action configured in the rulebase Discard Redirect or Terminate flow In case of multiple HTTP requests in the same TCP packet if any of the URLs is blacklisted then action is...

Page 721: ...h ECS CF The system with ECS is configured to support DPI and the system uses this capability for content charging as well If a subscriber initiates a WAP WAP1 x or WAP2 0 or Web session the subsequent GET POST request is detected by the DPI function The URL of the GET POST request is extracted and passed along with subscriber identification information and the subscriber request in an ICAP messag...

Page 722: ... In particular this guarantees that charging will be applied to the appropriate request in case of redirection and that potential charging based redirections i e Advice of Charge Top Up page etc will not interfere with the decisions taken by the application server The ACF performs the following functions Retrieval of subscriber policies based on the subscriber identity passed in the ICAP message D...

Page 723: ...reports to analyze network usage and subscriber trends As this temporary storage space size configurable reaches its limit the system deletes older xDRs to make room for new xDRs Setting gzip file compression extends the storage capacity by approximately 10 1 Because of the volatile nature of the memory xDRs can be lost due to overwriting deletion or unforeseen events such as power or network fail...

Page 724: ...Certain basic server requirements are recommended for WEM and inPilot to exploit the CF solution For information on these system requirements refer to WEM Installation and Administration Guide and inPilot Installation and Administration Guide MCRDBS System Requirements This section provides information on the system requirements for MCRDBS Important You must ensure that the minimum system requirem...

Page 725: ...The chassis requires the following additional hardware and memory to handle the Content Rating Master Databases for example for Category based Content Filtering OPTCMDB The memory required may vary with the size of rating databases used for content rating service Minimum of two active packet processing cards s are required Minimum 4 GB memory in ASR5000 on Flash memory ...

Page 726: ......

Page 727: ... to configure the core network service functionality It is recommended that you select the configuration example that best meets your service model and configure the required elements for that model before using the procedures in this chapter This chapter covers the following topics Introduction Licensing ECS Architecture How ECS Works Enhanced Services in ECS Accounting Interfaces Charging Record...

Page 728: ...ules Rules used for traffic analysis analyze packet flows and form usage records Usage records are created per content type and forwarded to a prepaid server or to a billing system The Traffic Analyzer function can perform shallow Layer 3 and Layer 4 and deep above Layer 4 packet inspection of IP packet flows It is able to correlate all layer 3 packets and bytes with higher layer trigger criteria ...

Page 729: ...le characteristics for example file size chunks transferred etc from file transfer protocols such as HTTP and FTP Shallow Packet Inspection Shallow packet inspection is defined as inspection of the layer 3 IP header and layer 4 for example UDP or TCP header information in the user plane packet flow Shallow inspection is examining the IP header Layer 3 or UDP or TCP header Layer 4 Deep packet inspe...

Page 730: ...h as the OpCo s WAP gateway De encapsulation of nested traffic encapsulation for example MMS over WTP WSP over UDP IP Verification that traffic actually conforms to the protocol the layer 4 port number suggests Supported Accounting and Charging Interfaces Accounting Interfaces for Postpaid Service ECS supports the following accounting interfaces for postpaid subscribers Remote Authentication Dial ...

Page 731: ...Enhanced Charging Service Overview Introduction Cisco ASR 5000 Series Product Overview OL 22938 02 Enhanced GGSN Call Detail Records eG CDRs GGSN only Event Detail Records EDRs Usage Detail Records UDRs ...

Page 732: ...hased and installed the required license 600 00 7526 Enhanced Charging Bundle 1 1k Sessions To enable and configure ECS functionality 600 00 7574 Enhanced Charging Bundle 2 1k Sessions To enable and configure Diameter and DCCA functionality with ECS Important For information on additional license requirements for enhanced or customer specific features please contact your local sales service repres...

Page 733: ...ssion Controller SessCtrl and Session Manager SessMgr subsystems Figure 177 ECS Architecture Management Components CLI EMS Chassis Components Session Controller Data Path Components Event Components Session Manager ECS functionality Session Manager ECS functionality Session Manager ECS functionality Session Manager ECS functionality SCT SIT RCT RM Demux Managers Event Log Facility AAA Managers CDR...

Page 734: ...ntrol the flow of packets into and out of the system ACLs consist of rules ACL rules or filters that control the action taken on packets matching the filter criteria ACLs are configurable on a per context basis and applies to a subscriber through either a subscriber profile for PDSN or an APN profile for GGSN in the destination context Important For more information on CSS refer to the Content Ser...

Page 735: ...ly defined at layers 3 and 4 then the trigger condition must be defined at layer 7 i e a specific URL must be matched Protocol Analyzer Software Stack Every packet that enters the ECS subsystem must first go through the Protocol Analyzer software stack which comprises of individual protocol analyzers for each of the supported protocols Figure 178 ECS Protocol Analyzer Stack L3 IP L4 TCP UDP MMS L7...

Page 736: ... processing purposes Enables processing of packets even if the rule matching for them has been disabled When a ruledef is created if the rule application is not specified by default the system configures the ruledef as a charging ruledef Ruledefs support a priority configuration to specify the order in which the ruledefs are examined and applied to packets The names of the ruledefs must be unique ...

Page 737: ...Overview OL 22938 02 Where has been defined with the expressions The following example applies actions where Subscribers whose packets contain the expression bbc news are not charged for the service All other subscribers are charged according to the duration of use of the service ...

Page 738: ... Charging Engine block Xmit redirect string etc Call detail records Incoming packets directed to ECS by CSS Packet inspection output string etc Packets entering the ECS subsystem must first pass through the Protocol Analyzer Stack where routing ruledefs apply to determine which packets to inspect Then output from this inspection is passed to the Charging Engine where charging ruledefs apply to per...

Page 739: ...riate Important In the current release traffic routes to the ICMP TCP and UDP analyzers by default Therefore defining routing ruledefs for these analyzers is not required Step 3 The fields and states found in the shallow inspection are compared to the fields and states defined in the routing ruledefs in the subscriber s rulebase The ruledefs priority determines the order in which the ruledefs are ...

Page 740: ... the charging ruledefs The priority configured in each charging ruledef specifies the order in which the ruledefs are compared against the packet inspection output Step 2 When a field or state from the output of the deep packet inspection matches a field or state defined in a charging ruledef the ruledef action is applied to the packet Actions can include redirection charge value or billing record...

Page 741: ...e action to be taken when a rule is matched A maximum of 512 rulebases can be specified in an ECS service It is possible to define a ruledef with different actions For example a Web site might be free for postpaid users and charge based on volume for prepaid users Rulebases can also be used to apply the same ruledefs for several subscribers which eliminate the need to have unique ruledefs for each...

Page 742: ...criber profile from the AAA server indicating the maximum amount of simultaneous flow for a subscriber or an application is allowed to initiate If subscriber exceeds the limit of allowed number of flows for subscriber or type of application system blocks redirect discard terminate the traffic The following type of flow quotas are available for Flow Control Functionality Subscriber Level Session Qu...

Page 743: ...s The following are the chargeable events for FBC Start of PDP context Upon encountering this event a Credit Control Request CCR starts indicating the start of the PDP context is sent towards the Online Charging Service The data volume is captured per service data flow for the PDP context Start of service data flow An interim CCR is generated for the PDP context indicating the start of a new servi...

Page 744: ...g support and in line static and dynamic content filtering support to control static and dynamic data flow and content requests Content Filtering Server Group Support ECS supports external Content Filtering servers through Internet Content Adaptation Protocol ICAP implementation between ICAP client and Active Content Filter ACF server ICAP server ICAP is a protocol designed to support dynamic cont...

Page 745: ...main unaffected Each IP address port combination will be defined as a ruledef In case of IP fragmentation packets with successful IP re assembly will be re addressed However IP fragmentation failure packets will not be re addressed Next hop Address Configuration ECS supports the ability to set the next hop default gateway IP address as a charging action associated with any ruledef in a rulebase Th...

Page 746: ...rt the x header fields into the HTTP WSP packets Creating configuring the x header format Configuring insertion of the x header fields in the charging action X Header Encryption This section provides an overview of the X Header Encryption feature X Header Encryption enhances the X header Insertion feature to increase the number of fields that can be inserted and also enables encrypting the fields ...

Page 747: ...t handled in the case of header insertion Header insertion does not occur if the resulting packet after header insertion exceeds the advertised TCP window size of the server Currently only those x header fields in header portion of application protocol that begin with x are parsed at HTTP analyzer In URL and data portion of HTTP any field can be parsed The following are limitations to insertion of...

Page 748: ... and a post processing rule in another one then two separate identical ruledefs must be defined How the Post processing Feature Works The following steps describe how the Post processing feature works Step 1 Charging rule matching is done on packets and the associated charging action is obtained Step 2 Using this charging action the disposition action is obtained Step 3 If the disposition action i...

Page 749: ...on Mode A maximum of 10 timedefs can be created in an ECS service Step 2 Timedefs are configured in the Timedef Configuration Mode Within a timedef timeslots specifying the day time for activation deactivation of rules are configured A maximum of 24 timeslots can be configured in a timedef Step 3 In the Rulebase Configuration Mode timedefs are associated with ruledefs groups of ruledefs along with...

Page 750: ...for rule matching and EDR generation The group of ruledefs can have rules for URLs that need to be actually searched URLs that immediately follow the proxy URLs I e the group of prefixed URLs will have URLs that need to be truncated from the packet information for further ECS processing whereas the group of ruledefs will have rules that need to be actually searched for in the packet URLs that you ...

Page 751: ...ment in a mobile data environment Figure 182 Deployment of ECS in a Mobile Data Network Mediation Mediation Hot billing Pre paid Hot billing Pre paid Billing System Billing System Rating Rating Data Warehouse Data Warehouse Usage record format CSV Mobile Operator s Transport Network Internet Service Platform Service Platform Service differentiated output System running ECS ...

Page 752: ...can be included ECS includes the counters for different types of data traffic in this field when sending a G CDR RADIUS Accounting and Credit Control The Remote Authentication Dial In User Service RADIUS interface in ECS is used for the following purposes Subscriber Category Request ECS obtains the subscriber category from the AAA server either prepaid or postpaid when a new data session is detect...

Page 753: ...he Gx interface is to provide network based QoS control as well as dynamic charging rules on a per bearer basis for an individual subscriber The Gx interface is in particular needed to control and charge multimedia applications Rel 6 Gx Interface The provisioning of charging rules that are based on the dynamic analysis of flows used for the IMS session is carried out over the Gx interface The Rel ...

Page 754: ...ks between itself and one prepay server For a more robust installation multiple servers would be used These servers may optionally share or mirror a single quota database so as to support Gy session failover from one server to the other For a more scalable installation a layer of proxies or other Diameter agents can be introduced to provide features such as multi path message routing or message an...

Page 755: ...at of standard G CDRs to provide greater portability of charging information eG CDRs are compliant with 3GPP TS 32 298 v6 5 0 for Rel 6 based dictionaries and with 3GPP TS 32 298 v7 4 0 for Rel 7 based dictionaries By default the G CDR does not support the traffic and vendor specific records To support a traffic and vendor specific record the ECS must be configured to generate eG CDRs eG CDRs are ...

Page 756: ...tive service data flow containers will be added to eG CDR A maximum of 10 LOSDV containers are supported per eG CDR A maximum of 8 LOTV containers are supported per eG CDR Service data flow report When an expiry of time limit volume limit or termination is detected for a service data flow a set of List of Service Data LOSDV container is added to eG CDR A maximum of 10 LOSDV containers are supporte...

Page 757: ...analysis rules Important In EDRs the maximum field length for normal and escaped strings is 127 characters If a field s value is greater than 127 characters in the EDR it is truncated to 127 characters Flow overflow EDR Flow overflow EDR or Summary FDR is a feature to count the data bytes from the subscriber that are missed due to various reasons in ECS In case any condition that affects the calll...

Page 758: ...EDR For example in the following EDR format If edr3 is generated only uplink bytes and downlink bytes counter will be re initialized and uplink packets and downlink packets will contain the previous values till these fields are populated say when edr1 is generated For the voice call duration for SIP reporting requirements ECS SIP analyzer keeps timestamp of the first INVITE that it sees It also ke...

Page 759: ...cific mobile subscriber UDRs are generated based on the content id for the subscriber which is part of charging action The fields required as part of usage data records are configurable and stored in the System Configuration Task SCT UDRs are generated on any trigger of time threshold volume threshold handoffs and call termination If any of the events occur then the UDR subsystem generates UDRs fo...

Page 760: ...d on this information decides to charge or not charge or refund the subscriber accordingly To cover the requirements of standard solutions and at the same time provide flexible and detailed information on service usage ECS provides following type of usage records Standard GGSN Call Detail Records G CDRs Enhanced GGSN Call Detail Records eG CDRs Event Detail Records EDRs Usage Detail Records UDRs E...

Page 761: ...MFS on the PSC card to the hard disk on the SMC card The hard disk may also be used to store any data that needs to be backed up The secondary SMC card also contains a hard disk which serves as a redundant and becomes active during an SMC failover The hard disk on the secondary is mirrored to the hard disk on the primary in order to avoid any data loss Basically the drives are raid 1 redundant ...

Page 762: ...IUS is used as the interface between ECS and the prepaid charging server The RADIUS Prepaid feature of ECS is separate to the system level Prepaid Billing Support and that is covered under a different license key Diameter Credit Control Application The Diameter Credit Control Application DCCA is used to implement real time credit control for a variety of services such as networks access messaging ...

Page 763: ...aces Cisco ASR 5000 Series Product Overview OL 22938 02 Important G CDRs and eG CDRs are only available in GGSN networks ECS also supports FBC and TBC methods for postpaid billing For more information on FBC and TBC in ECS see the Enhanced Services in ECS section ...

Page 764: ... quotas run low the network node sends a request to the prepaid server for more quota If the user has not used up the purchased credit the server grants quota and if no credit is available to the subscriber the call will be disconnected ECS and DCCA manage this functionality by providing the ability to set up quotas for different services Prepaid quota in ECS is implemented using RADIUS and DCCA a...

Page 765: ...ution to the real time cost and credit control CCA with RADIUS or Diameter interface uses a mechanism to allow the user to be informed of the charges to be levied for a requested service In addition there are services such as gaming and advertising that may debit from a user account How Credit Control Application CCA Works for Prepaid Billing The following figure and steps describe how CCA works w...

Page 766: ...Step 6 When the initial amount of quota runs out system sends another request to the CCA and the CCA sends another portion of available credit quota Step 7 Subscriber session ends after either quota exhausts for subscriber or subscriber terminates the session Step 8 CCA returns unused quota to DW for update to subscribers Credit DB Step 9 EDRs and or UDRs are periodically SFTPd from system memory ...

Page 767: ... figure shows a typical deployment of ECS for postpaid billing system Figure 186 Postpaid Billing System Scenario with ECS Operator s Transport Network Internet System running ECS Rating CGF optional Billing AAA Data Warehouse Mediation CDR xDR Service Platform External CDR xDR Storage System Service Platform How ECS Postpaid Billing Works ECS Postpaid Billing in GPRS UMTS Networks The following f...

Page 768: ...authorization the system starts the session Step 3 Data packet flow and accounting starts Step 4 System periodically generates xDRs and stores them to the system memory Step 5 System generates G CDRs eG CDRs and sends them to GSS if deployed or to billing system directly as they are generated Step 6 EDRs UDRs are periodically SFTPd from system memory to ESS if deployed or to billing system directl...

Page 769: ...ileGen in GSS periodically runs to generate G CDRs eG CDRs files for billing system and send them to the billing system Step 12 The billing system picks up the xDR files from the ESS periodically Postpaid Billing in CDMA 2000 Networks The following figure and steps describe how ECS works within a CDMA 2000 network for postpaid billing Figure 188 Postpaid Billing with ECS in CDMA 2000 Network PDSN ...

Page 770: ... SFTPd from system memory to ESS if deployed or to billing system directly as they are generated Step 6 The billing system picks up the xDR files from the ESS periodically Step 7 Subscriber session ends after subscriber terminates the session Step 8 The system stores the last of the xDRs to the system memory and final xDRs are SFTPd from system memory to the ESS system if deployed or to billing sy...

Page 771: ...ed Configuring the secondary server is optional Whenever a file transfer to the primary server fails for four consecutive times the files will be transferred to the secondary server The transfer will switch back to the original primary server when Four consecutive transfer failures to the secondary server occur After switching from the primary server 30 minutes elapses In the push transfer mode th...

Page 772: ...R 5000 Series Product Overview OL 22938 02 System Resource Allocation ECS does not require manual resource allocation The ECS subsystem automatically allocates the resources when ECS is enabled on the chassis ECS must be enabled on the chassis before configuring services ...

Page 773: ...t In order for session recovery to work there should be at least four packet processing cards one standby and three active Per active CPU with active SessMgrs there is one standby SessMgr and on the standby CPU the same number of standby SessMgrs as the active SessMgrs in the active CPU There are two modes of session recovery one from task failure and another on failure of CPU or packet processing...

Page 774: ...on completion of switchover the ECS sessions are maintained and the now active chassis recreates all of the session state information including the generation of new xDRs Regardless of the type of switchover that occurred the names of the new xDR files will be different from those stored in the records directory of packet processing card RAM on the now standby chassis Also in addition to the file ...

Page 775: ...ers not associated with physical connectivity to the distribution node The fields timestamp SeqNumResetIndicator and FileSeqNumber are all locally generated by the specific system through CDR subsystem regardless of whether they are in an Inter chassis Session Recovery arrangement or not The timestamp value is unique to the system generating the actual xDRs and generated at the time the file is op...

Page 776: ...o the active state and begins serving the subscriber sessions that were being served by the now failed chassis Any subsequent new subscriber session will be processed by this active chassis and will generate xDRs per the standard processes and procedures However this transition impacts the xDRs for those subscribers that are in progress at the time of the transition For in progress subscribers a s...

Page 777: ...ins instructions for implementing and maintaining the Local short term External Storage Server L ESS Important The External Storage System is not a part of the Enhanced Charging Service ECS and must be purchased separately To purchase ESS contact your designated sales or service representative Important The procedures in this guide assume that you have installed and configured your chassis includi...

Page 778: ... lost by any failure The ESS has the capability of simultaneously fetching any types of files from one or more chassis That is it can fetch xDRs like CDR EDR NBR UDR file etc In case of Hard Disk Drive HDD support on the chassis the platform has the capability to push the xDR files to L ESS and then L ESS forwards these files to the required destinations If HDD is not configured on the platform L ...

Page 779: ...PP2 Correlation IDs on a PDSN system or Charging IDs on a GGSN system L ESS also pushes xDR files to external applications for post processing reporting subscriber profiling and trend analysis Local Short Term External Storage System The Local short term storage system L ESS is a storage server logically connected with the ASR 5000 and acts as an integrated network system The following are the req...

Page 780: ... two or more geographically co located or isolated chassis to pull xDRs In general L ESS provides the following functionalities Stores copy of records pulled from chassis Supports storage of up to 7 days worth of records Supports storage capacity of carrier class redundant Provides a means of limiting the amount of bandwidth in term of kbps used for the file transfer between chassis and L ESS Prov...

Page 781: ... is enabled for FTP must be configured SSH keys must be generated The SFTP subsystem must be enabled ESS System Requirements Important System requirement recommendation is dependent of different parameters including xDR generation compression deployment scenario etc Contact your sales representative for system requirements specific to your ESS deployment Minimum System Recommendations for Stand al...

Page 782: ...x 300 GB 10000 RPM mirrored SAS disks Four 10 100 1000 Ethernet ports 2 PCI X 8 PCIe 4 redundant AC power supplies INtelx64 core 4 socket Operating Environment Sun Solaris 10 Important For information on which server to be used for L ESS application contact your local sales representative Minimum System Recommendations for Cluster Deployment of L ESS Sun Microsystems Netra T5220 server 1 x 1 2GHz ...

Page 783: ...External Storage System Overview System Requirements Cisco ASR 5000 Series Product Overview OL 22938 02 5 x 300GB 15K drives AC or DC power supplies depending upon your application ...

Page 784: ......

Page 785: ...S network The GSS can collect eG CDRs and or G CDRs from a Gateway GPRS Support Node GGSN or the GSS can collect any of the following CDR types from a Serving GPRS Support Node SGSN M CDRs S CDRs SM MO CDRs SM MT CDRs This overview provides general information about the GSS including Product Description System Requirements and Recommendations IP Multipathing IPMP on GSS Server Optional Features of...

Page 786: ...ents GSS server application software PostgreSQL database FileGen utility Process monitor utility PSMON Cluster mode support Partnering with a GSN The GSS is an external application product that resides on a server separate from the ASR 5000 GSN GSS is only accessible if you have purchased this product separately and purchased and installed a GSS feature license on your ASR 5000 GSN system Prior to...

Page 787: ...ies depending on your application Quad Gigabit Ethernet interfaces 10 100 1000 Gigabit Ethernet Important It is recommended that you have separate interfaces in IPMP for mediation device and chassis Also for given IPMP the two interfaces should be on different cards Operating Environment Solaris 9 installed using the End User System support 64 bit software group with the latest available patches f...

Page 788: ...HBAs Dual RAID Controllers 5 x 300GB 15K drives AC or DC power supplies depending upon your application Optical 5 meter null ethernet cable Operating Environment Solaris 9 installed using the End User System support 64 bit software group with the latest available patches from Sun Microsystems Solaris 10 with Recommended Patch Cluster dated on or after July 16 2007 to Nov 2008 Sun Cluster Software ...

Page 789: ...oyment sections the following section offers information that can help you to plan hardware sizing needs based on the exact deployment scenario that you are using Hard Drive Partition Recommendations Following is the partition scheme required for GSS application Root partition should be at least 15 gigabyte GB The swap partitions tmp var run should be at least 3 GB globaldevices should be at least...

Page 790: ...arent network access failover for a system with multiple interfaces on the same IP link IPMP also provides load spreading of packets for systems with multiple interfaces For IPMP configuration refer to the Configuring IPMP on GSS Server section in the GSS Installation Management chapter Important IPMP is a feature supported on Sun Solaris provided by Sun Microsystems The configuration is included ...

Page 791: ...S application GSS FileGen Utility The GTPP Storage Server has a file generation utility called the GSS FileGen It is used to generate the CDR files for the billing systems which do not have direct billing interface with the GSN The GSS FileGen saves the CDRs stored in the GSS database to the disk files File Format Encoding for CDRs The file format determines the information organization and struct...

Page 792: ...escription Value 0x00 0x03 Offset Offset from EoH to first Unread CDR 4 Bytes 0x04 0x07 Encoding Basic Encoding Rule BER i e 1 4 Bytes 0x08 0x0b Number of CDRs Total number of CDRs in the file 4 Bytes 0x0c 0x0f Number of read CDRs Total number of read CDRs in the file 4 Bytes 0x10 0x13 File size Size of CDR file in bytes 4 Bytes 0x14 0x17 Abstract Syntax Notation One ASN 1 format definition versio...

Page 793: ...R information This also informs the GSS system that the file can be deleted during periodic cleanup custom5 Format This file format is similar to custom3 file format except that the sequence number for CDR file name is of six digits in length ranging from 000001 to 999999 Header No Header Contents EoF marker No EoF marker File name format Important This release of GSS does not support custom6 file...

Page 794: ...tmp file that was used to create the original data file Effectively this creates a copy and stores a hard link duplicate in this redundant directory The redundant directory is in the same partition and cannot be moved Hardlinked means that the redundant files are not deleted if when the original files are deleted By default this feature is disabled It can be enabled during the installation of the ...

Page 795: ...stem Provide enhanced availability of the system by enabling you to perform maintenance without shutting down the entire cluster Cluster Components Following are the cluster components work with GSS to provide this functionality GSS Cluster Node A GSS cluster node is a GSS server that runs both the GSS Application software and Cluster Agent software The Cluster Agent enables carrier to network two...

Page 796: ...ry and separate PostgreSQL database The alarms and events generated by each instance are sent to its corresponding chassis Individual GSS instance can also be stopped started or switched over Upgrade is smooth and involves minimum down time as possible Each GSS instance can be uninstalled separately and will not have any impact on the other instances Global installation can be only uninstalled if ...

Page 797: ...g Notif_Disk_Usage_Postgres_Database and Notif_Disk_Usage_Gss_Base parameters from gss configuration file and there is no configuration support from installation script or during installation For information on configuring these parameters refer to Modifying a GSS Configuration section in the GTPP Storage Server Administration chapter of this guide Important This feature does not support backward ...

Page 798: ...ing solution Optionally other elements are included as needed such as a billing mediation system a RADIUS AAA server a fiber channel common storage server and or a Charging Gateway Function CGF Deploying the GSS The following figure shows two typical deployments of the GSS in a GPRS UMTS network Figure 191 GSS in GPRS UMTS Network The SGSN SGSN Service and the GGSN GGSN Service incorporate a range...

Page 799: ...GTPP Storage Server Overview Network Deployments and Interfaces Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 192 GGSN Contexts and Interfaces ...

Page 800: ...n order to support a GSS the GSN system is configured with two components GTPP Storage Server GSS is configured in the same context as the GSN service s or any other accounting context The configuration of the GSN initiates the tasks that communicate with the GSS UDP interface on the GSN is bound to the GTPP Storage Server GSS The UDP interface is a proprietary interface used by the GSN system to ...

Page 801: ...w Network Deployments and Interfaces Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 193 GSS Cluster Nodes in a GPRS UMTS Network Ga BSS UTRAN SGSN GGSN GSS Cluster Node2 GSS Cluster Node1 Common Storage System Switches ...

Page 802: ...se CDR files have vendor specific extensions and formatting for the billing system to use To generate a CDR file the FileGen utility performs the following tasks It starts writing a raw file in GSS_install_dir data directory with name tmp Based on the CDR counts per file or the file life expiry it saves the target file with u extension using the specified file naming format Once the files are gene...

Page 803: ...rview OL 22938 02 Chapter 24 MUR Overview This chapter provides an overview of the Mobility Unified Reporting MUR application This chapter describes the following topics Introduction MUR Architecture MUR Deployment System Requirements ...

Page 804: ...eporting capability for Content Filtering Reporting Engine CF RE data bulk statistics EDRs data from in line service and storage applications The MUR application facilitates and enhances the operators ability to simply and easily determine the health and usage of the network Important The MUR receives the data in terms of EDRs which are generated based on the flow As the EDRs are flow based and th...

Page 805: ...otal number of flows in the EDR records Unique Subscriber Hits Report The Unique Subscriber Hits report provides an overview of the usage patterns of the entire subscriber population per protocol for example how many people are actually using VoIP TopN versus Total Traffic Report This report provides the summary of total usage traffic and Top N subscriber traffic for all the protocols over a speci...

Page 806: ...rtently not exposed to universally unacceptable content and or content inappropriate as per the subscribers preferences The CF RE report provides the summary of traffic over CF categories CF actions and CF ratings The CF actions that can be taken on the URL are as follows allow discard redirect url content insert terminate flow reply code terminate flow The CF ratings can be one of the following d...

Page 807: ...ats Microsoft Excel format To export a report to Microsoft Excel format use the get_excel_report script For more information about this script refer to the Generating Reports in Excel Format section in the MUR Administration and Management chapter of this guide PDF format To export a report to PDF format in the HOME and DPI REPORTS tabs of the MUR GUI click the Export to PDF button The PDF file is...

Page 808: ...rchitecture Cisco ASR 5000 Series Product Overview OL 22938 02 MUR Architecture The MUR solution consists of two components a server and a GUI client The following figure shows a typical organization of the MUR solution ...

Page 809: ... the standard PostGreSQL 8 3 database server This is started at the time of application startup Quartz Scheduling Engine This is the core of the MUR reporting solution It is used to schedule different tasks such as parsing of incoming data files bulkstat EDR etc trigger various canned reports on a periodic basis cleaning up of stored outdated data and files and so on ...

Page 810: ...selves represent meaningful data This is a very powerful concept introduced for faster processing of information The generators archive the files once they are parsed In archival the files are zipped and placed in the configured location Loggers The MUR application uses various loggers so that application logs with various severities are made available for debugging purpose Some of the components ...

Page 811: ...ration report viewing RDP management and optionally data processing Important RDP installation and registration is required only for network wide deployments For standalone installation no RDP is required For information on how to install the RDP refer to the Managing MUR Installation chapter of this guide Important RDP and MUR must be installed upgraded and uninstalled separately Important Before...

Page 812: ...e RDP pre processes the data and then periodically forwards them to the master MUR through SFTP for report generation Important If the distributed model of MUR is used then the SFTP user name and password should be the same as the MUR Administrator user s login name and password provided during installation For information on configuring SFTP details see the MUR Online Help documentation Each of t...

Page 813: ...2 JSON RPC SFTP Gateway 1 Gateway 2 Gateway 3 Gateway 4 Gateway 5 Gateway 6 Each of the registered RDPs will form a new region RDP region can be a child of the root of the MUR NOC or can be the child of another region However all the gateways associated with a RDP will always be the children of RDP region Important Only single MUR can communicate with an RDP simultaneously ...

Page 814: ...ter 1 Adapter 2 Mapping Aggregation Transform Report Designer Dashboard Query Engine Data Acquisition Data Processing Analytics Data Visualization Gatew ays Web based Client Data Storage Warehouse Excel Raw Data The MUR reporting server collects the EDRs and bulkstats from the gateways and processes the incoming data files and presents reports on Web based GUI The MUR application can generate repo...

Page 815: ...unt and number of gateways Sun Microsystems Netra X4450 server Quad Core Intel Xeon E7340 2 4MB L2 2 40 GHz 1066 MHz FSB 32GB RAM 8 300GB 10K RPM SAS disks Four 10 100 1000 Ethernet ports 2 PCI X 8 PCIe 4 redundant AC power supplies Intelx64 core 4 socket Operating Environment Sun Solaris 10 ZFS is the recommended file system with two ZFS pools One pool with minimal capacity two disks mirrored for...

Page 816: ......

Page 817: ...k Address Translation Overview This chapter provides an overview of Network Address Translation NAT in line service feature The following topics are covered in this chapter Supported Platforms and Products Licenses Supported Standards NAT Feature Overview How NAT Works ...

Page 818: ...es Product Overview OL 22938 02 Supported Platforms and Products NAT is an in line service feature supported on the Cisco ASR 5000 chassis running 3GPP 3GPP2 and LTE core network services PDSN HA GGSN and P GW Important For information on ASR 5000 please refer to the Product Overview Guide ...

Page 819: ...ice counting license Enhanced Charging Service Stateful Firewall Content Filtering etc For more information please contact your local sales representative Important For information on license requirements for any customer specific features please contact your local sales service representative Important For information on installing licenses see the Managing License Keys chapter of the System Admi...

Page 820: ...ogy and Considerations August 1999 RFC 3022 Traditional IP Network Address Translator Traditional NAT January 2001 RFC 3027 Protocol Complications with the IP Network Address Translator January 2001 RFC 4787 Network Address Translation NAT Behavioral Requirements for Unicast UDP January 2007 RFC 4966 Reasons to Move the Network Address Translator Protocol Translator NAT PT to Historic Status July ...

Page 821: ... subscriber is assigned with a public IP address NAT is not applied Important To get NATed the private IP addresses assigned to subscribers must be from the following ranges Class A 10 0 0 0 10 255 255 255 Class B 172 16 0 0 172 31 255 255 and Class C 192 168 0 0 192 168 255 255 NAT supports the following mappings One to One In one to one NAT each private IP address is mapped to a unique public NA...

Page 822: ...em to perform or not perform NAT based on one or more L3 L4 parameters This feature is also known as Target based NAT For more information see the Target based NAT Configuration section NAT IP pools have the following configurable parameters These parameters are applicable to all IP addresses in a NAT IP pool NAT IP Address Allocation Mode Specifies when to allocate a NAT IP address to a subscribe...

Page 823: ...mber of port chunks allowed for an individual subscriber from the same NAT IP address This will limit subscribers from dominating all the available ports in a many to one NAT IP A maximum of 2016 port chunks can be configured per subscriber Consider a case where a single TCP flow is active in a port chunk When this connection gets cleared the TCP NAT port goes to Time Wait state Since it is the la...

Page 824: ...dress and source port X x would get the same NAT IP address and NAT port X x irrespective of the destination IP address and port NAT will not allow any inbound packets to the NAT IP address and NAT port X x from an external host IP address and host port Y y unless the internal host MS had previously sent a packet of the same protocol type to that external IP address and Port Y y However this behav...

Page 825: ... expires the NAT IP address gets deallocated NAT Port chunk Allocation and Deallocation This section describes the Port chunk Allocation and Deallocation feature for many to one NAT NAT Port chunk Allocation Subscribers sharing a NAT IP address are allocated NAT ports in chunks The ports in a port chunk are always used for the subscriber to whom that port chunk is allocated irrespective of the pro...

Page 826: ...expired the port chunks will not be usable immediately only on NAT Binding Timer expiry will the port chunks become available for new subscribers NAT IP Address Port Allocation Failure When a packet cannot be translated the application can be notified by way of ICMP error messages if configured Translation failures may be due to no NAT IP address or port being available for translation Important I...

Page 827: ...tation id The IMSI of the mobile node radius fa nas identifier A string that identifies PDSN This field is optional if PDSN NAS IP address field is present radius fa nas ip address radius user name NAI of the mobile node sn correlation id If available The HA Correlation ID identifying the entire MIP session sn fa correlation id If available The PDSN Correlation ID as sent by the PDSN using the sam...

Page 828: ...AA server in accounting interim messages To send or not to send NBUs to the AAA server is configurable in the NAT IP pool configuration NBUs are supported for both one to one and many to one NAT IP pools An NBU contains the following attributes Alloc Flag Binding Timer Correlation Id Loading Factor NAT IP Address NAT Port Block End In the case of one to one NAT the value is 65535 NAT Port Block St...

Page 829: ... 0 and later releases NAT for UMTS and CDMA releases both use policy based configurations For more information please contact your local service representative Important In a Firewall and NAT policy a maximum of three NAT IP pools NAT IP pool groups can be configured A subscriber can be allocated only one NAT IP address per NAT IP pool NAT IP pool group hence at anytime there can only be a maximum...

Page 830: ...gured in the ECS rulebase To use the default policy configured in the ECS rulebase in the APN subscriber configuration the command to use the default rulebase policy must be configured AAA OCS The Firewall and NAT policy to be used can come from the AAA server or the OCS If the policy comes from the AAA OCS it will override the policy configured in the APN subscriber template and or the ECS ruleba...

Page 831: ...dress allocated to the subscriber from the NAT IP pool NAT IP pool group configured in that access ruledef If no NAT IP pool NAT IP pool group name is configured in the access ruledef matching the packet and if there is a NAT IP pool NAT IP pool group configured for no ruledef matches a NAT IP address from the NAT IP pool NAT IP pool group configured for no ruledef matches is allocated to the flow...

Page 832: ...oad so that FTP happens transparently through NAT This payload level translation is handled by the NAT ALG module The NAT module will have multiple NAT ALGs for each individual application or protocol Supported NAT ALGs This release supports NAT ALGs only for the following protocols File Transfer Protocol FTP Point to Point Tunneling Protocol PPTP If PPTP ALG is enabled NAT is supported for GRE fl...

Page 833: ... following are cumulative statistics that can be part of NAT bulkstats vpnname Context name realmname Realm name nat bind updates Total interim AAA NBU sent nat rlm bytes tx Total number of bytes transferred by realm uplink downlink nat rlm flows Total number of flows used by the realm nat rlm ip denied Total number of flows denied NAT IP address nat rlm port denied Total number of flows denied NA...

Page 834: ...pool This threshold value is applicable to all many to one NAT IP pools across the system However note that alarms are only generated for the first 100 many to one NAT IP pools from an alphabetical list of all NAT IP pools Session Recovery and ICSR In session recovery as part of the Private IP assigned to the subscriber The public IP address used for the subscriber is recovered The NAT IP address ...

Page 835: ...l be recovered as part of Firewall Flow Recovery algorithm All of the above items is applicable for ICSR as well Category Event Impacted Details One to One NAT Session No Session recovered New Traffic No NAT will be applied Ongoing Traffic Yes Cannot differentiate between ongoing traffic and unsolicited traffic A rule match is done and if allowed NAT will be applied accordingly on the packet Unsol...

Page 836: ...he following ranges for them to get translated Class A 10 0 0 0 10 255 255 255 Class B 172 16 0 0 172 31 255 255 and Class C 192 168 0 0 192 168 255 255 Important A subscriber can be allocated only one NAT IP address per NAT IP pool NAT IP pool group from a maximum of three pools pool groups Hence at any point there can be a maximum of three NAT IP addresses allocated to a subscriber Step 3 Flow s...

Page 837: ...Network Address Translation Overview How NAT Works Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 198 NAT Processing Flow ...

Page 838: ... no yes Is N A T en a bl ed yes D o e s bi nd in g e x is t U p da te s ta tis tic s a nd dr op the p ac k e t fail Is E C S e na b le d fo r s u bs c rib e r no yes Is EC S e n ab le d fo r s u b s c rib e r yes no Send to Internet Send to MS pass D ow nl in k N A T p ro c e s s in g Is N A T p ro c es s ing s u c c e s s ful U p d ate s tatis tic s an d d ro p th e p a c k e t fail pass no ...

Page 839: ...Network Address Translation Overview How NAT Works Cisco ASR 5000 Series Product Overview OL 22938 02 ...

Page 840: ... U pd a te s ta ti s tic s a nd D o S a ttac k s a n d d ro p th e p ac k e t fail pass M a tc hin g fl ow ex i s ts fo r the p ac k e t U p d a te flo w s tats for pa c k e t yes no T r an s p o rt la y er h e ad e r an d s tate c he c k s fail pass U pd a te s ta ti s tic s a nd D o S a ttac k s a nd d ro p th e pa c k e t IP R ea s s e m b ly U p da te s ta tis tic s an d d ro p th e p a c k et...

Page 841: ...Network Address Translation Overview How NAT Works Cisco ASR 5000 Series Product Overview OL 22938 02 ...

Page 842: ...o If N AT h a s to b e a p pl ie d yes Is IP a v a ila b le U p d ate s tatis tic s an d dr op the p a c k e t yes no If b uffe rin g en a ble d yes B uffe r p ac k ets S e n d IP a ll oc a tio n re qu e s t VPN IP a llo c a tio n re s po n s e U pd a te s tati s ti c s a nd d ro p th e pa c k e t fails denied pass C h ec k p o rt a v ai la bi lity an d m a pp in g ta bl e yes U p d ate s tatis ti...

Page 843: ...s pass yes U pl ink N A T p ro c e s s in g C re a te F W fl ow up d ate th e fl ow a nd p ac k e t s tats T o E C S for fur th e r p r oc e s s in g F lo od in g d e tec te d U p da te s ta tis tic s a n d d ro p th e p a c k et yes no N A T T ra n s la tio n Is N A T p ro c e s s in g s u c c e s s fu l no yes U p da te s ta tis tic s a n d d ro p th e p ac k et ...

Page 844: ......

Page 845: ...bility Management Entity MME in 3GPP Long Term Evolution System Architecture Evolution wireless data networks This overview provides general information about the MME including SAE Network Summary Product Description Product Specification Network Deployment and Interfaces Features and Functionality Base Software Features and Functionality Licensed Enhanced Feature Software How MME Works Supported ...

Page 846: ... lower latency for a variety of radio access technologies SAE defines the packet network supporting the high bandwidth radio network as the Evolved Packet Core EPC The EPC provides mobility between 3GPP GSM UMTS and LTE and non 3GPP radio access technologies including CDMA WiMAX WiFi High Rate Packet Data HRPD evolved HRPD and ETSI defined TISPAN networks The following figure shows the interworkin...

Page 847: ...sco ASR 5000 Series Product Overview OL 22938 02 Internet S GW eNodeB MME PCRF 3GPP AAA HSS OCS OFCS EPC E UTRAN P GW Non 3GPP SGSN GERAN UTRAN Enterprise ePDG WLAN E UTRAN EPC Network Components The E UTRAN EPC network is comprised of the following components ...

Page 848: ...d from the MME Scheduling and transmission of broadcast information originated from the MME or OA M Measurement measurement reporting configuration for mobility and scheduling Mobility Management Entity MME The MME is the key control node for the LTE access network The MME provides the following basic functions NAS signalling signalling security UE access in ECM IDLE state including control and ex...

Page 849: ...e downlink e g setting the DiffServ Code Point Accounting Handling of Router Solicitation and Router Advertisement messages if PMIP based S5 and S8 are used MAG for PMIP based S5 and S8 PDN Gateway P GW For each UE associated with the EPS there is at least one P GW providing access to the requested PDN If a UE is accessing multiple PDNs there may be more than one P GW for that UE The P GW provides...

Page 850: ...PDN Provide idle mode UE tracking and paging procedure including retransmissions Responsible for authenticating the user by interacting with the HSS Work as termination point for the Non Access Stratum NAS signaling Responsible for generation and allocation of temporary identities to UEs It checks the authorization of the UE to camp on the service provider s Public Land Mobile Network PLMN and enf...

Page 851: ...e signalling for mobility between 3GPP access networks terminating S3 UE Reachability in ECM IDLE state including control and execution of paging retransmission Tracking Area list management PDN GW and Serving GW selection MME selection for handover with MME change SGSN selection for handover to 2G or 3G 3GPP access networks Roaming S6a towards home HSS Authentication Bearer management functions i...

Page 852: ...ption Cisco ASR 5000 Series Product Overview OL 22938 02 MAP based Gr interface to legacy HLR Important Some of the features may not be available in this release Kindly contact your local Cisco representative for more information on supported features ...

Page 853: ...e acquired and installed to use the MME service The following licenses are available for this product MME Software Bundle License 10K Sessions 600 00 01 7646 MME Software Base License 1K Sessions 600 00 01 7648 For more information on supported features refer Features and Functionality sections Hardware Requirements Information in this section describes the hardware required to enable the MME serv...

Page 854: ...n the ASR 5000 system only and is commonly referred to as the Quad GigE Line Card or the QGLC The QGLC is installed directly behind its associated PSC PSC2 to provide network connectivity to the packet data network 10 Gig E Line Cards XGLCs The 10 Gigabit Ethernet Line Card is used in the ASR 5000 system only and is commonly referred to as the XGLC The XGLC supports higher speed connections to pac...

Page 855: ...llowing information is provided in this section MME in the LTE SAE Network Supported Interfaces MME in the LTE SAE Network The following figure displays simplified network views of the MME in an LTE SAE network with GPRS UMTS network as neighboring network Figure 203 The MME in LTE SAE Networks and Interfaces Supported Interfaces In support of both mobile and network originated subscriber UE conte...

Page 856: ...tes with the HSSs on the PLMN using Diameter protocol One or more S6a interfaces can be configured per system context S10 Interface This is the interface used by the MME to communicate with MME in same PLMN or on different PLMNs This interface is also used for MME relocation and MME to MME information transfer or handoff One or more S10 interfaces can be configured per system context Note This int...

Page 857: ...work initiated UE contexts For network initiated UE contexts the MME will communicate with the protocol convertor using eGTP The convertor in turn will communicate with the HLR using MAP over Signalling System 7 SS7 One or more Gr interfaces can be configured per system context Note This interface will be supported in furture release Important MME Software also supports additional interfaces For m...

Page 858: ...trol Functions Network Entity Management Network Operation Management Functions System Management Features Subscriber Session Management Features This section describes following features EPS Bearer Context Support NAS Protocol Support EPS GTPv2 Support on S11 Interface Subscriber Level Session Trace EPS Bearer Context Support Provides support for subscriber default and dedicated Evolved Packet Sy...

Page 859: ... NAS protocol includes following elementary procedures for EPS Mobility Management EMM and EPS Session Management ESM EPS Mobility Management EMM This feature used to support the mobility of user equipment such as informing the network of its present location and providing user identity confidentiality It also provides connection management services to the session management SM sublayer An EMM con...

Page 860: ...hether the subscriber is visiting roaming or home By default the MME always accepts the charging characteristics from the SGSN They must always be provided by the SGSN for GTPv1 requests for primary EPS Bearer contexts If they are not provided for secondary EPS Bearer contexts the MME re uses those from the primary If the system is configured to reject the charging characteristics from the SGSN th...

Page 861: ... dual redundant hard drives The Trace Depth defines the granularity of data to be traced Six levels are defined including Maximum Minimum and Medium with ability to configure additional levels based on vendor extensions All call control activity for active and recorded sessions is sent to an off line Trace Collection Entity TCE using a standards based XML format over a FTP or secure FTP SFTP conne...

Page 862: ...rer When it is necessary to set up a dedicated bearer the PDN GW initiates the Create Dedicated Bearer Request which includes the IMSI permanent identity of mobile access terminal Traffic Flow Template TFT 5 tuple packet filters and S5 Tunnel Endpoint ID TEID information that is propagated downstream via the SGW over the S11 interface to the MME The Dedicated Bearer signaling includes requested Qo...

Page 863: ... Diameter protocol Release 8 3GPP TS 33 401 V8 2 1 2008 12 3rd Generation Partnership Project Technical Specification Group Services and System Aspects 3GPP System Architecture Evolution SAE Security Architecture Release 8 RFC 3588 Diameter Base Protocol December 2003 The S6a protocol is used to provide AAA functionality for subscriber EPS Bearer contexts through Home Subscriber Server HSS During ...

Page 864: ...ilable MME for serving a UE Selection is based on network topology i e the selected MME serves the UE s location and in case of overlapping MME service areas the selection function may prefer MME s with service areas that reduce the probability of changing the MME Packet Data Network Gateway P GW Selection Provides a straightforward method based on a default APN provided during user attachment and...

Page 865: ...o set up both local breakout and home routed sessions for these subscribers 3GPP R8 Identity Support Provides the identity allocation of following type EPS Bearer Identity Globally Unique Temporary UE Identity GUTI Tracking Area Identity TAI MME S1 AP UE Identity MME S1 AP UE ID EPS Bearer Identity An EPS bearer identity uniquely identifies EPS bearers within a user session for attachment to the E...

Page 866: ...he UE The TAI list should not be very long as this would mean that the paging load would be high There is a trade off between paging load and Tracking Area Update procedures number To avoid ping pong effect the MME includes the last visited TAI provided that the TA is handled by the MME in the TAI list assigned to the UE The tracking area list assigned to different UEs moving in from the same trac...

Page 867: ...ensure that this load re balancing does not overload other MMEs within the pool area or neighboring SGSNs as this might lead to a much wider system failure Radio Resource Management Functions Benefits Radio resource management functions are concerned with the allocation and maintenance of radio communication paths and are performed by the radio access network Description To support radio resource ...

Page 868: ...lity network element NE and element management system Web Element Manager functions The system provides element management applications that can easily be integrated using standards based protocols CORBA and SNMPv1 v2 into higher level management systems giving wireless operators the ability to integrate the system into their overall network service and business management systems In addition all ...

Page 869: ...nt Provides complete Fault Configuration Accounting Performance and Security FCAPS capabilities Can be easily integrated with higher level network service and business layer applications using the Object Management Group s OMG s Interface Definition Language IDL The following figure demonstrates these various element management options and how they can be utilized within the wireless carrier netwo...

Page 870: ...ics can be pulled manually from the chassis or sent at configured intervals The bulk statistics are stored on the receiver s in files The format of the bulk statistic data files can be configured by the user Users can specify the format of the file name file headers and or footers to include information such as the date chassis host name chassis uptime the IP address of the system generating the s...

Page 871: ...orts conditions using one of the following mechanisms SNMP traps SNMP traps have been created that indicate the condition high threshold crossing and or clear of each of the monitored values Generation of specific traps can be enabled or disabled on the chassis Ensuring that only important faults get displayed SNMP traps are supported in both Alert and Alarm modes Logs The system provides a facili...

Page 872: ... Base Software Cisco ASR 5000 Series Product Overview OL 22938 02 The MME implements AES algorithm 128 EEA1 and 128 EEA2 for NAS signalling ciphering and SNOW 3G algorithm 128 EIA1 and 128 EIA2 for NAS signalling integrity protection 128 EIA1 SNOW 3G 128 EIA2 AES ...

Page 873: ...nabled during the software patch upgrading it helps to permit preservation of existing sessions on the active PSC during the upgrade process Session recovery is performed by mirroring key software processes e g session manager and AAA manager within the system These mirrored processes remain in an idle state in standby mode wherein they perform no processing until they may be needed in the case of...

Page 874: ...anced Feature Configuration Guide License 600 00 7513 600 00 7546 600 00 7552 600 00 7554 IPv6 Support This feature allows IPv6 subscribers to connect via the GPRS UMTS infrastructure in accordance with the following standards RFC 2460 Internet Protocol Version 6 IPv6 Specification RFC 2461 Neighbor Discovery for IPv6 RFC 2462 IPv6 Stateless Address Autoconfiguration RFC 3314 Recommendations for I...

Page 875: ...RFC 2402 IP Authentication Header AH RFC 2406 IP Encapsulating Security Payload ESP RFC 2409 The Internet Key Exchange IKE RFC 3193 Securing L2TP using IPSEC November 2001 IP Security IPSec is a suite of protocols that interact with one another to provide secure private communications across IP networks These protocols allow the system to establish and maintain secure tunnels with peer security ga...

Page 876: ...ion PDN Access Application Important For more information on IPSec support refer IP Security chapter in System Enhanced Feature Configuration Guide License 600 00 7507 Lawful Intercept Provides a standards based architecture for lawful monitoring and interception of subscriber call control events as mandated by a warrant from a law enforcement agency In accordance with 3GPP TS 33 108 Release 8 req...

Page 877: ...ts Tracking Area Updates UE requested PDN connectivity UE requested PDN disconnection Important For more information on Lawful Intercept support refer Lawful Intercept Configuration Guide License Lawful Intercept is included with purchase of MME bundle MME Inter Chassis Session Recovery The ASR 5000 provides industry leading carrier class redundancy The systems protects against all single points o...

Page 878: ...on about the chassis such as its configuration and priority A dead interval is used to set a time limit for a Hello message to be received from the chassis peer If the standby chassis does not receive a Hello message from the active chassis within the dead interval the standby chassis transitions to the active state In situations where the redundancy link goes out of service a priority scheme is u...

Page 879: ...ponent is fully compatible with the fault tolerant Sun Solaris operating system The following figure demonstrates these various element management options and how they can be utilized within the wireless carrier network Figure 207 Element Management Methods Important MME management functionality is enabled by default for console based access For GUI based management support refer Web Element Manag...

Page 880: ...he possible APNs that subscribers will be accessing must be configured within the P GW system Each APN template consists of parameters pertaining to how EPS Bearer contexts are processed such as the following PDN Type The system supports IPv4 IPv6 or IPv4v6 Timeout Absolute and idle session timeout values specify the amount of time that an MS can remain connected Quality of Service Parameters pert...

Page 881: ...he subscriber is provided basic access to a PDN without the MME authenticating the subscriber Either a static or dynamic IP address can be assigned to the MS in this scenario User initiated Non transparent IP An IP EPS Bearer context request is received by the MME from the UE for a PDN The MME provides subscriber authentication services for the data session Either a static or dynamic IP address ca...

Page 882: ...s procedure 2 After Random Access procedure completion UE sends Attach Request with user identity to eNodeB 3 The eNodeB forwards the Attach Request to MME 4 MME starts Authentication procedure with eNodeB and UE 5 Once UE get authenticated MS sends Update Location Request to HSS with user IMSI derived during Authentication procedure 6 Once user get validated at HSS with IMSI HSS sends Insert Subs...

Page 883: ...nitiated subscriber de registration procedure Figure 209 Subscriber De registration Setup Message Flow eNodeB Detach Request MME Detach Request Random Access procedure Serving GW PDN GW HSS Delete Bearer Request Delete Bearer Request Delete Bearer Response Delete Bearer Response Purge UE Ack Purge UE Detach Accept Detach Accept S1 Release Command Radio Resource Release S1 Release Complete 1 1 1 2 ...

Page 884: ... and S1 link released for this UE 14 Once S1 link released for subscriber MME sends the Purge UE Request to HSS 15 HSS clears all UE data and sends the Purge UE Ack to MME and subscriber de registered Service Request Procedure The Service Request procedure is used by the UE in the ECM Idle state to establish a secure connection to the MME as well as request resource reservation for active contexts...

Page 885: ... 11 12 13 14 15 1 UE and eNodeB performs Random Access procedure 2 UE sends service request RRC Connection Request to eNodeB 3 eNodeB forwards Service request in Initial UE message to MME 4 eNodeB preforms contention resolution with UE 5 eNodeB starts RRC connection reconfiguration 6 eNodeB sends RRC Connection Request Complete and Reconfiguration Complete message to UE 7 Authentication procedure ...

Page 886: ...est procedure Figure 211 Network initiated Service Request Message Flow 1 Downlink data received on S GW from PDN for targeted UE 2 S GW sends Downlink Data notification to MME for a targeted UE 3 MME sends Downlink Data notification acknowledgement to S GW 4 MME send Paging request to eNodeB for targeted UE 5 eNodeB broadcasts Paging request in its coverage area for UE 6 Once identified UE locate...

Page 887: ...Evolution CT WG1 Aspects Release 8 3GPP TS 29 274 V8 1 0 2009 03 3rd Generation Partnership Project Technical Specification Group Core Network and Terminals 3GPP Evolved Packet System EPS Evolved General Packet Radio Service GPRS Tunnelling Protocol for Control plane GTPv2 C Stage 3 Release 8 3GPP TS 33 401 V8 2 1 2008 12 3rd Generation Partnership Project Technical Specification Group Services an...

Page 888: ...ention for Defining Traps for use with the SNMP March 1991 RFC 1224 Techniques for managing asynchronously generated alerts May 1991 RFC 1256 ICMP Router Discovery Messages September 1991 RFC 1305 Network Time Protocol Version 3 Specification Implementation and Analysis March 1992 RFC 1332 The PPP Internet Protocol Control Protocol IPCP May 1992 RFC 1398 Definitions of Managed Objects for the Ethe...

Page 889: ...pecification of the Controlled Load Network Element Service RFC 2246 The Transport Layer Security TLS Protocol Version 1 0 January 1999 RFC 2328 OSPF Version 2 April 1998 RFC 2344 Reverse Tunneling for Mobile IP May 1998 RFC 2394 IP Payload Compression Using DEFLATE December 1998 RFC 2401 Security Architecture for the Internet Protocol RFC 2402 IP Authentication Header AH RFC 2406 IP Encapsulating...

Page 890: ...2000 RFC 3007 Secure Domain Name System DNS Dynamic Update November 2000 RFC 3012 Mobile IPv4 Challenge Response Extensions November 2000 RFC 3056 Connection of IPv6 Domains via IPv4 Clouds February 2001 RFC 3101 OSPF NSSA Option January 2003 RFC 3143 Known HTTP Proxy Caching Problems June 2001 RFC 3193 Securing L2TP using IPSEC November 2001 RFC 3314 Recommendations for IPv6 in Third Generation P...

Page 891: ...administration guides provide procedures to configure basic functionality of core network service It is recommended that you select the configuration example that best meets your service model and configure the required elements for that model as described in the respective product Administration Guide before using the procedures in this chapter This chapter covers the following topics Supported P...

Page 892: ...w Supported Platforms and Products Cisco ASR 5000 Series Product Overview OL 22938 02 Supported Platforms and Products P2P is an in line service supported on ASR 5000 running 3GPP 3GPP2 LTE and WiMAX core network services ...

Page 893: ...etwork licenses and other requirements please contact your local sales representative For information on license requirements for any customer specific features please contact your local sales service representative Important For information on obtaining and installing licenses refer to the Managing License Keys section of the Software Management Operations chapter in the System Administration and...

Page 894: ...pecifications A small class of P2P protocols is stealthier and more challenging to detect For some protocols no set of fixed markers can be identified with confidence as unique to the protocol Operators care about P2P traffic because of the behavior of some P2P applications for example Bittorrent Skype and eDonkey Most P2P applications can hog the network bandwidth such that 20 P2P users can gener...

Page 895: ... 22938 02 Freenet Fring Gadu Gadu Gnutella Google Talk Voice Non voice Half Life 2 HamachiVPN IAX iMesh IPTV IRC iSkoot Jabber Manolito MSN Voice Non Voice Mute Nimbuzz ooVoo OpenFT Orb Oscar AoL Voice Non Voice Paltalk Pando Pandora PoPo PPLive PPStream QQ QQgame QQLive Quake ...

Page 896: ...tocol statistics via bulkstats and via report records including UDR types Summarizing data usage for a given content type EDR types Specific to a particular event e GCDRs Specific to 3GPP Upon detection of a P2P protocol for a particular flow one of the following actions can be applied Blocking P2P traffic blocking protocol s and discarding traffic Bandwidth policing limiting the bandwidth applied...

Page 897: ...following P2P protocols ActiveSync AppleJuice Ares Battlefield BitTorrent DirectConnect eDonkey FastTrack Filetopia Fring Gadu Gadu Gnutella Google Talk iMesh IRC iSkoot Jabber Manolito MSN voice non voice Mute Nimbuzz ooVoo Orb Oscar Paltalk Pando PoPo PPLive PPStream QQ QQLive Skype voice non voice Slingbox SopCast SoulSeek UUSee ...

Page 898: ...l be unable to decode the required voice information The chunk size for achieving degradation of voice call varies from one protocol to another The Random Drop decision has to be made once for a chunk of packets By choosing the random drop time from a configured range the drop is achieved at random seconds within a configured range The packets will drop within a known period of time For example if...

Page 899: ...nually loaded on that system every time the system reboots it will load the default version A P2P signature file can support upgrade for multiple P2P protocols that are enabled for dynamic upgrade Operators can selectively upgrade the detection for specific protocol s Patches can be rolled down with out any negative impact to the system If an incorrect signature file is loaded by mistake the versi...

Page 900: ... loading the rules would use these rules There can only be a maximum of two signature files loaded on the system s memory at any point of time If a loaded signature file has active calls and the operator loads a newer version of the rule file the older file will be removed from the memory once all the calls referring to it have ended All calls generated after loading the new file will use the newe...

Page 901: ...g Rulebases groups of ruledefs of the corresponding names are activated For P2P rules to work in the group of ruledefs P2P detection has to be enabled in the rulebase statically Static policy is supported initially A default subscriber profile is assumed and can be overwritten on the gateway Per subscriber static policy is pulled by the gateway from the AAA service at subscriber authentication The...

Page 902: ...ation Important In order for session recovery to work there should be at least four packet processing cards PSCs PSC2s one standby and three active Per active CPU with active SessMgrs there is one standby SessMgr and on the standby CPU the same number of standby SessMgrs as the active SessMgrs in the active CPU There are two modes of session recovery one from task failure and another on failure of...

Page 903: ...used for searching new peers which have the file the user wants to download The download itself uses the eDonkey protocol However the Kademlia protocol is not detected as eDonkey The eDonkey client eMule supports a text chat that is not detected as eDonkey Yahoo Yahoo HTTP downloads for yahoo games images and ads that come during yahoo messenger startup are not detected as Yahoo If configured thes...

Page 904: ...he first packet of these UDP flows Untested Gnutella clients may have more strange patterns causing drop in the detection The Morpheus Client creates a lot of TCP flows without any string pattern in the application header These flows are not currently detected Winny The Winny client also supports bbs This is currently not detected FastTrack SSL packets and HTTP packets from the Kazaa client is not...

Page 905: ...2P protocols emit these patterns regularly sometimes as early as the next flow created by the application When the system sees the pattern again it re learns the subscriber state and starts detecting the protocol In this release P2P rules cannot be combined with UDP and TCP rules in one ruledef ...

Page 906: ......

Page 907: ...erview This chapter provides an overview of the Personal Stateful Firewall In line Service This chapter covers the following topics Supported Platforms and Products Licenses Overview Supported Features How Personal Stateful Firewall Works Understanding Firewall Rules with Stateful Inspection ...

Page 908: ...roduct Overview OL 22938 02 Supported Platforms and Products The Personal Stateful Firewall is an in line service feature available on the Cisco ASR 5000 chassis running 3GPP 3GPP2 and WiMAX core network services Important For information on ASR 5000 please refer to the Product Overview Guide ...

Page 909: ...ure requiring the following license 600 00 7571 Per Subscriber Stateful Firewall 1k sessions Important For information on license requirements for any customer specific features please contact your local sales service representative Important For information on installing licenses see the Managing License Keys chapter of the System Administration and Configuration Guide ...

Page 910: ...ying to establish a new connection or is a rogue packet In stateful inspection the firewall not only inspects packets up through the application layer layer 7 determining a packet s header information and data content but also monitors and keeps track of the connection s state For all active connections traversing the firewall the state information which may include IP addresses and ports involved...

Page 911: ...o its intended users DoS attacks can result in A host consuming excessive resources memory disk space CPU time etc eventually leading to a system crash or providing very sluggish response Flooding of the network to the extent that no valid traffic is able to reach the intended destination Confusing target TCP IP stack on destination hosts by sending crafted malformed packets eventually resulting i...

Page 912: ...ceived with RST Data without connection established Invalid TCP connection requests Invalid TCP pre connection requests Invalid ACK value cookie enabled Invalid TCP packet length Short TCP header length TCP checksum errors SEQ ACK out of range TCP null scan attacks Post connection SYN No TCP flags set All TCP flags set Invalid TCP packets Flows closed by RST before 3 Way handshake Flows timed out ...

Page 913: ...ntially a port scan consists of sending a message to each port on the host one at a time The kind of response received indicates whether the port is used and can therefore be probed further for weakness This way hackers find potential weaknesses that can be exploited Stateful Firewall provides protection against port scanning by implementing port scan detection algorithms Port scan attacks are onl...

Page 914: ...allows only packets for new connections initiated from internal hosts to external hosts and disallows packets for new connections initiated from external hosts to internal hosts Stateless Packet Inspection and Filtering Support Stateful Firewall service can be configured for stateless processing In stateless processing packets are inspected and processed individually Stateless processing is only a...

Page 915: ...imeout parameter is configurable for uplink and downlink directions If the value is set to zero firewall flow recovery is disabled If the value is non zero then firewall will be bypassed for packets from MS Internet until the time configured uplink downlink Once the manager recovers the recovery timeout timer is started During this time If any ongoing traffic arrives from the subscriber and no ass...

Page 916: ... for generating and clearing alarms Dos Attacks When the number of DoS attacks crosses a given value a threshold is raised and it is cleared when the number of DoS attacks falls below a value in a given period of time Drop Packets When the number of dropped packets crosses a given value a threshold is raised and it is cleared when the number of dropped packets falls below a value in a given period...

Page 917: ... and NAT policy configured in the ACS rulebase has the least priority If there is no policy configured in the APN subscriber template and or no policy to use is received from the AAA OCS only then the default policy configured in the ACS rulebase is used APN Subscriber Template The Firewall and NAT policy configured in the APN subscriber template overrides the default policy configured in the ACS ...

Page 918: ...date The Firewall and NAT policy can be updated mid session provided firewall policy was enabled during call setup Important When the firewall AVP contains disable during mid session firewall policy change there will be no action taken as the Firewall and NAT policy cannot be disabled dynamically The policy currently applied will continue Important When a Firewall and NAT policy is deleted for all...

Page 919: ...and wait for fragments IP header checks Update statistics and DoS attacks and drop the packet fail pass Matching flow exists for the packet Update flow stats for packet no Transport layer header and state checks fail pass Update statistics and DoS attacks and drop the packet IP Reassembly Update statistics and drop the packet In progress Transport layer header and state checks Update statistics an...

Page 920: ... limit per subscriber reached yes Update statistics and drop the packet pass Max allowed memory limits of SessMgr reached Update statistics and drop the packet yes no Max no of flows per SessMgr reached Update statistics and drop the packet yes FW rule match denied Update statistics and drop the packet no Flooding detected Update statistics and drop the packet yes no allowed no ...

Page 921: ...onal Stateful Firewall Works Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 215 Continued Stateful Firewall Processing Create FW flow update the flow and packet stats Intercept and port scan processing no To ECS for further processing ...

Page 922: ...ction enable disable An access ruledef can be added to multiple Firewall and NAT policies A combined maximum of 4096 rules host pools IMSI pools port maps charging ruledefs firewall access ruledefs routing ruledefs can be created in a system Access ruledefs are different from ACS ruledefs Firewall and NAT Policy Firewall policies can be created for individual subscribers domains or all callers wit...

Page 923: ...as well defined session connection states TCP tracks the state of its connections with flags as defined for TCP protocol The following table describes different TCP connection states Table 94 TCP Connection States State Flag Description TCP Establishing Connection CLOSED A non state that exists before a connection actually begins LISTEN The state a host is in waiting for a request to start a conne...

Page 924: ... after a preconfigured timeout value reached ICMP Protocol and Connection State ICMP is also a connection less network protocol The ICMP protocol is often used to return error messages when a host or protocol cannot do so on its own ICMP response type messages are precipitated by requests using other protocols like TCP or UDP This way of messaging and its connection less and one way communication ...

Page 925: ...all session s state As it uses a single established connection from the client to the server the state of the connection matches with the TCP state tracking Personal Stateful Firewall uses application port mapping along with FTP application level content verification and validation with DPI functionality in the chassis It also supports Pinhole data structure and Initialization wherein FTP ALG pars...

Page 926: ......

Page 927: ...plication that provides complete Fault Configuration Accounting Performance and Security FCAPS management capability for the system For maximum flexibility and scalability the WEM application implements a client server architecture This architecture allows remote clients with Java enabled web browsers to manage one or more systems via the server component which implements the CORBA interfaces The ...

Page 928: ... severity level for each alarm Maintain statistics for generated alarms Store alarm information in the PostgreSQL database Execute scripts through the Script Server component of the application Send E mail notifications and or forward notifications to Network Management Servers NMSs using a CORBA IIOP based Northbound Interface Compliancy with the following standards TS 32 111 3 3rd Generation Par...

Page 929: ...rther simplifies the software upgrade process by providing tools for managing system configuration files Back up Tool Enables the Web Element Manager to transfer a copy of the configuration file currently being used by a managed system at user defined intervals Files are transferred to the host server in a specific directory The number of files to retain in the directory is also configurable This ...

Page 930: ...nager CPU and memory utilization disk space and process status and its managed systems hardware protocols software subsystems and subscribers is collected in real time and is displayed in tabular format Alternatively most of the information can be graphed as a function of time in either line or bar chart format Multiple statistics can be graphed simultaneously for quick comparison of data In addit...

Page 931: ...s Security Administrator Security Administrators have read write privileges and can execute all CLI commands including those available to Administrators Operators and Inspectors Provide authentication and privilege restoration based on the login information entered by administrative users Monitor current system or application level administrative users in real time and optionally terminate their m...

Page 932: ...dundancy support All databases used for audit trail performance and statistical information event management and device inventory information will be stored on the Web Element Manager server using the UNIX file system In the event of a server failure a backup server could quickly access the latest configuration inventory and other information Multiple language support The Web Element Manager provi...

Page 933: ...t It is recommended that users ensure all recommended patches are installed before performing a new installation or software upgrade Solaris 8 with Recommended Patch Cluster dated on or after April 2006 Important Users based in the United States should ensure that the timezone patch 109809 05 or later and libc patch 108993 52 or later be installed in support of extended daylight savings time DST s...

Page 934: ... recommended that you use an X Windows client Client Access Workstation supporting Solaris Sun Linux UNIX Microsoft Windows XP Windows 2000 Windows 7 or Windows NT operating system Java Runtime Environment JRE version 1 5 or 1 6 Important It is recommended that users should use JRE 1 4 2_11 or later or 1 5 update 6 or later Java policy file obtained during initial access to the Web Element Manager...

Page 935: ... with the WEM by establishing session with the server using the Hyper Text Transport Protocol HTTP The session is hosted by the Apache Web Server which launches a Java applet providing a graphical user interface for managing the system When HTTPS is mentioned in the URL instead of HTTP secure connection is established between the WEM client and WEM server The Apache Web Server is also used to exec...

Page 936: ...nt Configuration Management CM Notification Integration Reference Point IRP Common Object Request Broker Architecture CORBA Solution Set SS Configuration Management The Web Element Manager implements an easy to use point and click GUI for providing configuration management for one or more systems This GUI provides all the flexibility offered by the system s command Line Interface CLI while providi...

Page 937: ...tion changes that occurred during system operation Accounting Management Accounting management operations allow users to examine and perform post process statistical analysis on systems managed by the Web Element Manager application The type of statistics used for element management based accounting are called bulk statistics Bulk statistics are grouped into categories called schemas and are polle...

Page 938: ... you to Add modify or delete administrative users for both the application and the managed system Regardless of the administrative user type there are four levels of management user privileges Inspector Inspectors are limited to a small number of read only Exec Mode commands The bulk of these are show commands giving the inspector the ability to view a variety of statistics and conditions The Insp...

Page 939: ...rable number of days and will be barred from reusing the same password for a configurable number of password change cycles Too many failed login attempts will result in an account lockout which may be removed either by an administrator or by waiting for a defined period of time to elapse WEM Process Monitor The Process Monitor PSMon is a Perl script that monitors the status of processes pertaining...

Page 940: ...ript to execute and the trap logged time to the Script Server An acknowledgement is sent and the script is executed by the Script Server In the event an error is experienced while executing the script the Script Server generates an SNMP trap PostgreSQL Database Server The PostgreSQL Database consists of multiple databases maintaining information pertaining to the following WEM functions Configurat...

Page 941: ...Overview OL 22938 02 WEM Logger The WEM application generates and stores logs pertaining to server installation and operation The logs can be stored locally or to another server In addition the WEM provides enhanced logging functionality for customizing log output and log files ...

Page 942: ......

Page 943: ...Cisco ASR 5000 Series Product Overview OL 22938 02 Chapter 30 Technical Specifications ...

Page 944: ...thin the chassis Chassis The dimensions in table below apply to the ASR 5000 Table 95 Physical Dimensions ASR 5000 Chassis Height Width Depth 24 50 in 62 23 cm 17 5 in 44 45 cm 24 0 in 60 96 cm Application Cards Table 96 Physical Dimensions ASR 5000 Application Cards Height Width Depth 17 05 in 46 31 cm 1 01in 2 56 cm 14 10 in 35 81cm Table 97 Physical Dimensions XGLC Height Width Depth 17 48 in 4...

Page 945: ...n Tray Table 99 Physical Dimensions Lower Fan Tray Height Width Depth 2 50 in 6 35 cm 16 25 in 41 27 cm 17 25 in 43 82 cm Upper Fan Tray Table 100 Physical Dimensions Upper Fan Tray Height Width Depth 2 875 in 7 30 cm 16 25 in 41 27 cm 19 375 in 49 21 cm Power Filter Unit Table 101 Physical Dimensions 165A Power Filter Unit Height Width Depth 3 6 in 9 14 cm 8 25 in 20 96 cm 5 12 in 13 00 cm ...

Page 946: ...ll other components installed Table 102 Platform Fully Loaded Weight Platform Fully loaded Weight ASR 5000 307 lbs 139 25 kg Table 103 Individual Card Weights Card Weight Packet Services Card PSC 11 50 lbs 5 22 kg Packet Services Card 2 PSC2 11 50 lbs 5 22 kg Packet Processing Card PPC 11 50 lbs 5 22 kg Redundancy Crossbar Card RCC 1 00 lbs 45 kg Switch Process I O Card SPIO 1 25 lbs 57 kg System ...

Page 947: ...ear installed Max Power Load SPIO 15W Ethernet 10 100 13 5W Ethernet 1000 10 5W Quad Gig E QGLC 15W XGLC 25W Optical ATM POS OC 3 23W Channelized STM 1 OC 3 23W RCC 20W Application Card front installed Max Power Load SMC 130W PPC 325W PSC 250W PSC2 325W Estimating Power Requirements Use the following formula to estimate total power consumption for each deployed chassis Total Application Card Max P...

Page 948: ...racket on the chassis You can mount a maximum of three chassis in a standard 48 RMU 7 feet equipment rack or Telco cabinet provided that all system cooling and ventilation requirements are met Caution When planning chassis installation ensure that equipment rack or cabinet hardware does not hinder air flow at any of the intake or exhaust vents Also make sure that the rack cabinet hardware as well ...

Page 949: ...Technical Specifications Mounting Requirements Cisco ASR 5000 Series Product Overview OL 22938 02 Figure 217 Example of Rack Mounted Chassis ...

Page 950: ...escribed below In each accompanying figure the interface is shown in the same orientation as the way it appears on the card Console Port Interface The system s console port is an RJ 45 RS 232 interface used to access the command line interface The interface communicates at a baud rate of 9600 to 115 200 bps 115 2 Kbps The default is 115 200 bps The interface s pin out detail is provided in the fol...

Page 951: ...B 9 adapter to connect the console cable to a terminal server or terminal emulation device such as a laptop computer The cable s pin out is provided in the following figure and table Figure 219 SPIO Console Cable Assembly Table 106 RJ 45 to DB 9 Cable Signal Description Signal Type RJ 45 Pin DB 9 Pin Clear to Send CTS Input 1 7 Data set Ready DSR Input 2 4 Receive Data RX Input 3 3 Signal Ground S...

Page 952: ...Ground SGND 4 7 Ready to Send RTS Output 5 4 Transmit Data TX Input 6 2 Data Carrier Detect DCD Output 7 8 Data Terminal Ready DTR Output 8 20 Fiber SFP Interface The fiber SFP interface has two host connectors that receive SFP transceivers Figure 220 SPIO Gb Ethernet Fiber SFP Pin out Table 108 Fiber SFP Interface Transmit and Receive Levels Signal Level Max TX 0 dBm Min TX 9 5 dBm Max RX 0 dBm s...

Page 953: ...erface Pin outs Table 109 SPIO RJ 45 Ethernet Interface Pin outs Pin 10Base T 10Mbps Cat3 100Base TXx 100Mbps Cat5 1000Base Tx 1Gbps Cat5 1 TX TX BI DA 2 TX TX BI DA 3 RX RX BI DB 4 na na BI DC 5 na na BI DC 6 RX RX BI DB 7 na na BI DD 8 na na BI DD Central Office Alarm Interface The Central Office CO alarm interface is a 10 pin Molex connector supporting three dry contact relay switches The three...

Page 954: ...n 6 Minor Alarm Normally open 7 Critical Alarm Normally closed 8 Critical Alarm Common 9 Critical Alarm Normally open 10 Not Used The 8 foot CO alarm cable shipped with the chassis supports redundant SPIO card installations The CO alarm cable is a Y cable with two connectors on one end Each connects to one of the SPIO cards On the opposite end is a 9 pin terminal block that you can mount to the te...

Page 955: ...re Color Cable Terminal Block Position Number Signal 1 6 Black 1 Major Alarm Normally closed 2 7 Orange 2 Major Alarm Common 3 8 Red 3 Major Alarm Normally open 4 9 Brown 4 Minor Alarm Normally closed 5 10 Yellow 5 Minor Alarm Common 6 1 Green 6 Minor Alarm Normally open 7 2 Blue 7 Critical Alarm Normally closed 8 3 Violet 8 Critical Alarm Common 9 4 Gray 9 Critical Alarm Normally open 10 5 Not Ap...

Page 956: ...s panel A green LED is wired to indicate a normal condition normally closed relay A red LED is wired to indicate an alarm condition normally open relay Figure 224 CO Alarm Wiring Example Pin 1 NC SPIO CO Alarm Interface Pin 3 NO Pin 4 NC Pin 6 NO Pin 7 NC Pin 8 Common Pin 9 NO Major Alar m Critical Alarm Minor Alar m CO Alarms Panel Pin 2 Common Pin 5 Common Normal Alarm In this wiring example wit...

Page 957: ...IO interface card uses a 3 pin wire wrap connector instead of a BNC interface The following figure shows the BITS 3 wire timing interface wire wrap pin out Figure 226 SPIO T1 BITS Timing Wire Wrap Pin out Ethernet 10 100 Line Card Interfaces Each of the eight RJ 45 interfaces available on the Ethernet 10 100 line card supports auto sensing 10 Base Tx or 100 Base Tx Ethernet interfaces 10 100 Mbps ...

Page 958: ...ard RJ 45 Ethernet Interface Pin outs Pin 10Base T 10MbpsCat3 100Base TX 100MbpsCat5 1 TX TX 2 TX TX 3 RX RX 4 na na 5 na na 6 RX RX 7 na na 8 na na Ethernet 1000 Line Card Quad Gigabit Ethernet Line Card QGLC SFPs QGLC 1000Base SX The 1000Base SX fiber SFP interface on the Ethernet 1000 SX line card has one pair of fiber connectors as shown below The Quad Gigabit Ethernet Line Card QGLC has four ...

Page 959: ...evels Signal Level Max TX 0 dBm Min TX 9 5 dBm Max RX 0 dBm saturation average power Min RX 20 typ 17 max dBm sensitivity average power QGLC 1000Base LX Interface The 1000Base LX fiber SFP interface on the Ethernet 1000 LX line card has one pair of host connectors The QGLC has four pairs Figure 229 QGLC 1000 Base LX Fiber Connector Table 114 LX Fiber Interface Transmit and Receive Levels Signal Le...

Page 960: ... on the Ethernet 1000 Quad Gig E copper line cards require unshielded twisted pair UTP copper CAT 5 cable with BER less than 10e 10 Pin outs for the RJ 45 Ethernet ports are Figure 230 Ethernet 1000 QGLC RJ 45 Ethernet Interface Pin outs Table 115 Ethernet 1000 QGLC RJ 45 Ethernet Interface Pin outs Pin 1000Base Tx 1Gbps Cat5 1 BI DA 2 BI DA 3 BI DB 4 BI DC 5 BI DC 6 BI DB 7 BI DD 8 BI DD RX Recei...

Page 961: ...ne pair of fiber connectors as shown below Figure 231 10 Gigabit Ethernet 10GBase SR XGLC Fiber Connector Table 116 XGLC 10GBase SR Fiber Interface Transmit and Receive Levels Signal Level Max TX 1 0 dBm Min TX 7 3 dBm Max RX 1 0 dBm saturation average power Min RX 11 1 max dBm sensitivity average power XGLC 10 Base LR Interface The 10GBase LR fiber SFP interface on the 10 Gigabit Ethernet Line Ca...

Page 962: ...Levels Signal Level Max TX 0 5 dBm Min TX 8 2 dBm Max RX 0 5 dBm saturation average power Min RX 12 6 max dBm sensitivity average power Fiber ATM POS OC 3 OLC and OLC2 Multi Mode Interface Fiber ATM POS OC 3 SM IR 1 Interface The fiber optic SFP interface on OLC and OLC2 Optical ATM Line Cards with the SM IR 1 interface has one pair of host connectors as shown in The following figure Figure 233 Op...

Page 963: ...erface has one pair of host connectors as shown in figure that follows Figure 234 ATM Line Card Multi Mode SFP Pin out Table 119 Multi Mode Fiber Interface Transmit and Receive Levels Signal Level Max TX 14 dBm Min TX 19 dBm Max RX 12 dBm saturation average power Min RX 30 max dBm sensitivity average power Channelized Line Cards Channelized Line Cards with Single mode Interface The optical SFP int...

Page 964: ...nal Level Max TX 8 dBm Min TX 15 dBm Max RX 8 dBm saturation average power Min RX 28 max dBm sensitivity average power Channelized Line Cards CLC and CLC2 with Multi Mode Interface The fiber SFP interface on the 1 port and 4 port Channelized line cards with the multi mode interface has one pair of connectors that receive SFP transceivers as shown in the following figure Figure 236 Channelized Line...

Page 965: ...tions Cisco ASR 5000 Series Product Overview OL 22938 02 Table 121 Multi Mode Fiber Interface Transmit and Receive Levels Signal Level Max TX 14 dBm Min TX 19 dBm Max RX 12 dBm saturation average power Min RX 30 max dBm sensitivity average power ...

Page 966: ......

Page 967: ...Cisco ASR 5000 Series Product Overview OL 22938 02 Chapter 31 Safety Electrical and Environmental Certifications ...

Page 968: ...ion against harmful interference when this equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio and television communications Operation of this equipment in a residential area is likely to cause interference in which case ...

Page 969: ...ertifications Cisco ASR 5000 Series Product Overview OL 22938 02 Safety Certifications The ASR 5000 complies with all safety certifications listed below UL60950 Standard for Safety for Information Technology Equipment 3rd Edition European Union EN 60950 CE Mark ...

Page 970: ...all electrical certifications listed below Telcordia GR 1089 Core Network Equipment Building System NEBS Requirements Electromagnetic Compatibility and Electrical Safety Criteria for Network Telecommunication Equipment FCC Part 15 B Class A Requirements for Non residential Equipment ETSI EN 300 019 ETSI 300 386 ETSI EN 300 386 2 Electrical Fast Transients SBC TP76200MP Taiwan BMSI ...

Page 971: ...cations The ASR 5000 complies with all environmental certifications listed below Telcordia GR 63 Core Network Equipment Building System NEBS Requirements Physical Protection The chassis equipped with the 165A PFU is compliant to the European Union s RoHS Directive Directive 2002 95 EC Waste Electrical and Electronic Equipment WEEE Directive 2002 96 EC ...

Page 972: ......

Page 973: ...ries Product Overview OL 22938 02 Chapter 32 Environmental Specifications The sections in this chapter provide information related to environmental considerations and storage characteristics associated with the ASR 5000 ...

Page 974: ...densing Operating Temperature and Humidity Table 123 Operating Temperature and Humidity Recommendations Operating Temperature 0oC to 55oC Operating Humidity Levels 20 to 80 non condensing Altitude Operations Table 124 Altitude Operational Ranges Operating Altitude Range 197 ft 60m below to 13 123 ft 4 000m above sea level Non Operating Altitude Range 197 ft 60m below to 49 212 ft 15 000m above sea...

Page 975: ... and environmental tests for telecommunications equipment Chassis Air Flow Airflow within the ASR 5000 is designed per Telcordia recommendations to ensure the proper vertical convection cooling of the system As shown in figure below the lower fan tray pulls fresh air in from the front and side intake vents located near the bottom of the chassis As the air is forced upwards through the system it co...

Page 976: ...n When planning chassis installation ensure that equipment rack or cabinet hardware does not hinder air flow at any of the intake or exhaust vents Additionally ensure that the rack cabinet hardware as well as the ambient environment allow the system to function within the limits specified in the Operating Temperature and Humidity section of this chapter ...

Page 977: ...eration of wireless technology wherein data services are packetized with speeds up to 2 Mbps Based on the CDMA2000 standards 3GPP Third Generation Partnership Project A group of organizational partners from ETSI TIA EIA and other standardization bodies who are working together to define the evolution of GSM based wireless communication core networks 3GPP2 Third Generation Partnership Project 2 A s...

Page 978: ... is the P CSCF of the IM CN subsystem APN Access Point Name The APN is a logical name for a packet data network and or a service that the GGSN supports access to APS Automatic Protection Switching A means of achieving network redundancy through using automatic switching mechanisms to switch from a primary circuit to a pre defined secondary circuit ARP Address Resolution Protocol A standard protoco...

Page 979: ...identifiers for the IMS session Binding Mechanism This mechanism is used to associate a PDP context bearer with the IP flow s of an IMS session in the PDF Binding update The message that supplies a new binding to an entity that needs to know the new care of address for a mobile node The binding update contains the mobile node s home address new care of address and a new registration lifetime BSC B...

Page 980: ...RTP or RTCP CLI Command Line Interface A Man machine Interface MMI used to configure monitor and administer a network device through its Operating System OS CSG Closed Subscriber Group A Closed Subscriber Group identifies subscribers of an operator who are permitted to access one or more cells of the PLMN but which have restricted access CSG cells CSG Cell A CSG cell part of the PLMN broadcasting ...

Page 981: ...Keepalive this is a timer that starts after the last IKE_AUTH message is sent to the MS and resets when traffic is received from the MS If no valid messages are received when the timer expires the session is disconnected Dynamic Charging Rule Charging rule where some or all of the data within the charging rule e g service data flow filter information is assigned via real time analysis using for ex...

Page 982: ...f allocating a discrete amount of frequency bandwidth to individual users to allow multiple conversations across many users The technique of assigning individual frequency slots and re use of those slots throughout a system FITS Failure in Time Statistics A statistical method of determining the number of failures that are expected to occur over a specific time period The telecommunications industr...

Page 983: ...tle Translation GTT The SS7 mechanism that provides translation of the destination global titles to enable message routing to the appropriate end point Gn interface The interface used between two GSN GGSN and or SGSN in the same GPRS UMTS Public Land Mobile Network PLMN This interface serves as both the signalling and data path for establishing and maintaining subscriber PDP contexts Go interface ...

Page 984: ...home network Home network The network at which the mobile node seems reachable to the rest of the Internet by virtue of its assigned IP address HRPD Access Combination of the eAN PCF of the cdma2000 access I IDL Interface Definition Language This refers to the application programming interface used to develop CORBA based management interfaces as defined by the Object Management Group OMG IKE Inter...

Page 985: ...ion update to the VLR LAN Local Area Network Used to denote group or groups of physically inter connected network devices that are capable of sharing information with each other Last Visited Registered TAI A TAI which is contained in the TAI list that the UE registered to the network and which identifies the tracking area last visited by the UE LC Line Card Rear installed card within the system th...

Page 986: ...d or MS terminated traffic An MSC is usually connected to at least one base station It may connect to other public networks PSTN ISDN etc other MSCs in the same network Another name used to identify the MSC is the Mobile Telephone Switching Office MTSO The MSC provides the interface for user traffic between the wireless network and other public switched networks or other MSCs MSID Mobile Station I...

Page 987: ...of a carrier s network infrastructure This includes order processing equipment assignment and other administrative functions related to the devices installed in the network OOB Out of band Management Out of band management is a method wherein management information exchanged between the network element and its associated management application is carried on a separate communications path from the ...

Page 988: ...ing rules media component data binding information and authorized QoS Policy information such as charging rules and authorized QoS are sent in a policy decision by the E PDF to the AGW for enforcement Pool area A pool area is an area within which a MS may roam without need to change the serving CN node A pool area is served by one or more CN nodes in parallel All the cells controlled by a RNC or B...

Page 989: ...g with other useful information that has relevance to the Internet community RFCs provide developers the rules and directions on how to implement various Internet communications functions so that they adhere with are interoperable to other vendors implementations of the same function RFCs are controlled by the International Engineering Task Force IETF R P The interface that exists between the PCF ...

Page 990: ...eusing the PDP address and other PDP context information from an already active PDP context but with a different QoS profile A secondary PDP context may be dedicated i e with associated TFT filters or general purpose i e with no associated TFT filters SectorID Sector Address Identifier This identifier is used to identify an HRPD AN The Network operator shall set the value of the SectorID according...

Page 991: ...ing rule where all the data within the charging rule e g service data flow filter information is statically assigned by configuration Static charging rule are typically configured in system STM SONET Timing Module Provides Stratum 3 timing for both TDM and packet interfaces T TAI Tracking Area Identifier A tracking area that consists of multiple eNBs TAI list A list of TAIs that identify the track...

Page 992: ...stem The GSM based evolution for 3G wireless communications This term is also referred to as W CDMA Unicast MBMS mixed cell This is the cell supporting both unicast and MBMS transmissions Uplink Any BS that supports the call other than the source BS is designated as a target BS V Visited PLMN This is a PLMN different from the HPLMN if the EHPLMN list is not present or is empty or different from an...

Reviews:

No comments

Related manuals for ASR 5000 Series

IBM B01 Service Manual preview
B01
Brand: IBM Pages: 301
Kathrein EXIP 4124 Quick Start Quide preview
EXIP 4124
Brand: Kathrein Pages: 16
N-Tron 702-W User Manual & Installation Manual preview
702-W
Brand: N-Tron Pages: 62
Conceptronic C150BRS4 Multi Language Quick Manual preview
C150BRS4
Brand: Conceptronic Pages: 2
Sun Microsystems Sun Fire V880z Installation And User Manual preview
Sun Fire V880z
Brand: Sun Microsystems Pages: 128
Tab e.module L5.1 Operation Manual preview
e.module L5.1
Brand: Tab Pages: 26
IBM pSeries 670 Installation Manual preview
pSeries 670
Brand: IBM Pages: 128
BEC 7404 Series User Manual preview
7404 Series
Brand: BEC Pages: 159
NETGEAR RP614 - Web Safe Router Installation Manual preview
RP614 - Web Safe Router
Brand: NETGEAR Pages: 16
Gigabyte R283-S93-AAF1 User Manual preview
R283-S93-AAF1
Brand: Gigabyte Pages: 115
Westermo Ibex-RT-330-HV User Manual preview
Ibex-RT-330-HV
Brand: Westermo Pages: 34
IBM DB2 9 Planning Manual preview
DB2 9
Brand: IBM Pages: 51
XAVI Technologies Corp. X7822r User Manual preview
X7822r
Brand: XAVI Technologies Corp. Pages: 63
Quantum Snap! Server 4000 Quick Start Manual preview
Snap! Server 4000
Brand: Quantum Pages: 8
AIC J4024-02 User Manual preview
J4024-02
Brand: AIC Pages: 105
IBM Travelstar 14GS Quick Installation Manual preview
Travelstar 14GS
Brand: IBM Pages: 2
Lowrance EP-85R Installation And Operation Instructions Manual preview
EP-85R
Brand: Lowrance Pages: 32
Artesyn AXP640 Installation And Use Manual preview
AXP640
Brand: Artesyn Pages: 190

Brands by name

Popular brands

Load more brands