Cisco ASR 5x00 Home eNodeB, Administration Manual

Page 1: ...rk Gateway Administration Guide Version 15 0 Last Updated November 30 2013 Americas Headquarters Cisco Systems Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 ...

Page 2: ...WITHOUT LIMITATION THOSE OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING USAGE OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECIAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF ...

Page 3: ...tware 38 3GPP R9 Volume Charging Over Gx 39 AAA Server Groups 40 ANSI T1 276 Compliance 40 APN Support 40 Assume Positive for Gy based Quota Tracking 41 Bulk Statistics Support 41 Congestion Control 43 Default and Dedicated EPC Bearers 43 DHCP Support 44 DHCPv6 Support 45 Direct Tunnel Support 45 DNS Support for IPv4 IPv6 PDP Contexts 45 Domain Based Flow Definitions 46 DSCP Marking 46 GTP U on pe...

Page 4: ...s TCA Support 67 UE Time Zone Reporting 68 Virtual APN Support 68 Features and Functionality Inline Service Support 70 Content Filtering 70 Integrated Adult Content Filter 70 ICAP Interface 71 Header Enrichment Header Insertion and Encryption 71 Mobile Video Gateway 72 Network Address Translation NAT 73 NAT64 Support 73 Peer to Peer Detection 74 Personal Stateful Firewall 74 Traffic Performance Op...

Page 5: ...ed 106 Required Local Context Configuration Information 106 Required P GW Context Configuration Information 107 Required PDN Context Configuration Information 108 Required AAA Context Configuration Information 109 How This Configuration Works 112 eGTP P GW Configuration 113 Initial Configuration 114 P GW Service Configuration 120 P GW PDN Context Configuration 121 Active Charging Service Configura...

Page 6: ...ace 178 Creating and Configuring a Crypto Access Control List 178 Creating and Configuring an IPSec Transform Set 179 Creating and Configuring an IKEv2 Transform Set 179 Creating and Configuring a Crypto Map 180 Configuring APN as Emergency 181 Configuring Common Gateway Access Support 182 Diameter Endpoint Configuration 182 AAA Group Configuration 183 Authorization over S6b Configuration 183 DNS ...

Page 7: ...212 Supported Functions 213 Supported Standards 215 Subscriber Session Trace Functional Description 216 Operation 216 Trace Session 216 Trace Recording Session 216 Network Element NE 216 Activation 216 Management Activation 217 Signaling Activation 217 Start Trigger 217 Deactivation 217 Stop Trigger 217 Data Collection and Reporting 217 Trace Depth 217 Trace Scope 218 Network Element Details 218 M...

Page 8: ... Tunnel per APN 251 Enabling Direct Tunnel per IMEI 252 Enabling Direct Tunnel to Specific RNCs 252 Verifying the SGSN Direct Tunnel Configuration 253 Configuring S12 Direct Tunnel Support on the S GW 255 GRE Protocol Interface 257 Introduction 258 Supported Standards 259 Supported Networks and Platforms 260 Licenses 261 Services and Application on GRE Interface 262 How GRE Interface Support Works...

Page 9: ...2 Rel 8 Gx Interface 304 HA PDSN Rel 8 Gx Interface Support 304 Introduction 304 Terminology and Definitions 306 How it Works 312 Configuring HA PDSN Rel 8 Gx Interface Support 314 Gathering Statistics 317 P GW Rel 8 Gx Interface Support 318 Introduction 318 Terminology and Definitions 319 Rel 9 Gx Interface 323 P GW Rel 9 Gx Interface Support 323 Introduction 323 Terminology and Definitions 323 A...

Page 10: ... Interface Support 379 Creating ICAP Server Group and Address Binding 379 Configuring ICAP Server and Other Parameters 380 Configuring ECS Rulebase for ICAP Server Group 380 Configuring Charging Action for ICAP Server Group 381 Verifying the ICAP Server Group Configuration 381 L2TP Access Concentrator 383 Applicable Products and Relevant Sections 384 Supported LAC Service Configurations for PDSN S...

Page 11: ...Label Switching MPLS Support 415 Overview 416 Chassis as MPLS CE Connecting to PE 416 Chassis as MPLS CE Connected to ASBR 417 Engineering Rules 417 Supported Standards 418 Supported Networks and Platforms 419 Licenses 420 Benefits 421 Configuring BGP MPLS VPN with Static Labels 422 Create VRF with Route distinguisher and Route target 422 Set Neighbors and Enable VPNv4 Route Exchange 423 Configure...

Page 12: ...t 459 Configuring APN Parameters 459 Rf Interface Support 463 Introduction 464 Offline Charging Architecture 464 Charging Collection Function 466 Charging Trigger Function 466 Dynamic Routing Agent 466 License Requirements 466 Supported Standards 466 Features and Terminology 468 Offline Charging Scenarios 468 Basic Principles 468 Event Based Charging 469 Session Based Charging 469 Diameter Base Pr...

Page 13: ...15 RADIUS Attributes 518 Traffic Policing for CDMA Subscribers 518 Traffic Policing for UMTS Subscribers 519 P GW Sample Configuration Files 521 Standalone eGTP PDN Gateway 522 Configuration Sample 522 Standalone PMIPv6 PDN Gateway Supporting an eHRPD Network 534 Configuration Sample 534 P GW Engineering Rules 545 Interface and Port Rules 546 S2a Interface Rules 546 LMA to MAG 546 S5 S8 Interface ...

Page 14: ......

Page 15: ...this Guide This preface describes the Cisco ASR 5x00 Packet Data Network Gateway Administration Guide how it is organized and its document conventions This preface includes the following sections Conventions Used Supported Documents and Resources Contacting Customer Support ...

Page 16: ...t represented as a screen display This typeface represents displays that appear on your terminal screen for example Login Text represented as commands This typeface represents commands that you enter for example show ip access list This document always gives the full form of a command in lowercase letters Commands are not case sensitive Text represented as a command variable This typeface represen...

Page 17: ...resholding Configuration Guide Cisco MURAL Software Installation Guide Cisco MURAL User Guide Web Element Manager Installation and Administration Guide Related Product Documentation The following product documents are also available and work in conjunction with the P GW Cisco ASR 5x00 Gateway GPRS Support Node Administration Guide Cisco ASR 5x00 HRPD Serving Gateway Administration Guide Cisco ASR ...

Page 18: ...uide xviii Obtaining Documentation The most current Cisco documentation is available on the following website http www cisco com cisco web psa default html Use the following path selections to access the P GW documentation Products Wireless Mobile Internet Network Functions Cisco PGW Packet Data Network Gateway ...

Page 19: ...Support Use the information in this section to contact customer support Refer to the support area of http www cisco com for up to date product documentation or to submit a service request A valid username and password are required to access this site Please contact your Cisco sales or service representative for additional information ...

Page 20: ......

Page 21: ...em Architecture Evolution LTE SAE and evolved High Rate Packet Data eHRPD wireless data networks This overview provides general information about the P GW including Product Description Network Deployment s Features and Functionality Base Software Features and Functionality Inline Service Support Features and Functionality External Application Support Features and Functionality Optional Enhanced Fe...

Page 22: ...re may be more than one P GW for that UE The P GW provides connectivity to the UE to external packet data networks by being the point of exit and entry of traffic for the UE A UE may have simultaneous connectivity with more than one P GW for accessing multiple PDNs The P GW performs policy enforcement packet filtering for each user charging support lawful interception and packet screening Figure 1...

Page 23: ...s the SAE Anchor function Policy enforcement gating and rate enforcement Per user based packet filtering deep packet inspection Charging support Lawful Interception UE IP address allocation Packet screening Transport level packet marking in the downlink Down link rate enforcement based on Aggregate Maximum Bit Rate AMBR The following are additional P GW functions when supporting non 3GPP access eH...

Page 24: ... For additional information refer to the Installation Guide for the chassis and or contact your Cisco account representative Licenses The P GW is a licensed Cisco product Separate session and feature licenses may be required Contact your Cisco account representative for detailed information on specific licensing requirements For information on installing and verifying licenses refer to the Managin...

Page 25: ...TRAN EPC Network The following figure displays the specific network interfaces supported by the P GW Refer to Supported Logical Network Interfaces Reference Points for detailed information about each interface Figure 3 Supported P GW Interfaces in the E UTRAN EPC Network The following figure displays a sample network deployment of a P GW including all of the interface connections with other 3GPP E...

Page 26: ...between the non trusted non 3GPP ePDG Evolved Packet Data Gateway and the P GW uses PMIPv6 Proxy Mobile IP version 6 for providing access to the EPC GTPv2 C is the signaling protocol used on the S2b The S2b interface is based on 3GPP TS 29 274 The S2b interface runs PMIPv6 protocol to establish WLAN UE sessions with the P GW It also supports the transport of P CSCF attributes and DNS attributes in...

Page 27: ...nnel GTPv1 U bearer channel PMIPv6 GRE or IP in IP Network Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet S6b Interface This reference point between a P GW and a 3GPP AAA server proxy is used for mobility related authentication It may also be used to retrieve and request parameters related to mobility and to retrieve static QoS profiles for UEs for non 3GPP access in the event that dy...

Page 28: ...er error code on the S6b interface for an Authorization Authentication Request AA R only This procedure would be utilized in cases where a protocol transient or permanent error code is returned from the both the primary and secondary AAA to the GGSN or P GW In case of retry and continue functionality P GW should query from DNS server if it is configured in APN S6b failure handling continues the da...

Page 29: ...23 401 Supported protocols Transport Layer TCP SCTP Network Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet For more information on the Gx interface refer to Dynamic Policy Charging Control Gx Reference Interface in the Features and Functionality Base Software section of this chapter Gy Interface The Gy reference interface enables online accounting functions on the P GW in accordance w...

Page 30: ...ertaining to the radio network usage Supported protocols Transport Layer TCP Network Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet Gn Gp Interface This reference point provides tunneling and management between the P GW and the SGSN during handovers between the EPS and 3GPP 2G and or 3G networks 3GPP TS 29 060 For more information on the Gn Gp interface refer to Gn Gp Handoff Support ...

Page 31: ...ging information for each mobile subscriber UE pertaining to the radio network usage Supported protocols Transport Layer TCP Network Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet PDN Gateway Supporting eHRPD to E UTRAN EPC Connectivity The following figure displays the specific network interfaces supported by the P GW in an eHRPD network Refer to Supported Logical Network Interfaces ...

Page 32: ...ministration Guide 32 Figure 5 P GW Interfaces Supporting eHRPD to E UTRAN EPC Connectivity The following figure displays a sample network deployment of a P GW in an eHRPD Network including all of the interface connections with other 3GPP Evolved UTRAN Evolved Packet Core network devices ...

Page 33: ... S GW and the P GW as defined in 3GPP TS 23 401 The S8 interface is an inter PLMN reference point between the S GW and the P GW used during roaming scenarios The S5 interface is used between an S GW and P GW located within the same administrative domain non roaming It is used for S GW relocation due to UE mobility and if the S GW needs to connect to a non collocated P GW for the required PDN conne...

Page 34: ...e and request parameters related to mobility and to retrieve static QoS profiles for UEs for non 3GPP access in the event that dynamic PCC is not supported From Release 12 2 onwards the S6b interface has been enhanced to pass on the UE assigned IPv6 address IPv6 prefix and IPv6 interface ID to the AAA server S6b interface also has support for Framed IPv6 Pool Framed IP Pool and served party IP add...

Page 35: ...nly This procedure would be utilized in cases where a protocol transient or permanent error code is returned from the both the primary and secondary AAA to the GGSN or P GW In case of retry and continue functionality P GW should query from DNS server if it is configured in APN S6b failure handling continues the data call This behavior is only applicable to the aaa custom15 Diameter dictionary Impo...

Page 36: ...re information on the Gx interface refer to Dynamic Policy Charging Control Gx Reference Interface in the Features and Functionality Base Software section of this chapter Rf Interface The Rf reference interface enables offline accounting functions on the P GW in accordance with 3GPP Release 8 and Release 9 specifications The P GW collects charging information for each mobile subscriber UE pertaini...

Page 37: ...ng functions on the P GW in accordance with 3GPP Release 8 and Release 9 specifications Supported protocols Transport Layer TCP Network Layer IPv4 IPv6 Data Link Layer ARP Physical Layer Ethernet For more information on the Gy interface and online accounting refer to Gy Interface Support in the Features and Functionality Base Software section of this chapter ...

Page 38: ...Compliance APN Support Assume Positive for Gy based Quota Tracking Bulk Statistics Support Congestion Control Default and Dedicated EPC Bearers DHCP Support DHCPv6 Support Direct Tunnel Support DNS Support for IPv4IPv6 PDP Contexts Domain Based Flow Definitions DSCP Marking Dynamic GTP Echo Timer Dynamic Policy Charging Control Gx Reference Interface Enhanced Charging Service ECS GnGp Handoff Supp...

Page 39: ...ge quotas between a P GW and PCRF The quotas can be assigned to the default bearer or any of the dedicated bearers for the PDN connection This feature enables volume reporting over Gx which entails usage monitoring and reporting of the accumulated usage of network resources on an IP CAN session or service data flow basis PCRF subscribes to the usage monitoring at session level or at flow level by ...

Page 40: ...ents Password maintenance e g periodic forced password changes These measures are applicable to the ASR 5x00 and the Web Element Manager since both require password authentication A subset of these guidelines where applicable to each platform will be implemented A known subset of guidelines such as certificate authentication are not applicable to either product Furthermore the platforms support a ...

Page 41: ...of time The quota value would be part of the dcca service configuration and would apply to all subscribers using this dcca service The temporary quota will be specified in volume MB and or time minutes to allow for enforcement of both quota tracking mechanisms individually or simultaneously When a user consumes the interim total quota or time configured for use during failure handling scenarios th...

Page 42: ...es system level statistics The system supports the configuration of up to 4 sets primary secondary of receivers Each set can be configured with to collect specific sets of statistics from the various schemas Statistics can be pulled manually from the system or sent at configured intervals The bulk statistics are stored on the receiver s in files The format of the bulk statistic data files can be c...

Page 43: ...for the condition to be cleared An SNMP trap starCongestionClear is then triggered Port Utilization Thresholds If you set a port utilization threshold when the average utilization of all ports in the system reaches the specified threshold congestion control is enabled Port specific Thresholds If you set port specific thresholds when any individual port specific threshold is reached congestion cont...

Page 44: ...assignment to subscriber IP PDN contexts using the Dynamic Host Control Protocol DHCP as defined by the following standards RFC 2131 Dynamic Host Configuration Protocol RFC 2132 DHCP Options and BOOTP Vendor Extensions The method by which IP addresses are assigned to a PDN context is configured on an APN by APN basis Each APN template dictates whether it will support static or dynamic addresses Dy...

Page 45: ...tunnel functionality Direct tunnel improves the user experience e g expedited web page delivery reduced round trip delay for conversational services etc by eliminating SGSN tunnel switching latency from the user plane An additional advantage of direct tunnel from an operational and capital expenditure perspective is that direct tunnel optimizes the usage of user plane resources by removing the req...

Page 46: ... correct exact IP entries of the servers by snooping DNS responses Currently it is possible to configure L7 rules to filter based on domain m google com Sometimes multiple servers may serve a domain each with its own IP address Using an IP rule instead of an http rule will result in multiple IP rules one IP rule for each server behind the domain and it might get cumbersome to maintain a list of IP...

Page 47: ...ing Optional Features on the P GW section of the PDN Gateway Configuration chapter Dynamic Policy Charging Control Gx Reference Interface Dynamic policy and charging control provides a primary building block toward the realization of IMS multimedia applications In contrast to statically provisioned architectures the dynamic policy framework provides a centralized service control layer with global ...

Page 48: ...ervice feature that is integrated within the system ECS enhances the mobile carrier s ability to provide flexible differentiated and detailed billing to subscribers by using Layer 3 through Layer 7 deep packet inspection with the ability to integrate with back end billing mediation systems ECS interacts with active mediation systems to provide full real time prepaid and active charging capabilitie...

Page 49: ... used It is up to the network node to track the quota use and when these use quotas run low the network node sends a request to the pre paid server for more quota If the user has not used up the purchased credit the server grants quota and if no credit is available to the subscriber the call will be disconnected ECS and DCCA manage this functionality by providing the ability to setup quotas for di...

Page 50: ...to a mediation billing system A traffic analyzer performs shallow Layer 3 and Layer 4 and deep above Layer 4 packet inspection of the IP packet flows The Traffic Analyzer function is able to do a shallow layer 3 and layer 4 and deep above layer 4 packet inspection of IP Packet Flows It is able to correlate all layer 3 packets and bytes with higher layer trigger criteria e g URL detected in a HTTP ...

Page 51: ...formation required for billing based on the content GTPP accounting in ECS allows the collection of counters for different types of data traffic into detail records The following types of detail records are supported Event Detail Records EDRs An alternative to standard G CDRs when the information provided by the G CDRs is not sufficient to do the content billing EDRs are generated according to exp...

Page 52: ...an earlier release refer to the AAA and GTPP Interface Administration and Reference If you are using StarOS 14 0 or a later release refer to the AAA Interface Administration and Reference Gy Interface Support The Gy interface enables the wireless operator to implement a standardized interface for real time content based charging with differentiated rates for time based and volume based charging As...

Page 53: ...to limit interruption of user traffic These AVPs exist for all quota flavors for example Time Quota Threshold Trigger Type This AVP defines a set of events which will induce a re authentication of the current session and its quota categories Gn Gp Handoff Support In LTE deployments smooth handover support is required between 3G 2G and LTE networks and Evolved Packet Core EPC is designed to be a co...

Page 54: ...ies and restrictions Receiving emergency services in limited service state does not require a subscription The standard refer to 3GPP TS 23 401 has identified four behaviors that are supported Valid UEs only Authenticated UEs only MSI required authentication optional All UEs To request emergency services the UE has the following two options UEs that are in a limited service state due to attach rej...

Page 55: ...ative IPv6 and IPv6 transport Support for any combination of IPv4 IPv6 or dual stack IPv4 v6 address assignment from dynamic or static address pools on the P GW Support for native IPv6 transport and service addresses on PMIPv6 S2a interface Note that transport on GTP S5 S8 connections in this release is IPv4 based Support for IPv6 transport for outbound traffic over the SGi reference interface to ...

Page 56: ...ber has reached their data usage quota during the call setup The audio bearer portion of the call is activated The video bearer portion of the call is NOT activated The P GW sends the PCRF a Credit Control Request update CCR U with OUT_OF_CREDIT event trigger and the Final Unit Action FUA received from the OCS The PCRF removes the Service Data Flow SDF from the P GW and sends the P CSCF indication...

Page 57: ...ve or Netscape v4 7 or above and others Supports Common Object Request Broker Architecture CORBA protocol and Simple Network Management Protocol version 1 SNMPv1 for fault management Provides complete Fault Configuration Accounting Performance and Security FCAPS capabilities Can be easily integrated with higher level network service and business layer applications using the Object Management Group...

Page 58: ...al mechanism whereby either the P GW or the HSGW providing Mobile IP functionality to the same mobile node can notify the other mobility agent of the termination of a binding Mobile IP Registration Revocation can be triggered at the HSGW by any of the following Session terminated with mobile node for whatever reason Session renegotiation Administrative clearing of calls Session Manager software ta...

Page 59: ...ported Node Functionality GTP Echo This feature helps exchange capabilities of two communicating GTP nodes and uses the new feature based on whether it is supported by the other node This feature allows S GW to exchange its capabilities MABR PRN NTSR with the peer entities through ECHO messages By this if both the peer nodes support some common features then they can make use of new messages to co...

Page 60: ...f sessions are maintained during call handovers The bearer binding will be performed by the HSGW during e HRPD access and by the P GW during LTE access Thus the Bearer Binding Event Reporting BBERF function needs to migrate between the P GW and the HSGW during the handover The HSGW establishes a Gxa session during e HRPD access for bearer binding and releases the session during LTE access The HSGW...

Page 61: ...cess to external networks To provide subscriber level accounting the Cisco S GW and P GWs support integrated Charging Transfer Functions CTF and Charging Data Functions CDF Each gateway uses Charging ID s to distinguish between default and dedicated bearers within subscriber sessions The Ga Gz reference interface between the CDF and CGF is used to transfer charging records via the GTPP protocol In...

Page 62: ...eers as compared to home peers PMIPv6 Heartbeat Proxy Mobile IPv6 PMIPv6 is a network based mobility management protocol to provide mobility without requiring the participation of the mobile node in any PMIPv6 mobility related signaling The core functional entities Mobile Access Gateway MAG and the Local Mobility Anchor LMA set up tunnels dynamically to manage mobility for a mobile node Path manag...

Page 63: ...of the S5 S8 connection Additionally the platform also provides configurable parameters to copy the DSCP marking from the encapsulated payload to the outer GTP tunnel header To support 802 1p network traffic prioritization for use in grouping packets into various traffic classes the P GW enables operators to map QCI values to 802 1p priorities for uplink and downlink packets Guaranteed Bit Rate GB...

Page 64: ...be delivered to the same server In the event that a single server becomes unreachable the system attempts to communicate with the other servers that are configured The system also provides configurable parameters that specify how it should behave should all of the RADIUS AAA servers become unreachable The system provides an additional level of flexibility by supporting the configuration RADIUS ser...

Page 65: ...ection till the time that PDN is restored again Once the session has been restored by the MME i e P GW receives a Modify Bearer Request from the restarted S GW or a different S GW P GW shall resume forwarding any received downlink data and start charging them When subscriber is in S GW restoration phase all RARs expect for Session Termination will be rejected by PCEF P GW will reject all internal ...

Page 66: ...d testing new functions and access terminals in an LTE environment As a complement to Cisco s protocol monitoring function the P GW supports 3GPP standards based session level trace capabilities to monitor all call control events on the respective monitored interfaces including S5 S8 S2a SGi and Gx The trace can be initiated using multiple methods Management initiation via direct CLI configuration...

Page 67: ...ession trace feature is either signaling or management based which is very specific to a particular subscriber The requirement is to trace random subscribers which are not explicitly linked or identified by IMSI in GTP messages or configured through CLI The random subscribers could be in an IMSI range context activation in particular time intervals etc The session trace is activated on demand for ...

Page 68: ...standing alarms are reported to the system s alarm subsystem and are viewable through the Alarm Management menu in the Web Element Manager The Alarm System is used only in conjunction with the Alarm model Important For more information on threshold crossing alert configuration refer to the Thresholding Configuration Guide UE Time Zone Reporting This feature enables time based charging for speciali...

Page 69: ...PDN Gateway Overview Features and Functionality Base Software Cisco ASR 5x00 Packet Data Network Gateway Administration Guide 69 S GW address ...

Page 70: ...bscribers are entitled to view the content Content Filtering ICAP Interface This solution is appropriate for mobile operators with existing installations of Active Content Filtering external servers The service continues to harness the DPI functions of the ASR 5x00 platform to extract events of interest However in this case the extracted requests are transferred via the Integrated Content Adaptati...

Page 71: ...he ASR 5x00 platform and passed along with subscriber identification information and the subscriber request in an ICAP message to the Application Server AS The AS checks the URL on the basis of its category and other classifications like type access level content category and decides if the request should be authorized blocked or redirected by answering the GET POST message Depending upon the resp...

Page 72: ...cause POST contains header length field which needs to be modified after addition of x headers In segmented WSP headers header length field may be present in one packet and header may complete in another packet Mobile Video Gateway The Cisco ASR 5x00 chassis provides mobile operators with a flexible solution that functions as a Mobile Video Gateway in 2 5G 3G and 4G wireless data networks The Cisc...

Page 73: ...connections originating from subscribers based on the flows L3 L4 characteristics Source IP Source Port Destination IP Destination Port and Protocol NAT supports the following mappings One to One Many to One Important For more information on NAT refer to the Network Address Translation Administration Guide NAT64 Support This feature helps facilitate the co existence and gradual transition to IPv6 ...

Page 74: ...ffic generated by the rest 80 non P2P users This can result into a situation where non P2P users may not get enough network bandwidth for their legitimate use because of excess usage of bandwidth by the P2P users Network operators need to have dynamic network bandwidth traffic management functions in place to ensure fair distributions of the network bandwidth among all the users And this would inc...

Page 75: ...cepted protocol in use today it is optimized only for wired networks Due to inherent reliability of wired networks TCP implicitly assumes that any packet loss is due to network congestion and consequently invokes congestion control measures However wireless links are known to experience sporadic and usually temporary losses due to several reasons including the following which also trigger TCP cong...

Page 76: ...nager is a Common Object Request Broker Architecture CORBA based application that provides complete fault configuration accounting performance and security FCAPS management capability for the system For maximum flexibility and scalability the Web Element Manager application implements a client server architecture This architecture allows remote clients with Java enabled web browsers to manage one ...

Page 77: ...Change of Authorization GRE Protocol Interface Support GTP Throttling Inter Chassis Session Recovery IP Security IPSec Encryption L2TP LAC Support Lawful Intercept Layer 2 Traffic Management VLANs Local Policy Decision Engine MPLS Forwarding with LDP NEMO Service Supported Overcharging Protection Support Session Recovery Support Smartphone Tethering Detection Support Traffic Policing User Location...

Page 78: ...pport provide operators with greater control over subscriber PDP contexts by providing the ability to dynamically redirect data traffic and or disconnect the PDP context This functionality is based on the RFC 3576 Dynamic Authorization Extensions to Remote Authentication Dial In User Service RADIUS July 2003 standard The system supports the configuration and use of the following dynamic RADIUS ext...

Page 79: ...volved like IPSec offers for example GRE tunneling consists of three main components Passenger protocol protocol being encapsulated For example CLNS IPv4 and IPv6 Carrier protocol protocol that does the encapsulating For example GRE IP in IP L2TP MPLS and IPSec Transport protocol protocol used to carry the encapsulated protocol The main transport protocol is IP Important For more information on GR...

Page 80: ... call processing without interrupting subscriber services This is accomplished through the use of redundant chassis The chassis are configured as primary and backup with one being active and one in recovery mode A checkpoint duration timer is used to control when subscriber data is sent from the active chassis to the inactive chassis If the active chassis handling the call traffic goes out of serv...

Page 81: ...t For more information on IPSec support refer to the Cisco StarOS IP Security IPSec Reference L2TP LAC Support Use of L2TP LAC requires that a valid license key be installed Contact your local Sales or Support representative for information on how to obtain a license The system configured as a Layer 2 Tunneling Protocol Access Concentrator LAC enables communication with L2TP Network Servers LNSs f...

Page 82: ...tion on VLAN support refer to the VLANs chapter in the System Administration Guide Local Policy Decision Engine Use of the Local Policy Decision Engine requires that a valid license key be installed Contact your local Sales or Support representative for information on how to obtain a license The Local Policy Engine is an event driven rules engine that offers Gx like QoS and policy controls to enab...

Page 83: ...lly negotiates routes using the labels binded with the IP packets Cisco P GW as an LSR learns the default route from the connected provider edge PE while the PE populates its routing table with the routes provided by the P GW Important For more information on MPLS support refer to the Multi Protocol Label Switching MPLS Support appendix in this guide NEMO Service Supported Use of NEMO requires tha...

Page 84: ...y in paging Thus P GW will charge the subscriber for the dropped packets which isn t desired To address this problem with Overcharging Protection feature enabled S GW will inform P GW to stop or resume charging based on packets dropped at S GW and transition of UE from idle to active state Once the criterion to signal stop charging is met S GW will send Modify Bearer Request MBReq to P GW MBReq wo...

Page 85: ...ork and limit bandwidth allowances to subscribers Traffic policing enables the configuring and enforcing of bandwidth limitations on individual subscribers and or APNs of a particular traffic class in 3GPP 3GPP2 service Bandwidth enforcement is configured and enforced independently on the downlink and the uplink directions A Token Bucket Algorithm a modified trTCM RFC2698 is used to implement the ...

Page 86: ...LI information between the MME and S GW Create Session Request The ULI IE is included for E UTRAN Initial Attach and UE requested PDN Connectivity procedures It includes ECGI and TAI The MME includes the ULI IE for TAU X2 Handover procedure if the P GW has requested location information change reporting and the MME support location information change reporting The S GW includes the ULI IE on S5 S8...

Page 87: ...nning one of the following messages reports the ULI Create Session Request Create Bearer Response Modify Bearer Request Update Bearer Response Delete Bearer Response Delete Session Request If an existing Change Notification Request is pending it is aborted and a new one is sent Important Information on configuring User Location Information ULI Reporting support is located in the Configuring Option...

Page 88: ...PDN Gateway CallSession Procedures in an eHRPD Network GTP PDN Gateway CallSession Procedures in an LTE SAE Network PMIPv6 PDN Gateway Call Session Procedures in an eHRPD Network The following topics and procedure flows are included Initial Attach with IPv6IPv4 Access PMIPv6 Lifetime Extension without Handover PDN Connection Release Initiated by UE PDN Connection Release Initiated by HSGW PDN Conn...

Page 89: ... IPv6 IPv4 Access Call Flow Description Step Description 1 The subscriber UE attaches to the eHRPD network 2a The eAN PCF sends an A11 RRQ to the HSGW The eAN PCF includes the true IMSI of the UE in the A11 RRQ 2b The HSGW establishes A10s and respond back to the eAN PCF with an A11 RRP 3a The UE performs LCP negotiation with the HSGW over the established main A10 3b The UE performs EAP over PPP ...

Page 90: ...v4 PDSN Address and optionally PCO options the UE is expecting from the network 5b The HSGW sends a PBU to the P GW 5c The P GW processes the PBU from the HSGW assigns an HNP for the connection and responds back to the HSGW with PBA 5d The HSGW responds to the VSNCP Conf Req with a VSNCP Conf Ack 5e The HSGW sends a PPP VSNCP Conf Req to the UE to complete PPP VSNCP negotiation 5f The UE completes...

Page 91: ...RPD HNP 4 The P GW LMA service updates the Binding Cache Entry BCE with the new granted lifetime 5 The P GW responds with a Proxy Binding Acknowledgement PBA with the following attributes Lifetime MNID APN PDN Connection Release Initiated by UE This section describes the procedure of a session release by the UE Figure 11 PDN Connection Release by the UE Call Flow Table 4 PDN Connection Release by ...

Page 92: ...ding and responds to the HSGW with a Deregistration PBA with the same attributes Lifetime 0 MNID APN ATT HRPD HNP 6 The HSGW optionally sends a Router Advertisement RA with assigned HNP and prefix lifetime 0 PDN Connection Release Initiated by HSGW This section describes the procedure of a session release by the HSGW Figure 12 PDN Connection Release by the HSGW Call Flow Table 5 PDN Connection Rel...

Page 93: ...itial PBU that created the binding 6 The P GW looks up the BCE based on the HNP deletes the binding and responds to the HSGW with a Deregistration PBA with the same attributes Lifetime 0 MNID APN ATT HRPD HNP 7 The HSGW optionally sends a Router Advertisement RA with assigned HNP and prefix lifetime 0 PDN Connection Release Initiated by P GW This section describes the procedure of a session releas...

Page 94: ...MNID APN HNP 4 The HSGW MAG service triggers a disconnect of the UE PDN connection for PDNID x 5 The HSGW sends a PPP VSNCP Term Req with PDNID x to the UE 6 The UE acknowledges the receipt of the request with a VSNCP Term Ack PDNID x 7 The HSGW optionally sends a Router Advertisement RA with assigned HNP and prefix lifetime 0 GTP PDN Gateway Call Session Procedures in an LTE SAE Network The follo...

Page 95: ... Type message together with an indication of the Selected Network to the eNodeB IMSI is included if the UE does not have a valid GUTI available If the UE has a valid GUTI it is included 2 The eNodeB derives the MME from the GUTI and from the indicated Selected Network If that MME is not associated with the eNodeB the eNodeB selects an MME using an MME selection function The eNodeB forwards the Att...

Page 96: ...trol plane RAT type Default Bearer QoS PDN Address Allocation AMBR EPS Bearer Identity Protocol Configuration Options ME Identity User Location Information message to the P GW 10 If dynamic PCC is deployed the P GW interacts with the PCRF to get the default PCC rules for the UE The IMSI UE IP address User Location Information RAT type AMBR are provided to the PCRF by the P GW if received by the pr...

Page 97: ...P GW that is different from the P GW address which was indicated by the HSS in the PDN subscription context the MME sends an Update Location Request including the APN and P GW address to the HSS for mobility with non 3GPP accesses 23 The HSS stores the APN and P GW address pair and sends an Update Location Response to the MME 24 Bidirectional data is passed between the UE and PDN Subscriber initia...

Page 98: ... with the PCRF to indicate to the PCRF that EPS Bearer is released if PCRF is applied in the network 6 The S GW acknowledges with a Delete Bearer Response TEID message 7 If Switch Off indicates that the detach is not due to a switch off situation the MME sends a Detach Accept message to the UE 8 The MME releases the S1 MME signalling connection for the UE by sending an S1 Release command to the eN...

Page 99: ...GPRS enhancements for Evolved Universal Terrestrial Radio Access Network E UTRAN access 3GPP TS 23 402 Architecture enhancements for non 3GPP accesses 3GPP TS 29 212 Policy and Charging Control over Gx reference point 3GPP TS 29 274 3GPP Evolved Packet System EPS Evolved General Packet Radio Service GPRS Tunnelling Protocol for Control plane GTPv2 C 3GPP TS 29 281 GPRS Tunnelling Protocol User Pla...

Page 100: ...volved Packet System EPS Mobility Management Entity MME and Serving GPRS Support Node SGSN related interfaces based on Diameter protocol 3GPP TS 29 273 3GPP EPS AAA Interfaces 3GPP TS 29 274 3GPP Evolved Packet System EPS Evolved General Packet Radio Service GPRS Tunnelling Protocol for Control plane GTPv2 C Stage 3 3GPP TS 29 275 Proxy Mobile IPv6 PMIPv6 based Mobility and Tunnelling protocols St...

Page 101: ...tworks PDN 3GPP TS 29 210 Charging rule provisioning over Gx interface 3GPP TS 29 212 Policy and Charging Control over Gx reference point 3GPP TS 29 213 Policy and Charging Control signaling flows and QoS 3GPP TS 29 273 3GPP EPS AAA Interfaces 3GPP TS 29 274 Evolved GPRS Tunnelling Protocol for Control plane GTPv2 C 3GPP TS 29 275 Proxy Mobile IPv6 PMIPv6 based Mobility and Tunnelling protocols 3G...

Page 102: ... The Network Access Identifier RFC 4283 Mobile Node Identifier Option for Mobile IPv6 MIPv6 RFC 4861 Neighbor Discovery for IP Version 6 IPv6 RFC 4862 IPv6 Stateless Address Autoconfiguration RFC 5094 Mobile IPv6 Vendor Specific Option RFC 5149 Service Selection for Mobile IPv6 RFC 5213 Proxy Mobile IPv6 RFC 5447 Diameter Mobile IPv6 Support for NAS to Diameter Server Interaction RFC 5555 Mobile I...

Page 103: ...x00 Packet Data Network Gateway Administration Guide 103 Internet Draft draft meghana netlmm pmipv6 mipv4 00 txt Proxy Mobile IPv6 and Mobile IPv4 interworking Object Management Group OMG Standards CORBA 2 6 Specification 01 09 35 Object Management Group ...

Page 104: ......

Page 105: ...rameters allowing it to perform in various wireless network environments In this chapter only the minimum set of parameters are provided to make the system operational Optional configuration commands specific to the P GW product are located in the Command Line Interface Reference The following procedures are located in this chapter Configuring the System as a Standalone eGTP P GW Configuring the S...

Page 106: ... the Command Line Interface Reference Required Local Context Configuration Information The following table lists the information that is required to configure the local context on an P GW Table 9 Required Information for Local Context Configuration Required Information Description Management Interface Configuration Interface name An identification string between 1 and 79 characters alpha and or nu...

Page 107: ...ed if multiple interfaces will be configured IP address and subnet IPv4 or IPv6 addresses assigned to the interface Multiple addresses and subnets are needed if multiple interfaces will be configured Physical port number The physical port to which the interface will be bound Ports are identified by the chassis slot number where the line card resides followed by the number of the physical connector...

Page 108: ...v4 pool is recognized by the system Multiple names are needed if multiple pools will be configured A range of IPv4 addresses defined by a starting address and an ending address IPv6 address pool name and range An identification string between 1 and 31 characters alpha and or numeric by which the IPv6 pool is recognized by the system Multiple names are needed if multiple pools will be configured A ...

Page 109: ...ate multiple interfaces Gateway IP address Used when configuring static IP routes from the interface s to a specific network SGi Interface Configuration To from IPv6 PDN Interface name An identification string between 1 and 79 characters alpha and or numeric by which the interface is recognized by the system Multiple names are needed if multiple interfaces will be configured IP address and subnet ...

Page 110: ... realm is the Diameter identity The originator s realm is present in all Diameter messages and is typically the company or service name Origin host name An identification string from 1 to 255 characters alpha and or numeric by which the Gx origin host is recognized by the system Origin host address The IP address of the Gx interface Peer name The Gx endpoint name described above Peer realm name Th...

Page 111: ...v4 addresses assigned to the interface Multiple addresses and subnets are needed if multiple interfaces will be configured Physical port number The physical port to which the interface will be bound Ports are identified by the chassis slot number where the line card resides followed by the number of the physical connector on the card For example port 17 1 identifies connector number 1 on the card ...

Page 112: ...and is typically the company or service name Origin host name An identification string from 1 to 255 characters alpha and or numeric by which the Rf origin host is recognized by the system Origin host address The IP address of the Rf interface Peer name The Rf endpoint name described above Peer realm name The Rf origin realm name described above Peer address and port number The IP address and port...

Page 113: ... System Administration Guide 3 The P GW uses the configured Gx Diameter endpoint to establish the IP CAN session 4 The P GW sends a CC Request CCR message to the PCRF to indicate the establishment of the IP CAN session and the PCRF acknowledges with a CC Answer CCA 5 The P GW uses the APN configuration to select the PDN context IP addresses are assigned from the IP pool configured in the selected ...

Page 114: ...ation section Step 4 Configure the PDN context by applying the example configuration in the P GW PDN Context Configuration section Step 5 Enable and configure the active charging service for Gx interface support by applying the example configuration in the Active Charging Service Configuration section Step 6 Create a AAA context and configure parameters for policy by applying the example configura...

Page 115: ... and configure a GTP U service within the P GW context by applying the example configuration in the Creating and Configuring a GTP U Service section Step 7 Create a context through which the interface to the PDN will reside by applying the example configuration in the Creating a P GW PDN Context section Modifying the Local Context Use the following example to set the default subscriber and configu...

Page 116: ... address ipv4_address exit gtpp group default gtpp charging agent address gz_ipv4_address gtpp echo interval seconds gtpp attribute diagnostics gtpp attribute local record sequence number gtpp attribute node id suffix string gtpp dictionary name gtpp server ipv4_address priority num gtpp server ipv4_address priority num node alive enable exit policy accounting rf_policy_name noconfirm accounting l...

Page 117: ...nting level types are flow PDN PDN QCI QCI and subscriber Refer to the Accounting Profile Configuration Mode Commands chapter in the Command Line Interface Reference for more information on this command Set the GTPP group setting for Gz accounting Creating and Configuring APNs in the P GW Context Use the following configuration to create an APN configure context pgw_context_name noconfirm apn name...

Page 118: ...irm apn name bearer control mode mixed selection mode sent by ms accounting mode gtpp gtpp group default accounting context aaa_context_name ims auth service gx_ims_service_name ip access group name in ip access group name out ip context name pdn_context_name active charging rulebase gz_rulebase_name end Notes The IMS Authorization Service is created and configured in the AAA context Multiple APNs...

Page 119: ...diameter accounting dictionary name diameter accounting endpoint rf_cfg_name diameter accounting server rf_cfg_name priority num Creating and Configuring an eGTP Service Use the following configuration example to create the eGTP service configure context pgw_context_name egtp service egtp_service_name noconfirm interface type interface pgw ingress validation mode default associate gtpu service gtp...

Page 120: ...port configure context pdn_context_name noconfirm interface sgi_ipv4_interface_name ip address ipv4_address interface sgi_ipv6_interface_name ipv6 address address end P GW Service Configuration Step 1 Configure the P GW service by applying the example configuration in the Configuring the P GW Service section Step 2 Specify an IP route to the eGTP Serving Gateway by applying the example configurati...

Page 121: ...te for control and user plane data communication with an eGTP Serving Gateway configure context pgw_context_name ip route sgw_ip_addr mask sgw_next_hop_addr pgw_intrfc_name end P GW PDN Context Configuration Use the following example to configure an IP Pool and APN and bind a port to the interface in the PDN context configure context pdn_context_name noconfirm interface sgi_ipv4_interface_name ip ...

Page 122: ...er port_number no shutdown bind interface sgi_ipv4_interface_name pdn_context_name exit port ethernet slot_number port_number no shutdown bind interface sgi_ipv6_interface_name pdn_context_name end Active Charging Service Configuration Use the following example to enable and configure active charging configure require active charging optimized mode active charging service name ruledef name rule_de...

Page 123: ...UE exit ruledef qci3 icmp any match TRUE exit ruledef static icmp any match TRUE exit charging action name action action exit charging action icmp billing action egcdr exit charging action qci3 content id id billing action egcdr qos class identifier id allocation retention priority priority tft packet filter qci3 exit charging action static service identifier id billing action egcdr ...

Page 124: ... static charging action static action priority 500 ruledef default charging action icmp action priority 570 ruledef icmp pkts charging action icmp egcdr threshold interval interval egcdr threshold volume total bytes end Notes A rule base is a collection of rule definitions and associated charging actions As depicted above multiple rule definitions charging actions and rule bases can be configured ...

Page 125: ...AA Context section Step 2 Create and configure QCI to QoS mapping by applying the example configuration in the Configuring QCI QoS Mapping section Creating and Configuring the AAA Context Use the following example to create and configure a AAA context including diameter support and policy control and bind Ethernet ports to interfaces supporting traffic between this context and a PCRF an OCS and an...

Page 126: ...ndpoint gx_cfg_name origin realm realm_name origin host name address aaa_ctx_ipv6_address peer gx_cfg_name realm name address pcrf_ipv4_or_ipv6_addr route entry peer gx_cfg_name exit diameter endpoint gy_cfg_name origin realm realm_name origin host name address gy_ipv6_address connection retry timeout seconds peer gy_cfg_name realm name address ocs_ipv4_or_ipv6_addr route entry peer gy_cfg_name ex...

Page 127: ... bind interface rf_interface_name aaa_context_name end Notes The p cscf table command under ims auth service can also specify an IPv4 address to the PCRF The Gx interface IP address can also be specified as an IPv4 address using the ip address command The Gy interface IP address can also be specified as an IPv4 address using the ip address command The Rf interface IP address can also be specified ...

Page 128: ...dure is not visible to MS As the number of addresses in memory decreases the system solicits additional addresses from the DHCP server If the number of addresses stored in memory rises above the configured limit they are released back to the DHCP server There are parameters that must first be configured that specify the DHCP servers to communicate with and how the IP address are handled These para...

Page 129: ...s mpls label input in_mpls_label_value output out_mpls_label_value1 out_mpls_label_value2 applies DHCP over MPLS traffic DHCP Server Parameter Configuration Use the following example to configure the DHCP server parameters to support DHCP based address assignment configure context dest_ctxt_name dhcp service dhcp_svc_name dhcp server ip_address priority priority dhcp server selection algorithm fir...

Page 130: ...similar to that displayed below where DHCP name is dhcp1 Service name dhcp1 Context isp Bind Done Local IP Address 150 150 150 150 Next Hop Address 192 179 91 3 MPLS label Input 5000 Output 1566 1899 Service Status Started Retransmission Timeout 3000 milli secs Max Retransmissions 2 Lease Time 600 secs Minimum Lease Duration 600 secs Maximum Lease Duration 86400 secs DHCP Dead Time 120 secs DHCP D...

Page 131: ...igurable values for Renew Time Rebind Time Preferred Lifetime and Valid Lifetime by applying the example configuration in the DHCPv6 Server Parameter Configuration section Step 3 Configure the DHCPv6 client and other configurable values for Maximum Retransmissions Server Dead Tries and Server Resurrect Time by applying the example configuration in the DHCPv6 Client Parameter Configuration section ...

Page 132: ...gured by entering dhcp server command multiple times A maximum of 3 DHCPv6 servers can be configured renew time configures the renewal time for prefixes assigned by dhcp service Default is 900 seconds rebind time configures the rebind time for prefixes assigned by dhcp service Default is 900 seconds preferred lifetime configures the preferred lifetime for prefixes assigned by dhcp service Default ...

Page 133: ...RVER is considered to be dead if it does not respond after given tries from client Default is 5 server resurrect time PDN DHCPV6 SERVER is considered alive after it has been dead for given seconds Default is 20 DHCPv6 Profile Configuration Use the following example to configure the DHCPv6 profile configure context dest_ctxt_name dhcp server profile server_profile enable rapid commit dhcpv6 process...

Page 134: ...ny configured integer between 1 and 255 enable dhcpv6 server unicast command enables server unicast option for DHCPv6 By default it is disabled enable dhcpv6 server reconf command configures support for reconfiguration messages from the server By default it is disabled dhcp client profile command creates a client profile and then enters the DHCP Client Profile configuration mode client identifier ...

Page 135: ...DHCPv6 service name is dhcp6 service Service name dhcpv6 service Context A Bind Address 2092 192 90 92 40 Bind Done Service Status Started Server Dead Time 120 secs Server Dead consecutive Failure 5 Server Select Algorithm First Server Server Renew Time 400 secs Server Rebind Time 500 secs Server Preferred Life Time 600 secs Server Valid Life Time 700 secs Max Retransmissions 3 secs Server Dead Tr...

Page 136: ...n on these parameters can be found in the appropriate sections of the Command Line Interface Reference Required Local Context Configuration Information The following table lists the information that is required to configure the local context on an P GW Table 13 Required Information for Local Context Configuration Required Information Description Management Interface Configuration Interface name An...

Page 137: ...nfiguration To from S GW Interface name An identification string between 1 and 79 characters alpha and or numeric by which the interface will be recognized by the system Multiple names are needed if multiple interfaces will be configured IP address and subnet IPv4 addresses assigned to the interface Multiple addresses and subnets are needed if multiple interfaces will be configured Physical port n...

Page 138: ...ess pool name and range An identification string between 1 and 31 characters alpha and or numeric by which the IPv6 pool is recognized by the system Multiple names are needed if multiple pools will be configured A range of IPv6 addresses defined by a starting address and an ending address Access Control List Configuration IPv4 access list name An identification string between 1 and 47 characters a...

Page 139: ...ce Multiple addresses and subnets are needed if multiple interfaces will be configured Physical port number The physical port to which the interface will be bound Ports are identified by the chassis slot number where the line card resides followed by the number of the physical connector on the card For example port 17 1 identifies connector number 1 on the card in slot 17 A single physical port ca...

Page 140: ...identification string between 1 and 79 characters alpha and or numeric by which the interface is recognized by the system Multiple names are needed if multiple interfaces will be configured IP address and subnet IPv4 or IPv6 addresses assigned to the interface Multiple addresses and subnets are needed if multiple interfaces will be configured Physical port number The physical port to which the int...

Page 141: ...ultiple interfaces Gateway IP address Used when configuring static IP routes from the interface s to a specific network Gy Diameter Endpoint Configuration End point name An identification string from 1 to 63 characters alpha and or numeric by which the Gy Diameter endpoint configuration is recognized by the system Origin realm name An identification string between 1 through 127 characters The real...

Page 142: ...meric by which the Rf Diameter endpoint configuration is recognized by the system Origin realm name An identification string between 1 through 127 characters The realm is the Diameter identity The originator s realm is present in all Diameter messages and is typically the company or service name Origin host name An identification string from 1 to 255 characters alpha and or numeric by which the Rf...

Page 143: ... P GW uses the configured Gx Diameter endpoint to establish the IP CAN session 4 The P GW sends a CC Request CCR message to the PCRF to indicate the establishment of the IP CAN session and the PCRF acknowledges with a CC Answer CCA 5 The P GW uses the APN configuration to select the PDN context IP addresses are assigned from the IP pool configured in the selected PDN context 6 The P GW responds to...

Page 144: ...guration section Step 4 Configure the PDN context by applying the example configuration in the P GW PDN Context Configuration section Step 5 Enable and configure the active charging service for Gx interface support by applying the example configuration in the Active Charging Service Configuration section Step 6 Create a AAA context and configure parameters for AAA and policy by applying the exampl...

Page 145: ...section Step 6 Create a context through which the interface to the PDN will reside by applying the example configuration in the Creating a P GW PDN Context section Modifying the Local Context Use the following example to set the default subscriber and configure remote access capability in the local context configure context local interface lcl_cntxt_intrfc_name ip address ip_address ip_mask exit s...

Page 146: ...ut action stop start operator string string exit subscriber default exit exit port ethernet slot_number port_number no shutdown bind interface s5s8_interface_name pgw_context_name end Notes The S5 S8 P GW to S GW interface must be an IPv6 address Set the accounting policy for the Rf off line charging interface The accounting level types are flow PDN PDN QCI QCI and subscriber Refer to the Accounti...

Page 147: ...arging rulebase name Notes The IMS Authorization Service is created and configured in the AAA context Multiple APNs can be configured to support different domain names Creating and Configuring AAA Groups in the P GW Context Use the following example to create and configure AAA groups supporting RADIUS and Rf accounting configure context pgw_context_name noconfirm aaa group rf radius_group_name rad...

Page 148: ...r s6b_cfg_name priority num diameter accounting server rf_cfg_name priority num end Creating and Configuring an LMA Service Use the following configuration example to create the LMA service configure context pgw_context_name lma service lma_service_name noconfirm no aaa accounting revocation enable bind address s5s8_ipv6_address end Notes The no aaa acounting command is used to prevent duplicate a...

Page 149: ...he following example to configure the P GW service configure context pgw_context_name pgw service pgw_service_name noconfirm plmn id mcc id mnc id associate lma service lma_service_name associate qci qos mapping name authorize external fqdn host domain_name realm realm_name end Notes QCI QoS mapping configurations are created in the AAA context Refer to the Configuring QCI QoS Mapping section for ...

Page 150: ...iguration Use the following example to configure an IP Pool and APN and bind a port to the interface in the PDN context configure context pdn_context_name noconfirm interface pdn_sgi_ipv4_interface_name ip address ipv4_address exit interface pdn_sgi_ipv6_interface_name ip address ipv6_address exit ip pool name range start_address end_address public priority ipv6 pool name range start_address end_a...

Page 151: ...interface_name pdn_context_name exit port ethernet slot_number port_number no shutdown bind interface pdn_ipv6_interface_name pdn_context_name end Active Charging Service Configuration Use the following example to enable and configure active charging configure require active charging optimized mode active charging service name ruledef name rule rule exit ruledef default ip any match TRUE exit rule...

Page 152: ...atch TRUE exit charging action name action action exit charging action icmp billing action egcdr exit charging action qci3 content id id billing action rf qos class identifier id allocation retention priority priority tft packet filter qci3 exit charging action static service identifier id billing action rf qos class identifier id allocation retention priority priority tft packet filter qci3 exit ...

Page 153: ...nition is matched A rule base is a collection of rule definitions and associated charging actions AAA and Policy Configuration Step 1 Configure AAA and policy interfaces by applying the example configuration in the Creating and Configuring the AAA Context section Step 2 Create and configure QCI to QoS mapping by applying the example configuration in the Configuring QCI QoS Mapping section Creating...

Page 154: ...ipv6 address pcrf_adr policy control diameter origin endpoint gx_cfg_name diameter dictionary name diameter host select table algorithm round robin diameter host select row precedence table host gx_cfg_name exit exit diameter endpoint s6b_cfg_name origin realm realm_name origin host name address aaa_ctx_ipv4_address peer s6b_cfg_name realm name address aaa_ipv4_addr route entry peer s6b_cfg_name e...

Page 155: ...r gy_cfg_name exit diameter endpoint rf_cfg_name origin realm realm_name origin host name address rf_ipv4_address peer rf_cfg_name realm name address ofcs_ipv4_addr route entry peer rf_cfg_name exit exit port ethernet slot_number port_number no shutdown bind interface s6b_interface_name aaa_context_name exit port ethernet slot_number port_number no shutdown bind interface gx_interface_name aaa_con...

Page 156: ...ing Use the following example to create and map QCI values to enforceable QoS parameters configure qci qos mapping name qci 1 user datagram dscp marking hex qci 3 user datagram dscp marking hex qci 9 user datagram dscp marking hex exit Notes QCI values 1 through 9 are standard values and are defined in 3GPP TS 23 203 Values 10 through 32 can be configured for non standard use The above configurati...

Page 157: ...Information on these parameters can be found in the appropriate sections of the Command Line Interface Reference Required Local Context Configuration Information The following table lists the information that is required to configure the local context on an P GW Table 17 Required Information for Local Context Configuration Required Information Description Management Interface Configuration Interfa...

Page 158: ...dentification string between 1 and 79 characters alpha and or numeric by which the interface will be recognized by the system Multiple names are needed if multiple interfaces will be configured IP address and subnet IPv6 addresses assigned to the interface Multiple addresses and subnets are needed if multiple interfaces will be configured Physical port number The physical port to which the interfa...

Page 159: ...v4 pool is recognized by the system Multiple names are needed if multiple pools will be configured A range of IPv4 addresses defined by a starting address and an ending address IPv6 address pool name and range An identification string between 1 and 31 characters alpha and or numeric by which the IPv6 pool is recognized by the system Multiple names are needed if multiple pools will be configured A ...

Page 160: ...rt can facilitate multiple interfaces Gateway IP address Used when configuring static IP routes from the interface s to a specific network SGi Interface Configuration To from IPv6 PDN Interface name An identification string between 1 and 79 characters alpha and or numeric by which the interface is recognized by the system Multiple names are needed if multiple interfaces will be configured IP addre...

Page 161: ...27 characters The realm is the Diameter identity The originator s realm is present in all Diameter messages and is typically the company or service name Origin host name An identification string from 1 to 255 characters alpha and or numeric by which the Gx origin host is recognized by the system Origin host address The IP address of the Gx interface Peer name The Gx endpoint name described above P...

Page 162: ... the system Multiple names are needed if multiple interfaces will be configured IP address and subnet IPv4 or IPv6 addresses assigned to the interface Multiple addresses and subnets are needed if multiple interfaces will be configured Physical port number The physical port to which the interface will be bound Ports are identified by the chassis slot number where the line card resides followed by t...

Page 163: ...7 A single physical port can facilitate multiple interfaces Gateway IP address Used when configuring static IP routes from the interface s to a specific network Gy Diameter Endpoint Configuration End point name An identification string from 1 to 63 characters alpha and or numeric by which the Gy Diameter endpoint configuration is recognized by the system Origin realm name An identification string ...

Page 164: ...The P GW uses the configured Gx Diameter endpoint to establish the IP CAN session 4 The P GW sends a CC Request CCR message to the PCRF to indicate the establishment of the IP CAN session and the PCRF acknowledges with a CC Answer CCA 5 The P GW uses the APN configuration to select the PDN context IP addresses are assigned from the IP pool configured in the selected PDN context 6 The P GW responds...

Page 165: ...onfiguration section Step 4 Configure the PDN context by applying the example configuration in the P GW PDN Context Configuration section Step 5 Enable and configure the active charging service for Gx interface support by applying the example configuration in the Active Charging Service Configuration section Step 6 Create a AAA context and configure parameters for AAA and policy by applying the ex...

Page 166: ... 6 Create a context through which the interface to the PDN will reside by applying the example configuration in the Creating a P GW PDN Context section Modifying the Local Context Use the following example to set the default subscriber and configure remote access capability in the local context configure context local interface lcl_cntxt_intrfc_name ip address ip_address ip_mask exit server ftpd e...

Page 167: ... timeout action stop start operator string string cc profile index interval seconds exit subscriber default exit exit port ethernet slot_number port_number no shutdown bind interface s2a_interface_name pgw_context_name end Notes The S2a P GW to HSGW interface must be an IPv6 address Set the accounting policy for the Rf off line charging interface The accounting level types are flow PDN PDN QCI QCI...

Page 168: ...ing rulebase name Notes The IMS Authorization Service is created and configured in the AAA context Multiple APNs can be configured to support different domain names The associate accounting policy command is used to associate a pre configured accounting policy with this APN Accounting policies are configured in the P GW context An example is located in the Creating and Configuring a P MIP P GW Con...

Page 169: ...ion dictionary name diameter accounting dictionary name diameter authentication endpoint s6b_cfg_name diameter accounting endpoint rf_cfg_name diameter authentication server s6b_cfg_name priority num diameter accounting server rf_cfg_name priority num Creating and Configuring an LMA Service Use the following configuration example to create the LMA service configure context pgw_context_name lma ser...

Page 170: ...e Configuring the P GW Service section Step 2 Specify an IP route to the HRPD Serving Gateway by applying the example configuration in the Configuring a Static IP Route section Configuring the P GW Service Use the following example to configure the P GW service configure context pgw_context_name pgw service pgw_service_name noconfirm associate lma service lma_service_name associate qci qos mapping...

Page 171: ...ext_name ipv6 route ipv6_addr prefix next hop hsgw_addr interface pgw_hsgw_intrfc_name end Notes Static IP routing is not required for configurations using dynamic routing protocols P GW PDN Context Configuration Use the following example to configure IP pools and IP Access Control Lists ACLs and bind ports to the interfaces in the PDN context configure context pdn_context_name noconfirm ip pool n...

Page 172: ...terface_name pdn_context_name exit port ethernet slot_number port_number no shutdown bind interface pdn_sgi_ipv6_interface_name pdn_context_name end Active Charging Service Configuration Use the following example to enable and configure active charging configure require active charging optimized mode active charging service name ruledef name rule_definition rule_definition exit ruledef name rule_d...

Page 173: ...le rule definitions charging actions and rule bases can be configured to support a variety of charging scenarios Routing and or charging rule definitions can be created configured The maximum number of routing rule definitions that can be created is 256 The maximum number of charging rule definitions is 2048 Charging actions define the action to take when a rule definition is matched A rule base i...

Page 174: ... this context a PCRF a 3GPP AAA server an on line charging server and an off line charging server configure context aaa_context_name noconfirm interface s6b_interface_name ip address ipv4_address exit interface gx_interface_name ipv6 address address exit interface rf_interface_name ip address ipv4_address exit interface gy_interface_name ipv6 address address exit subscriber default exit ims auth s...

Page 175: ...ndpoint gx_cfg_name origin realm realm_name origin host name address aaa_context_ip_address peer gx_cfg_name realm name address pcrf_ipv6_addr route entry peer gx_cfg_name exit diameter endpoint rf_cfg_name origin realm realm_name origin host name address aaa_ip_address peer rf_cfg_name realm name address ofcs_ip_addr route entry peer rf_cfg_name exit diameter endpoint gy_cfg_name use proxy origin...

Page 176: ...a_context_name end Notes The p cscf table command under ims auth service can also specify an IPv4 address to the PCRF The S6b interface IP address can also be specified as an IPv6 address using the ipv6 address command The Gx interface IP address can also be specified as an IPv4 address using the ip address command The Gy interface IP address can also be specified as an IPv4 address using the ip a...

Page 177: ... only shows one keyword example Refer to the QCI QOS Mapping Configuration Mode Commands chapter in the Command Line Interface Reference for more information on the qci command and other supported keywords Verifying and Saving the Configuration Save your configuration to flash memory an external memory device and or a network location using the Exec mode command save configuration For additional i...

Page 178: ...ed Peer Authentication Configuring ACL based Node to Node IP Security on the S5 Interface The configuration example in this section creates an IKEv2 IPSec ACL based node to node tunnel endpoint on the S5 interface Important Use of the IP Security feature requires that a valid license key be installed Contact your local Sales or Support representative for information on how to obtain a license The ...

Page 179: ...ncryption Standard Cipher Block Chaining is the default algorithm for IPSec transform sets configured on the system The group none command specifies that no crypto strength is included and that Perfect Forward Secrecy is disabled This is the default setting for IPSec transform sets configured on the system The hmac command configures the Encapsulating Security Payload ESP integrity algorithm The s...

Page 180: ...60 bit secret key to produce a 160 bit authenticator value This is the default setting for IKEv2 transform sets configured on the system The lifetime command configures the time the security key is allowed to exist in seconds The prf command configures the IKE Pseudo random Function which produces a string of bits that cannot be distinguished from a random bit string without knowledge of the secre...

Page 181: ... addressing An IKEv2 IPv6 crypto map can also be used for IPv6 addressing The ipsec transform set list command specifies up to four IPSec transform sets Configuring APN as Emergency The configuration example in this section configures an emergency APN for VoLTE based E911 support In APN Configuration Mode specify the name of the emergency APN and set the emergency inactivity timeout as follows You...

Page 182: ...enabled support and you may need to install a feature specific session license on your system to use some commands related to this configuration These instructions assume that you have already configured the system level configuration as described in System Administration Guide and P GW service To configure the S6b and other advance features 1 Configure Diameter endpoint by applying the example co...

Page 183: ...ry aaa custom15 diameter authentication endpoint s6b_endpoint_name diameter authentication server server_name priority priority end Notes s6b_endpoint_name is name of the existing Diamtere endpoint Authorization over S6b Configuration Use the following example to enable the S6b interface on P GW service with 3GPP AAA HSS configure context pgw_ctxt_name pgw service pgw_svc_name plmn id mcc number m...

Page 184: ...gw_svc_name is name of the P GW service which is already created on the system Duplicate Call Accept Configuration Use the following example to configure P GW service to accept the duplicate session calls with request for same IP address configure context pgw_ctxt_name pgw service pgw_svc_name newcall duplicate subscriber requested address accept end Notes pgw_svc_name is name of the P GW service ...

Page 185: ...Security on the S5 Interface The configuration example in this section creates an IPSec IKEv2 dynamic node to node tunnel endpoint on the S5 interface Important Use of the IP Security feature requires that a valid license key be installed Contact your local Sales or Support representative for information on how to obtain a license The following configuration examples are included in this section C...

Page 186: ...es the Encapsulating Security Payload ESP integrity algorithm The sha1 96 keyword uses a 160 bit secret key to produce a 160 bit authenticator value This is the default setting for IPSec transform sets configured on the system The mode tunnel command specifies that the entire packet is to be encapsulated by the IPSec header including the IP header This is the default setting for IPSec transform se...

Page 187: ...string of bits that cannot be distinguished from a random bit string without knowledge of the secret key The sha1 keyword uses a 160 bit secret key to produce a 160 bit authenticator value This is the default setting for IKEv2 transform sets configured on the system Creating and Configuring a Crypto Template The following example configures an IKEv2 crypto template configure context pgw_context_na...

Page 188: ...s_service_name end Notes The bind command in the GTP U and eGTP service configuration can also be specified as an IPv6 address using the ipv6 address command Configuring the GTP Echo Timer The GTP echo timer on the ASR5x00 P GW can be configured to support two different types of path management default and dynamic This timer can be configured on the GTP C and or the GTP U channels Default GTP Echo...

Page 189: ...ollowing diagram describes a failure and recovery scenario using default settings of the three gtpc commands in the example above The multiplier x2 is system coded and cannot be configured GTP U configure configure context context_name gtpu service gtpu_service_name echo interval seconds echo retransmission timeout seconds max retransmissions num ...

Page 190: ... failure and recovery scenario using default settings of the three GTP U commands in the example above The multiplier x2 is system coded and cannot be configured Dynamic GTP Echo Timer Configuration The following examples describe the configuration of the dynamic eGTP C and GTP U interface echo timers eGTP C configure configure context context_name egtp service egtp_service_name ...

Page 191: ...ooth factor multiplier gtpc echo retransmission timeout seconds gtpc max retransmissions num end Notes The following diagram describes a failure and recovery scenario using default settings of the three gtpc commandsin the example above and an example round trip timer RTT of six seconds The multiplier x2 and the 100 second maximum are system coded and cannot be configured ...

Page 192: ... context context_name gtpu service gtpu_service_name echo interval seconds dynamic smooth factor multiplier echo retransmission timeout seconds max retransmissions num end Notes The following diagram describes a failure and recovery scenario using default settings of the three gtpc commandsin the example above and an example round trip timer RTT of six seconds ...

Page 193: ...93 The multiplier x2 and the 100 second maximum are system coded and cannot be configured Configuring GTPP Offline Accounting on the P GW By default the P GW service supports GTPP accounting To provide GTPP offline charging configure the P GW with the example parameters below configure gtpp single source context ingress_context_name ...

Page 194: ...local record sequence number gtpp attribute node id suffix string gtpp dictionary name gtpp server ipv4_address priority num gtpp server ipv4_address priority num node alive enable exit policy accounting gz_policy_name accounting level type operator string string cc profile index buckets num cc profile index interval seconds cc profile index volume total octets exit exit context ingress_context_na...

Page 195: ...ommand Line Interface Reference for more information on this command Configuring Local QoS Policy The configuration examples in this section creates a local QoS policy A local QoS policy service can be used to control different aspects of a session such as QoS data usage subscription profiles or server usage by means of locally defined policies Important Local QoS Policy is a licensed feature and ...

Page 196: ... until a match is found and the corresponding condition is applied A maximum of 256 actiondefs are suggested in a local QoS policy service for performance reasons The action command can be entered multiple times to configure multiple actions for an actiondef The actions are examined in priority order until a match is found and the corresponding action is applied Currently only one eventbase is sup...

Page 197: ... nodes Configuring X 509 Certificate based Peer Authentication The configuration example in this section enables X 509 certificate based peer authentication which can be used as the authentication method for IP Security on the P GW Important Use of the IP Security feature requires that a valid license key be installed Contact your local Sales or Support representative for information on how to obt...

Page 198: ...llows configure context pgw_context_name noconfirm crypto template crypto_template_name ikev2 dynamic certificate name cert_name ca certificate list ca cert name ca_cert_name authentication local certificate authentication remote certificate end Notes A maximum of 16 certificates and 16 CA certificates are supported per system One certificate is supported per service and a maximum of four CA certi...

Page 199: ...de examples and procedures for configuration of basic services on the system It is recommended that you select the configuration example that best meets your service model and configure the required elements for that model as described in the Cisco ASR 5x00 Packet Data Network Gateway Administration Guide before using the procedures in this chapter This chapter includes the following sections NEMO...

Page 200: ...onnection comes through GTP S5 4G access or PMIPv6 S2a eHRPD access The following figure shows a high level view of LTE NEMOv4 Architecture Figure 16 NEMO Overview Use Cases The following use cases are supported by NEMO in LTE 1 Stationary Applications like branch offices with a mobile router that does not require mobility 2 Nomadic Applications that use a mobile router that does not move while in...

Page 201: ...A supports a potential dummy MR HADDR address that would be configured in every MR within the same Enterprise or across all served Enterprises same IP address Dynamic advertisement of WAN IP Pools and learned LAN prefixes eBGP is used to advertise the Enterprise WAN IP Pools and the LAN prefixes learned via NEMO for the associated Enterprise N MHAE credentials NEMO4G HA supports local authenticati...

Page 202: ...ermission should be assigned to the underlying PDN connection via either local configuration APN parameter or based on a NEMO permission AVP assigned by the 3GPP AAA during the PDN authorization For local configuration a new APN parameter is supported to enable NEMO permission at the APN PDN level within the P GW service MIPv4 NEMO Protocol NEMO4G HA processes a Mobile IPv4 NEMO Registration Reque...

Page 203: ...rop user data using MIP or GRE tunneling UDP 434 or IP Protocol 47 respectively to the external enterprise VRF if such data is not destined to the NEMO4G HA IP address This applies to PDN connections that have or do not have the NEMO Permission indication This shall also apply to both eHRPD and LTE access Any failure on either the authentication or authorize of a NEMO MIPv4 session shall not affec...

Page 204: ...erprise APN During the PDN authorization procedure using S6b the 3GPP AAA assigns a NEMO permission via AVP The AVP is also be available as an APN parameter on the E PGW to allow NEMO service at the PDN Enterprise level E PGW assigns the MR eHWIC an IPv4 address from the Enterprise IPv4 pool assigned during PDN authentication E PGW creates the proper flows internally to forward packets to the corr...

Page 205: ...ion as well NEMO Tunnel flags such as but not limited to Reverse Tunnel Direct Termination Tunnel Encapsulation GRE 4 NEMO4G HA sends a MIP registration response RRP back to the MR after it performs the following tasks Authenticate the RRQ using the N MHAE information included in the RRQ Authorize the NEMO service based on the NEMO permission attribute assigned to the associated Enterprise PDN con...

Page 206: ...ting tables per context This allows up to 100 BGP VPNs per context Up to 5k host routes spread across multiple VRFs per BGP process Limited to 6000 pool routes per chassis Up to 1024 VRFs per chassis Supported Standards IETF RFC 3025 February 2001 Mobile IP Vendor Organization Specific Extensions IETF RFC 1191 November 1990 Path MTU Discovery ...

Page 207: ...Redistribute connected routes between routing domains by applying the example configuration in the Redistribute Connected Routes section 4 Allow the P GW to use the NEMO service by applying the example in the Configure and Enable NEMO in APN Profile section 5 Create a NEMO HA by applying the example in the Create a NEMO HA section 6 Save your configuration to flash memory an external memory device...

Page 208: ... inbound ip address 192 168 1 1 255 255 255 0 exit ha service nemo mn ha spi spi number 100 encrypted secret 01abd002c82b4a2c authentication mn aaa noauth encapsulation allow keyless gre bind address 38 0 0 2 end Create a VRF Use this example to first create a VRF on the router and assign a VRF ID configure context context_name noconfirm ip vrf vrf_name ip pool pool_name pool_address private vrf v...

Page 209: ... ip vrf vrf_name neighbor ip_address remote as AS_num address family type neighbor ip_address activate end Redistribute Connected Routes Use this example to redistribute connected routes between routing domains configure context context_name ip vrf vrf_name router bgp as_number ip vrf vrf_name address family type vrf vrf_name redistribute connected exit redistribute connected end Configure and Ena...

Page 210: ...rmission nemo ip context name name ip address pool name pool_nme end Create a NEMO HA Use this example to create a NEMO HA configure context context_name ha service ha_service_name mn ha spi spi number number encrypted secret enc_secret authentication mn aaa noauth encapsulation allow keyless gre bind address ip_address end ...

Page 211: ...es and procedures for configuration of basic services on the system It is recommended that you select the configuration example that best meets your service model and configure the required elements for that model as described in the respective product Administration Guide before using the procedures in this chapter This chapter discusses following topics for feature support of Subscriber Session ...

Page 212: ...ion via direct CLI configuration Management initiation at HSS with trace activation via authentication response messages over S6a reference interface Signaling based activation through signaling from subscriber access terminal Important Once the trace is provisioned it can be provisioned through the access cloud via various signaling interfaces The session level trace function consists of trace ac...

Page 213: ... or secure FTP SFTP connection Note In the current release the IPv4 interfaces are used to provide connectivity to the TCE Trace activation is based on IMSI or IMEI Supported Functions This section provides the list of supported functionality of this feature support Support to trace the control flow through the access network Trace of specific subscriber identified by IMSI Trace of UE identified b...

Page 214: ...n Trace Details Management and Signaling based activation models Trace Parameter Propagation Trace Scope EPS Only MME S1 S3 S6a S10 S11 S GW S4 S5 S8 S11 Gxc PDN GW S2a S2b S2c S5 S6b Gx S8 SGi Trace Depth Maximum Minimum Medium with or without vendor extension XML Encoding of Data as per 3GPP standard 3GPP TS 32 422 V8 6 0 2009 09 Trace Collection Entity TCE Support Active pushing of files to the...

Page 215: ...Aspects Telecommunication management Subscriber and equipment trace Trace concepts and requirements Release 8 3GPP TS 32 422 V8 6 0 2009 09 3rd Generation Partnership Project Technical Specification Group Services and System Aspects Telecommunication management Subscriber and equipment trace Trace control and configuration management Release 8 3GPP TS 32 423 V8 2 0 2009 09 3rd Generation Partnersh...

Page 216: ...initiated when a start trigger event occurs and continues until the stop trigger event occurs and is uniquely identified by a Trace Recording Session Reference Network Element NE Network elements are the functional component to facilitate subscriber session trace in mobile network The term network element refers to a functional component that has standard interfaces in and out of it It is typicall...

Page 217: ...is similar whether it was management or signaling activated In either case a deactivation request is received by the NE that contains a valid trace reference results in the de allocation of the trace session state block and a flushing of any pending trace data In addition if this is the last trace session to a particular TCE the S FTP connection to the TCE is released after the last trace file is ...

Page 218: ...rectly via a signaling interface Network Element Details Trace functionality for each of the specific network elements supported by this functionality are described in this section This section includes the trace monitoring points applicable to them as well as the interfaces over which they can send and or receive trace configuration MME The MME support tracing of the following interfaces with the...

Page 219: ...naling De Activation RX Trace Signaling De Activation TX Gxc Policy Server Y N P GW The P GW support tracing of the following interfaces with the following trace capabilities Interface Name Remote Device Trace Signaling De Activation RX Trace Signaling De Activation TX S2abc Various NEs N N S5 S GW Intra PLMN Y N S6b AAA Server Proxy Y N S8 S GW Inter PLMN N N Gx Policy Server Y N SGi IMS Y N ...

Page 220: ... section Step 2 Configure the network and trace file transportation parameters by applying the example configurations presented in the Trace File Collection Configuration section Step 3 Save your configuration to flash memory an external memory device and or a network location using the Exec mode command save configuration For additional information on how to verify and save configuration files re...

Page 221: ... and protocols to be used to store trace files on TCE through FTP S FTP configure session trace subscriber network element all ggsn mme pgw sgw collection timer dur tce mode none push transport ftp sftp path string username name encrypted password enc_pw password password end Notes string is the location path on the trace collection entity TCE where trace files will be stored on TCE For more infor...

Page 222: ...ing the following command in Exec Mode show session trace statistics The output of this command displays the statistics of the session trace instance Num current trace sessions 5 Total trace sessions activated 15 Total Number of trace session activation failures 2 Total Number of trace recording sessions triggered 15 Total Number of messages traced 123 Number of current TCE connections 2 Total num...

Page 223: ...Configuring Subscriber Session Tracing Verifying Your Configuration Cisco ASR 5x00 Packet Data Network Gateway Administration Guide 223 Trace Reference 310012012347 ...

Page 224: ......

Page 225: ...system ranging from current software configuration through call activity and status The selection of keywords described in this chapter is intended to provided the most useful and in depth information for monitoring the system For additional information on these and other show command keywords refer to the Command Line Interface Reference In addition to the CLI the system supports the sending of S...

Page 226: ... statistics View Infrastructure DNS Queries Verify Infrastructure DNS queries to resolve P CSCF FQDN dns client query client name client_name query type AAAA query name p cscf com View IP Information Display BGP Neighbors Verify BGP neighbors on egress P GW context context egress_pgw_context_name show ip bgp summary Verify BGP neighbors on ingress P GW context context ingress_pgw_context_name show...

Page 227: ...splay Session Subsystem and Task Statistics Important Refer to the System Software Task and Subsystem Descriptions appendix in the System Administration Guide for additional information on the Session subsystem and its various manager tasks View AAA Manager statistics show session subsystem facility aaamgr all View AAA Proxy statistics show session subsystem facility aaaproxy all View LMA Manager ...

Page 228: ...iguration username subscriber_name View remotely configured subscriber profile settings show subscribers aaa configuration username subscriber_name View Subscribers Currently Accessing the System View a listing of subscribers currently accessing the system show subscribers all Display UE Attach Status Confirm that a UE has attached Displays IMSI with one entry for each bearer per APN connection Ve...

Page 229: ...It may be necessary to periodically clear statistics and counters in order to gather new information The system provides the ability to clear statistics and counters based on their grouping PPP MIPHA MIPFA etc Statistics and counters can be cleared using the CLI clear command Refer to the Command Line Reference for detailed information on using this command ...

Page 230: ......

Page 231: ...es are discussed The product administration guides provide examples and procedures for configuration of basic services on the system It is recommended that you select the configuration example that best meets your service model and configure the required elements for that model as described in this Administration Guide before using the procedures in this chapter Important Not all functions command...

Page 232: ...ed For this two separate CoA requests can be sent through AAA server requesting for one attribute change per request DM Overview The DM message is used to disconnect subscriber sessions in the system from a RADIUS server The DM request message should contain necessary attributes to identify the subscriber session If the system successfully disconnects the subscriber session a DM ACK message is sen...

Page 233: ...AA Functionality section of the AAA and GTPP Interface Administration and Reference If you are using StarOS 14 0 or a later release refer to the AAA Interface Administration and Reference A number of optional keywords and variables are available for the radius change authorize nas ip command For more information regarding this command please refer to the Command Line Interface Reference CoA and DM...

Page 234: ...dicates the reason for disconnecting the user This attribute may be present in the RADIUS Disconnect request Message from the Home Radius server to the PDSN 3GPP2 Session Termination Capability When CoA and DM are enabled by issuing the radius change authorize nas ip command this attribute is included in a RADIUS Access request message to the Home RADIUS server and contains the value 3 to indicate...

Page 235: ...probes 0 Current aaa auth probes 0 Total aaa auth keepalive 0 Current aaa auth keepalive 426 Total aaa acct requests 0 Current aaa acct requests 0 Total aaa acct keepalive 0 Current aaa acct keepalive 379 Total aaa auth success 0 Total aaa auth failure 0 Total aaa auth purged 0 Total aaa auth cancelled 0 Total auth keepalive success 0 Total auth keepalive failure 0 Total auth keepalive purged 0 To...

Page 236: ... 2 Current aaa sockets open 0 Total aaa requests pend socket open 0 Current aaa requests pend socket open 0 Total radius requests pend server max outstanding 0 Current radius requests pend server max outstanding 0 Total aaa radius coa requests 0 Total aaa radius dm requests 0 Total aaa radius coa acks 0 Total aaa radius dm acks 0 Total aaa radius coa naks 0 Total aaa radius dm naks 2 Total radius ...

Page 237: ...y Administration Guide 237 0 Total prepaid online success 0 Current prepaid online failure 0 Total prepaid online retried 0 Total prepaid online cancelled 0 Current prepaid online purged 0 Total aaamgr purged requests 0 SGSN Total db records 0 SGSN Total sub db records 0 SGSN Total mm records 0 SGSN Total pdp records 0 SGSN Total auth records ...

Page 238: ...n the System Administration Guide Operation ACL Rule An ACL rule named readdress server supports redirection of subscriber sessions The ACL containing this rule must be configured in the destination context of the user Only TCP and UDP protocol packets are supported The ACL rule allows specifying the redirected address and an optional port The source and destination address and ports with respect ...

Page 239: ...led before being redirected Reassembly is particularly necessary when fragments are sent out of order The session manager performs reassembly of datagrams and reassembly is attempted only when a datagram matches the redirect server ACL rule To limit memory usage only up to 10 different datagrams may be concurrently reassembled for a subscriber Any additional requests cause the oldest datagram bein...

Page 240: ...EWCALL SMGR_STATE_NEWCALL_ARRIVED SMGR_EVT_ANSWER_CALL SMGR_STATE_NEWCALL_ANSWERED SMGR_EVT_LINE_CONNECTED SMGR_STATE_LINE_CONNECTED SMGR_EVT_LINK_CONTROL_UP SMGR_STATE_LINE_CONNECTED SMGR_EVT_AUTH_REQ SMGR_STATE_LINE_CONNECTED SMGR_EVT_IPADDR_ALLOC_SUCCESS SMGR_STATE_LINE_CONNECTED SMGR_EVT_AUTH_SUCCESS SMGR_STATE_LINE_CONNECTED SMGR_EVT_UPDATE_SESS_CONFIG SMGR_STATE_LINE_CONNECTED SMGR_EVT_LOWER...

Page 241: ...D FSM Event trace State Event SMGR_STATE_OPEN SMGR_EVT_MAKECALL SMGR_STATE_MAKECALL_PENDING SMGR_EVT_LINE_CONNECTED SMGR_STATE_LINE_CONNECTED SMGR_EVT_LOWER_LAYER_UP SMGR_STATE_CONNECTED SMGR_EVT_AUTH_REQ SMGR_STATE_CONNECTED SMGR_EVT_AUTH_SUCCESS SMGR_STATE_CONNECTED SMGR_EVT_REQ_SUB_SESSION SMGR_STATE_CONNECTED SMGR_EVT_RSP_SUB_SESSION username user1 callid 01ca11b1 msid 0000100003 Card Cpu 4 2 ...

Page 242: ..._LINE_CONNECTED SMGR_EVT_UPDATE_SESS_CONFIG SMGR_STATE_LINE_CONNECTED SMGR_EVT_LOWER_LAYER_UP Data Reorder statistics Total timer expiry 0 Total flush tmr expiry 0 Total no buffers 0 Total flush no buffers 0 Total flush queue full 0 Total flush out of range 0 Total flush svc change 0 Total out of seq pkt drop 0 Total out of seq arrived 0 IPv4 Reassembly Statistics Success 0 In Progress 0 Failure t...

Page 243: ...REQ_SUB_SESSION SMGR_STATE_CONNECTED SMGR_EVT_RSP_SUB_SESSION SMGR_STATE_CONNECTED SMGR_EVT_ADD_SUB_SESSION SMGR_STATE_CONNECTED SMGR_EVT_AUTH_REQ SMGR_STATE_CONNECTED SMGR_EVT_AUTH_SUCCESS Data Reorder statistics Total timer expiry 0 Total flush tmr expiry 0 Total no buffers 0 Total flush no buffers 0 Total flush queue full 0 Total flush out of range 0 Total flush svc change 0 Total out of seq pk...

Page 244: ......

Page 245: ...ect tunnel is a licensed Cisco feature A separate feature license is required for configuration Contact your Cisco account representative for detailed information on specific licensing requirements For information on installing and verifying licenses refer to the Managing License Keys section of the Software Management Operations chapter in the System Administration Guide The SGSN determines if se...

Page 246: ...at PDN context activation Figure 20 GTP U Direct Tunneling A direct tunnel improves the user experience for example expedites web page delivery reduces round trip delay for conversational services by eliminating switching latency from the user plane An additional advantage direct tunnel functionality implements optimization to improve the usage of user plane resources and hardware by removing the ...

Page 247: ...SN service on the P GW supports direct tunnel functionality The SGSN establishes a user plane GTP U tunnel directly between the RNC and the GGSN P GW using an Update PDN Context Request toward the GGSN P GW 2 Direct Tunneling LTE Network GTP U Tunnel LTE network The SGSN establishes a user plane tunnel GTP U tunnel over an S12 interface directly between the RNC and the S GW using an Update PDN Con...

Page 248: ...ad on both the SGSN S GW and GGSN P GW components of the packet core Hence deployment requires highly scalable GGSNs P GWs since the volume and frequency of Update PDP Context messages to the GGSN P GW will increase substantially The SGSN S GW platform capabilities ensure control plane capacity will not be a limiting factor with direct tunnel deployment The following figure illustrates the logic u...

Page 249: ...Direct Tunnel Direct Tunnel Feature Overview Cisco ASR 5x00 Packet Data Network Gateway Administration Guide 249 Figure 21 Direct Tunneling Establishment Logic ...

Page 250: ...ministration Guide and 2 the creation and configuration of a valid operator policy as described in the Operator Policy chapter in this guide Step 1 Configure the SGSN to setup GTP U direct tunnel between an RNC and an access gateway by applying the example configuration presented in the Enabling Setup of GTP U Direct Tunnels section below Step 2 Configure the SGSN to allow GTP U direct tunnels to ...

Page 251: ... policy_name direct tunnel attempt when permitted end Notes A call control profile must have been previously created configured and associated with a previously created configured and valid operator policy For information about operator policy creation configuration refer to the Operator Policy chapter in this guide Direct tunnel is now allowed on the SGSN but will only setup if allowed on both th...

Page 252: ...an example of the commands used to enable direct tunneling in the IMEI profile config imei profile profile_name direct tunnel check iups service end Notes An IMEI profile must have been previously created configured and associated with a previously created configured and valid operator policy For information about operator policy creation configuration refer to the Operator Policy chapter in this ...

Page 253: ... with the operator policy itself Verifying the Operator Policy Configuration For the feature to be enabled it must be allowed in the call control profile and the call control profile must be associated with an operator policy As well either an APN profile or an IMEI profile must have been created configured and associated with the same operator policy Use the following command to display and verif...

Page 254: ...ncluding direct tunnel for the specified call control profile Call Control Profile Name ccprofile1 Re Authentication Disabled Direct Tunnel Not Restricted GTPU Fast Path Disabled Verifying the APN Profile Configuration Use the following command to display and verify the direct tunnel configuration in the APN profile show apn profile full name profile_name The output of this command displays all of...

Page 255: ...nterface supporting direct tunnel bypass of the S4 SGSN for inter RAT handovers The direct tunnel capability on the S GW is enabled by configuring an S12 interface The S4 SGSN is then responsible for creating the direct tunnel by sending an FTEID in a control message to the MME over the S3 interface The MME forwards the FTEID to the S GW over the S11 interfaces The S GW responds with it s own U FT...

Page 256: ...ervice s12_egtp_egress_service_name interface type interface sgw egress validation mode default associate gtpu service s12_gtpu_egress_service_name gtpc bind address s12_interface_ip_address exit sgw service sgw_service_name noconfirm associate egress proto gtp egress context egress_context_name egtp service s12_egtp_egress_service_name end Notes The S12 interface IP address es can also be specifi...

Page 257: ... Contact your Cisco account representative for detailed information on specific licensing requirements For information on installing and verifying licenses refer to the Managing License Keys section of the Software Management Operations chapter in the System Administration Guide Important Commands used in the configuration samples in this section provide base functionality to the extent that the m...

Page 258: ...ds GRE Key will be used as a differentiator It is a common technique to enable multi protocol local networks over a single protocol backbone to connect non contiguous networks and allow virtual private networks across WANs This mechanism encapsulates data packets from one protocol inside a different protocol and transports the data packets unchanged across a foreign network It is important to note...

Page 259: ...ted Standards Support for the following standards and requests for comments RFCs have been added with this interface support RFC 1701 Generic Routing Encapsulation GRE RFC 1702 Generic Routing Encapsulation over IPv4 networks RFC 2784 Generic Routing Encapsulation GRE RFC 2890 Key and Sequence Number Extensions to GRE ...

Page 260: ...ata Network Gateway Administration Guide 260 Supported Networks and Platforms This feature supports all systems with StarOS Release 9 0 or later running GGSN and or SGSN service for the core network services The P GW service supports this feature with StarOS Release 12 0 or later ...

Page 261: ... licensed Cisco feature A separate feature license may be required Contact your Cisco account representative for detailed information on specific licensing requirements For information on installing and verifying licenses refer to the Managing License Keys section of the Software Management Operations chapter in the System Administration Guide ...

Page 262: ...and Application on GRE Interface Cisco ASR 5x00 Packet Data Network Gateway Administration Guide 262 Services and Application on GRE Interface GRE interface implementation provides the following functionality with GRE protocol support ...

Page 263: ...ket Processing on GRE Interface Figure given below provides a flow of process for incoming packets on GRE interface Note that in case the received packet is a GRE keep alive or a ping packet then the outer IPV4 and GRE header are not stripped off or get reattached but instead the packet is forwarded as is to the VPN manager or kernel respectively In case of all other GRE tunneled packets the IPV4 ...

Page 264: ...GRE Protocol Interface How GRE Interface Support Works Cisco ASR 5x00 Packet Data Network Gateway Administration Guide 264 Figure 23 Ingress Packet Processing on GRE Interface ...

Page 265: ...Works Cisco ASR 5x00 Packet Data Network Gateway Administration Guide 265 Egress Packet Processing on GRE Interface Figure given below provides a flow of process for outgoing packets on GRE interface Figure 24 Egress Packet Processing on GRE Interface ...

Page 266: ...nable OSPF for the VRF and for the given network by applying the example configurations presented in the Enabling OSPF for VRF section Step 4 Associate IP pool and AAA server group with VRF by applying the example configurations presented in the Associating IP Pool and AAA Group with VRF section Step 5 Associate APN with VRF through AAA server group and IP pool by applying the example configuratio...

Page 267: ...source interface non_tunn_intfc_to_corp destination address global_ip_address keepalive interval value num retry retry end Notes vpn_context_name is the name of the system context you want to use for GRE interface configuration For more information refer Command Line Interface Reference A maximum of 511 GRE tunnels 1 non tunnel interface can be configured in one context System needs at least 1 non...

Page 268: ...t mask to be used for OSPF routing Associating IP Pool and AAA Group with VRF This section provides the configuration example for associating IP pool and AAA groups with VRF configure context vpn_context_name ip pool ip_pool_name internal_ip_address mask vrf vrf_name exit aaa group aaa_server_group ip vrf vrf_name end Notes vpn_context_name is the name of the system context you want to use for IP ...

Page 269: ...formation refer AAA Interface Administrtion and Reference vrf_name is the name of the VRF which is preconfigured in context configuration mode Static Route Configuration This section provides the optional configuration example for configuring static routes when the route to the server is not learnt from the corporate over OSPFv2 configure context vpn_context_name ip route internal_ip_address mask ...

Page 270: ...at your interfaces are configured properly by entering the following command in Exec Mode show ip interface The output of this command displays the configuration of the all interfaces configured in a context Intf Name foo1 Intf Type Broadcast Description IP State UP Bound to 17 2 untagged ifIndex 285343745 IP Address 1 1 1 1 Subnet Mask 255 255 255 0 Bcast Address 1 1 1 255 MTU 1500 Resoln Type AR...

Page 271: ...on Guide 271 IP Address 20 20 20 1 Subnet Mask 255 255 255 0 Step 2 Verify that GRE keep alive is configured properly by entering the following command in Exec Mode show ip interface gre keepalive The output of this command displays the configuration of the keepalive for GRE interface configured in a context ...

Page 272: ......

Page 273: ...interrupted consistent and seamless user experience during an application session It is also important that a subscriber gets charged only for the resources consumed by the particular IMS application used It is recommended that before using the procedures in this chapter you select the configuration example that best meets your service model and configure the required elements for that model as de...

Page 274: ...s required to perform query in reply to which the servers provision certain policy or rules that are enforced at the AGW for that particular subscriber session The CRF analyzes the IP flow data which in turn has been retrieved from the Session Description Protocol SDP data exchanged during IMS session establishment Important In addition to standard Gx interface functionality the Gx interface imple...

Page 275: ...3 RFC 4006 Diameter Credit Control Application August 2005 In addition to the above RFCs and standards IMS Authorization partially supports 3GPP TS 29 212 for Policy and Charging Control over Gx reference point functionality How it Works This section describes the IMS authorization and dynamic policy support in GPRS UMTS networks The following figure and table explain the IMS authorization process...

Page 276: ...Gateway Administration Guide 276 Figure 25 Rel 6 Gx IMS Authorization Call Flow Table 22 Rel 6 Gx IMS Authorization Call flow Description Step Description 1 IMS subscriber MN sends request for primary PDP context activation creation 2 Session manager allocates IP address to MN ...

Page 277: ...s 13 ECS responds to session manager with the response message for dynamic rule configuration 14 On the basis of response for the PDP context authorization Session Manager sends the response to the MN and activates rejects the call Configuring Rel 6 Gx Interface To configure Rel 6 Gx interface functionality Step 1 Configure the IMS Authorization Service at the context level for an IMS subscriber i...

Page 278: ...ondary host host_name realm realm_name diameter host select reselect subscriber limit subscriber_limit time interval duration diameter host select table 1 2 algorithm ip address modulus msisdn modulus round robin end Notes context_name must be the name of the context where you want to enable IMS Authorization Service imsa_service_name must be the name of the IMS Authorization Service to be configu...

Page 279: ...ng command diameter host select table 1 2 algorithm ip address modulus msisdn modulus round robin Verifying IMS Authorization Service Configuration To verify the IMS Authorization Service configuration Step 1 Change to the context where you enabled IMS Authorization Service by entering the following command context context_name Step 2 Verify the IMS Authorization Service s configurations by enteri...

Page 280: ...horization Service configured for IMS authentication in the context Verifying Subscriber Configuration Verify the IMS Authorization Service configuration for subscriber s by entering the following command show subscribers ims auth service imsa_service_name imsa_service_name must be the name of the IMS Authorization Service configured for IMS authentication ...

Page 281: ...llows operators to perform service based QoS policy and flow based charging control In the PCC architecture this is accomplished mainly by the Policy and Charging Enforcement Function PCEF Cisco Systems GGSN and the Policy and Charging Rules Function PCRF In GPRS UMTS networks the client functionality lies with the GGSN therefore in the IMS authorization scenario it is also called the Gateway In t...

Page 282: ... Architecture Within the Gateway the IMSA and DPCA modules handle the Gx protocol related functions at the SessMgr and the policy enforcement and charging happens at ECS The Gy protocol related functions are handled within the DCCA module at the ECS The following figure shows the interaction between components within the Gateway ...

Page 283: ...the Software Management Operations chapter in the System Administration Guide Supported Standards The Rel 7 Gx interface support is based on the following standards and RFCs 3GPP TS 23 203 V7 6 0 2008 03 3rd Generation Partnership Project Technical Specification Group Services and System Aspects Policy and charging control architecture Release 7 3GPP TS 29 212 V7 8 0 2009 03 3rd Generation Partner...

Page 284: ... IP packets If the gate is closed all packets of the related IP flows are dropped If the gate is opened the packets of the related IP flows are allowed to be forwarded Event Reporting Event reporting is the notification of and reaction to application events to trigger new behavior in the user plane as well as the reporting of events related to the resources in the Gateway PCEF Event triggers may b...

Page 285: ...the individual PCC rules takes place first QoS authorization information may be dynamically provisioned by the PCRF or it can be a predefined PCC rule in the PCEF In case the PCRF provides PCC rules dynamically authorized QoS information for the IP CAN bearer combined QoS may be provided For a predefined PCC rule within the PCEF the authorized QoS information takes affect when the PCC rule is acti...

Page 286: ...icy Enforcement for Authorized QoS per QCI The PCEF can receive an authorized QoS per QCI for non GBR bearer QCI values Other Features Bearer Control Mode Selection The PCEF may indicate via the Gx reference point a request for Bearer Control Mode BCM selection at IP CAN session establishment or IP CAN session modification as a consequence of an SGSN change It will be done using the PCC Rule Reque...

Page 287: ... successfully parsed only if its value corresponds to a later time than the current IPSG time else the AVP and entire message is rejected Charging Control Charging Control is the process of associating packets belonging to a SDF to a charging key and applying online charging and or offline charging as appropriate Flow based charging handles differentiated charging of the bearer usage based on real...

Page 288: ...the SDF filters within the PCC rule Identify the service that the SDF contributes to Provide applicable charging parameters for an SDF Provide policy control for an SDF The PCEF selects a PCC rule for each packet received by evaluating received packets against SDF filters of PCC rules in the order of precedence of the PCC rules When a packet matches a SDF filter the packet matching process for tha...

Page 289: ...e charging parameters define whether online and offline charging interfaces are used what is to be metered in offline charging on what level the PCEF will report the usage related to the rule and so on Important In this release configuring the Metering Method and Reporting Level for dynamic PCC rules is not supported PCC rules also include Application Function AF record information for enabling ch...

Page 290: ...charging rule name length is greater than or equal to 128 characters no charging rule report will be sent In earlier releases the length of the charging rule name constructed by PCRF was limited to 32 bytes Releases prior to 14 0 when PCRF has subscribed to Out of Credit trigger on session connect when one rule validation fails and also when an Out of Credit was received from OCS for another rule ...

Page 291: ...an internal trigger or trigger from the SPR the PCRF informs the PCEF The PCEF acknowledges to the PCRF and instantly removes deactivates all the PCC rules that have been previously installed or activated on that IP CAN session The PCEF applies IP CAN specific procedures to terminate the IP CAN session For GPRS the GGSN send a PDP context deactivation request with the teardown indicator set to ind...

Page 292: ... For session level monitoring the ECS maintains the amount of data usage 5 For PCC rule monitoring usage is monitored with the monitoring key as the unique identifier Each node maintains the usage information per monitoring key When the data traffic is passed the usage is checked against the usage threshold values and reported as described in the Usage Reporting section 6 The PCEF continues to tra...

Page 293: ...figured in PCEF for that predefined rule There can be multiple rules associated with the same monitoring key Hence enabling a particular monitoring key would result in the data being tracked for multiple rules having the same monitoring key After DPCA parses the AVPs IMSA updates the information to ECS Once ECS is updated usage monitoring is started and constantly checked with the usage threshold ...

Page 294: ...ng key the PCEF sends a CCR with the data usage for that monitoring key If the PCEF reports the last PCC rule associated with a usage monitoring key is inactive the PCEF reports the accumulated usage for that monitoring key within the same CCR command if the Charging Rule Report AVP was included in a CCR command otherwise if the Charging Rule Report AVP was included in an RAA command the PCEF send...

Page 295: ...that IP CAN session and and the usage accumulated between the CCR CCA will be discarded For information on how to configure the Volume Reporting over Gx feature see the Configuring Volume Reporting over Gx section How Rel 7 Gx Works This section describes how dynamic policy and charging control for subscribers works with Rel 7 Gx interface support in GPRS UMTS networks The following figure and tab...

Page 296: ...p Description 1 UE IMS subscriber requests for primary PDP context activation creation 2 SessMgr allocates an IP address to the UE 3 SessMgr requests IMS Authorization if IMSA is enabled for the APN 4 IMSA allocates resources for the IP CAN session and the bearer and selects the PCRF to contact based on the user s selection key for example msisdn 5 IMSA requests the DPCA module to issue an auth re...

Page 297: ...le APN UMTS QoS and so on 13 OCS returns a CCA initial message that may activate a statically configured Rulebase and may include preemptive quotas 14 ECS responds to SessMgr with the response message 15 SessMgr requests IMSA for the dynamic rules 16 IMSA sends the dynamic rules to SessMgr Note that in 14 0 and later releases the RAR messages are allowed before the session is established In earlie...

Page 298: ...e Reporting over Gx section Step 6 Save your configuration to flash memory an external memory device and or a network location using the Exec mode command save configuration For additional information on how to verify and save configuration files refer to the System Administration Guide and the Command Line Interface Reference Important Commands used in the configuration examples in this section p...

Page 299: ...igured globally in a system There is also a system limit for the maximum number of total configured services To enable Rel 7 Gx interface support pertinent Diameter dictionary must be configured For information on the specific Diameter dictionary to use contact your Cisco account representative When configuring the MSISDN prefix range based PCRF selection mechanism To enable the Gx interface to co...

Page 300: ...GSN PCEF to use a pre defined rule when the Gx fails set the failure handling cc request type CLI to continue Policies available in use will continue to be used and there will be no further interaction with the PCRF For provisioning of default charging method use the following configurations For this the AVPs Online and Offline will be sent in CCR I message based on the configuration To send Enabl...

Page 301: ...any rules If there is a Gx message that changes the rulebase and also activates some predefined rules the rulebase change is made first and the rules are activated from the new rulebase Also the rulebase applies to the entire call All PDP contexts bearers in one call use the same ECS rulebase For predefined rules configured in the ECS MBR GBR of a dynamic predefined rule is checked before it is us...

Page 302: ... value The event update CLI which enables volume usage report to be sent in event updates is available only in 10 2 and later releases The optional keyword reset usage enables to support delta reporting wherein the usage is reported and reset at PCEF If this option is not configured the behavior is to send the usage information as part of event update but not reset at PCEF Gathering Statistics Thi...

Page 303: ...horization service show ims authorization sessions full Summarized information of sessions active in IMS Authorization service show ims authorization sessions summary Complete statistics for active charging service sessions show active charging sessions full Information for all rule definitions configured in the service show active charging ruledef all Information for all rulebases configured in t...

Page 304: ...ring Statistics Introduction For IMS deployment in CDMA networks the system uses Rel 8 Gx interface for policy based admission control support and flow based charging FBC The Rel 8 Gx interface supports enforcing policy control features like gating bandwidth limiting and so on and also supports FBC This is accomplished via dynamically provisioned Policy Control and Charging PCC rules These PCC rul...

Page 305: ...y and charging architecture Figure 29 HA PDSN Rel 8 Gx PCC Logical Architecture Within the Gateway the IMSA and DPCA modules handle the Gx protocol related functions at the SessMgr and the policy enforcement and charging happens at ECS The Gy protocol related functions are handled within the DCCA module at the ECS The following figure shows the interaction between components within the Gateway ...

Page 306: ...ion Partnership Project Technical Specification Group Services and System Aspects Policy and charging control architecture Release 8 3GPP TS 29 212 V8 6 0 2009 12 3rd Generation Partnership Project Technical Specification Group Core Network and Terminals Policy and Charging Control over Gx reference point Release 8 3GPP TS 29 213 V8 1 1 2008 10 3rd Generation Partnership Project Technical Specific...

Page 307: ...om PCEF to PCRF and provisioning of event triggers happens at IP CAN session level The Event Reporting Function ERF located in the PCEF receives event triggers from PCRF during the Provision of PCC Rules procedure and performs event trigger detection When an event matching the received event trigger occurs the ERF reports the occurred event to the PCRF If the provided event triggers are associated...

Page 308: ...command for the affected PCC rules Within each Charging Rule Report AVP the PCEF identifies the failed PCC rule s by including the Charging Rule Name AVP s or Charging Rule Base Name AVP s identifies the failed reason code by including a Rule Failure Code AVP and includes the PCC Rule Status AVP If the installation activation of one or more new PCC rules that is rules that were not previously succ...

Page 309: ...e HA PDSN Rel 8 Gx implementation provisioning of primary or secondary charging collection function name Offline Charging Server OFCS addresses over Gx is not supported Provisioning of Default Charging Method Charging Correlation In the HA PDSN Rel 8 Gx implementation Charging Correlation is not supported PCRF provides the flow identifier which uniquely identifies an IP flow in an IMS session Poli...

Page 310: ...akes precedence Gate Status The gate status indicates whether the SDF detected by the SDF filter s may pass gate is open or will be discarded gate is closed in uplink and or in downlink direction QoS Parameters The QoS information includes the QoS class identifier authorized QoS class for the SDF and authorized bitrates for uplink and downlink Charging Key rating group Other charging parameters Th...

Page 311: ...LIMITATION as Rule Failure Code is sent This charging rule report is sent only when the length of the rule name is lesser than 128 characters When the charging rule name length is greater than or equal to 128 characters no charging rule report will be sent In earlier releases the length of the charging rule name constructed by PCRF was limited to 32 bytes Releases prior to 14 0 when PCRF has subsc...

Page 312: ...ies IP CAN specific procedures to terminate the IP CAN session The HA PDSN sends a MIP Revocation Request with the teardown indicator set to indicate that the termination of the entire IP CAN session is requested Furthermore the PCEF applies the Indication of IP CAN Session Termination procedure Use of the Supported Features AVP during session establishment to inform the destination host about the...

Page 313: ...er requests for MIP Registration Request 2 SessMgr allocates an IP address to the UE 3 SessMgr requests IMS Authorization if IMSA is enabled for the subscriber IMSA service can either be configured in the subscriber template or can be received from the AAA 4 IMSA allocates resources for the IP CAN session and selects the PCRF to contact based on the user s selection key for example round robin 5 I...

Page 314: ...sion is established In earlier releases until the MIP session is established all RAR messages from the PCRF were rejected Also note that in 14 0 and later releases the RAR message is rejected and RAA is sent with 3002 result code when the recovery of dynamic rule information and audit of Session Manager are in progress Earlier the RAR messages were processed by DPCA even when the recovery audit wa...

Page 315: ...Refer to the Command Line Interface Reference for complete information regarding all commands Configuring IMS Authorization Service at Context Level Use the following example to configure IMSA service at context level for IMS subscribers configure context context_name ims auth service imsa_service_name policy control diameter origin endpoint endpoint_name diameter dictionary dictionary diameter re...

Page 316: ...CRF selections and not at a granular level To configure the PCRF host destinations configured in the PCEF use the diameter host select CLI commands To configure the PCEF to use a pre defined rule when the Gx fails set the failure handling cc request type CLI to continue Policies available in use will continue to be used and there will be no further interaction with the PCRF Verifying the IMSA Serv...

Page 317: ...Subscriber Configuration Verify the IMSA service configuration for subscriber s by entering the following command in the Exec CLI configuration mode show subscribers ims auth service imsa_service_name Notes imsa_service_name must be the name of the IMSA service configured for IMS authentication Gathering Statistics This section explains how to gather Rel 8 Gx statistics and configuration informati...

Page 318: ...ent Function PCEF on the Packet Data Network PDN Gateway P GW The Gx reference point is used for provisioning and removal of PCC rules from the PCRF to the PCEF and the transmission of traffic plane events from the PCEF to the PCRF The Gx reference point can be used for charging control policy control or both by applying AVPs relevant to the application The PCEF is the functional element that enco...

Page 319: ...llowing standard 3GPP TS 29 212 V9 5 0 2010 06 3rd Generation Partnership Project Technical Specification Group Core Network and Terminals Policy and Charging Control over Gx reference point Release 9 Feature Overview The Volume Reporting over Gx feature provides PCRF the capability to make real time decisions based on the data usage by subscribers Important Volume Reporting over Gx is applicable ...

Page 320: ...d level If multiple levels are enabled usage will be reported on all the enabled levels even if only one of the levels is breached Monitoring will be stopped on the missing threshold levels in the response for the usage report from PCRF expected to provide the complete set again if PCRF wants to continue monitoring on the multiple levels enabled earlier Total threshold level along with UL DL thres...

Page 321: ...lume threshold For rule level reporting the rule that hits the data traffic is used to find out if the monitoring key is associated with it and based on the monitoring key the data usage is checked Once the condition is met it reports the usage information to IMSA and continues monitoring IMSA then triggers the CCR U if USAGE_REPORT trigger is enabled by the PCRF The Usage Monitoring Information A...

Page 322: ...se associated rule is the last one that is removed because of bearer termination Revalidation Timeout In the non standard implementation if usage monitoring and reporting is enabled and a revalidation timeout occurs the PCEF sends a CCR to request PCC rules and reports all accumulated usage for all enabled monitoring keys since the last report or since usage reporting was enabled if the usage was ...

Page 323: ...ow that is under policy control the PCEF shall allow the service data flow to pass through the gateway if and only if the corresponding gate is open For a service data flow that is under charging control the PCEF shall allow the service data flow to pass through the gateway if and only if there is a corresponding active PCC rule and for online charging the OCS has authorized the applicable credit ...

Page 324: ...t to zero infinite threshold no further threshold events will be generated by PCEF but monitoring of usage will continue and be reported at the end of the session Important In 12 2 and later releases usage reporting on bearer termination is supported The following steps explain how Volume Reporting over Gx works 1 PCEF after receiving the message from PCRF parses the usage monitoring related AVPs ...

Page 325: ...edefined rules and dynamic rule definitions Usage Monitoring for Static Rules In the case of static rules the usage reporting on last rule removal associated with the monitoring key is not applicable In this case only the usage monitoring information is received from the PCRF Usage Monitoring for Predefined Rules If the usage monitoring needs to be enabled for the predefined rules PCRF sends the r...

Page 326: ...e IP CAN session is terminated the accumulated subscriber usage information is reported to PCRF in the CCR T from PCEF If PCC usage level information is enabled by PCRF the PCC usage will also be reported PCC Rule Removal When the PCRF deactivates the last PCC rule associated with a usage monitoring key the PCEF sends a CCR with the data usage for that monitoring key If the PCEF reports the last P...

Page 327: ...able in the standard implementation This is not supported in 10 0 release for standard based volume reporting Once the usage is reported the usage counter is reset to zero The PCEF continues to track data usage from the zero value after the threshold is reached and before a new threshold is provided by the PCRF If a new usage threshold is not provided by the PCRF in the acknowledgement of an IP CA...

Page 328: ...ing without any more policy enforcement TCP link failure Application Timer Tx expiry Result code based failures In 14 1 and later releases the PCRF is allowed to fall back to Local Policy for all connection level failures result code experimental result code failures Local Policy may choose to allow the subscriber for a configured amount of time During this time any subscriber internal event on th...

Page 329: ...r else call will be with local policy and retry count will be incremented If RAR is received after the timer expiry the call will be continued with the PCRF On expiry of maximum of retries to connect to PCRF call will be disconnected Default Policy on CCR I Failure The following parameters are supported for local configuration on P GW The configuration parameters are configurable per APN and per R...

Page 330: ...onfiguration level configure Local Policy service for subscribers as described in the Configuring Local Policy Service at Global Configuration Level section Step 2 At the global configuration level configure the failure handling template to use the Local Policy service as described in the Configuring Failure Handling Template at Global Configuration Level section Step 3 Within the IMS Authorizatio...

Page 331: ...ted qos exit actiondef action1 action priority 2 allow requested qos exit actiondef allow action priority 1 allow session exit actiondef delete action priority 1 terminate session exit actiondef lp_fall action priority 1 reconnect to server exit actiondef time action priority 1 start timer timer duration 10 exit eventbase default rule priority 1 event fallback ruledef 2G_RULE actiondef time contin...

Page 332: ...e failure handling template template_name msg type any failure type any action continue local fallback end Notes When the TCP link failure Application Timer Tx expiry or Result code based failure happens the associated failure handling will be considered and if the failure handling action is configured as local fallback then call will fall back to local fallback mode Associating Local Policy Servi...

Page 333: ... be send to PCRF Important Time reporting over Gx is applicable only for time quota Important The PCEF only reports the accumulated time usage since the last report for time monitoring and not from the beginning Important If the time usage threshold is set to zero infinite threshold no further threshold events will be generated by PCEF but monitoring of usage will continue and be reported at the e...

Page 334: ...ESSION_LEVEL 0 Usage Monitoring at Flow Level PCRF subscribes to the flow level time reporting over Gx by sending the Usage Monitoring Information AVP with the usage threshold level set in Granted Service Unit AVP and Usage Monitoring Level AVP set to PCC_RULE_LEVEL 1 Monitoring Key is mandatory in case of a flow level monitoring since the rules are associated with the monitoring key and enabling ...

Page 335: ...nd if the Charging Rule Report AVP was included in a CCR command otherwise if the Charging Rule Report AVP was included in an RAA command the PCEF sends a new CCR command to report accumulated usage for the usage monitoring key PCRF Requested Usage Report When PCRF provides the Usage Monitoring Information with the Usage Monitoring Report set to USAGE_MONITORING_REPORT_REQUIRED PCEF sends the time...

Page 336: ...eporting over Gx configuration If a time threshold is received from PCRF then Time monitoring is done and if a volume threshold is received then Volume monitoring will be done The maximum accepted monitoring key value by the PCEF is 4294967295 If the PCEF sends a greater value the value is converted to an Unsigned Integer value The event update CLI enables time usage report to be sent in event upd...

Page 337: ... StarOS 9 0 or later releases for the following products GGSN HA IPSG PDSN P GW It is recommended that before using the procedures in this chapter you select the configuration example that best meets your service model and configure the required elements for that model as described in the administration guide for the product that you are deploying This chapter describes the following topics Introd...

Page 338: ...differentiated rates can be applied to different services based on ECS shallow or deep packet inspection In the simplest possible installation the system will exchange Gy Diameter messages over Diameter TCP links between itself and one prepay server For a more robust installation multiple servers would be used These servers may optionally share or mirror a single quota database so as to support Gy...

Page 339: ...uirements For information on installing and verifying licenses refer to the Managing License Keys section of the Software Management Operations chapter in the System Administration Guide Supported Standards Gy interface support is based on the following standards IETF RFC 4006 Diameter Credit Control Application August 2005 3GPP TS 32 299 V9 6 0 2010 12 3rd Generation Partnership Project Technical...

Page 340: ...g the conclusion of session Decentralized Unit Determination and Decentralized Rating Important Decentralized Rating is not supported in this release Decentralized Unit determination is done using CLI configuration In this scenario the CTF requests the OCS to assure the reservation of an amount of the specified number of monetary units from the subscriber s account An account debit operation that ...

Page 341: ...lance and Low Balance Indication AVPs are not supported The consumed units are deducted from the subscriber s account after service delivery Thus the reserved and consumed units are not necessarily the same Using this operation it is also possible for the CTF to modify the current reservation including the return of previously reserved units Re authorization The server may specify an idle timeout ...

Page 342: ...dog Answer DWA This is the response to the DWR message from the server This is used to monitor the connection state Disconnect Peer Request DPR This message is sent to the peer to inform to shutdown the connection PCEF GW only receives this message There is no capability currently to send the message to the diameter server Disconnect Peer Answer DPA This message is the response to the DPR request ...

Page 343: ... used if the server doesn t send the QCT in the CCA Combinational Quota Discrete Time Period DTP and Continuous Time Period CTP defines mechanisms that extends and generalize the Quota Consumption Time for consuming time quota Both DTP and CTP uses a base time interval that is used to create time envelopes of quota used Instead of consuming the quota linearly DTP and CTP consumes the granted quota...

Page 344: ...e configuration till a CCA Update is received with quota for that category Validity Time of zero is invalid Validity Time is relative and not absolute Volume Quota The server sends the CC Total Octets AVP to provide volume quota to the subscriber DCCA currently supports only CC Total Octets AVP which applies equally to uplink and downlink packets If the total of uplink and downlink packets exceeds...

Page 345: ...cept for QHT and Final the Requested Service Unit AVP is present in the CCR Reporting Reason is present in CCR to let the server know the reason for the reporting of Quota The Reporting Reason AVP can be present either in MSCC level or at Used Service Unit USU level depending on whether the reason applies to all quotas or to single quota When one of these conditions is met a CCR Update is sent to ...

Page 346: ...me quota and units for service specific quota Once the quota has reached its threshold a request for more quotas is triggered toward the server User traffic is still allowed to flow There is no disruption of traffic as the user still has valid quota The Gy sends a CCR Update with a Multiple Services Credit Control AVP containing usage reported in one or more User Service Unit AVPs the Reporting Re...

Page 347: ...l The quota is consumed normally till last packet arrival plus QCT time and is passed till the next packet arrival If the QCT value is changed during intermediate interrogations then the new QCT comes into effect from the time the CCA is received For instance if the QCT is deactivated in the CCA then quota consumptions resume normally even without any packet flow Or if the QCT is activated from de...

Page 348: ...f the MIP session It can be sent during service delivery to request more quotas Credit Control Request Initial CCR I Credit Control Request Update CCR U Credit Control Request Terminate CCR T Credit Control Answer CCA Credit Control Answer Initial CCA I Credit Control Answer Update CCA U If the MSCC AVP is missing in CCA Update it is treated as invalid CCA and the session is terminated Credit Cont...

Page 349: ...minology Cisco ASR 5x00 Packet Data Network Gateway Administration Guide 349 Figure 34 Gy Call Flow for Simple Call Request for GGSN P GW IPSG The following figure depicts the call flow for a simple call request in the HA Gy implementation ...

Page 350: ...ol Session Failover AVP value for the earlier requests If this AVP is present and is coded to FAILOVER_SUPPORTED then the credit control message stream is moved to the secondary server in case it is configured If the AVP value is FAILOVER_NOT SUPPORTED then the call is dropped in case of failures even if a secondary server is configured Redirection In the Final Unit Indication AVP if the Final Act...

Page 351: ...f the Used Service Unit AVP one with Tariff Change Usage set to UNIT_BEFORE_TARIFF_CHANGE and one with Tariff Change Usage set to UNIT_AFTER_TARIFF_CHANGE and this independently of the type of units used by application Both Volume and Time quota are reported in this way The Tariff time change functionality can as well be done using Validity Time AVP where in the Validity Time is set to Tariff Time...

Page 352: ...FH with Failover Supported In case there is a secondary server is configured and if the CC Session Failover AVP is set to FAILOVER_SUPPORTED the following behavior takes place Terminate On any Tx expiry for the CCR I the message is discarded and the session is torn down In case of CCR Updates and Terminates the message is sent to the secondary server after response timeout and the session is proce...

Page 353: ...dless of the interruption delayed answer Note that quota management of other categories is not affected TERMINATE Terminate the MIP session which affects all categories RETRY_AND_TERMINATE Allow the MIP session and user traffic for the relevant category or categories to continue regardless of the interruption delayed answer The client retries to send the CCR when it determines a failure to send co...

Page 354: ...T_APPLICABLE On reception of this code Gy allows the session to establish but without quota management This is supported only at the command level and not at the MSCC level DIAMETER_USER_UNKNOWN On reception of this code DCCA does not allow the credit control session to get established the session is terminated This result code is supported only at the command level and not at the MSCC level For a...

Page 355: ... 461 Service Identifier AVP Code 439 Subscription Id AVP Code 443 Subscription Id Data AVP Code 444 Subscription Id Type AVP Code 450 Tariff Change Usage AVP Code 452 Gy does NOT support UNIT_INDETERMINATE 2 value Tariff Time Change AVP Code 451 Used Service Unit AVP Code 446 Gy sends only incremental counts for all the AVPs from the last CCA U User Equipment Info AVP Code 458 User Equipment Info ...

Page 356: ... optional AVP is present only in CCA Quota Holding Time AVP Code 871 This optional AVP is present only in the CCA command It is contained in the Multiple Services Credit Control AVP It applies equally to the granted time quota and to the granted volume quota Reporting Reason AVP Code 872 Gy currently does not support the POOL_EXHAUSTED 8 value It is used in case of credit pooling which is currentl...

Page 357: ... 292 Redirect Host Usage AVP Code 261 Redirect Max Cache Time AVP Code 262 Rating Group AVP Code 432 Result Code AVP Code 268 Route Record AVP Code 282 Session Id AVP Code 263 Service Context Id AVP Code 461 Service Identifier AVP Code 439 Supported Vendor Id AVP Code 265 Termination Cause AVP Code 295 Used Service Unit AVP Code 446 User Name AVP Code 1 Unsupported AVPs This section lists the AVPs...

Page 358: ...meter AVPs specified in 3GPP TS 32 299 V8 1 0 Acct Application Id AVP Code 259 Error Reporting Host AVP Code 294 Experimental Result AVP Code 297 Experimental Result Code AVP Code 298 Proxy Host Proxy Info Proxy State NOT supported 3GPP specific AVPs specified in 3GPP TS 32 299 V8 1 0 3GPP CAMEL Charging Info AVP Code 24 3GPP MS TimeZone AVP Code 23 3GPP PDSN MCC MNC Authorised QoS Access Network ...

Page 359: ...ddress Cause Code Charged Party Class Identifier Content Class Content Disposition Content Length Content Size Content Type Data Coding Scheme Deferred Location Event Type Delivery Report Requested Destination Interface Domain Name DRM Content Early Media Description Event Event Type Expires File Repair Supported IM Information IMS Charging Identifier ICID IMS Communication Service Identifier IMS ...

Page 360: ... LCS Data Coding Scheme LCS Format Indicator LCS Information LCS Name String LCS Requestor ID LCS Requestor ID String Location Estimate Location Estimate Type Location Type Low Balance Indication MBMS Information MBMS User Service Type Media Initiator Flag Media Initiator Party Message Body Message Class Message ID Message Size Message Type MMBox Storage Requested MM Content Type MMS Information N...

Page 361: ...tion PoC Change Time PoC Controlling Address PoC Group Name PoC Information PoC Server Role PoC Session Id PoC Session Initialtion Type PoC Session Type PoC User Role PoC User Role IDs PoC User Role info Units Positioning Data Priority PS Append Free Format Data AVP Code 867 The PCEF GW ignores this AVP if no PS free format data is stored for the online charging session PS Free Format Data AVP Cod...

Page 362: ... SDP Media Component SDP Media Description SDP Media Name SDP Offer Timestamp SDP Session Description SDP TimeStamp Served Party IP Address Service Generic Information Service ID Service Specific Data Service Specific Info Service Specific Type SIP Method SIP Request Timestamp SIP Response Timestamp SM Discharge Time SM Message Type SM Protocol Id SMSC Address SMS Information SMS Node SM Status SM...

Page 363: ...ased on triggers from Gx when the following conditions are met Session based Gy is not initiated due to the absence of charging actions in rulebase with Credit Control enabled or due to delayed Gy session initiation PLMN and Time Zone Reporting feature is either enabled in the credit control group or through the use of triggers received from Gx If session based Gy initiation fails or the session g...

Page 364: ...timeout Diameter Watchdog request times out to the current RDR causing the TCP connection state to be marked down Diameter command level error codes received in a CCA If the PCEF is unable to successfully verify transmission of a CCR T the PCEF will not assign interim quota because the user has disconnected In 15 0 and later releases the error result codes can be configured using the CLI command s...

Page 365: ... In the event that the OCS services have not been restored the GW re allocates the configured amount of quota and or time to the user The GW reports all accumulated used data back to OCS when OCS is back online If multiple retries and interim allocations occur the GW reports quota used during all allocation intervals This cycle will continue until OCS services have been successfully restored or th...

Page 366: ...aborted once CCA U with 5002 is received from the server Also CCR U is triggered immediately following session restart only if there are any unreported usages pending Important When the server responds with 5002 error result code it does not include any granted service units for the requested rating groups For more information on the commands introduced in support of this feature see the Credit Co...

Page 367: ...location using the Exec mode command save configuration For additional information on how to verify and save configuration files refer to the System Administration Guide and the Command Line Interface Reference Important Commands used in the configuration examples in this section provide base functionality to the extent that the most common or likely commands and or keyword options are presented I...

Page 368: ...ctive charging rulebase rulebase_name credit control group cc_group_name end Notes For information on configuring IP access lists refer to the Access Control Lists chapter in the System Administration Guide For more information on configuring ECS ruledefs refer to the ACS Ruledef Configuration Mode Commands chapter in the Command Line Interface Reference For more information on configuring ECS cha...

Page 369: ...ch TRUE exit charging action charging_action_name content id content_id cca charging credit rating group rating_group exit rulebase rulebase_name action priority action_priority ruledef ruledef_name charging action charging_action_name exit credit control group cc_group_name diameter origin endpoint endpoint_name diameter peer select peer peer realm realm diameter pending timeout timeout diameter ...

Page 370: ...e Reference For more information on configuring ECS charging actions refer to the ACS Charging Action Configuration Mode Commands chapter in the Command Line Interface Reference For more information on configuring ECS rulebases refer to the ACS Rulebase Configuration Mode Commands chapter in the Command Line Interface Reference Configuring PLMN and Time Zone Reporting PLMN and Time Zone Reporting ...

Page 371: ...eference To enable PLMN and Time Zone Reporting through APN template use the following configuration configure context context_name apn apn_name selection mode sent by ms accounting mode none ip access group test in ip access group test out ip context name context_name ip address pool name pool_name credit control client event based charging active charging rulebase rulebase_name exit end Rest of ...

Page 372: ...lt code end Notes This CLI command servers unreachable initial request update request continue terminate after interim volume allows configuring interim volume and interim time in the following ways after interim volume bytes alone followed by server retries after interim time secs alone followed by server retries after interim volume bytes after interim time secs followed by server retries This C...

Page 373: ...mation on all rule definitions configured in the service show active charging ruledef all Information on all charging actions configured in the service show active charging charging action all Information on all rulebases configured in the service show active charging rulebase all Statistics of the Credit Control application DCCA show active charging credit control statistics States of the Credit ...

Page 374: ......

Page 375: ...riber This chapter also describes the configuration and commands that are used to implement this feature It is recommended that you select the configuration example that best meets your service model and configure the required elements for that model as described in respective product Administration Guide before using the procedures in this chapter The following products currently support ICAP int...

Page 376: ...est is detected by the DPI function The URL of the GET POST request is extracted and passed along with subscriber identification information and the subscriber request in an ICAP message to the application server The application server checks the URL on the basis of its category and other classifications like type access level content category and decides if the request should be authorized blocke...

Page 377: ...uplink retransmitted packets for the HTTP flow on which ICAP failure action is taken is sent for ICAP rating The URL present in the current secondary session last uplink request is used for ICAP rating However if there were multiple outstanding ICAP request for the same flow pipelined request then for the retransmitted packet the URL that will be sent for rating will be that of the last GET reques...

Page 378: ...t with an RTSP 302 Moved Temporarily response header is inserted towards the client containing the said URL for redirection A TCP RST packet is inserted towards the server The underlying TCP connection is thus closed If the RTSP client wants to retry to the redirected URL the opening of a new TCP connection must be initiated Discard If the failure action configured is discard then the RTSP request...

Page 379: ...the Configuring ICAP Server and Other Parameters section Step 3 Configure the content filtering mode to external content filtering server group mode in ECS rule base by applying the example configuration in the Configuring ECS Rulebase for ICAP Server Group section Step 4 Optional Configure the charging action to forward HTTP RTSP WAP GET request to external content filtering servers on ICAP inter...

Page 380: ...roup In release 8 0 only one ICAP Server can be configured per Content Filtering Server Group The maximum outstanding request per ICAP connection configured using the optional max max_msgs keyword is limited to one Therefore any other value configured using the max keyword will be ignored Optional To configure the ICAP URL extraction behavior in the Content Filtering Server Group configuration mod...

Page 381: ...charging service acs_svc_name charging action charging_action_name noconfirm content filtering processing server group end Verifying the ICAP Server Group Configuration This section explains how to display and review the configurations after saving them in a cfg file and also to retrieve errors and warnings within an active configuration for a service Important All commands listed here are under E...

Page 382: ...n Retry Timeout 30 secs Dictionary standard Timeout Action terminate flow Deny Message Service Not Subscribed URL extraction after parsing Content Filtering Group Connections NONE Total content filtering groups matching specified criteria 1 Step 2 Verify any configuration error in your configuration by entering the following command in Exec Mode show configuration errors ...

Page 383: ... chapter Important The L2TP Access Concentrator is a licensed Cisco feature A separate feature license may be required Contact your Cisco account representative for detailed information on specific licensing requirements For information on installing and verifying licenses refer to the Managing License Keys section of the Software Management Operations chapter in the System Administration Guide Wh...

Page 384: ...ring Local Subscriber Profiles for L2TP Support Tunneling All Subscribers in a Specific Context Without Using RADIUS Attributes Configuring LAC Services Modifying PDSN Services for L2TP Support GGSN SGSN FA P GW Supported LAC Service Configurations for the GGSN Supported LAC Service Configuration for Mobile IP Configuring Subscriber Profiles for L2TP Support RADIUS and Subscriber Profile Attribute...

Page 385: ...The user profile can be configured locally on the system or remotely on a RADIUS server PDSN Service based compulsory tunneling This method of tunneling is used to encapsulate all incoming PPP traffic from the R P interface coming into a PDSN service and tunnel it to an LNS peer for authentication It should be noted that this method does not consider subscriber configurations since all authenticat...

Page 386: ... which includes attributes indicating that session data is to be tunneled using L2TP and the name and location of the LAC service to use An attribute could also be provided indicating the LNS peer to connect to 4 The PDSN service receives the information and then forwards the packets to the LAC service configured within the Destination context 5 The LAC service upon receiving the packets encapsula...

Page 387: ...erify and save configuration files refer to the System Administration Guide and the Command Line Interface Reference PDSN Service based Compulsory Tunneling This section describes the working of service based compulsory tunneling and its configuration How PDSN Service based Compulsory Tunneling Works PDSN Service based compulsory tunneling enables wireless operators to send all PPP traffic to remo...

Page 388: ... 4 The LAC service initiates an L2TP tunnel to one of the LNS peers listed as part of its configuration 5 Session packets are passed to the LNS over a packet data network for authentication 6 The LNS authenticates the session and returns an Access Accept to the PDSN 7 The PDSN service initiates accounting for the session using a constructed NAI Session data traffic is passed over the L2TP tunnel e...

Page 389: ...ces section of this chapter Step 2 Configure the PDSN service s according to the instructions located in the Modifying PDSN Services for L2TP Support section of this chapter Step 3 Save your configuration to flash memory an external memory device and or a network location using the Exec mode command save configuration For additional information on how to verify and save configuration files refer t...

Page 390: ... or remotely on a RADIUS server LAC service also supports domain based L2TP tunneling with LNS This method is used to create multiple tunnels between LAC and LNS on the basis of values received in Tunnel Client Auth ID or Tunnel Server Auth ID attribute received from AAA Server in Access Accept as a key for tunnel selection and creation When the LAC needs to establish a new L2TP session it first c...

Page 391: ...NS More detailed information is located in the sections that follow Transparent IP PDP Context Processing with L2TP Support The following figure and the text that follows describe how transparent IP PDP contexts are processed when L2TP tunneling is enabled Figure 41 Transparent IP PDP Context Call Processing with L2TP Tunneling 1 A Create PDP Context Request message for a subscriber session is sen...

Page 392: ...S un encapsulates the packets and processes them as needed The processing includes IP address allocation Non transparent IP PDP Context Processing with L2TP Support The following figure and the text that follows describe how non transparent IP PDP contexts are processed when L2TP tunneling is enabled Figure 42 Non transparent IP PDP Context Call Processing with L2TP Tunneling 1 A Create PDP Contex...

Page 393: ...e The message may include attributes indicating that session data is to be tunneled using L2TP and the name and location of the LAC service to use An attribute could also be provided indicating the LNS peer to connect to If these attributes are supplied they take precedence over those specified in the APN template 4 The GGSN returns an affirmative Create PDP Context Response to the SGSN over the G...

Page 394: ...ncapsulates the packets and processes them as needed The processing includes PPP termination authentication using the username password provided by the subscriber and IP address allocation Configuring the GGSN or P GW to Support L2TP This section provides a list of the steps required to configure the GGSN or P GW to support L2TP Each step listed refers to a different section containing the specifi...

Page 395: ...ice parameters and allowed LNS nodes that may be communicated with are controlled by the user profile for the particular subscriber The user profile can be configured locally on the system or remotely on a RADIUS server Each LAC service is bound to a single system interface within the same system context It is recommended that this context be a destination context as displayed in figure below Figu...

Page 396: ...ed within the Destination context 5 The LAC service upon receiving the packets encapsulates the information and forwards it to the appropriate PDN interface for delivery to the LNS 6 The encapsulated packets are sent to the peer LNS through the packet data network where they will be un encapsulated Configuring Attribute based L2TP Support for HA Mobile IP This section provides a list of the steps ...

Page 397: ...inistration Guide 397 Step 3 Save your configuration to flash memory an external memory device and or a network location using the Exec mode command save configuration For additional information on how to verify and save configuration files refer to the System Administration Guide and the Command Line Interface Reference ...

Page 398: ...em or remotely on a RADIUS server The following table describes the attributes used in support of LAC services These attributes are contained in the standard and VSA dictionaries Table 27 Subscriber Attributes for L2TP Support RADIUS Attribute Local Subscriber Attribute Description Variable Tunnel Type tunnel l2tp Specifies the type of tunnel to be used for the subscriber session L2TP Tunnel Serve...

Page 399: ...S nodes the Tunnel Preference attribute is not used in determining which LNS to select Prioritized LNS selection is made based on the priority assigned in the Tunnel Preference attribute Client Endpoint local address Specifies the IP address of a specific LAC service configured on the system that to use to facilitate the subscriber s L2TP session This attribute is used when multiple LAC services a...

Page 400: ...tion Step 3 Save your configuration to flash memory an external memory device and or a network location using the Exec mode command save configuration For additional information on how to verify and save configuration files refer to the System Administration Guide and the Command Line Interface Reference Configuring Local Subscriber Use the following example to configure the Local subscriber with ...

Page 401: ...eturned as part of a RADIUS Access Accept message can be obtained using the locally configured profile for the subscriber named default The subscriber profile for default must be configured in the AAA context i e the context in which AAA functionality is configured As a time saving feature L2TP support can be configured for the subscriber named default with no additional configuration for RADIUS b...

Page 402: ... example configuration in the Configuring LAC Service section Step 2 Optional Configure LNS peer information if the Tunnel Service Endpoint attribute is not configured in the subscriber profile or PDSN compulsory tunneling is supported by applying the example configuration in the Configuring LNS Peer section Step 3 Verify your LAC configuration by following the steps in the Verifying the LAC Servi...

Page 403: ...ctxt_name is the destination context where the LAC service is configured Verifying the LAC Service Configuration These instructions are used to verify the LAC service configuration Step 1 Verify that your LAC service configurations were configured properly by entering the following command in Exec Mode in specific context show lac service name service_name The output given below is a concise listi...

Page 404: ...es Cisco ASR 5x00 Packet Data Network Gateway Administration Guide 404 Keep alive interval 60 Control receive window 16 Max Tunnel Challenge Length 16 Proxy LCP Authentication Enabled Load Balancing Random Service Status Started Newcall Policy None ...

Page 405: ...ormation on commands that configure additional parameters and options refer to the LAC Service Configuration Mode Commands chapter in the Command Line Interface Reference To configure the LAC services on system Step 1 Modify the PDSN service to support L2TP by associating LAC context and defining tunnel type by applying the example configuration in the Modifying PDSN Service section Step 2 Verify ...

Page 406: ...ext_name is typically the destination context where the LAC service is configured Verifying the PDSN Service for L2TP Support These instructions are used to verify the PDSN service configuration Step 1 Verify that your PDSN is configured properly by entering the following command in Exec Mode in specific context show pdsn service name pdsn_service_name The output of this command is a concise listi...

Page 407: ... in the Configuring Outbound Authentication section Step 3 Verify your APN configuration by following the steps in the Verifying the APN Configuration section Step 4 Save your configuration to flash memory an external memory device and or a network location using the Exec mode command save configuration For additional information on how to verify and save configuration files refer to the System Ad...

Page 408: ...ed password pwd username name end Notes dst_ctxt_name is the destination context where APN template is is configured apn_name is the name of the pre configured APN template which you want to modify for the L2TP support Verifying the APN Configuration These instructions are used to verify the APN configuration Step 1 Verify that your APN configurations were configured properly by entering the follo...

Page 409: ...d procedures for configuration of basic services on the system It is recommended that you select the configuration example that best meets your service model and configure the required elements for that model as described in this administration guide before using the procedures in this chapter Important This license is enabled by default however not all features are supported on all platforms and ...

Page 410: ...tion under which a binding is terminated due to local policy duplicate IMSI detected duplicate home address requested etc The FA and the HA negotiate Registration Revocation support when establishing a Mobile IP call Revocation support is indicated to the Mobile Node MN from the FA by setting the X bit in the Agent Advertisement to MN However the MN is not involved in negotiating the Revocation fo...

Page 411: ...h FA Failed Authentication error If the FA receives a RRP with Revocation Support Extension but not protected by FA HA Auth Extension it will be rejected with HA Failed Authentication error Also note that Revocation support extension is included in the initial renewal or handoff RRQ RRP messages The Revocation extension is not included in a Deregistration RRQ from the FA and the HA will ignore the...

Page 412: ...hat the most common or likely commands and or keyword options are presented In many cases other optional commands and or keyword options are available Refer to the Command Line Interface Reference for complete information regarding all commands Configuring FA Services Configure FA services to support MIP Registration Revocation by applying the following example configuration configure context cont...

Page 413: ...on max retransmission number revocation retransmission timeout time end Save your configuration to flash memory an external memory device and or a network location using the Exec mode command save configuration For additional information on how to verify and save configuration files refer to the System Administration Guide and the Command Line Interface Reference ...

Page 414: ......

Page 415: ...ration guide before using the procedures in this chapter When enabled through a feature license key the system supports MPLS to provide a VPN connectivity from the system to the corporate s network Important This release provides BGP MPLS VPN for directly connected PE routers only MP BGP is used to negotiate the routes and segregate the traffic for the VPNs The network node learns the VPN routes f...

Page 416: ...ed to regular IPv4 routes to allow them to be unique within the routing table Route targets added to the BGP extended community attributes identify different VPN address spaces The particular upstream BGP peer routing domain VPN from which a route is to be imported by the downstream peer into an appropriate VRF is identified with an extended community in the advertised NLRI A unique label is also ...

Page 417: ...MPLS CE with PE scenario MPLS CE system maintains VRF routes in various VRFs and exchanges route information with peer over MP eBGP session The peer in this scenario is not a PE router but an Autonomous System Border Router ASBR The ASBR does not need to maintain any VRF configuration The PE routers use IBGP to redistribute labeled VPN IPv4 routes either to an ASBR or to a route reflector of which...

Page 418: ...pport for the following standards and requests for comments RFCs have been added with this interface support RFC 4364 BGP MPLS IP VPNs RFC 3032 MPLS Label Stack Encoding Important One or more sections of above mentioned IETF are partially supported for this feature For more information on Statement of Compliance contact your Cisco account representative ...

Page 419: ...pported Networks and Platforms Cisco ASR 5x00 Packet Data Network Gateway Administration Guide 419 Supported Networks and Platforms This feature supports all ASR5x00 platforms with StarOS Release 9 0 or later running with network function services ...

Page 420: ...ing MPLS is a licensed Cisco feature A separate feature license may be required Contact your Cisco account representative for detailed information on specific licensing requirements For information on installing and verifying licenses refer to the Managing License Keys section of the Software Management Operations chapter in the System Administration Guide ...

Page 421: ...ork Gateway Administration Guide 421 Benefits MPLS provides networks with a more efficient way to manage applications and move information between locations MPLS prioritizes network traffic so administrators can specify which applications should move across the network ahead of others ...

Page 422: ...r and Route target section Step 2 Set the neighbors and address family to exchange routing information and establish BGP peering with a peer router by applying the example configuration in the Set Neighbors and Enable VPNv4 Route Exchange section Step 3 Configure the address family and redistribute the connected routes domains into BGP by applying the example configuration in the Configure Address...

Page 423: ...ith a peer router configure context context_name router bgp as_number neighbor ip_address remote as AS_num address family vpnv4 neighbor ip_address activate neighbor ip_address send community both exit interface bind_intfc_name ip address ip_addr_mask_combo end Configure Address Family and Redistributed Connected Routes Use this example to configure the address family and to redistribute the conne...

Page 424: ...t in Corporate network configure context dest_ctxt_name interface intfc_name loopback ip vrf forwarding vrf_name ip address bind_ip_address subnet_mask exit dhcp service dhcp_svc_name dhcp ip vrf vrf_name bind address bind_ip_address nexthop forwarding address nexthop_ip_address mpls label input in_mpls_label_value output out_mpls_label_value1 out_mpls_label_value2 dhcp server ip_address end Notes...

Page 425: ... address ip_address mpls label input in_mpls_label_value output out_mpls_label_value1 radius server ip_address encrypted key encrypt_string port iport_num end Notes aaa_grp_name is a pre configured AAA server group configured in Context Configuration mode Refer AAA Interface Administration Reference for more information on AAA group configuration Optional keyword nexthop forwarding address ip_addr...

Page 426: ...on and establish BGP peering with a peer router by applying the example configuration in the Set Neighbors and Enable VPNv4 Route Exchange section Step 3 Configure the address family and redistribute the connected routes domains into BGP by applying the example configuration in the Configure Address Family and Redistribute Connected Routes section This takes any routes from another protocol and re...

Page 427: ...rt and improt route targets are the same alternate command route target both as_value ip_address rt_value can be used in place of route target import and route target export commands Set Neighbors and Enable VPNv4 Route Exchange Use this example to set the neighbors and address family to exchange VPNv4 routing information with a peer router configure context context_name mpls bgp forwarding router...

Page 428: ...name router bgp as_number address family ipv4 type vrf vrf_name redistribute connected end Configure IP Pools with MPLS Labels Use this example to configure IP Pools with dynamic MPLS labels configure context context_name noconfirm ip pool name ip_addr_mask_combo private vrf vrf_name end Bind DHCP Service for Corporate Servers Use this example to bind DHCP service with dynamic MPLS labels in Corpo...

Page 429: ...aa group aaa_grp_name radius ip vrf vrf_name radius attribute nas ip address address nas_address radius server ip_address encrypted key encrypt_string port iport_num end Notes aaa_grp_name is a pre configured AAA server group configured in Context Configuration mode Refer AAA Interface Administration Reference for more information on AAA group configuration DSCP and EXP Bit Mapping Use this exampl...

Page 430: ......

Page 431: ... you select the configuration example that best meets your service model before using the procedures in this chapter Proxy Mobile IP provides a mobility solution for subscribers with mobile nodes MNs capable of supporting only Simple IP This chapter includes the following sections Overview How Proxy Mobile IP Works in 3GPP2 Network How Proxy Mobile IP Works in 3GPP Network How Proxy Mobile IP Work...

Page 432: ...e is supported and the relevant sections within the chapter that pertain to that product Table 28 Applicable Products and Relevant Sections Applicable Product s Refer to Sections PDSN Proxy Mobile IP in 3GPP2 Service How Proxy Mobile IP Works in 3GPP2 Network Configuring FA Services Configuring Proxy MIP HA Failover Configuring HA Services Configuring Subscriber Profile RADIUS Attributes RADIUS At...

Page 433: ... is assigned an IP address by either the PDSN FA or the HA Regardless of its source the address is stored in a mobile binding record MBR stored on the HA Therefore as the MN roams through the service provider s network each time a hand off occurs the MN will continue to use the same IP address stored in the MBR on the HA Note that unlike Mobile IP capable MNs that can perform multiple sessions ove...

Page 434: ... subscriber sessions get established between the MN and the ASN GW as they would for a Simple IP session However the ASN GW FA performs Mobile IP operations with an HA identified by information stored in the subscriber s profile on behalf of the MN i e the MN is only responsible for maintaining the Simple IP subscriber session with ASN GW The MN is assigned an IP address by either the ASN GW FA or...

Page 435: ... the MN receives an IP address The following scenarios are described Scenario 1 The AAA server that authenticates the MN at the PDSN allocates an IP address to the MN Note that the PDSN does not allocate an address from its IP pools Scenario 2 The HA assigns an IP address to the MN from one of its locally configured dynamic pools Scenario 1 AAA server and PDSN FA Allocate IP Address The following ...

Page 436: ...igned IP Address Proxy Mobile IP Call Flow Table 29 AAA PDSN Assigned IP Address Proxy Mobile IP Call Flow Description Step Description 1 Mobile Node MN secures a traffic channel over the airlink with the RAN through the BSC PCF 2 The PCF and PDSN FA establish the R P interface for the session 3 The PDSN FA and MN negotiate Link Control Protocol LCP ...

Page 437: ...t messages 11 The HA responds with a Proxy Mobile IP Registration Response after validating the home address against it s pool The HA also creates a mobile binding record MBR for the subscriber session 12 The MN and the PDSN FA negotiate IPCP The result is that the MN is assigned the home address originally specified by the AAA server 13 While the MN and PDSN FA are negotiating IPCP the HA and AAA...

Page 438: ...n Guide 438 Figure 49 HA Assigned IP Address Proxy Mobile IP Call Flow Table 30 HA Assigned IP Address Proxy Mobile IP Call Flow Description Step Description 1 Mobile Node MN secures a traffic channel over the airlink with the RAN through the BSC PCF 2 The PCF and PDSN FA establish the R P interface for the session ...

Page 439: ...FA is communicating with the HA the MN may send additional IPCP Configuration Request messages 11 The HA responds with a Proxy Mobile IP Registration Response The response includes an IP address from one of its locally configured pools to assign to the MN its Home Address The HA also creates a mobile binding record MBR for the subscriber session 12 The MN and the PDSN FA negotiate IPCP The result ...

Page 440: ...nistration Guide 440 How Proxy Mobile IP Works in 3GPP Network This section contains call flows displaying successful Proxy Mobile IP session setup scenarios in 3GPP network The following figure and the text that follows describe a a sample successful Proxy Mobile IP session setup call flow in 3GGP service ...

Page 441: ... 5x00 Packet Data Network Gateway Administration Guide 441 Figure 50 Proxy Mobile IP Call Flow in 3GPP Table 31 Proxy Mobile IP Call Flow in 3GPP Description Step Description 1 The mobile station MS goes through the process of attaching itself to the GPRS UMTS network ...

Page 442: ...y Mobile IP support can also be determined by attributes in the user s profile Attributes in the user s profile supersede APN settings If authentication is required the GGSN attempts to authenticate the subscriber locally against profiles stored in memory or send a RADIUS Access Request message to a AAA server 6 If the GGSN authenticated the subscriber to a AAA server the AAA server responds with ...

Page 443: ... HA 17 The GGSN returns a Delete PDP Context Response message to the SGSN 18 The HA replies to the FA with a Proxy Mobile IP Deregistration Request Response 19 The HA sends an RADIUS Accounting Stop request to the AAA server which the AAA server responds to 20 The SGSN returns a Deactivate PDP Context Accept message to the MS 21 The GGSN delivers the GGSN Charging Detail Records G CDRs to a chargi...

Page 444: ... MN receives an IP address The following scenarios are described Scenario 1 The AAA server that authenticates the MN at the ASN GW allocates an IP address to the MN Note that the ASN GW does not allocate an address from its IP pools Scenario 2 The HA assigns an IP address to the MN from one of its locally configured dynamic pools Scenario 1 AAA server and ASN GW FA Allocate IP Address The followin...

Page 445: ...tion Guide 445 Figure 51 AAA ASN GW Assigned IP Address Proxy Mobile IP Call Flow Table 32 AAA ASN GW Assigned IP Address Proxy Mobile IP Call Flow Description Step Description 1 Mobile Node MN secures a traffic channel over the airlink with the BS 2 The BS and ASN GW FA establish the R6 interface for the session ...

Page 446: ...CP Configuration Request messages 11 The HA responds with a Proxy Mobile IP Registration Response after validating the home address against it s pool The HA also creates a mobile binding record MBR for the subscriber session 12 The MN and the ASN GW FA negotiate IPCP The result is that the MN is assigned the home address originally specified by the AAA server 13 While the MN and ASN GW FA are nego...

Page 447: ... Table 33 HA Assigned IP Address Proxy Mobile IP Call Flow Description Step Description 1 Mobile Node MN secures a traffic channel over the airlink with the BS 2 The BS and ASN GW FA establish the R6 interface for the session 3 The ASN GW FA and MN negotiate Link Control Protocol LCP 4 Upon successful LCP negotiation the MN sends an EAP Authentication Request message to the ASN GW FA ...

Page 448: ...st messages 11 The HA responds with a Proxy Mobile IP Registration Response The response includes an IP address from one of its locally configured pools to assign to the MN its Home Address The HA also creates a mobile binding record MBR for the subscriber session 12 The MN and the ASN GW FA negotiate IPCP The result is that the MN is assigned the home address originally specified by the AAA serve...

Page 449: ...municate with HSS servers After the initial Diameter EAP authentication the MS continues with EAP MD5 GTC authentication After successful device authentication PDIF then uses RADIUS to communicate with AAA servers for the subscriber authentication It is assumed that RADIUS AAA servers do not use EAP methods and hence RADIUS messages do not contain any EAP attributes Assuming a successful RADIUS au...

Page 450: ... MIP Call Setup using CHAP Authentication Table 34 Proxy MIP Call Setup using CHAP Authentication Step Description 1 On connecting to WiFi network MS first send DNS query to get PDIF IP address 2 MS receives PDIF address from DNS 3 MS sets up IKEv2 IPSec tunnel by sending IKE_SA_INIT Request to PDIF MS includes SA KE Ni NAT DETECTION Notify payloads in the IKEv2 exchange ...

Page 451: ...he exchange and sends a new IKE_AUTH Request with EAP payload PDIF receives the new IKE_AUTH Request from MS and sends DER to AAA server This DER message contains the EAP Payload AVP with EAP AKA challenge response and challenge received from MS 9 The AAA server sends the DEA back to the PDIF with Result Code AVP as success The EAP Payload AVP message also contains the EAP result code with success...

Page 452: ... EAP MD5 and legacy Nak was received with GTC the PDIF sends IKE_AUTH Response with EAP GTC 16 PDIF receives Access Accept from RADIUS and sends IKE_AUTH Response with EAP success 17 PDIF receives the final IKE_AUTH Request with AUTH payload 18 PDIF checks the validity of the AUTH payload and initiates Proxy MIP setup request to the Home Agent if proxy mip required is enabled The HA address may be...

Page 453: ...n initiates EAP GTC procedure and requests a password from MS 17 MS includes an authentication password in the EAP payload to PDIF 18 Upon receipt of the password PDIF sends a RADIUS Access Request which includes NAI in the User Name attribute and PAP password 19 Upon successful authentication the AAA server returns a RADIUS Access Accept message which may include Framed IP Address attribute 20 Th...

Page 454: ...server APN template s Proxy Mobile IP can be supported for every subscriber IP PDP context facilitated by a specific APN template based on the configuration of the APN Important These instructions assume that the system was previously configured to support subscriber data sessions as a core network service and or an HA according to the instructions described in the respective product administratio...

Page 455: ...ant Note that FA HA SPIs must be configured for the Proxy MIP feature to work while it is optional for regular MIP Use the authentication mn ha allow noauth command to configure the FA service to allow communications from the HA without authenticating the HA Verify the FA Service Configuration Use the following command to verify the configuration of the FA service show fa service name fa_service_n...

Page 456: ...ular MIP Also note that the above syntax assumes that FA HA SPIs were previously configured as part of the HA service as described in respective product Administration Guide The replay protection and timestamp tolerance keywords should only be configured when supporting Proxy Mobile IP fa ha spi remote address fa_ip_address spi number number encrypted secret enc_secret secret secret description st...

Page 457: ...must be configured in profiles stored on RADIUS AAA servers in order for the subscriber to use Proxy Mobile IP Table 36 Required RADIUS Attributes for Proxy Mobile IP Attribute Description Values SN Subscriber Permission OR SN1 Subscriber Permission Indicates the services allowed to be delivered to the subscriber For Proxy Mobile IP this attribute must be set to Simple IP None 0 Simple IP 0x01 Mob...

Page 458: ...secondary alternate HA used for HA Failover IPv4 Address Configuring Local Subscriber Profiles for Proxy MIP on a PDSN This section provides information and instructions for configuring local subscriber profiles on the system to support Proxy Mobile IP on a PDSN configure context context_name subscriber name subscriber_name permission pdsn simple ip proxy mip allow inter pdsn handoff require ip ad...

Page 459: ...rs and is case sensitive Configuring Default Subscriber Parameters in Home Agent Context It is very important that the subscriber default configured in the same context as the HA service has the name of the destination context configured Use the configuration example below configure context context_name ip context name context_name end Save your configuration to flash memory an external memory dev...

Page 460: ...or numeric characters and is not case sensitive It may also contain dots and or dashes The following prompt appears context_name host_name config apn Step 4 Enable proxy Mobile IP for the APN by entering the following command proxy mip required This command causes proxy Mobile IP to be supported for all IP PDP contexts facilitated by the APN Step 5 Optional GGSN FA MN NAI extension can be skipped ...

Page 461: ...ed name apn_name is the name of the APN The output is a detailed listing of configured APN parameter settings Step 9 Save your configuration to flash memory an external memory device and or a network location using the Exec mode command save configuration For additional information on how to verify and save configuration files refer to the System Administration Guide and the Command Line Interface...

Page 462: ......

Page 463: ...RPD Serving Gateway HSGW Proxy Call Session Control Function P CSCF Packet Data Network Gateway P GW Serving Call Session Control Function S CSCF Serving Gateway S GW It is recommended that before using the procedures in this chapter you select the configuration example that best meets your service model and configure the required elements for that model as described in the administration guide fo...

Page 464: ...e system provides a Diameter Offline Charging Application that can be used by deployed applications to generate charging events based on the Rf protocol The offline charging application uses the base Diameter protocol implementation and allows any application deployed on chassis to act as CTF to a configured CDF In general accounting information from core network elements is required to be gathere...

Page 465: ...ration Guide 465 Figure 55 Charging Architecture The following figure shows the Rf interface between CTF and CDF Figure 56 Logical Offline Charging Architecture The Rf offline charging architecture mainly consists of three network elements CCF CTF and Diameter Dynamic Routing Agent DRA ...

Page 466: ...c is categorized based on a combination of multiple key fields Rating Group Rating Group and Service Identifier Each Service Data Container captures single bi directional flow or a group of single bidirectional flows as defined by Rating Group or Rating Group and Service Identifier Similarly when S GW service is configured as CTF it will generate Usage Data Record UDR information configurable on a...

Page 467: ...Data Network Gateway Administration Guide 467 3GPP TS 32 299 V9 6 0 2010 12 3rd Generation Partnership Project Technical Specification Group Services and System Aspects Telecommunication management Charging management Diameter charging applications Release 9 ...

Page 468: ...anaged through the Diameter Accounting Request ACR message Rf supports the following ACR event types Table 37 Rf ACR Event Types Request Description START Starts an accounting session INTERIM Updates an accounting session STOP Stops an accounting session EVENT Indicates a one time accounting event ACR types START INTERIM and STOP are used for accounting data related to successful sessions In contr...

Page 469: ...g a SIP REFER or any other method SIP Final Response 2xx except SIP 200 OK SIP Final Redirection Response 3xx SIP Final Response 4xx 5xx or 6xx indicating an unsuccessful SIP session set up SIP Final Response 4xx 5xx or 6xx indicating an unsuccessful session unrelated procedure SIP CANCEL indicating abortion of a SIP session set up Event Based Charging In the case of event based charging the netwo...

Page 470: ... response to the CER message Device Watchdog Request DWR After the CER CEA messages are exchanged if there is no more traffic between peers for a while to monitor the health of the connection DWR message is sent from the client The Device Watchdog timer Tw is configurable and can vary from 6 through 30 seconds A very low value will result in duplication of messages The default value is 30 seconds ...

Page 471: ...to use that as a Primary If no DRA and or the CCF is reachable the network element must buffer the generated accounting data in non volatile memory Once the DRA connection is up all accounting messages must be pulled by the CDF through offline file transfer No Reply from CCF In case the CTF DRA does not receive an ACA in response to an ACR it may retransmit the ACR message The waiting time until a...

Page 472: ...t Based Charging Table 40 Rf Call Flow Description for Event Based Charging Step Description 1 The network element CTF receives indication that service has been used delivered 2 The CTF acting as Diameter client sends Accounting Request ACR with Accounting Record Type AVP set to EVENT_RECORD to indicate service specific information to the CDF acting as Diameter server 3 The CDF receives the releva...

Page 473: ...essage with Accounting Record Type set to START_RECORD to the CTF and possibly Acct Interim Interval AVP AII set to non zero value indicating the desired intermediate charging interval 5 When either AII elapses or charging condition changes are recognized at CTF the CTF sends an Accounting Request ACR with Accounting Record Type AVP set to INTERIM_RECORD to the CDF 6 The CDF updates the CDR in que...

Page 474: ...erface Support Configuring P CSCFS CSCF Rf Interface Support Configuring S GW Rf Interface Support 5 Save your configuration to flash memory an external memory device and or a network location using the Exec mode command save configuration For additional information on how to verify and save configuration files refer to the System Administration Guide and the Command Line Interface Reference Impor...

Page 475: ...fer to the ACS Rulebase Configuration Mode Commands chapter in the Command Line Interface Reference Configuring GGSN P GW Rf Interface Support To configure the standard Rf interface support for GGSN P GW use the following configuration configure context context_name apn apn_name associate accounting policy policy_name exit policy accounting policy_name accounting event trigger cgi sai change ecgi ...

Page 476: ...ptions guide the behavior of P GW GGSN S GW HSGW and CCF for Change Condition triggers Data in the ACR messages due to change conditions contain the snapshot of all data that is applicable to the interval of the flow session from the previous ACR message This includes all data that is already sent and has not changed e g SGSN Address All information that is in a PDN session flow up to the point of...

Page 477: ... for Change Condition in ACR Stop and ACR Interim for LTE E HRPD GGSN ACR Message Change Condition Value CCF Response to Change Condition Value CC Level Population Comments Addition of Container Partial FDR Final FDR PS Information Level SDC Level Stop Normal Release YES NO YES Normal Release Normal Release When PDN IP session is closed C C in both level will have Normal Release None as this chang...

Page 478: ...ax Number of Changes in Charging Conditions QoS Change YES NO NO N A QoS Change The container for this change condition will be cached by the P GW GGSN and the container will be in a ACR Interim Stop sent for partial record Interim final Record Stop or AII trigger Interim trigger Interim Volume Limit YES YES NO Volume Limit Volume Limit For PDN IP Session Volume Limit The Volume Limit is configure...

Page 479: ...hange Serving Node PLMN Change None as this change condition is a counter for the Max Number of Changes in Charging Conditions User Location Change YES NO NO N A User Location Change This is BSID Change in eHRPD The container for this change condition will be cached by the P GW GGSN and the container will be in a ACR Interim Stop sent for partial record Interim final Record Stop or AII trigger Int...

Page 480: ...or AII trigger Interim trigger None as this change condition is a counter for the Max Number of Changes in Charging Conditions Service Data Volume Limit YES NO NO N A Service Data Volume Limit Volume Limit reached for a specific flow The container for this change condition will be cached by the P GW GGSN and the container will be in a ACR Interim Stop sent for partial record Interim final Record S...

Page 481: ...nges in charging conditions takes place Max Change Condition is applicable for QoS Change Service Idled Out ULI change Flow Normal Release Flow Abnormal Release Service Data Volume Limit Service Data Time Limit AII Timer ACR Interim and Service Node Change CC only The Max Number of Changes in Charging Conditions is set at 10 Example assuming 1 flow in the PDN Session 1 Max Number of Changes in Cha...

Page 482: ... interface support use the following configuration configure context context_name hsgw service service_name associate accounting policy policy_name exit exit policy accounting policy_name accounting event trigger cgi sai change ecgi change flow information change interim timeout location change rai change tai change action interim stop start accounting keys qci accounting level flow pdn pdn qci qc...

Page 483: ...ly if the event trigger is one of the following the containers will be released VOLUME_LIMIT TIME_LIMIT Table 43 HSGW and CCF Behavior for Change Condition in ACR Stop and ACR Interim for eHRPD ACR Message Change Condition Value CCF Response to Change Condition Value PDN Connection level reporting PDN Session based accounting EPS bearer level reporting PDN Session per QCI accounting Comments Addit...

Page 484: ...hanges in Charging Conditions Normal Release YES NO NO N A Normal Release for the specific bearer that is released N A N A This is applicable for per PDN Session based accounting only This is when a bearer is closed in a PDN Session accounting charging session TDV is populated and the container is added to the record The container for this change condition will be cached by the HSGW and the contai...

Page 485: ...on Level CC on TDV Level None as this change condition is a counter for the Max Number of Changes in Charging Conditions Abnormal Release YES NO NO N A Abormal Release for the specific bearer that is released N A N A This is for FFS This is applicable for per PDN Session based accounting only This is when a bearer is closed abnormally in a PDN Session accounting charging session TDV is populated a...

Page 486: ...ion Level CC on TDV Level None as this change condition is a counter for the Max Number of Changes in Charging Conditions QoS Change YES NO NO N A QoS Change added to TDV for the bearer that the trigger affected ACR sent when MaxCCC is reached if Max CC is provisione d N A QoS Change added to TDV ACR sent when MaxCCC is reached if MaxCC is provisione d The container for this change condition will ...

Page 487: ...omments Addition of Containe r Partia l UDR Fina l UD R C C on PS Information Level C C on TDV Level CC on PS Information Level CC on TDV Level Interim Volume Limit YES YES NO Volume Limit for all bearers Volume Limit for all bearers Volume Limit Volume Limit The Volume Limit is configured as part of the Charging profile and the Charging Characteristi cs AVP will carry this charging profile that w...

Page 488: ...ime Limit is configured as part of the Charging profile and the Charging Characteristi cs AVP will carry this charging profile that will passed on from the HSS AAA to HSGW through various interfaces The charging profile will be provisioned in the HSS None as this change condition is a counter for the Max Number of Changes in Charging Conditions Serving Node Change YES NO NO N A Serving Node Change...

Page 489: ... is a counter for the Max Number of Changes in Charging Conditions User Location Change YES NO NO N A ULI Change added to TDV for all bearers ACR sent when MaxCCC is reached if MaxCC is configured N A ULI Change added to TDV ACR sent when MaxCCC is reached if MaxCC is configured This is BSID Change in eHRPD The container for this change condition will be cached by the HSGW and the container will b...

Page 490: ...ging related so not applicable for Offline charging Interim Max Number of Changes in Charging Conditions YES YES NO Max Number of Changes in Charging TDV correspond s to change condition that occurred Qos Change or ULI change or Normal Bearer Release or Abnormal Bearer Release or Serving Node Change Max Number of Changes in Charging TDV correspond s to change condition that occurred Qos Change or ...

Page 491: ...ng Comments Addition of Containe r Partia l UDR Fina l UD R C C on PS Information Level C C on TDV Level CC on PS Information Level CC on TDV Level 3 Change Condition 2 takes place An ACR Interim is sent Now Max Number of Changes in Charging conditions is populated in the PS Information and the second Change Condition 2 is populated in the Traffic Data Volumes 4 CCF creates the partial record N A ...

Page 492: ... TDV Level Interim YES NO NO N A N A N A N A This is included here to indicate that an ACR Interim due to AII timer will contain one or more populated TDVs for a all bearer s but Change Condition AVP will NOT be populated Configuring P CSCF S CSCF Rf Interface Support To configure P CSCF S CSCF Rf interface support use the following configuration configure context vpn aaa group default diameter au...

Page 493: ... for SIP Methods To enable the charging for all Session Initiation Protocol SIP methods in CSCF use the following configuration configure context vpn cscf service pcscf charging end Important Please note that charging is disabled by default To enable the charging for all SIP methods except REGISTER use the following configuration configure context vpn cscf service pcscf charging exclude register e...

Page 494: ...profile index buckets num interval seconds sdf interval seconds sdf volume downlink octets uplink octets total octets uplink octets downlink octets serving nodes num tariff time1 min hrs time2 min hrs time4 min hrs volume downlink octets uplink octets total octets uplink octets downlink octets max containers containers fill buffer exit end Notes The policy can be configured in any context For info...

Page 495: ...CF Response to Change Condition Value PDN Connection level reporting PDN Session based accounting EPS bearer level reporting PDN Session per QCI accounting Comments Addition of Containe r Partia l UDR Fina l UD R C C on PS Information Level C C on TDV Level CC on PS Informatio n Level CC on TDV Level Stop Normal Release YES NO YE S Normal Release Normal Release for all bearers Normal Release Norma...

Page 496: ...Changes in Charging Conditions Normal Release YES NO NO N A Normal Release for the specific bearer that is released N A N A This is applicable for per PDN Session based accounting only This is when a bearer is closed in a PDN Session accounting charging session TDV is populated and the container is added to the record The container for this change condition will be cached by the S GW and the conta...

Page 497: ...o n Level CC on TDV Level None as this change condition is a counter for the Max Number of Changes in Charging Conditions Abnormal Release YES NO NO N A Abormal Release for the specific bearer that is released N A N A This is for FFS This is applicable for per PDN Session based accounting only This is when a bearer is closed abnormally in a PDN Session accounting charging session TDV is populated ...

Page 498: ...S Information Level C C on TDV Level CC on PS Informatio n Level CC on TDV Level None as this change condition is a counter for the Max Number of Changes in Charging Conditions QoS Change YES NO NO N A QoS Change added to TDV for the bearer that is affected by this trigger N A QoS Change added to TDV The container for this change condition will be cached by the S GW and the container will be in a ...

Page 499: ...Information Level C C on TDV Level CC on PS Informatio n Level CC on TDV Level Interim Volume Limit YES YES NO Volume Limit for all bearers Volume Limit for all bearers Volume Limit for all bearers Volume Limit On a per PDN Session basis for per PDN accounting On a per PDN per QCI basis for the per PDN per QCI accounting T he Volume Limit is configured as part of the Charging profile and the Charg...

Page 500: ...taine r Partia l UDR Fina l UD R C C on PS Information Level C C on TDV Level CC on PS Informatio n Level CC on TDV Level Interim Time Limit YES YES NO Time Limit for all bearers Time Limit for all bearers Time Limit Time Limit The Time Limit is configured as part of the Charging profile and the Charging Characteristic s AVP will carry the charging profile identifier that is passed from HSS to S G...

Page 501: ...n TDV Level Interim Serving Node PLMN Change YES YES NO Serving Node PLMN Change for all bearers Serving Node PLMN Change for all bearers Serving Node PLMN Change for bearer Serving Node PLMN Change for bearer PLMN change noticed at the S GW without S GW relocation eNB MME may change and belong to a new PLMN rural operator or eNB may change with no MME S GW relocation however eNB belongs to new se...

Page 502: ...e YES NO NO N A ULI Change added to TDV for all bearers N A ULI Change added to TDV The container for this change condition will be cached by the S GW and the container will be in a ACR Interim Stop sent for partial record Interim final Record Stop or AII trigger Interim trigger N A RAT Change YES YES NO RAT Change RAT Change YES YES RAT Change is not applicable as S GW will be changed and old S G...

Page 503: ... in Charging Conditions YES YES NO Max Number of Changes in Chargin g TDV corresponds to change condition that occurred Qos Change or ULI change or Normal Bearer Termination Abnormal Bearer Termination Max Number of Changes in Chargin g TDV correspon ds to change condition that occurred Qos Change or ULI Change This ACR Interim is triggered at the instant when the Max Number of changes in charging...

Page 504: ... C C on TDV Level CC on PS Informatio n Level CC on TDV Level 3 Change Condition 2 takes place An ACR Interim is sent Now Max Number of Changes in Charging conditions is populated in the PS Information and the both the TDVs for the Change condition 1 and Change Condition 2 is populated in the 2 TDVs Please note the TDVs need to be in the order that they are created so that the Billing Mediation sy...

Page 505: ...ACR Interim due to AII timer will contain one or more populated TDVs for a all bearer s but Change Condition AVP will NOT be populated Gathering Statistics This section explains how to gather Rf and related statistics and configuration information In the following table the first column lists what statistics to gather and the second column lists the action to perform Statistics Information Action ...

Page 506: ...Dropped 0 Total RT Requests 0 Total RT Answers 0 RTR Rejected 0 Total PP Requests 0 Total PP Answers 0 PPR Rejected 0 Total DE Requests 0 Total DE Answers 0 DEA Accept 0 DEA Reject 0 DER Retries 0 DEA Timeouts 0 DEA Dropped 0 Total AA Requests 0 Total AA Answers 0 AAR Retries 0 AAA Timeouts 0 AAA Dropped 0 ASR 0 ASA 0 RAR 0 RAA 0 STR 0 STA 0 STR Retries 0 Message Error Stats Diameter Protocol Errs...

Page 507: ...Lost Service 0 Idle Timeout 0 NAS Session Timeout 0 Admin Reset 0 Admin Reboot 0 Port Error 0 NAS Error 0 NAS Request 0 NAS Reboot 0 Port Unneeded 0 Port Preempted 0 Port Suspended 0 Service Unavailable 0 Callback 0 User Error 0 Host Request 0 Accounting Servers Summary Message Stats Total AC Requests 0 Total AC Answers 0 ACR Start 0 ACA Start 0 ACR Start Retries 0 ACA Start Timeouts 0 ACR Interim...

Page 508: ...figuring Rf Interface Support Cisco ASR 5x00 Packet Data Network Gateway Administration Guide 508 Diameter Protocol Errs 0 Bad Answers 0 Unknown Session Reqs 0 Bad Requests 0 Request Timeouts 0 Parse Errors 0 Request Retries 0 ...

Page 509: ...ts your service model and configure the required elements for that model as described in the respective product Administration Guide before using the procedures in this chapter Important Traffic Policing and Shaping is a licensed Cisco feature A separate feature license may be required Contact your Cisco account representative for detailed information on specific licensing requirements For informa...

Page 510: ...n be transmitted received for the subscriber during the sampling interval for both committed CBS and peak PBS rate conditions This represents the maximum number of tokens that can be placed in the subscriber s bucket Note that the committed burst size CBS equals the peak burst size PBS for each subscriber The system can be configured to take any of the following actions on packets that are determi...

Page 511: ...are presented In many cases other optional commands and or keyword options are available Refer to the Command Line Interface Reference for complete information regarding all commands Configuring Subscribers for Traffic Policing Important Instructions for configuring RADIUS based subscriber profiles are not provided in this document Please refer to the documentation supplied with your server for fu...

Page 512: ...stration Guide and the Command Line Interface Reference Configuring APN for Traffic Policing in 3GPP Networks This section provides information and instructions for configuring APN template s QoS profile in support of Traffic Policing The profile information is sent to the SGSN s in response to GTP Create Update PDP Context Request messages If the QoS profile requested by the SGSN is lower than th...

Page 513: ...llowing The uplink and downlink guaranteed data rates are set to 0 If the received uplink or downlink data rates are 0 and traffic policing is disabled the default of 64 kbps is used When enabled the APN configured values are used If the configured value for downlink max data rate is larger than can fit in an R4 QoS profile the default of 64 kbps is used If either the received uplink or downlink m...

Page 514: ...rd options are available Refer to the Command Line Interface Reference for complete information regarding all commands Important Traffic Shaping is not supported on the GGSN P GW or SAEGW Configuring Subscribers for Traffic Shaping This section provides information and instructions for configuring local subscriber profiles on the system to support Traffic Shaping Important Instructions for configu...

Page 515: ... configuration files refer to the System Administration Guide and the Command Line Interface Reference Configuring APN for Traffic Shaping in 3GPP Networks This section provides information and instructions for configuring APN template s QoS profile in support of Traffic Shaping The profile information is sent to the SGSN s in response to GTP Create Update PDP Context Request messages If the QoS p...

Page 516: ...tions associated with qos rate limit direction downlink uplink command For more information on commands refer Command Line Interface Reference If the exceed violate action is set to lower ip precedence this command may override the configuration of the ip qos dscp command in the GGSN service configuration mode for packets from the GGSN to the SGSN In addition the GGSN service ip qos dscp command c...

Page 517: ...kground class The received values are used for responses when traffic policing is disabled Step 3 Verify that your APNs were configured properly by entering the following command show apn all name apn_name The output is a concise listing of configured APN parameter settings Step 4 Save your configuration to flash memory an external memory device and or a network location using the Exec mode comman...

Page 518: ... Rate or SN1 Tp Dnlk Committed Data Rate Specifies the downlink committed data rate in bps SN Tp Dnlk Peak Data Rate or SN1 Tp Dnlk Committed Data Rate Specifies the downlink peak data rate in bps SN Tp Dnlk Burst Size or SN1 Tp Dnlk Burst Size Specifies the downlink burst size in bytes NOTE It is recommended that this parameter be configured to at least the greater of the following two values 1 3...

Page 519: ...accumulation within the bucket for the configured peak data rate SN Tp Uplk Exceed Action or SN1 Tp Uplk Exceed Action Specifies the uplink exceed action to perform SN Tp Uplk Violate Action or SN1 Tp Uplk Violate Action Specifies the uplink violate action to perform Traffic Policing for UMTS Subscribers The RADIUS attributes listed in the following table are used to configure Traffic Policing for...

Page 520: ...Class or SN1 QoS Interactive3 Class Specifies the QOS Interactive3 Traffic Class SN QoS Background Class or SN1 QoS Background Class Specifies the QOS Background Traffic Class SN QoS Traffic Policy or SN1 QoS Traffic Policy This compound attribute simplifies sending QoS values for Traffic Class the above attributes Direction Burst Size Committed Data Rate Peak Data Rate Exceed Action and Violate A...

Page 521: ...contains sample configuration files for the P GW The following configurations are supported Standalone eGTP PDN Gateway Standalone PMIPv6 PDN Gateway Supporting an eHRPD Network In each configuration example commented lines are labeled with the number symbol and variables are identified using italics within brackets variable ...

Page 522: ...role Send P GW licenses configure flash flashconfig pgw_license_name cfg end Set system to not require confirmation when creating new contexts and or services Config file must end with no autoconfirm to return the CLI to its default setting configure autoconfirm Configure ASR 5000 cards Activate the PSCs card slot_number mode active psc exit card slot_number mode active psc exit Repeat for the num...

Page 523: ...ess address mask exit server ftpd exit ssh key key length bytes server sshd subsystem sftp exit server telnetd exit subscriber default exit administrator name encrypted password password ftp aaa group default exit administrator name encrypted password password ftp ip route ip_addr ip_mask next_hop_addr lcl_cntxt_intrfc_name exit port ethernet slot port no shutdown bind interface lcl_cntxt_intrfc_n...

Page 524: ...stem location string P GW context configuration gtpp single source context pgw_context_name interface s5s8_interface_name ip address ipv4_address note alternative IPv6 address ipv6 address address exit gtpp group default gtpp charging agent address gx_ipv4_address gtpp echo interval seconds gtpp attribute diagnostics gtpp attribute local record sequence number gtpp attribute node id suffix string ...

Page 525: ...ting mode radius diameter associate accounting policy rf_policy_name ims auth service gx_ims_service_name aaa group rf radius_group_name dns primary ipv4_address dns secondary ipv4_address ip access group name in ip access group name out mediation device context name pgw_context_name ip context name pdn_context_name ipv6 access group name in ipv6 access group name out active charging rulebase name...

Page 526: ...er accounting dictionary name diameter authentication endpoint s6b_cfg_name diameter accounting endpoint rf_cfg_name diameter authentication server s6b_cfg_name priority num diameter accounting server rf_cfg_name priority num exit egtp service egtp_service_name noconfirm interface type interface pgw ingress validation mode default associate gtpu service gtpu_service_name gtpc bind address s5s8_int...

Page 527: ...ber no shutdown bind interface s5s8_interface_name pgw_context_name exit PDN context configuration context pdn_context_name noconfirm interface pdn_sgi_ipv4_interface_name ip address ipv4_address exit interface pdn_sgi_ipv6_interface_name ipv6 address address exit ip pool name range start_address end_address public priority ipv6 pool name range start_address end_address public priority subscriber ...

Page 528: ...e pdn_ipv4_interface_name pdn_context_name exit port ethernet slot_number port_number no shutdown bind interface pdn_ipv6_interface_name pdn_context_name exit Enabling active charging require active charging optimized mode active charging service name ruledef name rule_definition rule_definition exit ruledef default ip any match TRUE exit ruledef icmp pkts icmp any match TRUE exit ruledef qci3 icm...

Page 529: ...action exit charging action icmp billing action egcdr exit charging action qci3 content id id billing action egcdr qos class identifier id allocation retention priority priority tft packet filter qci3 exit charging action static service identifier id billing action egcdr qos class identifier id allocation retention priority priority tft packet filter qci3 exit rulebase default exit rulebase name ...

Page 530: ...g action qci3 action priority 100 ruledef static charging action static action priority 500 ruledef default charging action icmp action priority 570 ruledef icmp pkts charging action icmp egcdr threshold interval interval egcdr threshold volume total bytes exit exit AAA and policy context aaa_context_name noconfirm interface gx_interface_name ipv6 address address note alternative IPv4 address ip a...

Page 531: ...able algorithm round robin p cscf table row precedence ipv6 address pcrf_ipv6_adr note alternative IPv4 address p cscf table row precedence ip address pcrf_ipv4_adr policy control diameter origin endpoint gx_cfg_name diameter dictionary name diameter host select table algorithm round robin diameter host select row precedence table host gx_cfg_name exit exit diameter endpoint gx_cfg_name origin rea...

Page 532: ...address aaa_context_ip_address peer rf_cfg_name realm name address ofcs_ip_addr route entry peer rf_cfg_name exit exit port ethernet slot_number port_number no shutdown bind interface gx_interface_name aaa_context_name exit port ethernet slot_number port_number no shutdown bind interface gy_interface_name aaa_context_name exit port ethernet slot_number port_number no shutdown bind interface gz_int...

Page 533: ... Standalone eGTP PDN Gateway Cisco ASR 5x00 Packet Data Network Gateway Administration Guide 533 qci qos mapping name qci 1 user datagram dscp marking hex qci 3 user datagram dscp marking hex qci 9 user datagram dscp marking hex end ...

Page 534: ...n the SAEGW Configuration file for an ASR 5000 in a PMIPv6 P GW role supporting an eHRPD network Send P GW licenses configure flash flashconfig pgw_license_name cfg end Set system to not require confirmation when creating new contexts and or services Config file must end with no autoconfirm to return the CLI to its default setting configure autoconfirm Configure ASR 5000 cards Activate the PSCs ca...

Page 535: ...t config context local interface name ip address address mask exit server ftpd exit ssh key key length bytes server sshd subsystem sftp exit server telnetd exit subscriber default exit administrator name encrypted password password ftp aaa group default exit administrator name encrypted password password ftp ip route ip_addr ip_mask next_hop_addr lcl_cntxt_intrfc_name exit port ethernet slot port ...

Page 536: ...rtbeat interval minutes snmp community string read write snmp target name ip_address system contact string system location string P GW context configuration context pgw_context_name interface s2a_interface_name ipv6 address ipv6_address tunnel mode ipv6ip source interface name destination address ipv4_or_ipv6_address exit exit exit policy accounting rf_policy_name noconfirm accounting level level_...

Page 537: ... ip context name pdn_context_name ipv6 access group name in ipv6 access group name out active charging rulebase name exit aaa group rf radius_group_name radius attribute nas identifier id radius accounting interim interval seconds radius dictionary name radius mediation device accounting server address key key diameter authentication dictionary name diameter accounting dictionary name diameter aut...

Page 538: ...ter accounting server rf_cfg_name priority num exit lma service lma_service_name noconfirm no aaa accounting revocation enable bind address s2a_interface_ipv6_address exit pgw service pgw_service_name associate lma service lma_service_name associate qci qos mapping name authorize external plmn id mcc id mnc id exit ipv6 route ipv6_addr prefix next hop sgw_addr interface pgw_sgw_intrfc_name exit po...

Page 539: ...tart_address end_address public priority subscriber default exit ip access list name redirect css service name any permit any exit ipv6 access list name redirect css service name any permit any exit aaa group default exit exit port ethernet slot_number port_number no shutdown bind interface pdn_ipv4_interface_name pdn_context_name exit port ethernet slot_number port_number no shutdown bind interfa...

Page 540: ...Packet Data Network Gateway Administration Guide 540 active charging service name ruledef name rule_definition rule_definition exit ruledef name rule_definition rule_definition exit charging action name action action exit charging action name action action exit rulebase default exit rulebase name rule_base ...

Page 541: ...interface_name ipv6 address address note alternative IPv4 address ip address ipv4_address exit interface gy_interface_name ipv6 address address note alternative IPv4 address ip address ipv4_address exit interface s6b_interface_name ip address ipv4_address note alternative IPv6 address ipv6 address address exit interface rf_interface_name ip address ipv4_address note alternative IPv6 address ipv6 a...

Page 542: ... host select table algorithm round robin diameter host select row precedence table host gx_cfg_name exit exit diameter endpoint gx_cfg_name origin realm realm_name origin host name address aaa_context_ip_address peer gx_cfg_name realm name address pcrf_ip_addr route entry peer gx_cfg_name exit diameter endpoint gy_cfg_name origin realm realm_name origin host name address aaa_context_ip_address pee...

Page 543: ...hernet slot_number port_number no shutdown bind interface gx_interface_name aaa_context_name exit port ethernet slot_number port_number no shutdown bind interface gy_interface_name aaa_context_name exit port ethernet slot_number port_number no shutdown bind interface s6b_interface_name aaa_context_name exit port ethernet slot_number port_number no shutdown bind interface rf_interface_name aaa_cont...

Page 544: ...P GW Sample Configuration Files Standalone PMIPv6 PDN Gateway Supporting an eHRPD Network Cisco ASR 5x00 Packet Data Network Gateway Administration Guide 544 end ...

Page 545: ...guidelines that must be considered prior to configuring the ASR 5x00 for your network deployment General and network specific rules are located in the appendix of the System Administration and Configuration Guide for the specific network type The following rules are covered in this appendix Interface and Port Rules P GW Context and Service Rules P GW Subscriber Rules ...

Page 546: ...ply to the S2a interface from the LMA service to the MAG service residing on the HSGW An S2a interface is created once the IP address of a logical interface is bound to an LMA service The logical interface s that will be used to facilitate the S2a interface s must be configured within an ingress context LMA services must be configured within an ingress context Depending on the services offered to ...

Page 547: ...erefore it is recommended that a large number of services only be configured if your application absolutely requires it Please contact your local service representative for more information The system supports unlimited peer HSGWs or S GWs addresses per P GW The system maintains statistics for a maximum of 8192 peer HSGWs or S GWs per P GW service If more than 8192 HSGWs or S GWs are attached olde...

Page 548: ...es Cisco ASR 5x00 Packet Data Network Gateway Administration Guide 548 P GW Subscriber Rules The following engineering rule applies to subscribers configured within the system Default subscriber templates may be configured on a per P GW service ...