GGSN Service Configuration Procedures


GGSN Service Configuration Procedures
 
This chapter is meant to be used in conjunction with the previous chapter that describes the information needed to configure the system to support GGSN functionality for use in GPRS/UMTS networks.
It is recommended that you identify the options from the previous chapters that are required for your specific deployment. You can then use the procedures in this chapter to configure those options.
Procedures are provided for the following tasks:
 
Important: At least one Packet Accelerator Card (PAC) or Packet Services Card (PSC) must be made active prior to service configuration. Information and instructions for configuring PACs/PSCs to be active can be found in the Configuring System Settings chapter of the System Administration Guide.
Caution: While configuring any base-service or enhanced feature, it is highly recommended to take care of conflicting or blocked IP addresses and port numbers for binding or assigning. In association with some service steering or access control features, like Access Control List configuration, use of inappropriate port number may result in communication loss. Refer respective feature configuration document carefully before assigning any port number or IP address for communication with internal or external network.
 
GGSN Service Configuration
GGSN services are configured within contexts and allow the system to function as a GGSN in the either a GPRS or UMTS wireless data network.
Important: This section provides the minimum instruction set for configuring a GGSN service that allows the system to process PDP contexts. Commands that configure additional GGSN service properties are provided in the GGSN Service Configuration Mode Commands chapter of Command Line Interface Reference.
These instructions assume that you have already configured the system level configuration as described in System Administration Guide.
To configure the system to work as GGSN service:
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Save your configuration as described in the Verifying and Saving Your Configuration chapter.
GGSN Service Creation and Binding
Use the following example to create the GGSN service and bind it to an IP address:
configure
     context <vpn_ctxt_name> -noconfirm
       ggsn-service <ggsn_svc_name>
         end
Notes:
Accounting Context and Charging Characteristics Configuration
Use the following example to configure a GTPP accounting context and charging characteristics parameters for GGSN service.
configure
     context <vpn_ctxt_name>
       ggsn-service <ggsn_svc_name>
         accounting context <aaa_ctxt_name>
         cc profile <cc_prof_index>
         end
Notes:
Charging characteristics behavior and profile index can be configured for multiple CC profile indexes. For more options and keywords like buckets, interval, , sgsns, tariff, volume etc., refer cc profile section in Command Line Interface Reference.
This command works in conjunction with the cc-sgsn command located in the APN configuration mode that dictates which CCs should be used for subscriber PDP contexts. Refer to the APN Configuration section in this chapter.
SGSN and PLMN Policy Configuration
Use the following example to configure the SGSN and PLMN related policy and session setup timeout for the GGSN service:
configure
     context <vpn_ctxt_name>
       ggsn-service <ggsn_svc_name>
         plmn id mcc <mcc_number> mnc <mnc_number> [primary]
         sgsn address <ip_address> / <subnet_mask>
         plmn unlisted-sgsn {foreign | home | reject]
         setup-timeout <dur_sec>
         end
Notes:
Important: The GGSN only communicates with the SGSNs configured using this command unless a PLMN policy is enabled to allow communication with unconfigured SGSNs. PLMN policies are configured using the plmn unlisted-sgsn command.
Network-requested PDP Context Support Configuration
Use the following example to configure the GGSN to support the network-requested PDP context:
configure
     context <vpn_ctxt_name>
       network-requested-pdp-context activate <ip_address> dst-context <dst_ctxt_name> imsi <imsi> apn <apn_name>
       network-requested-pdp-context gsn-map <ip_address>
       end
Notes:
 
GGSN Configuration Verification
Step 1
 
show ggsn-service name <ggsn_svc_name>}
The output of this command given below is a concise listing of GGSN service parameter settings as shown in the sample output displayed. In this example, a GGSN service called ggsn1 was configured and you can observe some parameters configured as default.
 
Service name:                ggsn1
Context:                      ggsn1
Accounting Context Name: ggsn1
Bind:                    Done
Local IP Address:        192.168.70.1         Local IP Port: 2123
Self PLMN Id.:           MCC:  450, MNC:   06
Retransmission Timeout:  20 (secs)
Max Retransmissions:     4
Restart Counter:         16
Echo Interval:           60 (secs)
GTPU Echo Interval:      60 (secs)
GTPU Sequence Numbers:   Disabled
GTPU re-order:           Disabled
GTP re-order timeout:    100 (milliseconds)
Guard Interval:          100 (secs)
Setup Timeout:           60 (secs)
PLMN Policy:             Reject unlisted SGSN
Max IP sessions:         1000000
Max PPP sessions:        500000
Max sessions:           1000000
Service Status:         Started
Newcall Policy:         None
Session license limit:  OK
3GPP Qos to DSCP Mapping (for G-PDUs):
GTPC messages:          be
Conversational:         ef
    Streaming:               af11
    Interactive (TP 1):      ef
    Interactive (TP 2):      af21
    Interactive (TP 3):      af21
    Background:              be
Charging Characteristics(CC) Profiles:
    Profile 0:
     Buckets: 4                         SGSN changes: 4
    Profile 1:
     Buckets: 4                         SGSN changes: 4
SGSN Configuration List:
    sgsn address 2.2.2.2/32 mcc 111 mnc 999 description aaa-ggsn
Step 2
 
show configuration errors section ggsn-service verbose
 
GTPP Accounting Support Configuration
This section provides instructions for configuring GTPP-based accounting for subscriber PDP contexts. GTPP-based accounting for a subscriber can be configured by CGF server configuration in a GTPP group. Additionally individual CGF server can be configured with this example.
Important: To configure RADIUS and Diameter AAA functionality, refer AAA Interface Administration and Reference.
When the GTPP protocol is used, accounting messages are sent to the charging gateways (CGs) over the Ga interface. The Ga interface and GTPP functionality are typically configured within the system’s source context. CDRs are generated according to the interim triggers configured using the charging characteristics configured for the GGSN, and a CDR is generated when the session ends.
GTPP version 2 is used by default. However, if version 2 is not supported by the CGF, the system reverts to using GTPP version 1. All subsequent CDRs are always fully-qualified partial CDRs. For CDR encoding different dictionaries are supported. For more information on GTPP dictionaries, refer AAA Interface Administration and Reference.
Whether or not the GGSN accepts charging characteristics from the SGSN can be configured on a per-APN basis based on whether the subscriber is visiting, roaming or, home.
By default, the GGSN always accepts the charging characteristics from the SGSN. However it accepts charging characteristics from RADIUS too, they must always be provided by the SGSN for GTPPv1 requests for primary and secondary PDP contexts.
If the system is configured to reject the charging characteristics from the SGSN, the GGSN can be configured with its own that can be applied based on the subscriber type (visiting, roaming, or home) at the APN level (refer to the APN Configuration section of this chapter for more information). GGSN charging characteristics consist of a profile index and behavior settings (refer to the GGSN Service Configuration section of this chapter for more information). The profile indexes specify the criteria for closing accounting records based specific criteria (refer to the GGSN Service Configuration section of this chapter for more information).
Important: This section provides the minimum instruction set for configuring a GTPP accounting support in a GGSN service. Commands that configure additional GTPP accounting properties are provided in the Command Line Interface Reference.
These instructions assume that you have already configured the system level configuration as described in System Administration Guide and GGSN service as described in GGSN Service Configuration section of this chapter.
To configure the GTPP accounting support for a GGSN service:
Step 1
Step 2
Step 3
Step 4
Save your configuration as described in the Verifying and Saving Your Configuration chapter.
GTPP Group Creation
Use the following example to create the GTPP group to support GTPP accounting:
configure
     context <vpn_ctxt_name>
       gtpp group <gtpp_group_name> -noconfirm
       end
Notes:
 
GTPP Group Configuration
Use the following example to configure the GTPP server parameters, GTPP dictionary, and optionally CGF to support GTPP accounting:
 
configure
     context <vpn_ctxt_name>
       gtpp group <gtpp_group_name>
         gtpp charging-agent address <ip_address> [port <port>]
         gtpp server <ip_address> [max <msgs >] [priority <priority>]
         gtpp dictionary <dictionaries>
         gtpp max-cdrs <number_cdrs> [wait-time <dur_sec>]
         gtpp transport-layer {tcp | udp}
         end
Notes:
Command for CGF gtpp charging-agent is optional and configuring gtpp charging-agent on port 3386 may interfere with ggsn-service configured with the same ip address. Multiple interfaces can be configured within a single context if needed.
 
GTPP Group Configuration Verification
Step 1
 
show gtpp accounting servers
This command produces an output similar to that displayed below:
 
context: source
Preference IP               Port   Priority   State         Group
---------- --------------- ----- -------- ---------------- ----------
Primary   192.168.32.135    3386    1          Active        default
Primary   192.168.89.9      3386    100        Active        default
Step 2
 
show configuration errors section ggsn-service verbose
 
APN Configuration
This section provides instructions for configuring the APN templates that are used to determine how PDP contexts should be processed. APNs are configured in system authentication contexts.
Important: This section provides the minimum instruction set for configuring APNs in a GGSN service. Commands that configure additional APN properties are provided in APN Configuration Mode Commands chapter of Command Line Interface Reference.
These instructions assume that you have already configured the system level configuration as described in System Administration Guide and GGSN service as described in the GGSN Service Configuration section of this guide.
To configure the APN properties for a GGSN service:
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Save your configuration as described in the Verifying and Saving Your Configuration chapter.
APN Creation and Configuration
Use the following example to create and configure the APNs:
configure
     context <vpn_ctxt_name>
       apn <apn_name> -noconfirm
         max-contexts primary <number> total <total_number>
         pdp-type {ipv4 [ipv6] | ipv6 [ipv4] | ppp}
         selection-mode {sent-by-ms | chosen-by-sgsn | subscribed}
         ip context-name <dst_ctxt_name>
         end
Notes:
 
Authentication, Accounting, and GTPP Group Configuration in APN
This section describes the procedure to configure the authentication and accounting parameters for an APN. It also specify the procedure to attach a GTPP group with an APN.
Step 1
Step 2
Authentication and Accounting Configuration in APN
Use the following example to configure the accounting mode and authentication parameter for APN:
configure
     context <dst_ctxt_name>
       apn <apn_name>
         accounting-mode {none | gtpp | radius [no-interims] [no-early-pdus]}
         default authentication
         end
Notes:
The authentication process varies depending on whether the PDP context is of type IP or PPP. The authentication command provides msid-auth, msi-auth, msisdn-auth, allow-noauth, chap, mschap, and pap options. For more information on type of authentication, refer authentication section in APN Configuration Mode Commands chapter of Command Line Interface Reference.
GTPP Group Association to APN
After configuring GTPP group at context-level, an APN within the same context can be configured to use the user defined GTPP group.
Refer section GTPP Accounting Support Configuration for GTPP group configuration.
configure
     context <vpn_ctxt_name>
       apn <apn_name>
         gtpp group <gtpp_group_name> [accounting-context <aaa_ctxt_name>]
         end
Notes:
IP Address Allocation Method Configuration in APN
Use the following example to configure the IP address allocation method for APN:
Important: Additional charging characteristics parameters are configurable as part of the GGSN service. Refer to the GGSN Service Configuration section of this chapter for more information.
configure
     context <dst_ctxt_name>
       apn <apn_name>
         ip address allocation-method {dhcp-proxy | dhcp-relay | local | no-dynamic} [allow-user-specified]
         end
Notes:
The process used by the system to determine how the address should be allocated. For detail information on IP address allocation, refer Usage section of ip address allocation-method command in APN Configuration Mode Commands chapter of Command Line Interface Reference.
If DHCP-Proxy and DHCP-Relay method is selected for IP address allocation, a DHCP service must be configured on the system as described in DHCP Service Configuration section and specified the name of DHCP Service by entering the dhcp service-name command as described in APN Configuration Mode Commands chapter of Command Line Interface Reference.
If local pool is selected for IP address allocation, a local pool must be configured on the system as described in IP Address Pool Configuration on the System section and specified the name of a private IP address pool by entering the ip address pool command as described in APN Configuration Mode Commands chapter of Command Line Interface Reference.
Charging Characteristics Parameter Configuration in APN
Use the following example to configure the charging characteristics parameter for APN:
Important: Additional charging characteristics parameters are configurable as part of the GGSN service. Refer to the GGSN Service Configuration section of this chapter for more information.
configure
     context <dst_ctxt_name>
       apn <apn_name>
         cc-sgsn {home-subscriber-use-GGSN | roaming-subscriber-use-GGSN | visiting-subscriber-use-GGSN}+
         cc-home behavior <bit> profile <index>
         cc-roaming behavior <bit> profile <index>
         cc-visiting behavior <bit> profile <index>
       end
Notes:
Example
If behavior bits 5 (0000 0001 0000) and 11 (0100 0000 0000) are both being assigned to profile index 5 for a home subscriber, the appropriate command is cc-home behavior 410 profile 5.
Virtual APN Configuration
Virtual APNs are references (or links) to alternative APNs to be used for PDP context processing based on properties of the context. Use the following example to configure the virtual APNs.
configure
     context <dst_ctxt_name>
       apn <apn_name>
         virtual-apn preference <priority > apn <apn_name> {domain <domain_name > | mcc <mcc_number> mnc <mnc_number> | roaming-mode {home | visiting | roaming}
         end
Notes:
Other Optional Parameter Configuration in APN
Use the following example to configure various optional parameter for APN:
configure
     context <dst_ctxt_name>
       apn <apn_name>
         dns {primary | secondary} {<dns_ip_address>}
         mobile-ip required
         mobile-ip home-agent <ha_ip_address>
         ip source-violation {ignore | check [drop-limit <limit>]} [exclude-from-accounting]
         restriction-value <value>
         timeout {absolute | idle | qos-renegotiate} <timeout_dur>
         timeout long-duration <ldt_dur> [inactivity-time <inact_dur>]
         long-duration-action detection
         long-duration-action disconnection [suppress-notification] [dormant-only] +
         end
Notes:
 
APN Configuration Verification
Step 1
 
show apn all
This command produces an output similar to that displayed below is an excerpt from a sample output. In this example, an APN called apn1 was configured.
 
access point name (APN):   apn1
authentication context:     test
pdp type:  ipv4
Selection Mode:  subscribed
ip source violation:  Checked             drop limit:  10
accounting mode: gtpp                     No early PDUs: Disabled
max-primary-pdp-contexts:  1000000        total-pdp-contexts:  1000000
primary contexts: not available           total contexts: not available
local ip:  0.0.0.0
primary dns:  0.0.0.0                     secondary dns:  0.0.0.0
ppp keep alive period :  0                ppp mtu :  1500
absolute timeout :  0                     idle timeout :  0
long duration timeout:  0                 long duration action:  Detection
ip header compression:  vj
data compression:  stac mppc deflate      compression mode:  normal
min compression size:  128
ip output access-group:                   ip input access-group:
ppp authentication:
allow noauthentication:  Enabled          imsi authentication:Disabled
Step 2
 
show configuration errors section ggsn-service verbose
 
DHCP Service Configuration
The system can be configured to use the Dynamic Host Control Protocol (DHCP) to assign IP addresses for PDP contexts. IP address assignment using DHCP is done using one of two methods as configured within an APN:
 
DHCP-proxy: The system acts as a proxy for client (MS) and initiates the DHCP Discovery Request on behalf of client (MS). Once it receives an allocated IP address from DHCP server in response to DHCP Discovery Request, it assigns the received IP address to the MS. This allocated address must be matched with the an address configured in an IP address pool on the system. This complete procedure is not visible to MS.
As the number of addresses in memory decreases, the system solicits additional addresses from the DHCP server. If the number of addresses stored in memory rises above the configured limit, they are released back to the DHCP server.
DHCP-relay: The system acts as a relay for client (MS) and forwards the DHCP Discovery Request received from client (MS). Once it receives an allocated IP address from DHCP server in response to DHCP Discovery Request, it assigns the received IP address to the MS.
Regardless of the DHCP method, there are parameters that must first be configured that specify the DHCP servers to communicate with and how the IP address are handled. These parameters are configured as part of a DHCP service.
Important: This section provides the minimum instruction set for configuring a DHCP service on system for DHCP-based IP allocation. For more information on commands that configure additional DHCP server parameters and working of these commands, refer DHCP Service Configuration Mode Commands chapter of Command Line Interface Reference.
These instructions assume that you have already configured the system level configuration as described in System Administration Guide and GGSN service as described in GGSN Service Configuration section of this chapter.
To configure the DHCP service:
Step 1
Step 2
Step 3
Verify your DHCP Service configuration by following the steps in the DHCP Service Configuration Verification section.
Step 4
Save your configuration as described in theVerifying and Saving Your Configuration chapter.
DHCP Service Creation
Use the following example to create the DHCP service to support DHCP-based address assignment:
configure
     context <dest_ctxt_name>
       dhcp-service <dhcp_svc_name>
         bind address <ip_address> [nexthop-forwarding-address <nexthop_ip_address> [mpls-label input <in_mpls_label_value> output <out_mpls_label_value1> [out_mpls_label_value2]]]
         end
Notes:
Optional keyword nexthop-forwarding-address <nexthop_ip_address> [mpls-label input <in_mpls_label_value> output <out_mpls_label_value1> [ out_mpls_label_value2 ]] applies DHCP over MPLS traffic.
DHCP Server Parameter Configuration
Use the following example to configure the DHCP server parameters to support DHCP-based address assignment:
configure
     context <dest_ctxt_name>
       dhcp-service <dhcp_svc_name>
         dhcp server <ip_address> [priority <priority>
         dhcp server selection-algorithm {first-server | round-robin}
         lease-duration min <minimum_dur> max <max_dur>
         dhcp deadtime <max_time>
         dhcp detect-dead-server consecutive-failures <max_number>
         max-retransmissions <max_number>
         retransmission-timeout <dur_sec>
         end
Notes:
Multiple DHCP can be configured by entering dhcp server command multiple times. A maximum of 20 DHCP servers can be configured.
The dhcp detect-dead-server command and max-retransmissions command work in conjunction with each other.
 
DHCP Service Configuration Verification
Step 1
 
show dhcp service all
This command produces an output similar to that displayed below where DHCP name is dhcp1:
 
Service name:                dhcp1
Context:                      isp
Bind:                         Done
Local IP Address:             150.150.150.150
Service Status:               Started
Retransmission Timeout:       3000 (milli-secs)
Max Retransmissions:          2
Lease Time:                   600 (secs)
Minimum Lease Duration:       600 (secs)
Maximum Lease Duration:       86400 (secs)
DHCP Dead Time:               120 (secs)
DHCP Dead consecutive Failure:5
DHCP T1 Threshold Timer:      50
DHCP T2 Threshold Timer:      88
DHCP Client Identifier:       Not Used
DHCP Algorithm:               Round Robin
DHCP Servers configured:
Address: 150.150.150.150     Priority: 1
Next Hop Address:             192.179.91.3
MPLS-label:
     Input:                   5000
     Output:                  1566  1899
Step 2
 
show dhcp service status
 
IP Address Pool Configuration on the System
Before an MS is able to access data services, they must have an IP address. As described previously, the GGSN supports static or dynamic addressing (through locally configured address pools on the system, DHCP client-mode, or DHCP relay-mode). Regardless of the allocation method, a corresponding address pool must be configured.
IP addresses can be dynamically assigned from a single pool/a group of IP pools/a group of IP pool groups. The addresses/IP pools/ IP pool groups are placed into a queue in each pool or pool group. An address is assigned from the head of the queue and, when released, returned to the end. This method is known as least recently used (LRU).
When a group of pools have the same priority, an algorithm is used to determine a probability for each pool based on the number of available addresses, then a pool is chosen based on the probability. This method, over time, allocates addresses evenly from the group of pools.
Important: Setting different priorities on each individual pool can cause addresses in some pools to be used more frequently.
Important: This section provides the minimum instruction set for configuring local IP address pools on the system. For more information on commands that configure additional parameters and options, refer ip pool command section in Context Configuration Mode Commands chapter of Command Line Interface Reference.
These instructions assume that you have already configured the system level configuration as described in System Administration Guide and GGSN service as described in GGSN Service Configuration section of this chapter.
To configure the IP pool:
Step 1
Step 2
Step 3
Verify your IP pool configuration by following the steps in the IP Pool Configuration Verification section.
Step 4
Save your configuration as described in the Verifying and Saving Your Configuration chapter.
IPv4 Pool Creation
Use the following example to create the IPv4 address pool:
configure
     context <dest_ctxt_name>
       ip pool <pool_name> <ip_address/mask> [{private| public}[priority]] | static]
       end
Notes:
 
IPv6 Pool Creation
Use the following example to create the IPv6 address pool:
configure
     context <dest_ctxt_name>
       ipv6 pool <pool_name> 6to4 local-endpoint <ip_address>[private][public][shared][static]
       end
Notes:
 
IP Pool Configuration Verification
Step 1
 
show ip pool
The output from this command should look similar to the sample shown below. In this example all IP pools were configured in the isp1 context.
 
context : isp1:
+-----Type:    (P) - Public    (R) - Private
|              (S) - Static    (E) - Resource
|
|+----State:   (G) - Good      (D) - Pending Delete       (R)-Resizing
||
||++--Priority: 0..10 (Highest (0) .. Lowest (10))
||||
||||+-Busyout: (B) - Busyout configured
|||||
|||||
vvvvv Pool Name  Start Address    Mask/End Address    Used     Avail
----- ---------- --------------- ------------------  -------- --------
PG00  ipsec      12.12.12.0       255.255.255.0        0        254
RG00  pool3      30.30.0.0        255.255.0.0          0        65534
SG00  pool2      20.20.0.0        255.255.0.0          10       65524
PG00  pool1      10.10.0.0        255.255.0.0          0        65534
SG00  vpnpool    192.168.1.250    192.168.1.254        0        5
Total Pool Count: 5
Step 2
 
show ipv6 pools
The output from this command should look similar to the sample shown above except IPv6 addresses.
 
FA Services Configuration
FA services are configured within contexts and allow the system to function as an FA in the 3G wireless data network.
Important: This section provides the minimum instruction set for configuring an FA service that allows the system to process data sessions. Commands that configure additional FA service properties are provided in the Command Line Interface Reference. Additionally, when configuring Mobile IP take into account the MIP timing considerations discussed in Mobile-IP and Proxy-MIP Timer Considerations.
These instructions assume that you have already configured the system level configuration as described in System Administration Guide and GGSN service as described in GGSN Service Configuration section of this chapter.
To configure the FA service:
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Verify your FA service configuration by following the steps in the FA Service Configuration Verification section.
Step 8
Save your configuration as described in the Verifying and Saving Your Configuration chapter.
FA Service Creation
Use the following example to create the FA service:
Important: A maximum of 256 services (regardless of type) can be configured per system.
configure
     context <fa_ctxt_name> -noconfirm
       fa-service <fa_svc_name> -noconfirm]
         end
Notes:
<fa_ctxt_name> is name of the context to use for FA service configuraiton. Generally FA should be configured within a destination context.
<fa_svc_name> is name of the FA service where other parameters have to configure for FA functionality.
IP Interface and UDP Port Binding for Pi Interface
Use the following example to bind the FA service to an local IP interface and specify the maximum number of subscribers that can access this service. Binding an interface to the FA service causes the interface to take on the characteristics of a Pi interface.
configure
     context <fa_ctxt_name>
       fa-service <fa_svc_name>
         bind address <fa_ip_address> max-subscribers <max_subs>
         ip local-port <udp_port_num>
         end
Notes:
<fa_svc_name> is name of the FA service which is created to configure FA functionality.
<fa_ip_address> is the local IP address in IPv4/IPv6 notation for providing Pi interfae characteristics.
<max_subs> is the maximum number of subscribers that can access this service on this interface. This can be configured to any integer value from 0 to 500,000. The default is 500,000.
Important: The maximum number of subscribers supported is dependant on the session capacity license installed and the number of active PACs/PSCs installed in the system. For more information on session capacity license, refer to the Software Management Operations chapter of the System Administration Guide.
<udp_port_num> is the UDP port number from 1 through 65535 to be used for Pi interface. Default port number is 434.
For more information on commands/keywords that configure additional parameters and options, refer FA Service Configuration Mode Commands chapter of Command Line Interface Reference.
Security Parameter Index (SPI) Configuration
Use the following example to configure the security parameter index (SPI) between FA service and HA:
Important: A maximum of 2048 FA-HA SPIs can be configured for a single FA service.
configure
     context <fa_ctxt_name>
       fa-service <fa_svc_name>
         fa-ha-spi remote-address <ha_ip_address> spi-number <spi_num> {encrypted secret <enc_secret_key> | secret <secret_key>}  [description <desc_string>]
         end
Notes:
<fa_svc_name> is name of the FA service which is created to configure FA functionality.
<ha_ip_address> is the IP address in IPv4/IPv6 notation of HA to which this FA service will interact.
<spi_num> specifies the SPI number which indicates a security context between the FA and the HA in accordance with RFC 2002 amd can be configured to any integer value from 256 through 4294967295.
<enc_secret_key> specifies the encrypted shared key between the FA and the HA services. It must be from 1 to 127 alpha and/or numeric characters and is case sensitive.
Important: The encrypted keyword is intended only for use by the system while saving configuration scripts. The system displays the encrypted keyword in the configuration file as a flag that the variable following the secret keyword is the encrypted version of the plain text secret. Only the encrypted secret is saved as part of the configuration file.
<secret_key> specifies the secret shared key between the FA and the HA services. It must be from 1 to 127 alpha and/or numeric characters and is case sensitive.
<desc_string> is the description for this SPI and must be from 1 to 31 alpha and/or numeric characters.
FA Agent Advertisement Parameter Configuration
Use the following example to configure the agent advertisement parameters for this FA service:
configure
     context <fa_ctxt_name>
       fa-service <fa_svc_name>
         advertise adv-lifetime <advt_dur>
         advertise num-adv-sent <advt_num>
         advertise reg-lifetime <reg_dur>
         end
Notes:
<fa_svc_name> is name of the FA service which is created to configure FA functionality.
<advt_dur> is the amount of time that an FA agent advertisement remains valid in the absence of further advertisements. It is measured in seconds and can be configured to any integer value from 1 to 65535. The default is 9000.
<advt_num> is the number of unanswered agent advertisements that the FA service allows during call setup before it rejects the session. It can be any integer value from 1 to 65535. The default is 3.
<reg_dur> specify the longest registration lifetime that the FA service allows in any Registration Request message from the mobile node. It is measured in seconds and can be configured to any integer value from 1 to 65534. The default is 600.
Subscriber Registration, Authentication and Timeout Parameter Configuration
Use the following example to configure the number of subscriber registration, authentication procedure and registration timeout parameters for this FA service:
configure
     context <fa_ctxt_name>
       fa-service <fa_svc_name>
         multiple-reg <reg_num>
         reg-timeout <timeout_dur>
         authentication mn-aaa {always | ignore-after-handoff | init-reg | init-reg-except-handoff | renew-and-dereg-noauth | renew-reg-noauth} [optimize-retries]
         end
Notes:
<fa_svc_name> is name of the FA service which is created to configure FA functionality.
<reg_num> is the number of simultaneous Mobile IP sessions that are to be supported for a single subscriber. It can be configured to any integer value from 1 to 3. The default value is 1.
Important: The system supports multiple Mobile IP sessions per subscriber only if the subscriber’s mobile node has a static IP address. The system only allows a single Mobile IP session for mobile nodes that receive a dynamically assigned home IP address.
Important: In addition, because only a single Mobile IP or proxy-Mobile IP session is supported for IP PDP contexts, this parameter must remain at its default configuration.
<timeout_dur> is the maximum amount of time that the FA service waits for a Registration Rely message from the HA. It is measured in seconds and can be configured to any integer value from 1 to 65535. The default value is 45.
Revocation Message Configuration
Use the following example to configure the FA service for controlling the negotiation and sending of the I-bit in revocation messages:
configure
     context <fa_ctxt_name>
       fa-service <fa_svc_name>
         revocation negotiate-i-bit
         end
Notes:
 
FA Service Configuration Verification
Step 1
 
show fa-service all
The output from this command should look similar to the sample shown below. In this example an FA service named fa1 was configured in the isp1 context.
Service name:       fa1
   Context:          isp1
   Bind:             Done                Max Subscribers:      500000
   Local IP Address: 195.20.20.3         Local IP Port         434
   Lifetime:         00h10m00s           Registration Timeout: 45 (secs)
   Advt Lifetime     02h30m00s           Advt Interval:        5000 (msecs)
   Num Advt:         5
   Advt Prefix Length Extn: NO
   Reverse Tunnel:    Enabled            GRE Encapsulation:     Enabled
SPI(s):
  FAHA: Remote Addr: 195.30.30.3/32
   Hash Algorithm:    HMAC_MD5           SPI Num:  1000
   Replay Protection: Timestamp          Timestamp Tolerance: 60
IPSEC Crypto Map(s):
   Peer HA Addr:          195.30.30.2
      Crypto Map:         test
   Registration Revocation:    Enabled   Reg-Revocation I bit:   Enabled
   Reg-Revocation Max Retries: 3         Reg-Revocation Timeout: 3 (secs)
   Reg-Rev on InternalFailure: Enabled
Step 2
 
show configuration errors section fa-service verbose
 
Common Gateway Access Support Configuration
This section describes some advance feature configuration to support multiple access networks (CDMA, eHRPD and LTE) plus a GSM/UMTS for international roaming with the same IP addressing behavior and access to 3GPP AAA for subscriber authorization. Subscribers using static IP addressing will be able to get the same IP address regardless of the access technology.
This configuration combines 3G and 4G access technologies in a common gateway supporting logical services of HA, PGW, and GGSN to allow their customers to have the same user experience, independent of the access technology available.
Important: This feature is a license-enabled support and you may need to install a feature specific session license on your system to use some commands related to this configuration.
These instructions assume that you have already configured the system level configuration as described in System Administration Guide and GGSN service as described in GGSN Service Configuration section of this chapter.
To configure the S6b and other advance features:
Step 1
Step 2
Step 3
Step 4
Optional. Create and associate DNS client parameters by applying the example configuration in the DNS Client Configuration section.
Step 5
Optional. Modify GGSN service to accept duplicate calls when received with same IP address by applying the example configuration in the Duplicate Call Accept Configuration section.
Step 6
Verify your S6b configuration by following the steps in the Common Gateway Access Support Configuration Verification section.
Step 7
Save your configuration as described in the Verifying and Saving Your Configuration chapter.
Diameter Endpoint Configuration
Use the following example to configure the Diameter endpoint:
configure
  context <ggsn_ctxt_name> -noconfirm
    diameter endpoint <s6b_endpoint_name>
      origin host <host_name> address <ip_address>
      peer <peer_name> realm <realm_name> address <ip_address> port <port_num>
      end
Notes:
<ggsn_ctxt_name> is name of the context which contains GGSN service on system.
AAA Group Configuration
Use the following example create/modify the AAA group for this feature.
configure
  context <fa_ctxt_name>
    aaa group <aaa_grp_name>
      diameter authentication dictionary aaa-custom15
      diameter authentication endpoint <s6b_endpoint_name>
      diameter authentication server <server_name> priority <priority>
      end
Notes:
<s6b_endpoint_name> is name of the existing Diamtere endpoint.
Authorization over S6b Configuration
Use the following example to enable the S6b interface on GGSN service with 3GPP AAA/HSS:
configure
  context <ggsn_ctxt_name>
    ggsn-service <ggsn_svc_name>
      plmn-unlisted-sgsn home
      authorize-with-hss
      fqdn host <host_name> realm <realm_name>
      end
Notes:
<ggsn_svc_name> is name of the GGSN service which is already created on the system.
DNS Client Configuration
Use the following example to enable the S6b interface on GGSN service with 3GPP AAA/HSS:
configure
  context <ggsn_ctxt_name>
     ip domain-lookup
     ip name-servers <ip_address/mask>
     dns-client <dns_name>
       bind address <ip_address>
       resolver retransmission-interval <duration>
       resolver number-of-retries <retrie>
       cache ttl positive <ttl_value>
       exit
    ggsn-service <ggsn_svc_name>
       default dns-client context
       end
Notes:
<ggsn_svc_name> is name of the GGSN service which is already created on the system.
Duplicate Call Accept Configuration
Use the following example to configure GGSN service to accept the duplicate session calls with request for same IP address:
configure
  context <ggsn_ctxt_name>
    ggsn-service <ggsn_svc_name>
      newcall duplicate-subscriber-requested-address accept
      end
Notes:
<ggsn_svc_name> is name of the GGSN service which is already created on the system.
 
Common Gateway Acces Support Configuration Verification
Step 1
 
show ggsn-service all
The output from this command should look similar to the sample shown below. In this example GGSN service named GGSN1 was configured in the vpn1 context.
Service name:           ggsn1
Context:                cn1
Associated PGW svc:      None
Associated GTPU svc:     None
Accounting Context Name:cn1
dns-client Context Name:cn1
Authorize:              hss
Fqdn-name:              xyz.abc@starent.networks.com
Bind:                   Not Done
Local IP Address:       0.0.0.0           Local IP Port:          2123
Self PLMN:              Not defined
Retransmission Timeout: 5 (secs)
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883