Configuring IPv6 PDP Support on the GGSN
This chapter describes how to configure support for Internet Protocol Version 6 (IPv6) packet data protocol (PDP) contexts on a Cisco Gateway GPRS Support Node (GGSN).
For complete descriptions of the GGSN commands in this chapter, see Cisco GGSN Command Reference for the Cisco GGSN release you are using.
To locate documentation for other commands that appear in this chapter, use the command reference master index or search online. See the "Related Documents" section on page 3-11 for a list of other Cisco IOS Software documentation that could be helpful while configuring the GGSN.
This chapter includes the following sections:
•IPv6 PDPs on the GGSN Overview
•Implementing IPv6 PDP Support on the GGSN
•Monitoring and Maintaining IPv6 PDPs
•Configuration Example
IPv6 PDPs on the GGSN Overview
This section provides a brief overview of IPv6 PDP support for the Cisco GGSN. For detailed information about the implementation of IPv6 in Cisco IOS Software, including IPv6 address formats and addressing schemes, see Cisco IOS IPv6 Configuration Guide.
The Cisco GGSN supports IPv6 primary PDP context activation, and serving GPRS support node (SGSN)-initiated modification and deactivation procedures via IPv6 stateless autoconfiguration (as specified by RFC 2461 and RFC 2462). An IPv6-over-IPv4 tunnel configured on the Cisco 7600 Series Router supervisor engine module establishes connectivity between isolated or remote IPv6 networks over an existing IPv4 infrastructure.
Note Tunnels must be configured from the supervisor engine. Tunneling from the GGSN is not supported.
Figure 5-1 shows the IPv6 over IPv4 tunnel configuration.
Figure 5-1 IPv6 over IPv4 Tunnel Configuration
IPv6 Stateless Autoconfiguration
Interfaces on an IPv6 node must have a link-local address, which is typically automatically configured from the identifier for an interface and the link-local prefix FE80::/10. A link-local address enables a node to communicate with other nodes on the link, and it can be used to further configure the node.
Nodes can connect to a network and automatically generate site-local and global IPv6 addresses without the need for manual configuration or help of a server, such as a RADIUS. With IPv6, a Cisco GGSN advertises any site-local and global prefixes, and advertises its willingness to function as a default router for the link in router advertisements (RAs). RAs are sent periodically, and are sent in response to router solicitation messages, which hosts send at system startup.
The Cisco GGSN assigns an interface ID to the IPv6 mobile station (MS) in the Create PDP Context response, or the MS can automatically configure a site-local and global IPv6 address by appending its interface identifier (64 bits) to the prefix (64 bits) included in an RA.
The resulting 128-bit IPv6 address configured by the node is then subjected to Duplicate Address Detection to ensure its uniqueness on the link. If the prefix advertised in the RA is globally unique, then the IPv6 address configured by the node is also guaranteed to be globally unique. Hosts send router solicitation messages, which have a value of 133 in the Type field of the Internet Control Message Protocol (ICMP) packet header, at system startup so that the host can immediately autoconfigure without needing to wait for the next scheduled RA.
Figure 5-2 depicts the creation of an IPv6 PDP context via IPv6 stateless autoconfiguration.
Figure 5-2 IPv6 PDP Context Creation on the Cisco GGSN Using IPv6 Stateless Autoconfiguration
In the steps of the call flow shown in Figure 5-2, the following occurs:
1. Activate PDP Context Request—The MS sends the SGSN an Activate PDP Context request.
2. Create PDP Context Request—The SGSN sends a Create PDP Context request to the GGSN.
Upon receiving the Create PDP Context request from the SGSN, the GGSN generates an IPv6 address composed of the prefix allocated to the PDP context and an interface identifier generated by the GGSN.
3. Create PDP Context Response—The GGSN returns an address in its Create PDP Context response to the SGSN.
Since the MS is considered to be alone on its link toward the GGSN, the interface identifier does not need to be unique across all PDPs. The MS extracts and stores the interface identifier from the address received and uses it to build its link-local address and its complete IPv6 address.
4. Activate PDP Context Accept—The SGSN sends an Activate PDP Context accept to the MS, and the context is established.
5. Router Solicitations—The MS can or cannot send router solicitations to the GGSN.
6. Router Advertisements—The GGSN sends RAs periodically.
In the RAs, the GGSN sends a 64-bit prefix, which is the same prefix as the one it provided in Step 3. After the MS receives the RA, it constructs its complete IPv6 address by concatenating the interface ID received in Step 3, or a locally generated interface ID, and the prefix provided in the RA. If the RA contains more than one prefix option, the MS considers only the first one, and discards the rest.
Because any prefix the GGSN advertises in a Create PDP Context response is unique within the scope of the prefix, the MS does not have to perform Duplicate Address Detection. Therefore, the GGSN can discard the neighbor solicitations the MS can send to detect a duplicate address.
Supported Features
For IPv6 PDP contexts, the Cisco GGSN supports the following features:
•IPv6 GTPv0 and GTPv1 PDP establishment via IPv6 stateless autoconfiguration.
•IPv6 prefix allocation from a locally configured 64-bit prefix pool.
•GGSN sending of RAs and answering of router solicitation messages from MSs.
•IPv6 gateway GPRS support node-call detail record (G-CDR) generation.
•Dual-stack APN (both IPv4 and IPv6 PDPs supported simultaneously).
•IPv6 DNS address configuration per APN for IPv6 DNS address allocation if requested.
•RADIUS authentication, accounting, and IPv6 address allocation from RADIUS server.
•Per-APN RA timers. These timers include the RA interval and lifetime intervals, and the initial interval before sending the first RA.
•Standard and extended ACL support for IPv6 APNs.
•GPRS-specific security features (address verification and mobile-to-mobile traffic redirection features).
•QoS (marking and Call Admission Control).
•Proxy Call Session Control Function (Proxy-CSCF) support for IPv6 servers.
Restrictions
The following limitations and restrictions apply to IPv6 PDP context support on the GGSN:
•The following features are not supported for IPv6 PDP contexts:
–Secondary PDP contexts
–Per-PDP policing
–Stateful address autoconfiguration with DHCPv6
–DHCPv6 relay or proxy-client
–Stateful IPv6 autoconfiguration
–GTP session redundancy (GTP-SR)
–Enhanced service-aware billing
–PPP PDP and PPP regeneration
–Virtual routing and forwarding (VRF)
(If a dual-stack APN is configured, and VRF is enabled on the APN, IPv4 PDP contexts go into the VRF, but IPv6 PDP contexts stay in the global routing table.)
–Route probe, routing behind the mobile, and single PDP session, and configuring a primary and back NetBIOS Name Service.
Note Fro a complete list of APN configurations supported or not supported for IPv6 PDP contexts, see Chapter 9, "Configuring Network Access to the GGSN."
•IP CEF and IPv6 CEF must be enabled. (IPv6 CEF requires IP CEF to be enabled.)
•All infrastructure nodes in the public land mobile network (PLMN), the SGSN, GGSN, and charging gateway, are assumed to be IPv4 nodes.
•IPv6 must be implemented on the supervisor engine module.
•IPv6 over IPv4 tunnels must be configured from the supervisor engine module. Tunneling from the GGSN is not supported.
•RADIUS must be implemented as an infrastructure node in the PLMN.
•The the no virtual-template snmp command must be configured.
•The no virtual-template subinterface must not be configured.
•The following commands must not be configured on the IPv6 base virtual template:
–snmp if-index persists
–ntp disable
Implementing IPv6 PDP Support on the GGSN
To configure IPv6 support on the GGSN, complete the tasks listed in the following sections:
•Enabling the Forwarding of IPv6 Traffic on the GGSN (Required)
•Configuring an IPv6 Base Virtual Template Interface (Required)
•Enabling IPv6 Support on an APN (Required)
•Configuring a Local IPv6 Prefix Pool (Required)
•Monitoring and Maintaining IPv6 PDPs (Optional)
Enabling the Forwarding of IPv6 Traffic on the GGSN
The forwarding of IPv6 traffic on the GGSN requires that Cisco Express Forwarding (CEF) and IPv6 CEF are enabled globally on the GGSN. In addition, to forward IPv6 traffic using CEF, configure the forwarding of IPv6 unicast datagrams globally on the GGSN by using the ipv6 unicast-routing command.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip cef
4. ipv6 unicast-routing
5. ipv6 cef
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
ip cef Example: Router# configure terminal |
Enables Cisco Express Forwarding for IPv4 globally on the router. |
Step 4 |
ipv6 unicast-routing Example: Router(config)# ipv6 unicast-routing |
Enables the forwarding of IPv6 unicast datagrams. |
Step 5 |
ipv6 cef Example: Router(config)# ipv6 cef |
Enables CEF for IPv6 globally on the router. |
Configuring an IPv6 Base Virtual Template Interface
A virtual-access subinterface is created for each IPv6 PDP context established on the GGSN. The configurations for virtual access, such as RA timers, are cloned from an IPv6 base virtual template interface that is assigned to the APN. The commands configured under the IPv6 base virtual template define the behavior of the IPv6 protocol.
You can configure multiple base virtual templates, each with a different configuration. Multiple APNs can share a base virtual template, however, only one base virtual template can be assigned to an APN (using the ipv6 base-vtemplate command) at a time.
When a Create PDP Context request is received, a virtual subinterface is cloned from the base virtual template that is assigned to the APN, and an IPv6 address is allocated as configured under the APN after the IPv6 virtual-access subinterface is created. The Create PDP Context response is returned after the virtual-access subinterface is created, and authentication and address allocation are successfully completed.
Caution
To avoid severe performance issues, ensure that the
no ipv6 nd ra suppress command
is configured and that the
no-virtual-template subinterface commands
is
not configured under the IPv6 base virtual template interface.
SUMMARY STEPS
1. enable
2. configure terminal
3. interface virtual-template number
4. ipv6 enable
5. no ipv6 nd ra suppress
6. ipv6 nd ra interval {maximum-secs [minimum-secs] | msec maximum-msecs [minimum-msecs]}
7. ipv6 nd ra lifetime seconds
8. ipv6 nd ra initial [exponential] InitialAdvertInterval InitialAdvertisements
9. ipv6 nd prefix default infinite infinite off-link
10. exit
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface virtual-template number Example: Router(config)# interface virtual-template number |
Creates a virtual template interface, where number identifies the virtual template interface. |
Step 4 |
ipv6 enable Example: Router(config-if)# ipv6 enable |
Enables IPv6 processing on an interface that has not been configured with an explicit IPv6 address. Note This command automatically configures an IPv6 link-local unicast address on the interface while also enabling the interface for IPv6 processing. |
Step 5 |
no ipv6 nd ra suppress Example: Router(config-if)# no ipv6 nd ra suppress |
Enables the sending of IPv6 router advertisement transmissions on non-LAN interface types (for example, serial or tunnel interfaces). |
Step 6 |
ipv6 nd ra interval {maximum-secs [minimum-secs] | msec maximum-msecs [minimum-msecs]} Example: Router(config-if)# ipv6 nd ra interval 21600 |
Configures the interval between IPv6 RA transmissions on an interface. |
Step 7 |
ipv6 nd ra lifetime seconds Example: Router(config-if)# ipv6 nd ra lifetime 21600 |
Configures the router lifetime value, in seconds, in IPv6 router advertisements on an interface. |
Step 8 |
ipv6 nd ra initial [exponential] InitialAdvertInterval InitialAdvertisements Example: Router(config-if)# ipv6 nd ra initial 3 3 |
Configure the interval, in seconds, between IPv6 router advertisement transmissions, and the number of RAs sent during the initial phase on an interface. Optionally, specify the exponential keyword option to configure the value specified for the InitialAdvertInterval be used as the initial timer value and double on each subsequent transmission. |
Step 9 |
ipv6 nd prefix default infinite infinite off-link Example: Router(config-if)# ipv6 nd prefix default infinite infinted off-link
ipv6 nd prefix {ipv6-prefix/prefix-length | default} [no-advertise | [valid-lifetime preferred-lifetime [off-link | no-rtr-address | no-autoconfig]] | [at valid-date | preferred-date [off-link | no-rtr-address | no-autoconfig]] |
Configures which IPv6 prefixes are included in IPv6 router advertisements. |
Step 10 |
exit Example: Router(config-if)# exit |
Exits interface configuration mode. |
Enabling IPv6 Support on an APN
The commands configured on an APN define the behavior of the IPv6 PDP contexts processed by that APN (such as the method of IPv6 address allocation to use), and also define GTP IPv6 elements (such as the IPv6 addresses of the primary and backup DNS).
For a complete list of APN-configuration options that are supported for IPv6 PDP contexts, see Chapter 9, "Configuring Network Access to the GGSN."
To enable IPv6 support on an APN, complete the following steps.
SUMMARY STEPS
1. enable
2. configure terminal
3. access-point access-point-index
4. access-point-name apn-name
5. ipv6 dns primary ipv6-address [secondary ipv6-address]
6. ipv6 [enable | exclusive]
7. ipv6 ipv6-address-pool {local pool-name | radius-client}
8. ipv6 ipv6-access-group ACL-name [up | down]
9. ipv6 base-vtemplate number
10. exit
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
access-point access-point-index Example: Router(config)# access-point 2 |
Specifies an access point number and enters access-point configuration mode. |
Step 4 |
access-point-name apn-name Example: Router(config-access-point )# access-point-name ipv6_apn1.com |
Specifies the network (or domain) name for a PDN that subscribers can access from the GGSN at a defined access point. |
Step 5 |
ipv6 [enable | exclusive] Example: Router(config-access-point ) ipv6 enable |
Configures an access point to allow IPv6 PDP contexts. •enable—Configures support for both IPv4 and IPv6 PDP contexts on the APN. •exclusive—Configures support for only IPv6 PDP contexts on the APN. By default, only IPv4 PDP contexts are supported on an APN. |
Step 6 |
ipv6 dns primary ipv6-address [secondary ipv6-address] Example: Router(config-access-point ) ipv6 dns primary 2001:999::9 |
Specifies the address of a primary (and backup) IPv6 DNS sent in IPv6 Create PDP Context response, if requested. |
Step 7 |
ipv6 ipv6-address-pool {local pool-name | radius-client} Example: Router(config-access-point ) ipv6 ipv6-address-pool local localv6 |
Configures a dynamic IPv6 prefix allocation method for an access-point. Note This release of the Cisco GGSN supports IPv6 prefix allocation via locally configured pools. |
Step 8 |
ipv6 ipv6-access-group ACL-name [up | down] Example: Router(config-access-point ) ipv6 ipv6-access-group ipv6filter down |
Applies an access-control list (ACL) configuration to uplink or downlink payload packets. |
Step 9 |
ipv6 base-vtemplate number Example: Router(config-access-point ) ipv6 base-vtemplate 10 |
Specifies the base virtual template interface from which the APN copies IPv6 RA parameters when creating virtual subinterfaces for IPv6 PDP contexts. |
Step 10 |
exit Example: Router(config-access-point )# exit |
Exits interface configuration mode. |
Configuring a Local IPv6 Prefix Pool
The function of prefix pools in IPv6 is similar to that of address pools in IPv4. The main difference is that IPv6 assigns prefixes rather than single addresses.
As for IPv4, an IP address can be obtained from a locally configured pool, or it can be retrieved from an AAA server. The Cisco GGSN supports prefix allocation via local pools.
When configuring a local IPv6 prefix pool, overlapping membership between pools is not permitted. Once a pool is configured, it cannot be changed. If you change the pool configuration, the pool is removed and re-created and all prefixes previously allocated are freed.
For detailed information on configuring local IPv6 prefix pools using the following commands, see Cisco IOS IPv6 Configuration Guide.
SUMMARY STEPS
1. enable
2. configure terminal
3. ipv6 local pool poolname prefix/prefix-length assigned-length [shared] [cache-size size]
4. exit
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable |
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 |
ipv6 local pool poolname prefix/prefix-length assigned-length [shared] [cache-size size] Example: Router(config)# ipv6 local pool pool1 2001:0DB8::/48 64
Router# show ipv6 local pool
Pool Prefix Free In use
pool1 2001:0DB8::/48 65516 20 |
Configures a local IPv6 prefix pool. Note The value 64 must be configured as the assigned length. The minimum prefix length accepted by the GGSN is /48. |
Step 4 |
exit Example: Router(config)# exit |
Exits interface configuration mode. |
Configuring an IPv6 Access Control List
IPv6 access control lists restrict IPv6-related traffic, based on the configured IPv6 filters. A filter contains the rules for matching an IP packet; if a packet matches, the rule also stipulates whether the packet are permitted or denied.
An IPv6 access control filter is applied to an APN by using the ipv6 ipv6-access-group command in access-point configuration mode.
For detailed information on configuring IPv6 Access Control Lists using the following commands, see Cisco IOS IPv6 Configuration Guide.
SUMMARY STEPS
1. enable
2. configure terminal
3. ipv6 access-list access-list-name
4. deny protocol {source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [operator [port-number]] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address} [operator [port-number]] [dest-option-type [doh-number | doh-type]] [dscp value] [flow-label value] [fragments] [log] [log-input] [mobility] [mobility-type [mh-number | mh-type]] [routing] [routing-type routing-number] [sequence value] [time-range name] [undetermined-transport]
5. permit protocol {source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [operator [port-number]] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address} [operator [port-number]] [dest-option-type [doh-number | doh-type]] [dscp value] [flow-label value] [fragments] [log] [log-input] [mobility] [mobility-type [mh-number | mh-type]] [reflect name [timeout value]] [routing] [routing-type routing-number] [sequence value] [time-range name]
6. exit
DETAILED STEPS
|
|
|
Step 1 |
enable Example: Router> enable
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 |
configure terminal Example: Router# configure terminal
|
Enters global configuration mode. |
Step 3 |
ipv6 access-list access-list-name Example: Router(config)# ipv6 access-list ipv6filter
|
Defines an IPv6 access list name and places the GGSN in IPv6 access list configuration mode. |
Step 4 |
deny protocol {source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [operator [port-number]] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address} [operator [port-number]] [dest-option-type [doh-number | doh-type]] [dscp value] [flow-label value] [fragments] [log] [log-input] [mobility] [mobility-type [mh-number | mh-type]] [routing] [routing-type routing-number] [sequence value] [time-range name] [undetermined-transport] Example: Router(config-ipv6-acl)# deny ipv6 any 2001:200::/64
|
Sets deny conditions for an IPv6 access list. |
Step 5 |
permit protocol {source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [operator [port-number]] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address} [operator [port-number]] [dest-option-type [doh-number | doh-type]] [dscp value] [flow-label value] [fragments] [log] [log-input] [mobility] [mobility-type [mh-number | mh-type]] [reflect name [timeout value]] [routing] [routing-type routing-number] [sequence value] [time-range name] Example: Router(config-ipv6-acl)# permit ipv6 any any |
Sets permit conditions for an IPv6 access list. |
Step 6 |
exit Example: Router(config)# exit |
Exits interface configuration mode. |
Configuring Additional IPv6 Support Options
This section summarizes some other IPv6-specific options that you can configure on an access point.
Additional details about configuring several of these options are provided in other chapters of this book. These options apply to IPv6 PDP contexts only. A summary of all APN IPv6 configuration options is provided in Chapter 9, "Configuring Network Access to the GGSN."
To configure additional IPv6-specific options for a GGSN access point, use any of the following commands, beginning in access-point list configuration mode.
|
|
|
Step 1 |
Router(config-access-point)# ipv6 ipv6-access-group ACL-name [up | down] |
(Optional) Applies an access control list (ACL) configuration to uplink or downlink payload packets. |
Step 2 |
Router(config-access-point)# ipv6 redirect [all | intermobile] ipv6-address
|
(Optional) Configures the GGSN to redirect IPv6 traffic to an external IPv6 device. The available options are: •all—Redirects all IPv6 traffic to an external IPv6 device for an APN. •intermobile—Redirects mobile-to-mobile IPv6 traffic to an external IPv6 device. •ipv6-address—IP address of the IPv6 external device to which you want to redirect IPv6 traffic. |
Step 3 |
Router(config-access-point)# ipv6 security verify source |
(Optional) Enables the GGSN to verify the IPv6 source address of an upstream Transport Protocol Data Unit (TPDU) against the address previously assigned to an MS. |
Monitoring and Maintaining IPv6 PDPs
The following privileged EXEC show commands can be used to monitor the IPv6 configuration and IPv6 PDPs on the GGSN.
|
|
Router# show gprs access-point |
Displays information about access points on the GGSN. |
Router# show gprs access-point statistics |
Displays data volume and PDP activation and deactivation statistics for access point on the GGSN. |
Router# show gprs access-point status |
Displays the number of active PDPs on an access point and how many of those PDPs are IPv4 PDPs, and an how many are IPv6 PDPs. |
Router# show gprs gtp pdp-context |
Displays a list of the currently active PDP contexts. |
Router# show gprs gtp status |
Displays information about the status of the GTP on the GGSN. |
Router# show gprs pcscf |
Displays a summary of the P-CSCF server group or groups configured on the GGSN for P-CSCF Discovery. |
Configuration Example
The following example shows IPv6 support configured on a GGSN. The IPv6 related configuration statements appear in bold text:
interface Virtual-Template10
ipv6 nd ra interval 21600
ipv6 nd ra lifetime 21600
ipv6 nd prefix default infinite infinite off-link
access-point-name ipv6_test.com
ipv6 dns primary 2001:999::9
ipv6 ipv6-address-pool local localv6
ipv6 local pool localv6 2001:234::/48 64