Intelligent Wireless Access Gateway Configuration Guide
Dual Stack Support for PMIPv6 and GTP
Downloads: This chapterpdf (PDF - 1.14MB) The complete bookPDF (PDF - 6.18MB) | The complete bookePub (ePub - 1.55MB) | Feedback

Dual Stack Support for PMIPv6 and GTP

Contents

Dual Stack Support for PMIPv6 and GTP

Effective from Cisco IOS XE Release 3.11S, the Intelligent Wireless Access Gateway (iWAG) supports dual-stack session for Proxy Mobile IPv6 (PMIPv6) and GPRS Tunneling Protocol (GTP) sessions.

This chapter contains the following sections:

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About Dual-Stack Support for PMIPv6

The Dual Stack Support for PMIPv6 feature allows both IPv4 and IPv6 traffic streams to flow through a single PMIPv6 session. The IPv4 and IPv6 traffic streams from a subscriber are identified using the Subscriber MAC address. The iWAG supports following functionalities:

  • IPv6 L2-connected subscriber sessions
  • Dual-stack L2-connected Internet Protocol Over Ethernet (IPoE) subscriber sessions

Features Supported for Dual-Stack PMIPv6 Sessions

  • IPv4 address allocation method using Dynamic Host Configuration Protocol (DHCP)
  • IPv6 address allocation method using Stateless Address Auto Configuration (SLAAC)
  • Idle timeout for per-user accounting and per-flow accounting
  • Absolute timeout for per-user accounting and per-flow accounting
  • Postpaid for per-user accounting and per-flow accounting
  • QoS policy for per-user accounting and per-flow accounting

Information About Dual-Stack Support for GTP

The Dual Stack Support for GTP feature allows both IPv4 and IPv6 traffic streams to flow through a single GTP session. The IPv4 and IPv6 traffic streams from a subscriber are identified using the Subscriber MAC address. This feature enables the assignment of both an IPv4 address and an IPv6 address to a client. Therefore, the overall number of supported subscribers on the Cisco ASR 1000 Series Aggregation Services Routers are not affected by a mix of IPv4 and IPv6 traffic.


Note


Prior to the introduction of the Dual-Stack feature, GTP supported only IPv4 sessions.

Dual-Stack GTP sessions support the following session initiators:

  • Unclassified MAC
  • IPv6 Neighbor Discovery
  • DHCPv4

Restrictions for Dual-Stack GTP

  • The connection between the iWAG and GGSN or PGW can only be IPv4 even though the sessions can be IPv4, IPv6, or dual stack.
  • The DNS server (under the gtp or apn configuration submode) can be configured only for IPv4.

AAA Attributes for Dual Stack

After the AAA server authenticates a subscriber, an AAA attribute is returned in the Access Accept message sent to the iWAG to indicate the session type.

The AAA attribute for the Dual Stack configuration can have the following values:

  • "cisco-AVPair=mn-service=dual" (The iWAG retrieves both the IPv4 and IPv6 addresses, but will assign the IPv4 or IPv6 address to the subscriber based on the FSOL. )
  • "cisco-AVPair=mn-service=ipv4" (The iWAG retrieves only the IPv4 address for the subscriber. )
  • "cisco-AVPair=mn-service=ipv6" (The iWAG retrieves only the IPv6 address for the subscriber. )

Configuration Examples for Dual-Stack PMIPv6

Example: Configuring an Access List Traffic Classmap for Dual-Stack PMIPv6

ip access-list extended ACL_OUT_INTERNET
 permit ip any any
ip access-list extended ACL_OUT_INTERNET2
 permit ip any any
ip access-list extended ACL_OUT_OPENGARDEN
 permit ip any any
 permit udp any any
ip access-list extended ACL_IN_INTERNET
 permit ip any any
ip access-list extended ACL_IN_INTERNET2
 permit ip any any
ip access-list extended ACL_IN_OPENGARDEN
 permit ip any any
 permit udp any any

ipv6 access-list IPV6_ACL_INTERNET
 permit ipv6 any any
ipv6 access-list IPV6_ACL_INTERNET2
 permit ipv6 any any
ipv6 access-list IPV6_ACL_OPENGARDEN
 permit ipv6 any any

Example: Configuring a Classmap for Dual-Stack PMIPv6


class-map type traffic match-any TC_OPENGARDEN  #defines the traffic rule used in the service using ACL.
 match access-group output name ACL_OUT_OPENGARDEN
 match access-group input name ACL_IN_OPENGARDEN
!
class-map type traffic match-any TC_INTERNET2
 match access-group output name ACL_OUT_INTERNET2
 match access-group input name ACL_IN_INTERNET2
!
class-map type traffic match-any TC_INTERNET
 match access-group output name ACL_OUT_INTERNET
 match access-group input name ACL_IN_INTERNET

class-map type traffic match-any TC_INTERNET_IPV6
 match access-group output name IPV6_ACL_INTERNET
 match access-group input name IPV6_ACL_INTERNET
 
class-map type traffic match-any TC_INTERNET_IPV6_2
 match access-group output name IPV6_ACL_INTERNET2
 match access-group input name IPV6_ACL_INTERNET2
 
class-map type traffic match-any TC_OPENGARDEN_IPV6
 match access-group output name IPV6_ACL_OPENGARDEN
 match access-group input name IPV6_ACL_OPENGARDEN

Example: Configuring a Policymap for Dual-Stack PMIPv6


policy-map type service DRL_V4        #provides service definition for services applied during session start and restart
 20 class type traffic TC_INTERNET
  police input 512000 512000 10000
  police output 1280000 560000 20000
 !
policy-map type service ACC_V4
 20 class type traffic TC_INTERNET2
  accounting aaa list default
!
policy-map type service TO_V4
 20 class type traffic TC_OPENGARDEN
  timeout idle 60
 !
policy-map type service DRL_V6
 20 class type traffic TC_INTERNET_IPV6
  police input 512000 512000 10000
  police output 1280000 560000 20000
 !
policy-map type service ACC_V6
 20 class type traffic TC_INTERNET_IPV6_2
  accounting aaa list default
  !
policy-map type service TO_V6
 20 class type traffic TC_OPENGARDEN_IPV6
timeout idle 60
 !

Example: Configuring a Control Policy for Dual-Stack PMIPv6

policy-map type control PMIP_DUAL_STACK
 class type control always event session-start
  10 service-policy type service name DRL_V4            #applying services during dual stack
  11 service-policy type service name DRL_V6            #applying services during dual stack
  15 service-policy type service name ACC_V4            #applying services during dual stack
  16 service-policy type service name ACC_V6            #applying services during dual stack
  20 service-policy type service name TO_V4             #applying services during dual stack
  21 service-policy type service name TO_V6             #applying services during dual stack
  25 service-policy type service name SESSION_TIMEOUT_SERVICE  #applying services during dual stack
  30 authorize aaa list default identifier mac-address         #performs MAC TAL authorization

 
 class type control always event session-restart
  10 service-policy type service name DRL_V4              #applying services during dual stack
  11 service-policy type service name DRL_V6              #applying services during dual stack
  15 service-policy type service name ACC_V4              #applying services during dual stack
  16 service-policy type service name ACC_V6              #applying services during dual stack
  20 service-policy type service name TO_V4               #applying services during dual stack
  21 service-policy type service name TO_V6               #applying services during dual stack
  25 service-policy type service name SESSION_TIMEOUT_SERVICE  #applying services during dual stack
  30 authorize aaa list default identifier mac-address         #performs MAC TAL authorization

Example: Configuring an Access Interface for Dual-Stack PMIPv6

interface GigabitEthernet0/0/2
 description manthiya connected to MN1
 ip address 11.1.1.2 255.255.255.0
 negotiation auto
 ipv6 address FE80::200:5EFF:FE00:5213 link-local
 service-policy type control PMIP_DUAL_STACK   #subscriber services are applied based on
                                                    the control policy definition
 ip subscriber l2-connected               #invokes iWAG functionality
  initiator unclassified mac-address      #unclassified MAC address with IPv4 and IPv6 packets, 
                                           are treated as FSOL to create a session
  initiator dhcp                          #DHCP control packets are used as FSOL
                                           to create DHCPv4 only session
end

Example: Configuring the Local Mobility Anchor for Cisco ASR 5000 Routers

context pgw
    ip pool PMIP_POOL 70.70.0.1 255.255.0.0 public 0 subscriber-gw-address 70.70.70.1
    ip pool v4_staticpool 9.9.9.1 255.255.0.0 static
    ipv6 pool v6_pool prefix eeee::1/48 public 0 policy allow-static-allocation
    router rip
      network ip 70.70.0.0/16
      network name lma2
      redistribute connected
      version 2
    exit
    interface lma2
      ipv6 address aaaa:bbbb::2/64
      ip address 60.1.1.2 255.255.255.0 secondary
    exit
    subscriber default
    exit
    apn cisco.com
      pdp-type ipv4 ipv6      #enables dual-stack address assignment under ASR 5K LMA
      selection-mode sent-by-ms
      accounting-mode none
      ip context-name pgw
    exit
    aaa group default
    exit
    gtpp group default
    exit
    lma-service lma2
      no aaa accounting
      reg-lifetime 40000
      timestamp-replay-protection tolerance 0
      mobility-option-type-value standard
      revocation enable
      bind address aaaa:bbbb::2
    exit
    pgw-service pgw1
      plmn id mcc 100 mnc 200
      associate lma-service lma2
    exit
    ipv6 route 2002::/64 next-hop aaaa:bbbb::1 interface lma2
    ip igmp profile default
    exit
  exit
  port ethernet 17/1
    boxertap eth4
    no shutdown
    bind interface lma2 pgw
  exit
  port ethernet 17/3
    vlan 200
      no shutdown
    exit
  exit
  port ethernet 17/4
    no shutdown
  exit
end

Example: Configuring Mobile Access Gateways for Dual-Stack PMIPv6

ipv6 mobile pmipv6-domain D1             #domain with name D1 configuration
 replay-protection timestamp window 255
 mn-profile-load-aaa                     #subscriber service profile downloaded from AAA server
 lma lma1                                #associating LMA with name lma1 to domain D1
  ipv6-address 2003::4
  ipv4-address 16.1.1.2
 mag M1                                  #associating MAG with name M1 to domain D1
  ipv6-address 2002::4
  ipv4-address 15.1.1.1
 nai MN1@example.com                     #local subscriber NAI definition for authotrization,
                                           where service for this particular NAI is defined
  apn example.com
  lma lma1
  service dual                      #dual stack is enabled for MN1@example.com client
  int att ETHERNET l2-addr 0000.1111.2222
!
ipv6 mobile pmipv6-mag M1 domain D1
 no discover-mn-detach
 sessionmgr
 apn example.com
 address ipv6 2002::4
 address ipv4 15.1.1.2
 binding maximum 40000
 replay-protection timestamp window 255
 interface GigabitEthernet0/0/2
  enable pmipv6 default MN1@example.com
 lma lma1 D1
  ipv6-address 2003::4
  ipv4-address 16.1.1.2
  encap gre-ipv4

Configuration Examples for Dual-Stack GTP

Example: Configuring Dual-Stack Sessions for GTP

gtp
information-element rat-type wlan
interface local GigabitEthernet0/1/3
apn 1
  apn-name example1.com
  ip address ggsn 10.201.31.2
  default-gw 30.1.0.1 prefix-len 16
  dns-server 192.165.1.1
  dhcp-lease 1801
apn 2
  apn-name example2.com
  ip address ggsn 10.201.31.4
  default-gw 30.2.0.1 prefix-len 16
  dns-server 192.165.1.1
  dhcp-lease 1801

Example: Configuring an Interface to PGW or GGSN

interface GigabitEthernet0/1/3
description SGSN to GGSN port
ip address 10.201.31.1 255.255.255.0
negotiation auto
ipv6 address 2007::2/64
end

Example: Configuring a Control Policy for Dual-Stack GTP

policy-map type control BB_PMAP
class type control always event session-start
10 authorize aaa list BB_1 password cisco identifier mac-address

Example: Configuring an Access Interface for Dual-Stack GTP

interface GigabitEthernet0/0/3
ip address 21.0.0.1 255.255.0.0
ipv6 address 8001::1/16
ipv6 enable
ipv6 nd ra interval 600
service-policy type control BB_PMAP
ip subscriber l2-connected
  initiator unclassified mac-address
  initiator dhcp
end

Enabling IPv6 Routing

ipv6 unicast-routing

Additional References

Related Documents

MIBs

MIB

MIBs Link

No new or modified MIBs are supported by this feature.

To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http:/​/​www.cisco.com/​go/​mibs

Technical Assistance

Description

Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

Feature Information for Dual-Stack Support for PMIPv6 and GTP

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Table 1 Feature Information for Dual-Stack Support for PMIPv6 and GTP

Feature Name

Releases

Feature Information

Dual-Stack Support for PMIPv6

Cisco IOS XE Release 3.11

The Dual-Stack Support for PMIPv6 feature allows both IPv4 and IPv6 traffic streams to flow through a single PMIPv6 session.

In Cisco IOS XE Release 3.11S, this feature was implemented on the Cisco ASR 1000 Series Aggregation Services Routers.

Dual-Stack Support for GTP

Cisco IOS XE Release 3.11

The Dual-Stack Support for GTP feature allows both IPv4 and IPv6 traffic streams to flow through a single GTP session.

In Cisco IOS XE Release 3.11S, this feature was implemented on the Cisco ASR 1000 Series Aggregation Services Routers.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http:/​/​www.cisco.com/​go/​trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)