无线/移动 : 网关 GPRS 支持节点 (GGSN)

ASR5x00系列:IP在PDP请求创建的分配失败

2015 年 8 月 28 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 7 月 14 日) | 反馈

简介

本文描述发生由于在GTP_CREATE_PDP_RESPONSE的未知数据包数据协议的IP地址分配失败(PDP)类型或PDP类型错误。此问题在Cisco聚合服务路由器(ASR) 5x00系列该报告工作作为网关GPRS支持节点(GGSN)。

贡献用Karuna Jha, Cisco TAC工程师。

问题

用户设备(UE)请求静态IP地址<x.x.x.x>。

用户有从位置记录器(HLR) /Home用户服务器(HSS)的静态IP地址分配一特定的接入点名称的(APN),因此最终用户不应该动态地分配IP地址从GGSN。

此错误从导致失败设立的会话的监视器用户被观察了:

#Monitor subscriber Imsi  <> (enable options x, a, y, verbosity 4)

----------------------------------------------------------------------
Incoming Call:
----------------------------------------------------------------------
MSID/IMSI : <> Callid : <>
IMEI : <> MSISDN : <>
Username : <> SessionType : ggsn-pdp-type-ipv4
Status : Active Service Name: GGSN_SVC
Src Context : <>
----------------------------------------------------------------------

INBOUND>>>>> 21:50:38:497 Eventid:47000(3)
GTPC Rx PDU, from <IP>:34273 to <IP>:2123 (213)
TEID: 0x00000000, Message type: GTP_CREATE_PDP_CONTEXT_REQ_MSG
(0x10) >>>1st Create PDP Request
Sequence Number:: 0x7B16 (31510)


<<<<OUTBOUND 21:50:38:501 Eventid:47001(3)
GTPC Tx PDU, from <IP>:2123 to <IP>:34273 (103)
TEID:0x179E3645, Message type: GTP_CREATE_PDP_CONTEXT_RES_MSG
(0x11) >>>1st Create PDP Response
Sequence Number:: 0x7B16 (31510)

----------------------------------------------------------------------
(Switching Trace) - New Incoming Call:
----------------------------------------------------------------------
MSID/IMSI : <> Callid : <>
IMEI : <> MSISDN : <>
Username : <> SessionType : ggsn-pdp-type-ipv4
Status : Active Service Name: GGSN_SVC
Src Context : <>
----------------------------------------------------------------------

INBOUND>>>>> 21:50:41:346 Eventid:47000(3)
GTPC Rx PDU, from <IP>:34273 to <IP>:2123 (213)
TEID: 0x00000000, Message type: GTP_CREATE_PDP_CONTEXT_REQ_MSG
(0x10) >>>2nd PDP Request
Sequence Number:: 0x7B20 (31520)


***CONTROL*** 21:50:41:360 Eventid:10083
Sessmgr-80 Failed to allocate static IPv4 address <IP> mask 0xffffffff poolname
<Pool_name> for call (errcode=VPN_MSG_STATUS_DUPLICATE_INSTANCE)

<<<<OUTBOUND 21:50:41:363 Eventid:47001(3)
GTPC Tx PDU, from <IP>:2123 to <IP>:34273 (103)
TEID: 0x179E36C5, Message type: GTP_CREATE_PDP_CONTEXT_RES_MSG
(0x11) >>>2nd PDP Response
Sequence Number:: 0x7B20 (31520)


INBOUND>>>>> 21:58:04:155 Eventid:47000(3)
GTPC Rx PDU, from <IP>:34273 to <IP>:2123 (16)
TEID: 0x9D052050, Message type: GTP_DELETE_PDP_CONTEXT_REQ_MSG (0x14)
Sequence Number:: 0x801F (32799)


<<<<OUTBOUND 21:58:04:156 Eventid:47001(3)
GTPC Tx PDU, from <IP>:2123 to <IP>:34273 (14)
TEID: 0x179E36C5, Message type: GTP_DELETE_PDP_CONTEXT_RES_MSG (0x15)
Sequence Number:: 0x801F (32799)



***CONTROL*** 21:58:04:170 Eventid:10285
CALL STATS: msisdn <>, apn <apn_name>, imsi <>, Call-Duration(sec): 443
input pkts: 7 output pkts: 19
input bytes: 301 output bytes: 928
input bytes dropped: 0 output bytes dropped: 0
input pkts dropped: 0 output pkts dropped: 0
pk rate from user(bps): 0 pk rate to user(bps): 53
ave rate from user(bps): 0 ave rate to user(bps): 26
sust rate from user(bps): 0 sust rate to user(bps): 27
pk rate from user(pps): 0 pk rate to user(pps): 0
ave rate from user(pps): 0 ave rate to user(pps): 0
sust rate from user(pps): 0 sust rate to user(pps): 0
link online/active percent: 100
ipv4 bad hdr: 0 ipv4 ttl exceeded: 0
ipv4 fragments sent: 0 ipv4 could not fragment: 0
ipv4 input acl drop: 0 ipv4 output acl drop: 0
ipv4 bad length trim: 0
ipv4 input non-mip drop: 0 ipv4 output non-mip drop: 0
ipv4 input css drop: 0 ipv4 output css drop: 0
output gre xoff pkts drop: 0 output gre xoff bytes drop: 0
ipv4 output no-flow drop: 0
ipv4 source violations: 0 ipv4 early pdu drop: 0
ipv4 proxy-dns redirect: 0 ipv4 proxy-dns pass-thru: 0
ipv4 proxy-dns drop: 0 ipv4 proxy-dns redirect tcp connection: 0
ipv6 bad hdr: 0 ipv6 bad length trim: 0
ip source violation no acct: 0 ip source violation ignored: 0
dlnk pkts exceeded bw: 0 dlnk pkts violated bw: 0
uplnk pkts exceeded bw: 0 uplnk pkts violated bw: 0
Disconnect Reason: Remote-disconnect
Last Progress State: PDP-Type-IPv4-Connected

当“失败的错误分配静态IPv4地址<x.x.x.x>掩码0xffffffff poolname <pool_name >呼叫的(errcode =VPN_MSG_STATUS_DUPLICATE_INSTANCE)”出现和失败的会话创建,没有移动站点(MS) /UE分配同样IP地址。这用showsubscribers IP地址<x.x.x.x>命令验证

[local]ASR5x00#show subscribers ip-address <x.x.x.x>
No subscribers match the specified criteria

对于每成功请创建同一个用户的PDP, show subscriber的输出命令显示的IP地址<x.x.x.x> IP x.x.x.x映射以同样国际移动用户标识(IMSI)。

[local]ASR5x00# show subscribers ip-address <x.x.x.x>

Sunday October 12 21:51:36 PDT 2014

+-----Access (S) - pdsn-simple-ip (M) - pdsn-mobile-ip (H) - ha-mobile-ip

| Type: (P) - ggsn-pdp-type-ppp (h) - ha-ipsec (N) - lns-l2tp

| (I) - ggsn-pdp-type-ipv4 (A) - asngw-simple-ip (G) - IPSG

| (V) - ggsn-pdp-type-ipv6 (B) - asngw-mobile-ip (C) - cscf-sip

| (z) - ggsn-pdp-type-ipv4v6

| (R) - sgw-gtp-ipv4 (O) - sgw-gtp-ipv6 (Q) - sgw-gtp-ipv4-ipv6

| (W) - pgw-gtp-ipv4 (Y) - pgw-gtp-ipv6 (Z) - pgw-gtp-ipv4-ipv6

| (@) - saegw-gtp-ipv4 (#) - saegw-gtp-ipv6 ($) - saegw-gtp-ipv4-ipv6

| (p) - sgsn-pdp-type-ppp (s) - sgsn (4) - sgsn-pdp-type-ip

| (6) - sgsn-pdp-type-ipv6 (2) - sgsn-pdp-type-ipv4-ipv6

| (L) - pdif-simple-ip (K) - pdif-mobile-ip (o) - femto-ip

| (F) - standalone-fa (J) - asngw-non-anchor

| (e) - ggsn-mbms-ue (i) - asnpc (U) - pdg-ipsec-ipv4

| (E) - ha-mobile-ipv6 (T) - pdg-ssl (v) - pdg-ipsec-ipv6

| (f) - hnbgw-hnb (g) - hnbgw-iu (x) - s1-mme

| (a) - phsgw-simple-ip (b) - phsgw-mobile-ip (y) - asngw-auth-only

| (j) - phsgw-non-anchor (c) - phspc (k) - PCC

| (X) - HSGW (n) - ePDG (t) - henbgw-ue

| (m) - henbgw-sg

| (D) - bng-simple-ip (l) - pgw-pmip (u) - Unknown

|

|+----Access (X) - CDMA 1xRTT (E) - GPRS GERAN (I) - IP

|| Tech: (D) - CDMA EV-DO (U) - WCDMA UTRAN (W) - Wireless LAN

|| (A) - CDMA EV-DO REVA (G) - GPRS Other (M) - WiMax

|| (C) - CDMA Other (N) - GAN (O) - Femto IPSec

|| (P) - PDIF (S) - HSPA (L) - eHRPD

|| (T) - eUTRAN (B) - PPPoE (F) - FEMTO UTRAN

|| (H) - PHS (.) - Other/Unknown

||

||+---Call (C) - Connected (c) - Connecting

||| State: (d) - Disconnecting (u) - Unknown

||| (r) - CSCF-Registering (R) - CSCF-Registered

||| (U) - CSCF-Unregistered

|||

|||+--Access (A) - Attached (N) - Not Attached

|||| CSCF (.) - Not Applicable

|||| Status:

||||

||||+-Link (A) - Online/Active (D) - Dormant/Idle

||||| Status:

|||||

|||||+Network (I) - IP (M) - Mobile-IP (L) - L2TP

||||||Type: (P) - Proxy-Mobile-IP (i) - IP-in-IP (G) - GRE

|||||| (V) - IPv6-in-IPv4 (S) - IPSEC (C) - GTP

|||||| (A) - R4 (IP-GRE) (T) - IPv6 (u) - Unknown

|||||| (W) - PMIPv6(IPv4) (Y) - PMIPv6(IPv4+IPv6) (R) - IPv4+IPv6

|||||| (v) - PMIPv6(IPv6)

||||||

||||||

vvvvvv CALLID MSID USERNAME IP TIME-IDLE

------ -------- --------------- ---------------------- -------------------- ---------

IECNAI <> <> name@apn_name x.x.x.x 00h00m57s

从跟踪注意到有非常短时间(~20ms) PDP的删除和创建之间。这就是为什么网关拒绝与错误代码VPN_MSG_STATUS_DUPLICATE_INSTANCE的PDP。

最初的APN配置

apn apn_name

bearer-control-mode mixed

selection-mode subscribed sent-by-ms chosen-by-sgsn

accounting-mode none

gtpp group CGF1 accounting-context <context_name>

gtpp group CGF2 accounting-context <context_name>

gtpp group CGF3 accounting-context <context_name>

gtpp group CGF4 accounting-context <context_name>

idle-timeout-activity ignore-downlink

apn-ambr rate-limit direction downlink burst-size auto-readjust
duration 1 violate-action drop

apn-ambr rate-limit direction uplink burst-size auto-readjust
duration 1 violate-action drop

ims-auth-service <service name>

timeout idle 14400

ip access-group onegas.com in

ip access-group onegas.com out

ip source-violation check drop-limit 0

ip context-name <context name>

ip address pool name <pool name>

active-charging rulebase <Rulebase>

exit

一个想法是减少地址保持计时器,但是“地址保持计时器的”概念是仅可适用的为动态IP地址分配和不为静态分配。

这也被登记了实验室:

[Gi](config-ctx)#

ip pool SIMPLE-POOL a.b.c.d 255.255.0.0 static address-hold-timer 100

Failure: Hold timer can not be configured for this pool

注意:当“地址保持计时器”启用时,并且活动订户被断开, IP地址仍然保持或考虑在使用中和没有返回到自由的状态,直到地址保持计时器超时。这启用在指定的时间长度内重新连接的用户(以秒钟)从IP池获取同样IP地址。

根本原因

当有删除PDP请求(DPR)时和创建PDP请求(CPR)之间的一个小规模差距同样IMSI的, RADIUS服务器返回同一个静态地址。

当DPR由ASR 5x00时接收处理DPR并且接受新的CPR,同时,但是保持静态IP地址并且仍然采取一些时间(250ms)为了vpnmgr能发布/冲洗地址。因为新的CPR来,在充足的这完成前, ASR 5x00拒绝新的CPR。

在这种情况下, PDP的删除的之间PDP的时间间隙和创建非常小。

在数据包捕获图表中,您能看到时间间隙(显示在红色块)删除PDP之间并且创建PDP非常小。

您应该盼望250毫秒延迟在删除和创建之间的同一个地址的IP地址分配能是成功的。

这是分布式体系结构的设计需求。请参阅在Solution部分的应急方案为了避免静态地址分配的所有影响。

解决方案

请参阅在网关应用的此配置应急方案。

 config   

context <>

ggsn-service <>

newcall duplicate-subscriber-requested-address accept

exit

此命令启用或功能失效新建的呼叫连接,当UE不能从企业信息包数据网络时(PDN)温文地断开,在尝试通过另一访问方法前重新连接。当启用,此命令切断旧有会话为了接受与同一个IP地址分配的新连接。

此命令也允许GGSN接受一个要求一个静态用户地址,即使另一会话已经使用地址。如果此功能没有启用,一新要求用另一会话的同样IP地址将拒绝。


相关的思科支持社区讨论

思科支持社区是您提问、解答问题、分享建议以及与工作伙伴协作的论坛。


Document ID: 119150