Table Of Contents
Cisco Packet Data Serving Node (PDSN) Release 4.0 for Cisco IOS Release 12.4(15)XR
Mobile IP Dynamic Home Address Deletes Older Sessions With Different IMSI
PMTU Discovery by Mobile IP Client
Features From Previous Releases
Simple IP Based Service Access
Mobile IP Based Service Access
Session Redundancy Infrastructure
AAA - Authentication and Authorization
Configuring PDSN Session Redundancy
Configuring PDSN Session Redundancy Infrastructure
Protocol Layering and RP Connections
Identification of Data Packets For SDB Indication
SDB Indicator Marking for PPP Control Packets
Session Creation—A11 Registration Request
Configuring Multiple Service Connections
Configuring the Subscriber QoS Profile
Configuring Per-Flow Accounting
Configuring Call Admission Control on the PDSN
Resource Revocation for Mobile IP
Subscriber Authorization Based on Domain
Volume-based Prepaid Data Service Flow
Duration-based Prepaid Data Service Flow
Volume-based Prepaid Data Service with Tariff Switching
Support for G17 Attribute in Acct-Stop and Interim Records
Configuring Subscriber Qos Profile to PCF
Configuring Bandwidth Policing
Configuring VSAs in Subscriber QoS Profiles
Mobile IP Call Processing Per Second Improvements
Cisco Proprietary Prepaid Billing
Hardware IPSec Acceleration Using IPSec Acceleration Module—Static IPSec
Conditional Debugging Enhancements
Enhancements Prior to Release 3.0
Electronic Serial Number (ESN) in Billing
Support for Mobile Equipment Indentifier (MEID)
PDSN Cluster Controller / Member Architecture
PDSN Controller-Member Clustering
Upgrading the Controller PDSN Software from R1.2 to R2.0
Upgrading the Member PDSN Software from R1.2 to R2.0 and Above
Related Features and Technologies
Supported Standards, MIBs, and RFCs
Determining the Software Version
Upgrading to a New Software Release
Creating the CDMA Ix Interface
Creating a Virtual Template Interface and Associating It With the PDSN Application
Enabling R-P Interface Signaling
Configuring User Session Parameters
Configuring PDSN Session Redundancy Infrastructure
Configuring AAA in the PDSN Environment
Configuring RADIUS in the PDSN Environment
Configuring Prepaid in the PDSN Environment
Enabling VPDN in a PDSN Environment
Configuring Proxy Mobile IP Attributes Locally
Configuring Mobile IP Security Associations
Configuring PDSN Cluster Controller
Configuring PDSN Cluster Member
Configuring A11 Session Updates
Configuring SDB Indicator Marking
Configuring SDB Indicator Marking for PPP Control Packets
Configuring Mobile IP Resource Revocation on the PDSN
Configuring Closed-RP Interfaces
Configuring Short Data Burst Flagging
Configuring PDSN Accounting Events
Configuring CDMA RADIUS Attributes
Monitoring and Maintaining the PDSN
Cisco PDSN Configuration for Simple IP
Cisco PDSN Configuration for Simple IP with VPDN
Cisco PDSN Configuration for Mobile IP
Combined Configuration for Cisco PDSN
Session Redundancy Configuration Examples
Simple IPV6 Configuration Example
AAA Authentication and Authorization Profile
AAA Profiles for Various Service Types
Authentication and Authorization RADIUS Attributes
Accounting Services RADIUS Attributes
Mandatory AVPs in Connection Setup/Release Messages
Q.931 Cause Codes Used in Call Disconnect Notify Message
Cisco Packet Data Serving Node (PDSN) Release 4.0 for Cisco IOS Release 12.4(15)XR
Feature History
Release 4.0 of the Cisco PDSN software. The following new features are introduced:
•
Subscriber QoS Policy (both downloading per-user profile from AAA and configuring a local profile
•
•
•
12.4(15)XN
Release 3.5 of the Cisco PDSN software. The following new features are introduced:
12.3(14)YX8
Updates to the PDSN Command Reference, including the following commands:
•
•
Deleted sections on ODAP and PDSN Selection Peer-to-Peer clustering.
12.3(14)YX1
Release 3.0 of the Cisco Packet Data Serving Node (PDSN) software. The following new feature is introduced:
12.3(14)YX
Release 3.0 of the Cisco Packet Data Serving Node (PDSN) software. The following new features are introduced:
•
•
•
12.3(11)YF3
Added support for Mobile IP Dynamic Home Address Deletes Older Sessions With Different IMSI.
The following new command was added:
•
12.3(11)YF2
Added support for Identification of Data Packets For SDB Indication, SDB Indicator Marking for PPP Control Packets, and Support for G17 Attribute in Acct-Stop and Interim Records.
The following new commands were added or modified:
•
•
•
12.3(11)YF1
A restriction for Registration Revocation was removed.
New commands were added, including:
•
•
•
•
Existing commands were modified, including:
•
•
•
•
12.3(11)YF
Release 2.1 of the Cisco Packet Data Serving Node (PDSN) software. Four new features were added, including the Closed-RP Interface.
12.3(8)XW
Release 2.0 of the Cisco Packet Data Serving Node (PDSN) software.
12.3(4)T
This feature was integrated into Cisco IOS Release 12.3(4)T.
12.2(8)ZB8
One new CLI command was added.
12.2(8)ZB7
Six CLI commands were added or modified.
12.2(8)ZB6
Two CLI commands were added or modified.
12.2(8)ZB5
Four new CLI commands were added.
12.2(8)ZB1
This feature was introduced on the Cisco 7600 Internet Router.
12.2(8)ZB
This feature was introduced on the Cisco Catalyst 6500 Switch.
12.2(8)BY
This feature was introduced on the Cisco 7200 Series Router.
This document describes the Cisco Packet Data Serving Node (PDSN) software for use on the Cisco Multi-processor WAN Application Module (MWAM) that resides in the Cisco Catalyst 6500 Switch, and the Cisco 7600 Internet Router. It includes information on the features and functions of the product, supported platforms, related documents, and configuration tasks.
This document includes the following sections:
•
•
•
Feature Overview
A PDSN provides access to the Internet, intranets, and Wireless Application Protocol (WAP) servers for mobile stations using a Code Division Multiple Access 2000 (CDMA2000) Radio Access Network (RAN). The Cisco PDSN is a Cisco IOS software feature that runs on SAMI cards on the Cisco 7600 Internet Router, where it acts as an access gateway for Simple IP and Mobile IP stations. It provides foreign agent (FA) support and packet transport for virtual private networking (VPN). It also acts as an Authentication, Authorization, and Accounting (AAA) client.
The Cisco PDSN supports all relevant 3GPP2 standards, including those that define the overall structure of a CDMA2000 network, and the interfaces between radio components and the PDSN.
System Overview
CDMA is one of the standards for Mobile Station communication. A typical CDMA2000 network includes terminal equipment, mobile termination, base transceiver stations (BTSs), base station controllers (BSCs / PCFs), PDSNs, and other CDMA network and data network entities. The PDSN is the interface between a BSC / PCF and a network router.
Figure 1 illustrates the relationship of the components of a typical CDMA2000 network, including a PDSN. In this illustration, a roaming mobile station user is receiving data services from a visited access provider network, rather than from the mobile station user's subscribed access provider network.
Figure 1 The CDMA Network
As the illustration shows, the mobile station, which must support either Simple IP or Mobile IP, connects to a radio tower and BTS. The BTS connects to a BSC, which contains a component called the Packet Control Function (PCF). The PCF communicates with the Cisco PDSN through an A10/A11 interface. The A10 interface is for user data and the A11 interface is for control messages. This interface is also known as the RAN-to-PDSN (R-P) interface. Figure 2 illustrates the communication between the RAN and the Cisco PDSN.
Figure 2 RAN-to-PDSN Connection: the R-P Interface
The IP networking between the PDSN and external data networks is through the PDSN-to-intranet/Internet (Pi) interface. For the Cisco PDSN Release 2.0 and above, you can use either an FE or GE interface as the Pi interface.
For "back office" connectivity, such as connections to a AAA server, or to a RADIUS server, the interface is media independent. Any of the interfaces supported on the Cisco 7206 can be used to connect to these types of services; however, Cisco recommends that you use either an FE or GE interface.
How PDSN Works
When a mobile station makes a data service call, it establishes a Point-to-Point Protocol (PPP) link with the Cisco PDSN. The Cisco PDSN authenticates the mobile station by communicating with the AAA server. The AAA server verifies that the user is a valid subscriber, determines available services, and tracks usage for billing.
The method used to assign an IP address and the nature of the connection depends on service type and network configuration. Simple IP operation and Mobile IP operation are referred to as service types. The service type available to a user is determined by the mobile station, and by the type of service that the service provider offers. In the context of PDSN, a mobile station is the end user in both Simple IP and Mobile IP operation.
Once the mobile station is authenticated, it requests an IP address. Simple IP stations communicate the request using the Internet Protocol Control Protocol (IPCP). Mobile IP stations communicate the request using Mobile IP registrations.
The following sections describe the IP addressing and communication levels for each respective topic:
•
Cisco PDSN Simple IP
With Simple IP, a service provider's Cisco PDSN assigns a dynamic or static IP address to the mobile station during the PPP link setup. The mobile station retains this IP address as long as it is served by a radio network that has connectivity to the address-assigning PDSN.
Therefore, as long as the mobile station remains within an area of RANs that is served by the same PDSN, the MS can move or roam inside the coverage area and maintain the same PPP links. If the mobile station moves outside the coverage area of the given PDSN, the mobile station is assigned a new IP address, and any application-level connections are terminated.
Note
Figure 3 illustrates the placement of the Cisco PDSN in a Simple IP scenario.
Figure 3 CDMA Network - Simple IP Scenario
Cisco PDSN Simple IP with VPDN Scenario
A Virtual Private Data Network (VPDN) allows a private network dial-in service to span to remote access servers called Network Access Servers (NAS). Figure 4 illustrates a VPDN connection in the PDSN environment with Simple IP. In this scenario, the PDSN is acting as the NAS.
Figure 4 CDMA Network —Simple IP with VPDN Scenario
A VPDN connection is established in the following order:
1.
2.
3.
The PPP client is forwarded through a Layer 2 Tunneling Protocol (L2TP) tunnel over User Datagram Protocol (UDP).
4.
Cisco PDSN Mobile IP
With Mobile IP, the mobile station can roam beyond the coverage area of a given PDSN and still maintain the same IP address and application-level connections.
Figure 5 shows the placement of the Cisco PDSN in a Mobile IP scenario.
Figure 5 CDMA Network —Mobile IP Scenario
The communication process occurs in the following order:
1.
2.
As part of the registration process, the HA creates a binding table entry to associate the mobile station's home address with its Care-of address.
Note
3.
4.
5.
6.
7.
Note
Mobile IP Dynamic Home Address Deletes Older Sessions With Different IMSI
The PDSN cannot recognize 1xRTT to EVDO as a handoff due to a change of IMSI. The result is that the "cdma-reason-ind" in the account stop message will not reflect the same.
By default, the PDSN keeps the first call session if the Mobile does a static home address. In this release, the PDSN supports deleting the first call session for dynamic home address cases (for example, 1x-RTT to EVDO handoff where the IMSI changes during the handoff).
The old call scenario is established as follows:
1.
2.
3.
A new CLI is introduced in this release that allows you to delete the old session. When you issue the ip mobile cdma imsi dynamic command, the PDSN releases the old session and allows the new session to come up.
PMTU Discovery by Mobile IP Client
FTP upload and ping from the end node may fail when PMTU Discovery (done by setting the DF bit) is done by a MobileIP client (an end node) for packet sizes of about 1480. Due to failure of PMTUD algorithm, the IP sender will never learn the smaller path MTU, but will continue unsuccessfully to retransmit the too-large packet, until the retransmissions time out.
Please refer to http://www.cisco.com/warp/public/105/38.shtml#2000XP for disabling PMTUD for Windows 2000/XP platforms.
Cisco PDSN Proxy Mobile IP
Currently, there is a lack of commercially-available Mobile IP client software. Conversely, PPP, which is widely used to connect to an Internet Service Provider (ISP), is ubiquitous in IP devices. As an alternative to Mobile IP, you can use Cisco's proxy Mobile IP feature. This capability of the Cisco PDSN, which is integrated with PPP, enables a Mobile IP FA to provide mobility to authenticated PPP users.
Note
The communication process occurs in the following order:
1.
2.
3.
4.
5.
6.
PDSN on SAMI
The SAMI blade supports the feature set of PDSN Release 4.0, and a Cisco Catalyst 6500 or Cisco 7600 chassis will support a maximum of 6 application modules. Each application module supports 5 IOS images, each with access to 2 Gigabytes of RAM. Each of these images can function as a PDSN.
Additionally, instances of the cluster controller functionality will be configured as required. One active and one standby controller are required for a cluster of 48 PDSN instances or less. Each PDSN image supports 25,000 user sessions. For every 10 PDSNs configured in the chassis, one active and one standby controller is required. Internal to the chassis, the PDSN images are configured on the same VLAN in order to support the Controller-Member architecture (although the architecture itself does not require this). Load balancing external to the chassis is determined by the physical proximity of the chassis and the network architecture. It is possible that you require both a VLAN approach, and a more traditional routed approach.
Migration Scenarios
The following table lists currently available or planned PDSN Releases and the migration path to the SAMI platform:
Based on Table 2, there are many possible migration scenarios. In this section, we focus on those scenarios closest to current customer deployments. The actual migration path has to be determined per-customer end-to-end deployment. Additionally, migration should be engineered, and we recommend that you perform the migration in a maintenance window.
Customers may take this opportunity to redesign their network, for example, redesigning IP addresses scheme and configuring the routing protocols, network connectivity between PDSN and Home Agent, application connectivity between PDSN and AAA servers, routing on the new SAMI PDSN / Home Agent, etc.
Table 2 lists the most common migration scenarios:
For all of these migration plans, both hardware and software configurations have significant changes. This requires prudent operation planning and network redesign. The Migration Steps section describes the possible migration steps to minimize both network reconfiguration and service disruption.
Migration Steps
Migration to the Cisco PDSN R4.0 image is more than replacing MWAM modules with SAMI modules. Your migration should be well planned and conducted in a way that has minimal impact on the existing mobile subscriber's service connections.
Here are the migration tasks that are based on the scenarios that were previously established in Table 2.
Features
New Features in This Release
This section lists the features of the Cisco 4.0 PDSN Release:
•
•
•
•
Features From Previous Releases
This section lists features that were introduced prior to Cisco PDSN Release 4.0:
•
Inter-user priority attribute is used by the PCF to schedule packets to the mobile node. This attribute is received by the PDSN from AAA in a RADIUS access-accept message.
•
This Home Area attribute is defined by Lucent, and is received by the PDSN from AAA in a RADIUS access-accept message.
•
The PDSN polices downstream traffic towards the mobile node based on the "maximum authorized aggregate bandwidth" 3GPP2 attribute, downloaded from AAA.
•
–
•
•
•
•
–
–
•
–
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Note
Note
Note
P indicates that this feature is only available with a Premium license.
* Requires appropriate hardware support.
Note
PDSN Performance Metrics
Cisco PDSN Release 4.0 delivers the following performance improvements compared to Release 3.0 and R3.5 :
•
Performance Metrics on the Cisco 7600 series platform are as follows. The quoted figures are per image, and each SAMI can support 6 PDSN images.
•
•
•
•
•
Packet Data Service Access
The PDSN supports two types of service accesses. The type of service access for a mobile session is determined by the capabilities of the mobile station:
•
•
Simple IP Based Service Access
The PDSN facilitates a mobile user to access the internet and corporate intranet by using Simple IP based service access. Simple IP mode of access, however, limits user mobility to the coverage area of the serving PDSN. Inter-PDSN handoff causes re-negotiation of PPP between the mobile station and the new PDSN. The old IP address assigned at the previous PDSN can usually not be assigned to the mobile user from the new PDSN, and results in reset and restart of user applications.
Some of the salient features for Simple IP based service access include:
•
•
•
•
•
•
•
•
•
•
•
•
•
User NAI is available during the PPP CHAP/PAP authenticating phase. Domain name information in the NAI determines the domain responsible for user authentication. Based on the type of packet routing model, Simple IP based service access can be categorized as follows.
•
•
•
Simple IP Routed Access
After receiving username and password during PPP LCP negotiations, the PDSN forwards authentication information to the local AAA server via an access request message. This, in turn, may be proxied to the AAA server in the user's home domain, via broker AAA servers, if necessary. On successful authentication, the user is authorized services based on its service profile. User Class/CDMA_IPTECH information, along with other authorization parameters are returned to the PDSN using an access accept message from the home AAA. On successful negotiation of an IP address, Simple IP based services are made available to the mobile user.
Simple IP routed access method is applicable for users that are not configured for VPDN or proxy-Mobile IP services. With PPP terminated at the PDSN, uplink user traffic is routed towards the IP network from the PDSN. The address assigned to the mobile user would be from within the PDSN routable domain. Private addresses may also be used if a NAT is configured. User mobility is limited to the PDSN coverage area. Inter-PCF handoffs do not disrupt service. Inter-PDSN handoffs, however, result in PPP renegotiation at the new PDSN, another IP address being assigned at the new PDSN, and reset and restart of user applications.
Simple IP VPDN Access
After receiving username and password during PPP LCP negotiations, the PDSN forwards authentication information to the local AAA server via an access request message. This, in turn, may be proxied to the AAA server in the user's home domain, via broker AAA servers, if necessary. On successful authentication, the user is authorized services based on user's service profile. If the user is configured for VPDN based access services, User Class information, along with other authorization parameters including tunneling options and tunneling parameters, are returned to the PDSN via an access accept message from the home AAA. The following types of VPDN services are supported at the PDSN:
L2TP - Layer 2 Tunneling Protocol
For L2TP type layer2 tunneling, the PDSN establishes an L2TP tunnel with the tunneling endpoints specified by the tunneling parameters. The L2TP tunnel would be established between the LAC at the PDSN and LNS at the NAS in user's home domain. The PPP connection would be between the mobile station and the LNS in the home network. Despite the PPP connection termination at the LNS, the PDSN monitors the PPP session for inactivity. Status of the PPP connection is also linked with the state of the underlying A10 connection. PPP connection is deleted when the underlying A10 connection is deleted. IPSec encryption methods can also be enabled over the L2TP tunnels for enhanced security.
On successful negotiation of an IP address between the mobile and the LNS, IP-based services are made available to the mobile.
The LNS may be configured to authenticate the mobile user based on the challenge and challenge response information from the PDSN. Additionally, the LNS may also be configured to challenge the user again after the layer2 tunnel has been established. The following authentication options are supported for L2TP:
•
The LAC (PDSN) challenges the mobile user and forwards authentication relabted information to the LNS as part of tunnel setup parameters. The LNS may be configured to authenticate the user either locally or via the home AAA, based on the authentication related information from the LAC (PDSN). On successful authentication, the mobile and the LNS proceed with the IPCP phase and negotiate an IP address for the user session. Call establishment procedures for this scenario are illustrated in Figure 16.
•
The LAC (PDSN) challenges the mobile and forwards authentication related information to the LNS as part of tunnel setup parameters. The LNS may be configured to authenticate the user either locally or via the home AAA, based on the authentication related information from the LAC (PDSN). On successful authentication, the LNS challenges the mobile again. After successful authentication, the LNS and the mobile proceed with IPCP phase and negotiate the IP address for the user session.
Proxy-Mobile IP Access
After receiving username and password during PPP LCP negotiations, the PDSN forwards authentication information to the local AAA server via an access request message. This, in turn, may be proxied to the AAA server in the user's home domain, using broker AAA servers, if necessary. On successful authentication, the user is authorized services based on its service profile. User Class information, along with other authorization parameters are returned to the PDSN via an access reply from the home AAA.
If the user is configured for proxy-Mobile IP based access, authorization parameters from the home AAA include the Home Agent (HA) address, and the security parameter (SPI) to be used for computing the MN-HA Authentication extension for the mobile station. The Home Agent is allocated from the list of Home Agents configured at the home AAA server. Round robin or hashing algorithms based on user NAI can be used for allocating a Home Agent at the AAA. Other authorization attributes returned from the AAA include MN-AAA authenticating extension as defined in RFC 3012. Based on this information, the PDSN performs proxy-Mobile IP procedures on behalf of the mobile user by sending a Mobile IP Registration Request message to the allocated HA. On successful authentication of the mobile with the AAA, and registration at the Home Agent, the Home Agent assigns a home address for this mobile user This address is returned to the mobile during IPCP IP address negotiation phase.
On successful negotiation of an IP address, proxy-Mobile IP based services are made available to the mobile user. To the mobile, these services are no different from Simple IP services with tunneling being done via the Home Agent. This feature, however, extends the coverage area of the call beyond coverage area of the serving PDSN. If, as a result of a handoff event, another PDSN is allocated to the call, the target PDSN performs Mobile IP registration with the Home Agent thereby ensuring that the same home address is allocated to the mobile.
Mobile IP Based Service Access
The PDSN allows a mobile station with Mobile IP client function, to access the internet and corporate intranet using Mobile IP based service access. With this mode of service access, user mobility is extended beyond the coverage area of currently serving PDSN. Resulting from a handoff, if another PDSN is allocated to the call, the target PDSN performs Mobile IP registration with the Home Agent thereby ensuring that the same home address is allocated to the mobile.
Some of the salient features for Mobile IP services access include:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
A Mobile IP capable mobile client may be configured to skip PAP/CHAP based authentication during the PPP LCP phase. Once the PPP is established, the PDSN sends a burst of Mobile IP Agent Advertisement messages that include the Mobile IP Agent Advertisement Challenge extension specified in RFC 3012. The number and timing of the burst is configurable. The mobile user responds with a Mobile IP Registration Request message that includes the mobile user's NAI and MN-FA Challenge extension in response to the challenge in the Agent Advertisement message. If the mobile user does not respond to the initial burst, advertisements can be solicited.
The Foreign Agent function at the PDSN can be configured to authenticate the mobile user by forwarding an access request message to the local AAA server. The local AAA server would proxy the message to the home AAA server, via broker AAA server(s), if necessary. On successful authentication, the home AAA may assign a Home Agent to the call and return its address in the access reply message. Other authorization parameters in the access-reply message include the SPI and IPSec shared key to be used between the FA and the HA. The PDSN/FA and Home Agent establish a secure IPSec tunnel, if required, and the PDSN/FA forwards the Registration Request message to the Home Agent. The Registration Request message includes the NAI and MN-FA-Challenge Extension also. It may also include MN-AAA Authentication extension.
The Home Agent can be configured to authenticate the mobile again with the home AAA. On successful authentication and registration, the Home Agent responds with a Registration Reply message to the PDSN/FA, which is forwarded to the mobile station. The Registration Reply message contains the home address also (static or dynamically assigned) for the user session.
Potential home addresses are available to the PDSN from the following:
•
•
•
The mobile may be configured to perform PPP PAP/CHAP authentication in addition to performing Foreign Agent Challenge based authentication specified in RFC 3012. In this case the PDSN would support one Simple IP flow, in addition to one or more Mobile IP flows.
For Mobile IP services, the Home Agent would typically be located within an ISP network or within a corporate domain. However, many of the ISPs and/or corporate entities may not be ready to provision Home Agents by the time service providers begin rollout of third-generation packet data services. Access service providers could mitigate this situation by provisioning Home Agents within their own domain, and then forward packets to ISPs or corporate domains via VPDN services.
Binding Update Procedures
When a mobile first registers for packet data services, a PPP session and associated Mobile IP flow(s) are established at the PDSN. In the event of an inter-PDSN handoff, another PPP session is established at the target PDSN, and the mobile registers with the Home Agent via the new PDSN/FA. The Visitor list binding and the PPP session at the previous PDSN are, however, not released until the PPP inactivity timer expires.
Idle/unused PPP sessions at a PDSN consume valuable resources. The Cisco PDSN and Home Agent support Mobile IP Resource Revocation as defined in IS83C and Cisco Proprietary Binding Update and Binding Acknowledge messages for releasing such idle PPP sessions as soon as possible. Mobile IP Resource Revocation is described in Section 16 in greater detail
If Cisco Proprietary binding update feature is used, in the event of an inter-PDSN handoff and Mobile IP registration, the Home Agent updates mobility binding information for the mobile with the Care-of-Address (COA) of the new PDSN/FA. If simultaneous bindings are not enabled, the Home Agent sends a notification in the form of a Binding Update message to the previous PDSN/FA. The previous PDSN/FA acknowledges with Binding Acknowledge, if required, and deletes visitor list entry for the Mobile IP session. The previous PDSN/FA initiates the release of the PPP session when there are no active flows for that mobile station.
The sending of the binding update message is configurable at the Home Agent.
Note
Simple IPv6 Access
The PDSN simple IP service has been enhanced to allow both simple IPv4 and simple IPv6 access. These protocols can be used one at a time, or at the same time. The ipcp and the ipv6cp are equivalent for each protocol.
An IPv6 access uses the same PPP LCP authentication and authorization procedures, as well as the AAA access. When an RP connection is established, the MS sends a PPP Link Control Protocol (LCP) Configuration-Request for a new PPP session to the PDSN. The PPP authentication (CHAP/PAP/none) is one of the parameters negotiated during the LCP phase. After the LCP parameters are negotiated between the MS and the PDSN, an LCP Configure-Acknowledge message is exchanged. Once LCP is up, the PPP authentication is started.
The authentication phase uses CHAP, PAP, or none, depending on the configuration and LCP negotiation. After authentication, the NCPs, ipcp and/or ipv6cp, can be started. A simultaneous IPv4 and IPv6 access from an MS shares the common LCP authentication and authorization as well as the AAA correlation-id parameter.
The ipv6cp protocol negotiates a valid non-zero 64-bit IPv6 interface indentifier for the MS and the PDSN. The PDSN has only one interface-identifier associated with the PPP connection, so it will be unique. Once ipv6cp has been successfully negotiated, the PDSN and MS both generate unique link-local addresses for the IPv6 interface. The link-local addresses are generated by pre-pending the link-local prefix, FE80:/64, to the 64-bit interface-identifier negotiated during the ipv6cp phase (for example, FE80::205:9AFF:FEFA:D806). This gives a 128-bit link-local address.
The PDSN immediately sends an initial unsolicited Router Advertisement (RA) message on the PPP link to the MS. The link-local address of the PDSN is used as the source address and the destination address will be FF02::1, the "all nodes on the local link" IPv6 address. The PDSN includes a globally unique /64 prefix in the RA message sent to the MS. The prefix may be obtained from a local prefix pool or from AAA. The MS will construct a global IPv6 unicast address by prepending the prefix received in the RA to the lower 64-bit interface identifier. You should carefully configure the PDSNs so that the /64 prefix is globally unique for each MS.
After a successful ipv6cp negotiation phase and configuration of the link-local address, the MS transmits a Router Solicitation (RS) message if an RA message has not been received from the PDSN within some specified period of time. The RA is necessary for the MS to construct its 128-bit global unicast address.
In contrast to IPv4, an IPv6 MS will have multiple IPv6 addresses, including:
•
•
•
An IPv6 address is 128-bits for both source and destination addresses. The /64 designation means that 64-bits are used for the prefix (upper 64-bits). This is similar to an IPv4 netmask. A /128 address would mean that the entire address is used. Refer to RFC-3513 for additional IPv6 addressing details and information.
Configuring Simple IPV6
The following commands are used to configure simple IPV6 on the Cisco PDSN, and are listed in the Command Reference:
•
•
•
•
•
•
•
The following configuration commands are required for IPv6:
Global Configuration Commands
•
•
•
Virtual-template Interface Commands:
•
•
•
•
•
Other commands
•
Please refer to the Cisco IOS IPV6 Command Reference at the following URL for more detailed information regarding these configuration commands:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_book09186a00801d661a.html
Session Redundancy Infrastructure
New Features
In PDSN Release 4.0, a redundant PDSN is updated with the session details at the following two different times:
•
•
–
–
–
–
–
–
The new parameters introduced in this feature are synced to standby for both scenarios.
Functional Overview
PDSN session redundancy is focused on preserving user flows on fail-over. Support for the continuity of billing records, internal counters, and MIB variables is secondary. The following conditions need to exist for fail-over to be successful on the PDSN:
•
•
•
The PDSN Session Redundancy feature provides user session failover capability to minimize the impact of a PDSN failure on the mobile user experience. The PDSN uses a 1:1 redundancy model, with a standby present for every active PDSN. The active PDSN sends state information to the standby PDSN for synchronization on an as-needed basis. When a PDSN failure occurs, the standby PDSN has the necessary state information to provide service to all existing sessions. It then takes over as the active PDSN and services user sessions, thus providing session redundancy. When the previously active PDSN comes back online, it assumes the role of standby for the now active PDSN, and receives state information for all existing sessions from the newly active PDSN.
Under normal operating conditions, the active and standby PDSN pairs are two separate PDSN images that have identical configurations. They share one or more HSRP interfaces, which are used by all external entities to communicate with them. The active PDSN synchronizes session data to the standby PDSN based on events described below.
Session Events
When a new user session needs to be established, the PCF first sets up an A10 connection to the active PDSN using the HSRP address known to the PCF. The MN then sets up a PPP connection with the active PDSN using the A10 tunnel. Once the call is in a stable state (the PPP session is successful), the active PDSN then syncs relevant state information to the standby PDSN. The standby then duplicates the actions of the active PDSN with regards to the A10 connection and the PPP session, and awaits further updates from the active. When any of the other events as listed below occurs, the active PDSN sends state information to the standby.
In order to minimize the loss of accounting data in the event of a failover, a periodic accounting update, with configurable frequency shall run on the active PDSN. Every periodic update for a session shall trigger a sync sent to the standby PDSN, which shall update its accounting data. Only counters and attributes that undergo a change on the active PDSN are synced to the standby periodically. Information since the last accounting synchronization point will be lost. Also, in order to ensure that the latest information is correctly conveyed to the billing system, the standby unit will never send out any accounting records to the AAA server. The records are always sent from the Active Unit.
Session events that lead to a sync are:
•
•
•
•
•
•
•
•
•
Active PDSN Failure
In the event that the standby PDSN detects that the active PDSN has failed (using HSRP), it then takes over as the active PDSN. Since all external entities, including PCFs, AAA servers, and Home Agents are configured to communicate with the PDSN pair only using the HSRP addresses, once the standby PDSN takes over those addresses, they are unable to detect a failure. All stable calls also have their state synced to the standby; therefore the standby is able to start forwarding user traffic once it takes over as active. On the standby all timers (such as A11 lifetime, PPP timers, and Mobile IP lifetime) are started at the time it takes over as active. Accounting data is also synchronized to the extent that the periodic accounting sync timer has been configured on the PDSNs.
Standby PDSN Start-up
When a PDSN comes up when there is an existing active, it takes over the standby role. When the active PDSN learns that a standby PDSN is available, it goes through a process of transferring state data for all existing user sessions to the standby, called a Bulk Sync. Once this process is complete, the standby PDSN is then ready to take over as active in the event of a failure.
Handling Active-Active Scenario
If there is a link failure or a failure in an intermediate node, HSRP packets sent will not reach the peer and the standby node would assume that the active has reloaded and transitioned to active state. This leads to a situation of Active-Active PDSN nodes. The requirement is that, in case one of the PDSNs continues to receive traffic while the other is isolated from the network, it is ensured that the node which received traffic should remain active once the link is restored.
To achieve this, an application tracking object is introduced and HSRP priority is altered based on whether PDSN is processing traffic after the HSRP peer is lost. The PDSN will lower its HSPR priority once it detects that the peer PDSN is lost. Afterward, when the PDSN processes traffic (either control or data packets), it raises its priority back to the configured value. This helps to choose the active node after the link is restored between the PDSNs. So the node which received traffic in Active-Active situation remains to be Active after link restoration.
Other Considerations
A Redundancy Framework (RF) MIB is available in order to monitor the active and standby status of the two PDSNs. Other MIB variables and internal counters are not synchronized between the Active and Standby. They start from the values following IOS-Load or Reload on the backup image. The backup image is treated as a new box.
The PDSN redundant pair is treated as a single member by the cluster controller, and is transparent to the PDSN clustering mechanism. The cluster controller is oblivious to a failover from an active PDSN to its redundant standby.
Similarly, a PDSN redundant pair appears as a single PDSN to all external entities, such as the PCF, the HA, and the AAA server.
IPSec security associations for FA-HA connectivity are maintained across fail-over.
Note
Note
In Process Sync Events
The following subsections explain the expected behavior of the PDSN under session redundancy for various sync events in process.
Call Setup
The state of "sessions-in-progress" is not preserved during fail-over. Mechanisms such as R-P connection retry from the PCF will ensure that sessions will be established as required.
It is possible that a fail-over can occur when the PCF has established an R-P session for a user flow, but user flow establishment is not completed. In this case, fail-over will result in the R-P session not being present on the standby. The PCF will timeout the R-P session on the next R-P session lifetime refresh. If the user attempts to establish a new session during this time, a new session will be created.
Call Teardown
There are four scenarios for session termination. These include the following:
•
•
•
•
For each of these cases, session teardown is a multi-step process. For example, a fail-over can occur when a Registration Update message has been sent from the PDSN and the acknowledgement has not been received. In this case, the standby PDSN will already have been told to delete the session. The active PDSN will not wait for an update acknowledgement from the PCF.
If a fail-over occurs after sending the Registration Update to the PCF but before the standby has been told to delete the session, or the request to delete the session is lost, the session will remain established on the standby.
Another case is that the PPP context has been deleted as a result of mobile-initiated termination, and then fail-over occurs prior to the R-P session being terminated.
Similarly, expiry of the PPP Idle timer on the PDSN could also result in deletion of PPP context followed by fail-over prior to R-P session termination.
In these cases, either the Mobile IP Registration Lifetime or the PPP Idle Timeout will expire, and the session is terminated.
Flow Setup
Flows that are in the process of being established are not preserved. You will see this as failure to establish the flow, and you will have to re-establish the flow.
Flow Teardown
This section applies when a session has two or more flows. Currently only a MoIP call supports this case. For an SIP call, only one flow is allowed.
Although a MoIP flow is preserved after switchover, it is possible that registration lifetime expiration will lead to deletion of the flow. If the same user registers again before the lifetime expires, it will be considered as a re-registration since this is an existing visitor. However, the re-registration may or may not succeed, depending on the following conditions:
1.
2.
Dormant-Active Transition
The transition is synchronized between active and standby, and would fall into following scenarios:
1.
2.
However, packets will be switched and counted. The PDSN-related show commands may not show all the right information about the session. The subsequent transition from active to dormant will not cause difficulties as the session remains dormant on the PDSN.
3.
4.
Handoff
Inter-PCF Handoff (Dormant or Active) - Same PDSN
The most significant problem with hand-off is to re-establish the data path between the target PCF and the now-active PDSN for the preserved session, irrespective of whether this is an active or dormant handoff. Again, there is a window between handoff actually being completed and the state being synchronized within which a fail-over can occur.
These are the following scenarios:
1.
2.
3.
Inter-PCF Handoff (Dormant or Active) - Different PDSN
This kind of handoff is indicated to the PDSN by receipt of an A11 Registration Request containing the PANID and CANID. It also includes the Mobility Event Indicator and Accounting Data (R-P Session Setup Air-link Record). From the perspective of High Availability, this looks like a new session establishment on the newly active PDSN and a 'regular' session termination on the old PDSN.
A11 Re-registrations
A11 Re-registration RRQ is received by the active unit. The registration life timer does not start on the standby, but it keeps track of the life timer value so that it can restart the life timer once it becomes active. If the lifetime in the re-registration RRQ is different from the previous RRQ, the new lifetime is synced to the standby. For example, if a previous RRQ carries a lifetime of 300 seconds and now a new RRQ has the value changed to 500 seconds, the new value is synced to the standby. Other significant parameters included in the re-registration RRQ are also synced to the standby.
Now, in the above example, if the failover occurs before syncing the new lifetime to the standby, the standby will start the lifetime for 300 seconds.
PPP Re-negotiation
Upon PPP renegotiation, the PDSN deletes all the flows on the RP session and sends accounting STOP for each flow. Once PPP is up again, the PDSN creates new flow(s) for the session. Therefore, when PPP renegotiation happens on the active, the active unit will send a PPP renegotiation notification to the standby which will then delete all the flows from the RP session on the standby. Once PPP is up again and a new flow is created on the active, the active unit sends each flow's data to the standby. If the failover occurs during PPP re-negotiation, the re-negotiation will fail, and the session may be torn down on the newly active unit.
Other Considerations
Timers
The following timers are normally running when a session is established
•
•
•
•
The following timers may be running, depending on configuration
•
These timers are restarted on the standby when fail-over occurs, and the elapsed time is not synchronized to the standby. The effect will be to extend the timers beyond their original values by a time equal to the time that has already expired. This ensures that the user will not perceive a session failure on fail-over.
Restrictions
The following restrictions exist for the PDSN Session Redundancy Feature:
•
Setting the revocation timestamp to "msec" (ip mobile foreign-service revocation timeout 5 retransmit 4 timestamp msec) for PMIP flows with Session Redundancy is not permitted.
The "msec" option puts the uptime in the timestamp field, and the uptime of the standby router is expected to be lower after switchover when the standby PDSN takes over as active (and when the PMIP flow was closed). Therefore, revocation on HA will be ignored because the identifier value in the revocation message is less than what is expected by HA.
•
Internals
The following sections identify information that is synced to the standby unit:
AHDLC
The control character mapping per used AHDLC channel is preserved. As the default is normally used, only those that are different are synchronized. The AHDLC channel number is not synchronized; an available channel will be selected independently on the standby.
GRE - RP Interface
The GRE Key is synchronized. The flags are synchronized as the sequence flag can be set on a per user basis.
RP Signaling
The contents of the A11 messaging will be treated as described below.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
PPP
All LCP options are synchronized. For IPCP, only the IP address and IPHC parameters are synchronized. DNS server IP address negotiated during IPCP negotiation is not synchronized to the standby unit. All per user attributes downloaded from AAA during authentication/authorization are synchronized to the standby unit.
Compression - Header and Payload
There is no synchronization of compression context for either header or payload compression. Fail-over to a standby PDSN results in the compression context being re-established.
Header compression - First packet for a session after switchover is dropped, and peer retries the packet after acknowledge timeout.
Payload compression - There is no compression history present after switchover on the standby. A CCP reset is automatically generated when decode fails. No special treatment is needed.
IP Address Assignment
When an IP address is dynamically assigned from a pool configured on the PDSN, it is necessary that the standby associates the same address with the session. The IP address will be synchronized as part of PPP state. If the IP address is received from AAA or a static IP address is used that does not come from a local pool, this address will also be associated with the session on the standby. Similarly, the address pool will be synced.
AAA - Authentication and Authorization
Table 2 lists the relevant Authentication and Authorization parameters. This is required on the standby to allow accurate recreation of AAA state.
GPP2 Packet Data Service Attributes
Table 3 lists the 3GPP2 Packet Data Service Attributes.
AAA Accounting
GPP2 Accounting Records Fields
Table 4 identifies the GPP2 accounting records fields.
Radius Server Group Support
The IP address of the AAA server chosen will not be synchronized.
Mobile IP Signaling
For Mobile IP service, the parameters to be synchronized, per MIP flow, include the following:
•
•
•
•
•
•
•
•
Mobile IP Tunneled Traffic
This traffic is carried in either GRE tunnels or IP-in-IP tunnels. The only information that needs to be synchronized is the tunnel endpoint of the peer.
Locally Configured IPSec
For the PDSN on the Cat76xx, IPSec tunnels are terminated on the VPN Acceleration Module. The role of the PDSN is to retrieve parameters from AAA and, based on these, 'trigger' IPSec tunnel establishment. Synchronization of these parameters is sufficient to preserve IPSec tunnels in the event of PDSN fail-over for intra-chassis configurations. PDSN failover is not coupled with VPN Acceleration Module/SUP failover. Inter chassis configurations and intra-chassis SUP failover does not currently support stateful IPSec.
FA-HA IPSec
FA-HA IPSec tunnels will be preserved when PDSN on 7600 fail-over occurs for intra-chassis configurations. They will not be preserved for inter chassis configurations.
AAA Accounting
Periodic Accounting Sync
Accounting information is optionally synchronized between the active and standby images. This synchronization occurs at the configured periodic accounting interval. The counters that are synchronized are g1 and g2, along with the packet counts. Sending an Interim Accounting record will trigger synchronization of the byte and packet counts. Setting the operator-defined periodic accounting interval determines the accuracy of the user-billing record as impacted by PDSN fail-over. It is possible that undercharging could occur; however, overcharging is not possible.
Accounting with VSA Approach
After a switchover takes place, the first interim or stop accounting record (as appropriate) includes a VSA (cdma-rfswact) indicating that a switchover has occurred. The inclusion of this VSA is controllable by issuing the cdma pdsn redundancy accounting send vsa swact command.
Note
Here is a sample accounting debug with vsa:
Sep 13 18:23:10.179: RADIUS: Cisco AVpair [34] 16Sep 13 18:23:10.179: RADIUS: 63 64 6D 61 2D 72 66 73 77 61 63 74 3D 31 [cdma-rfswact=1]System Accounting
In a session redundancy setup, an accounting ON will be sent by the active unit only when the whole setup is brought up (accounting ON will not be sent by the newly active unit after a failover). The standby unit does not send any system accounting events under any scenarios. The events, however, are sent in a standalone mode.
A sys-off is sent if reload is issued on the active unit.
Configuring PDSN Session Redundancy
The following new commands have been introduced for PDSN Session Redundancy:
Enabling PDSN Session Redundancy
The active PDSN shall be able to synchronize the session and flow related data to its standby peer provided the redundancy capability has been enabled. By default this capability is disabled.
The commands syntax is as follows:
[no] cdma pdsn redundancy
When the above CLI is configured, session redundancy is enabled provided the underlying redundancy infrastructure has been configured. The redundancy functionality for PDSN is disabled when the above command with no is executed.
Periodic Accounting Counters Synchronization
The active PDSN by default will not try synchronizing accounting counters periodically. To enable periodic accounting counters synchronization, configure the following command:
[no] cdma pdsn redundancy accounting update-periodic
The no form of the command is used to go to the default behavior. When configured, the byte and packet counts for each flow are synced from the active to the standby unit (only if they undergo a change) at the configured periodic accounting interval (using aaa accounting update periodic xxx). If periodic accounting is not configured, the byte and packet counts will not be synced.
Debug Commands for PDSN-Session Redundancy
In order to facilitate the identification of problem areas of PDSN high availability, the following debug commands are introduced for debugging. All of these debug can be turned off using either undebug all or no debug all, if desired.
[no] debug cdma attribute
[no] debug cdma pdsn redundancy packets
To debug and collect any data pertaining to PDSN-SR, the above command is executed and the details pertaining to redundancy data is sent to the console.
[no] debug cdma pdsn redundancy errors
To debug the PDSN-SR redundancy errors the above command is executed and the details pertaining to A11 data is sent to the console.
[no] debug cdma pdsn redundancy events
To debug events for PDSN session redundancy events, above command is executed and the details pertaining to PDSN (e.g. RP) data is sent to the console.
Display of Redundancy Statistics
When a pair of PDSNs is operating in an active and a standby mode, it is desirable to show or display a variety of information about the sessions and its associated flows that have been synchronized to the standby. The following command shall allow the operator to view the session redundancy data for PDSN.
show cdma pdsn redundancy statistics
On execution the above command displays a number of data items; some of the examples are as follows:
–
–
–
–
–
Note
show cdma pdsn redundancy
On execution of this command, in addition to existing data being displayed, it will also output "pdsn redundancy is enabled," or "redundancy is not enabled," depending on whether the redundancy feature for PDSN has been turned on, or not.
Clearing of PDSN Session Redundancy Statistics
clear cdma pdsn redundancy statistics
On execution of this command, all the data counters associated with the PDSN session redundancy will be actualized to initial value.
Other Debug Commands
In addition to the PDSN-SR debugging commands described above, the following commands associated with high availability are also useful debugging aid:
debug redundancy inter-device
debug ccm
Other Show Commands
In addition to the PDSN-SR show commands described above, the following commands associated with high availability are also useful:
show redundancy inter-device
Configuring PDSN Session Redundancy Infrastructure
The PDSN-SR feature uses the Cisco IOS Check-point Facility (CF) to send stateful data over Stream Control Transmission Protocol (SCTP) to a redundant PDSN. Additionally, in conjunction with Cisco IOS HSRP, the PDSN uses the Cisco IOS Redundancy Facility (RF) to monitor and report transitions on Active and Standby PDSNs.
Before you configure PDSN-SR, you need to configure the inter-device redundancy infrastructure.
Configuring HSRP
The Hot Standby Router Protocol (HSRP) provides high network availability because it routes IP traffic from hosts on networks without relying on the availability of any single router. HSRP is used in a group of routers for selecting an Active router and a Standby router. HSRP monitors both the inside and outside interfaces so that if any interface goes down, the whole device is deemed to be down and the Standby device becomes active and takes over the responsibilities of an Active device.
When configuring HSRP, note that the following recommendation and restrictions apply:
•
–
–
–
–
•
•
Note
•
Use the same group number for each PDSN follow group as is defined for the primary group. Using the same group number for the primary and follow groups facilitates HRSP group setup and maintenance in an environment that contains a large number of PDSN interfaces and HRSP groups.
More information on HSRP configuration and HSRP groups can be found here:
http://www.cisco.com/en/US/partner/tech/tk648/tk362/tk321/tsd_technology_support_sub-protocol_home.html
and
http://www.cisco.com/en/US/partner/tech/tk648/tk362/technologies_configuration_example09186a0080094e90.shtml
Enabling HSRP and Configuring an HSRP Master Group
To enable HSRP on an interface and configure the primary group, use the following commands in interface configuration mode:
Step 1
Enables the HSRP on the interface.
Step 2
Set the Hot Standby priority used in choosing the active router. The priority value range is from 1 to 255, where 1 denotes the lowest priority and 255 denotes the highest priority. Specify that, if the local router has priority over the current active router, the local router should attempt to take its place as the active router.
Step 3
Specifies the name of the standby group.
Step 4
(Optional) Configures HSRP to use the burned-in address of an interface as its virtual MAC address instead of the preassigned MAC address.
Configuring Follow Groups
HSRP follow groups are configured to share the HSRP parameters of the primary group by defining a follow group on the interface using the standby interface configuration command with the follow keyword option specified. Interfaces that share a group track states together and have the same priority.
To configure an interface to follow a primary group, use the following command in interface configuration mode:
Step 1
Specifies the number of the follow group and the name of the primary group to follow and share status.
Note
Step 2
Specifies the group number and virtual IP address of the follow group.
Note
Enabling Inter-Device Redundancy
To enable inter-device redundancy, use the following commands beginning in global configuration mode.
Step 1
Configures redundancy and enters inter-device configuration mode.
To remove all inter-device configuration, use the no form of the command.
Step 2
Defines the redundancy scheme that is to be used. Currently, "standby" is the only supported scheme.
standby-group-name-Must match the standby name specified in the standby name interface configuration command (see the "Configuring HSRP" section). Also, the standby name should be the same on both PDSNs.
Step 3
Returns to global configuration mode.
Configuring the Inter-Device Communication Transport
Inter-device redundancy requires a transport for communication between the redundant PDSNs. This transport is configured using Interprocess Communication (IPC) commands.
To configure the inter-device communication transport between the two PDSNs, use the following commands beginning in global configuration mode:
Step 1
Configures the Inter-device Communication Protocol (IPC) and enters IPC zone configuration mode.
Use this command to initiate the communication link between the Active device and the Standby device.
Step 2
Configures an association between two devices and enters IPC association configuration mode.
In IPC association configuration mode, you configure the details of the association, such as the transport protocol, local port and local IP addresses, and the remote port and remote IP addresses.
Valid association IDs range from 1 to 255. There is no default value.
Step 3
Restarts a disabled association and its associated transport protocol. Note Shutdown of the association is required for any changes to the transport protocol parameters.
Step 4
Configures Stream Control Transmission Protocol (SCTP) as the transport protocol for this association and enables SCTP protocol configuration mode.
Step 5
Defines the local SCTP port number to use to communicate with the redundant peer and enables IPC Transport-SCTP local configuration mode.
Valid port numbers range from 1 to 65535. There is no default value.
Note
Step 6
Defines the local IP address that is used to communicate with the redundant peer. The local IP address must match the remote IP address on the peer router.
Step 7
Enables keepalive packets and specifies the number of times that the Cisco IOS software tries to send keepalive packets with a response before bringing down the interface or tunnel protocol for a specific interface.
Valid value for period is an integer value in seconds great than 0. The default is 10. Valid value for retries is an integer value greater than one and less than 355. The default is the previously used value or 5 if there was no value previously specified.
Step 8
Configures the message retransmission time. Valid range is 300 to 60000 milliseconds. The minimum default is 1000. The maximum default is 60000.
Step 9
Configures the maximum number of keep-alive retries before the corresponding destination address is marked inactive. Valid range is 2 to 10. The default is 5.
Step 10
Defines the maximum number of retransmissions over all destination addresses before an association is declared failed. Valid range is 2 to 20. The default is 10.
Step 11
Exits IPC transport - SCTP local configuration mode.
Step 12
Defines the remote SCTP port that is used to communicate with the redundant peer and enables IPC Transport-SCTP remote configuration mode. Valid port numbers range from 1 to 65535. There is no default.
Note
Step 13
Defines the remote IP address of the redundant peer that is used to communicate with the local device. All remote IP addresses must refer to the same device. To remove an association configuration, use the no form of the command.
Using the Loopback Interface For the PDSN-AAA Server Interface
To ensure that the AAA server views the active and standby units as a single NAS, the same NAS IP address should be used by both the units. Now, the NAS IP Address can be configured for the PDSN using the ip radius source-interface command. When configured, the IP address of that interface is used as the NAS IP Address.
However, the command does not support virtual IP addresses (HSRP). As a result, the only way to ensure that both the units appear as a single NAS is to configure a loopback interface, and use that interface as the source-interface. In short, the CLI would look something like:
ip radius source-interface Loopback1
Configuring Application Tracking to Handle Active-Active Situation
Step 1
Defines a tracking object for PDSN application.
Step 2
Associates the tracking object defined for PDSN with the HSRP config. HSRP would start tracking the state of this object. The configured decrement priority is used to change the HSRP priority based on the state of the tracking object. If the tracking object is "UP", HSRP will have the configured priority. If the tracking object is "DOWN", HSRP decrements its priority by the decrement priority specified in the standby track command.
Note
Protocol Layering and RP Connections
Each mobile station has a single PPP connection with the PDSN, and for each PPP connection there is a corresponding R-P connection between the PDSN and the Base Station/ PCF. R-P connection-related information is maintained for the duration of the PPP connection.
Additionally, the PPP connection and the associated HDLC, LCP, CCP and IPCP state information is also maintained for the duration of the packet data session. One Simple IP flow and several Mobile IP flows can be supported over a single PPP connection.
Note
Open RP Interface Connections
An R-P connection represents the logical tunnel between the PDSN and the Base Station/PCF. It enables bearer data for a PPP connection to be transported between the PDSN and the Base Station/PCF. R-P connection state information is maintained at the PDSN for the duration of the PPP connection. During handoff, the mobile station may connect the PDSN through another Base Station/PCF entity resulting in establishment of another R-P connection between the PDSN and the new Base Station/PCF. This results in the release of the R-P connection between the PDSN and the old Base Station/PCF.
R-P connection state information is maintained at the PDSN even during the dormant phase of the session. When a mobile station transitions to active state, this information allows the PDSN to associate the mobile station with an already available PPP connection. Loss of R-P state information results in the release of the PPP connection by the PDSN. As a result, a mobile station accessing packet data services following the loss of an R-P connection results in the establishment of a new PPP connection, and the reset and restart of user applications. Therefore, the PDSN retains the R-P connection state information to ensure minimal disruption of user applications during transitions between active and dormant session phases.
PPP Connections
A PPP connection represents the link layer connectivity between the mobile station and the PDSN. It includes the HDLC state, negotiated LCP parameters, negotiated IP address and CCP compression state tables, etc. Peer PPP entities may re-negotiate LCP and CCP parameters during an active session without compromising continuity of user sessions; however, user identity, authentication-related information and negotiated IP addresses are retained, thus ensuring that applications established over the SimpleIP flow are unaware that renegotiation has occurred. PPP connection state information is retained at the PDSN during dormant phase of the session to ensure minimal disruption of user applications during transitions between active and dormant session phases.
Application Flows
One Simple IP and several Mobile IP flow instances can be supported over a single PPP connection. For each Simple IP flow, the state information includes the associated IP address, NAI and billing related user data records (UDRs), and other related information. For each Mobile IP flow, the state information includes the Mobile IP visitor list information, NAI and UDRs, and other related information.
PPPoGRE RP Interface
The PDSN interfaces with the Radio Network/Base Station to provide a transmission path for the user data stream between the packet network and the radio access network. The PDSN interfaces to the Radio Network through the Packet Control Function (PCF) using the PPPoGRE RP interface.
The following list describes the transmission path between the Radio Network and the PDSN:
•
•
The PPPoGRE RP interface is based on 3GPP2 TIA/EIA/IS-835 standard for the control and bearer data transport capabilities. The following list describes the differences between the 3GPP2 standard and PPPoGRE RP Interface from the PDSN perspective:
•
•
•
A11 Session Update
This feature is based on Interoperability Specification (IOS) for cdma2000 Access Network Interfaces (Part 7 (A10 and A11 Interfaces) (3G-IOSv4.3) Version 2.0.1 Date: July 2003) and Interoperability Specification (IOS) for cdma2000 Access Network Interfaces (Part 3 Features (3G-IOSv4.3) Version 2.0.1 Date: July 2003 standard). An A11 Session Update message is sent from the PDSN to the PCF to add, change, or update session parameters for an A10 connection. The following parameters are sent from the PDSN to PCF in an A11 Session Update message in a session parameters NVSE extension with Application Type 08H (Session Parameter). These session parameters NVSE extension will also be sent by the PDSN in the A11 Registration Reply messages.
•
–
–
•
–
–
As per the standard cdma2000® Wireless IP Network Standard TIA-835-C, AUGUST 2003, the PDSN will download the Always On Indicator VSA and RN-PDIT VSA from the Radius server (Visited/Home RADIUS) during the authentication phase. If a user initiates multiple packet data sessions, the PDSN may receive more than one RN PDIT VSA from different home domains. In this case, the largest RN PDIT value received from different home domains is sent from the PDSN to the RN. This update may happen during an ongoing packet data session when the PDSN receives a new RN PDIT value that is greater than the one previously sent to the RN. For Handoff scenario the RN-PDIT and Always-On indicator are sent the PCF in the A11 Registration Reply if the Airlink is not dormant.
SDB Indicator Marking
This feature supports short data burst (SDB) applications, such as SIP signaling for PTT applications, and proposes the interaction with the PDSN. SIP is used by PTT applications to signal a PTT call. The message is short and needs to be delivered to the end-user. The Short Data Burst support on the RAN can be used to send these to the end-user, especially when the messages are to be terminated to the mobile. This is especially important when the mobile user is actually dormant.
The proposal consists of two parts:
•
•
Note
Signaling of SDB Indication
The SDB indication is based on the 3GPP2 Proposal Contribution (Ericsson/SKT) A30-20030818-006, where one of the reserved bits in the GRE header is used to indicate the SDB packets from the PDSN for dormant sessions. The PDSN definition of dormancy is Airlink Stop record A11 Registration request is received from the PCF and A11 Registration success reply is sent by the PDSN.
The PDSN may set the B bit to "1" if the GRE frame contains an IP packet suitable for transmission over the air interface in a Data Burst Message. In the PCF-to-PDSN direction, and on the A8 interface, the B bit is set to "0".
Identification of Data Packets For SDB Indication
SDB indication is required for certain types of data only. Packets destined towards the mobiles that match the policy criteria will be chosen for SDB indication provided the mobile is in dormant mode
The local policy can be considered for an initial phase, if the selection of servers or signaling protocols is limited. For example, if there is only a single SIP server sending out SIP signaling message, a combination of port and source IP address may be used. In addition to this, the PDSN can also be configured with the min and max IP length.
On a Cisco PDSN, IOS MQC can be used to apply classification rules for matching packets that require SDB classification. For example, simple classification criteria can include port number, and source IP address range of the server. A more complex classification criterion can include a custom protocol inspection.
If packets pass the classification criteria and the user is dormant, the PDSN will signal SDB indication to the PCF.
To enable this feature, use the following command:
cdma pdsn compliance ios4.1 sdb
This command enables the PDSN to process an SDB record sent from PCF according to IOS4.1 Standard.
If deep classification is required for certain types of payloads such as RTP, or a custom application, IOS NBAR can be used for inspecting these packets. For a detailed description of how to configure IOS NBAR please refer to the documentation on NBAR.
A sample configuration for the classification function is shown here:
class-map match-all sdb-packetsmatch packet length min 100 max 300match protocol <protocol>match access-group <access-group-number>ip access-list <access-group-number> permit ip 192.0.2.0 0.0.0.255 any(This example of access-list allows matching of a certain protocol from servers whose address range is 192.0.2.0/24)
The protocol and the access-group can be set to match the desired packet stream. The match criteria can also include a custom protocol inspection such as
ip nbar custom media_new 8 hex 0x60 dest udp 3001
The above statement classifies all packets with a UDP destination of port 3001, and contains the value 0x60 at offset 8. The protocol media_new can now be used in the match protocol protocol statement.
policy-map sdb-policyclass sdb-packetsset qos-group group-numberThe policy map is then applied to the input interface. The group-number represents the classified match criteria. All packets that are set with the specific group-number will be flagged for SDB usage between the PCF and the PDSN. This is done with the following command:
cdma pdsn a11 dormant sdb-indication gre-flags group-number
The B bit (SDB indication) would be set for packets matching the sdb-indication group-number.
SDB Indicator Marking for PPP Control Packets
While data packets can be sent towards the mobile using SDBs as shown above, SDBs can also be used for delivering PPP control packets. This can be particularly helpful for Always-On sessions, where the session is dormant. Basically, with Always On configured, the PDSN sends out LCP echo requests (and waits for LCP echo replies) to keep the session alive. Hence, when such a session goes dormant, a data channel needs to be setup to deliver these LCP echo requests to the MN. The other option is to use SDBs to deliver the LCP echo requests without setting up a data channel.
Configure the following CLI along with the above CLIs to enable this feature:
cdma pdsn a11 dormant sdb-indication match-qos-group group-number ppp-ctrl-pkts
Multiple Service Connections
The PDSN currently maintains one A10 connection and an associated session, and supports multiple flows (one simple IP and multiple Mobile IP flows). In this new implementation, the term "Service connection" indicates an A10 connection as defined in IS-835-D. All A10 service connections for a given MS are associated with a single A10 session. The series of packets that share a specific instance of IETF protocol layers are called "IP flows". Multiple IP flows may use a single service connection. Currently, there is one main service instance only, and all simple IP and mobile IP flows use that single service instance. IP Flows on different flows (SIP/MIP) can be spread across different A10s.
Each A10 connection can support multiple IP flows, as indicated by the RAN in A11 messaging. The TFTs signaled by the MS indicate which applications are mapped to which IP flow.
The mapping of an IP flow to the A10 session is sent by the PCF. Each IP flow is identified using a Flow ID.
PDSN Release 4.0 will support maximum of 25000 sessions with 2 auxiliary A10s and 2 IP flows per direction per auxiliary A10s.
Session Creation—A11 Registration Request
Connection Establishment Call Flow
The PCF sends the initial A11 Registration Request with Service Option 59 for the main service connection. This SR ID is always the main service instance in the A11 Registration Request. This service flow is the default A10 connection, and is used by the Application Flows with ID FFH for both forward and reverse directions. When a MN needs multiple flows, the PCF sends out an A11 Registration Request with non-zero lifetime including Additional Session Information NVSE (which contains details of additional A10 connections to be created). The current implementation supports only SO 64, and not SO 67. Auxiliary connection SO 64 requires PPPoAHDLC.
The RRQ contains the R_QOS_SUBBLOB along with the Additional Session Info (GRE Key info), which provides the mapping of A10 to Flow IDs.
All PPP negotiations happen over the main service connection.
A11 Registration Reply
PDSN sends out a Registration Reply based on the Request received with non-zero lifetime from PCF. On receiving a valid A11 registration request, the PDSN creates the requested A10 connections and acknowledges them to the PCF. If any auxiliary connection is new in the A11 request, then a new A10 connection is created. If the information of any auxiliary connection present on the PDSN is missing in the A11 registration request, then that A10 connection is deleted from the PDSN. If any of the auxiliary connections failed to be created on the PDSN, the PDSN responds with Insufficient Resources.
Each A10 connection is created based on the GRE key in the Additional Session Information NVSE (Application Type 0CH). The application flows defined in the QoS NVSE (Application Type 0DH) (Forward and Reverse) are linked to the corresponding A10 connection based (GRE info NVSE) on SR ID. This Registration Reply also includes the Subscriber QoS policy during authentication (when attributes are downloaded from AAA during authentication), and dormant handoff.
Whenever additional session info contains SO other than 64, it is rejected with 8BH (Registration Denied - service option not supported).
Whenever mapping of Flow to A10 is received but SRID does not exist, it is rejected with 8EH (Registration Denied - nonexistent A10 or IP flow).
Session Refresh
All A11 Re-registrations (A11 Registration request with non-zero lifetime) contain all the A10 connections in the Additional Session NVSE that exist after this re-registration. If there are additional A10 connections in the Additional Session NVSE, they are created. A10 connections that already existed but are absent in the request are released.
During re-registration, it is possible for the mapping of flow IDs to A10 to change. A MN and a PCF might renegotiate the mapping and forward the same to the PDSN. The PDSN accordingly remaps the flow ID to the newly mapped A10.
Session Deletion
In order to release all the connections from the PCF, an A11 Registration Request is sent by the PCF with a lifetime value of zero. Releasing the main service connection releases all of its auxiliary connections as well.
When the PDSN wants to terminate the session, an A11 Registration Update is sent. This occurs when all of the connections need to be brought down. The PDSN cannot initiate a release of a particular connection. There is no change in the packet format of this message. The SRID is always filled with one for HRPD sessions.
A11 Session Update
An A11 Session Update is used to pass on the newly downloaded or updated subscriber QoS Profile to the PCF. The PDSN does not include the QoS Update information as the PDSN does not update the QoS information.
When configured, an A11 Session Update is sent when at least one of the subscriber QoS attributes is downloaded during authentication. During handoff the attributes are sent in a RRP except when the session is dormant. When the session is dormant, a Session-update is sent when the session becomes active.
Configuring Multiple Service Connections
To configure the Multiple Service Connections feature on the PDSN, perform the following tasks:
Example
Here is a sample configuration:
router#cdma pdsn multiple service-flows ?maximum Maximum limitqos Configure qos parameters<cr>router# cdma pdsn multiple service-flowsrouter# cdma pdsn multiple service-flows maximum 8Verifying the Configuration
To verify that the Multiple Service Connections feature is enabled on the PDSN, perform the following tasks:
Examples
Here is an example for Cisco PDSN Release 4.0:
router# show cdma pdsnPDSN software version 4.0, service is enabledA11 registration-update timeout 1 sec, retransmissions 5A11 session-update timeout 3 sec, retransmissions 3Mobile IP registration timeout 300 secA10 maximum lifetime allowed 65535 secGRE sequencing is onMaximum PCFs limit not setMaximum sessions limit set to 10 (default 9950 maximum)SNMP failure history table size 100MSID Authentication is disabledIngress address filtering is disabledSending Agent Adv in case of IPCP Address Negotiation is enabledAllow CI_ADD option during IPCP Phase is disabledAging of idle users disabledRadius Disconnect Capability disabledMultiple Service flows enabledMaximum number of service-flows per MN allowed is 8Call Admission Control enabledPolice Downstream enabledNumber of pcfs connected 1,Number of pcfs 3GPP2-RP 1,Number of sessions connected 1,Number of sessions 3GPP2-RP 1,Number of sessions Active 1, Dormant 0,Number of sessions using HDLCoGRE 1, using PPPoGRE 0Number of sessions using Auxconnections 1, using Policing 1, using DSCP 1Number of service flows 1Simple IP flows 1, Mobile IP flows 0,Proxy Mobile IP flows 0, VPDN flows 0
Here is another example with information about service flows and session details:
router#show cdm pds session service-flows
Mobile Station ID IMSI 09884708942PCF IP Address 2.2.2.4, PCF Session ID 1GRE protocol type is 0x8881GRE sequence number transmit 17, receive 0Using interface Virtual-Access2.1Using AHDLC engine on slot 0, channel ID 1Service Option EV-DO Flow Discrimination 0 DSCP Included 0Flow Count forward 0 reverse 0This session has 1 flowThis session has 1 service flowService Flow PCF IP Address 2.2.2.4 SR ID 0x2Service Option 0x40 Flow Discrimination 0 DSCP Included 0Flow Count forward 2 reverse 2GRE protocol type is 0x8881, key 2GRE sequence number transmit 0, receive 0Using AHDLC engine on slot 0, channel ID 0Here is an example output for the show cdma pdsn statistics command for PDSN Release 4.0:
router# show cdma pdsn statisticsLast clearing of "show cdma pdsn statistics" counters neverRP Interface:Reg Request rcvd 1524, accepted 1405, denied 2, discarded 117Initial Reg Request rcvd 18, accepted 17, denied 1, discarded 0, AuxRequest 1Re-registration requests rcvd 1380, accepted 1374, denied 0, discarded 6Re-registration requests containing Active-Start 15, Active-Stop 16, updated QoS Blob 5Re-registration requests containing new connections 10, missing connections 12, remapping flows 1Handoff requests rcvd 2, accepted 2, denied 0, discarded 0, AuxRequest 1De-registration rcvd 13, accepted 12, denied 1, discarded 0De-registration Reg Request with Active-Stop 9Registration Request Errors:Unspecified 0, Administratively prohibited 0Resource unavailable 0, Authentication failed 0Identification mismatch 1, Poorly formed requests 1Unknown PDSN 0, Reverse tunnel mandatory 0Reverse tunnel unavailable 0, Bad CVSE 0Max Service Flows 0, Unsupported SO 0, Non-existent A10 0,Bandwidth unavailable 0Update sent 52, accepted 9, denied 8, not acked 35Initial Update sent 14, retransmissions 38Acknowledge received 17, discarded 0Update reason lifetime expiry 0, PPP termination 11, other 3Registration Update Errors:Unspecified 0, Identification mismatch 8Authentication failed 0, Administratively prohibited 0Poorly formed request 0Handoff statistics:Inter PCF handoff active 2, dormant 0Update sent 5, accepted 2, denied 2, not acked 1Initial Update sent 2, retransmissions 3Acknowledge received 4, discarded 0De-registration accepted 2, denied 0Handoff Update Errors:Unspecified 0, Identification mismatch 2Authentication failed 0, Administratively prohibited 0Poorly formed request 0RP Session Update statistics:Update sent 0, accepted 0, denied 0, not acked 0Initial Update sent 0, retransmissions 0Acknowledge received 0, discarded 0Sent reasons Always On 0, RN-PDIT 0, Subscriber QoS 0RP Session Update Errors:Unspecified 0, Identification mismatch 0Authentication failed 0, Session parameters not updated 0Poorly formed request 0Service Option:Unknown (0) success 1405, failure 2PPP:Current Connections 0Connection requests 17, success 17, failure 0, aborted 0Connection enters stage LCP 17, Auth 6, IPCP 13Connection success LCP 17, AUTH 6, IPCP 13Failure reason LCP 0, authentication 0, IPCP 0, other 0Failure reason lower layer disconnect 0A10 release before LCP nego by PDSN 0, by PCF 0LCP StageFailure Reasons Options 0, MaxRetry 0, Unknown 0LCP Term Req during LCP nego sent 0, rcvd 0A10 release during LCP nego by PDSN 0, by PCF 0Auth StageCHAP attempt 2, success 2, failure 0, timeout 0PAP attempt 4, success 4, failure 0, timeout 0MSCHAP attempt 0, success 0, failure 0, timeout 0EAP attempt 0, success 0, failure 0MSID attempt 0, success 0, failure 0AAA timeouts 0, Auth timeouts 0, Auth skipped 11LCP Term Req during Auth nego sent 0, rcvd 0A10 release during Auth nego by PDSN 0, by PCF 0IPCP StageFailure Reasons Options 0, MaxRetry 0, Unknown 0Options failure reason MN Rejected IP Address 0LCP Term Req during IPCP nego sent 0, rcvd 0A10 release during IPCP nego by PDSN 0, by PCF 0CCP StageConnection negotiated compression 0Compression type Microsoft 0, Stac 0, other 0Connections negotiated MRRU 0, IPX 0, IP 13Connections negotiated VJ-Compression 0, BAP 0PPP bundles 0Connections failed to negotiate compression 0Renegotiation total 0, by PDSN 0, by Mobile Node 0Renegotiation success 0, failure 0, aborted 0Renegotiation reason: address mismatch 0, lower layer handoff 0GRE key change 0, other 0Release total 16, by PDSN 14, by Mobile Node 2Release by ingress address filtering 0Release reason: administrative 4, LCP termination 2Idle timeout 3, echo missed 0L2TP tunnel 0, insufficient resources 0Session timeout 0, service unavailable 0De-Reg from PCF 0, lifetime expiry 0, other 7Echo statsRequest sent 0, resent 0, max retransmit timeout 0Response rcvd 0Discarded PacketsUnknown Protocol Errors 424, Bad Packet Length 0RSVPIEs Parsed 0TFTs Created Success 0, Failure 0TFTs Updated Success 0, Failure 0TFTs Deleted Sucesss 0, Failure 0Other Failure 0Unknown 0, Unsupported Ie types 0Tft Ipv4 Failure StatsTft Unauthorized 0, Unsuccessful Processing 0Tft Treatment Unsupported 0, Persistency reached 0Packet Filter Add 0, Replace 0Packet Filter Precedence Contention 0, Unavailable 0Packet Filter Maximum Limit 0, Non-Existent Tft add 0QoS:Total Profile Download Success 10, Failure 10,Local Profile selected 4Failure Reason DSCP 1, Flow Profile ID 1,Service Option Profile 1, Others 1Total Consolidated Profile 4, DSCP Remarked 0Total Policing installed 4, failure 5, removed 4slot 0:AHDLC Engine Type: CDMA HDLC SW ENGINEEngine is ENABLEDtotal channels: 20000, available channels: 20000Framing input 5306 bytes, 169 paksFraming output 7008 bytes, 169 paksFraming errors 0, insufficient memory 0, queue overflow 0Invalid size 0Deframing input 1371683974 bytes, 4005798483 paksDefaming output 4948 bytes, 142 paksDeframing errors 0, insufficient memory 0, queue overflow 0Invalid size 64, CRC errors 117817589RADIUS DISCONNECT:Disconnect Request rcvd 0, accepted 0Disconnect Request Errors:Unsupported Attribute 0, Missing Attribute 0Invalid Request 0, NAS Id Mismatch 0Session Cxt Not Found 0, Administratively Prohibited 0Data Plane
Downstream or Forward Packet Processing
When a packet is received in the forward direction at the PDSN, flow accounting occurs. At this point, the PDSN first identifies the TFT that can be applied based on the destination IP Address. The packet is then run through the packet filters to identify the application flow. The A11 RRQ contains the mapping of the application flows to the service flow. With that mapping, the service flow is identified and the packet is marked with the A10 connection information. If the packet is a PPP control packets, the packet is marked with main A10 connection. When the packet later completes AHDLC encapsulation after PPP encapsulation, the corresponding A10 connection is selected and forwarded to the tunnel.
In the A11 RRQ, more specifically in the QoS Update, the PCF may specify to use flow discrimination. This means that all bearer packets will contain the flow ID that is encoded in the 3GPP2 header extension for GRE.
Upstream or Reverse Packet Processing
When a packet is received in the reverse direction, after the PPP encapsulation is removed, the packet is picked up by the PDSN for flow accounting. The packet is first evaluated for the DSCP and actions are taken accordingly. If the packet can then be forwarded, the packet is passed through the TFT (which has the packet filters to identify the flow ID). If packet has the "IP flow" details in the GRE header, the packet is directly accounted for that flow ID, and not passed through TFT. Once the flow is identified, accounting is performed and then forwarded. If there is no packet filter to identify a flow, the default flow ID FF is assumed.
QoS Signaling
This section discusses Quality of Service Signaling (QoS), and involves the following concepts:
•
–
–
•
–
–
•
–
–
–
Traffic Flow Templates (TFT)
Traffic Flow Templates define the IP Flows. The TFT contains a set of packet filters that define each IP flows. An IP flow can carry multiple application flows. Each application flow is identified using packet filters.
The MN determines the flows and sends the packet filters in a TFT as a RSVP message. The RSVP message contains a 3GPP2 object that defines the TFT. There could be only one 3GPP2 object with multiple TFTs sent in one RSVP Message. In HRPD there is only one persistent TFT per MS IP Address. The TFT describes the flow, the packet filters, and the packet treatments. The MN sends 1 TFT per IP address per flow direction. These packet filters are associated with a precedence level. The packet filters are sorted and associated with the session. The flow IDs (which are the IP flow IDs) in these packet filters are matched with the IP flow IDs mentioned in the A11 RRQ to determine the corresponding A10 connection to use. If there is no mapping, the PDSN forwards the packet through the main service instance (which is the default A10 and has a flow ID FF).
In this case, RSVP messages are accounted as data traffic on the session.
Other Considerations
An HRPD MS only uses Non-Specific TFTs in both the forward and reverse directions.
Each TFT IE contains one or more packet filters that are matched against forward or reverse directions. The PDSN supports 255 packet filters per direction per TFT.
During PPP renegotiation, all of the connection details (like TFTs) are released and reestablished when a fresh request comes for the same.
Packet Filters
Packet filters describe an IP flow for a particular direction. Packet filters contain sub-type PF0 and PF1. PF0 implies the filter is applied on the Outer IP Header and PF1 implies the filter is applied on the extended headers or transport headers. The initial support on PDSN is only for IPv4 addresses/Port/ToS/Protocol. The only protocol supported in the initial phase is IP and GRE. Each packet filter is associated with a precedence level. When a packet (during data traffic) is given to this TFT to identify the ip flow, the packet is passed through these filters in their order of precedence.
TFT Installation
When a fresh TFT needs to be installed, the MS sends a TFT with "Create new TFT" attached. The following TFTs are marked with appropriate actions like "Add packet filter to existing TFT", "Delete existing TFT", "Replace packet filters in existing TFT", or "Delete packet filters from existing TFT".
The PDSN replies affirmatively if the TFT is parsed properly and installed successfully.
The PDSN reports one of the following errors depending on the scenario it encountered:
The PDSN processes the request in order of the IEs that are present in the 3GPP2 OBJECT. If processing of all the IEs is successful, the PDSN returns a ResvConf message containing the MS IP address. If processing of an IE fails, the PDSN stops further processing of the Resv message. The PDSN returns a ResvErr message to the MS including the error code and the index of the IE that failed processing. The TFT IE index starts from 1. If processing of an IE fails, the PDSN stops further processing of the Resv message but retains the result of any actions already performed on earlier IEs in the message.
TFT Update
The MS can update the TFT at any point of time. It might do so when there is any change in the packet filter content, or change of MS IP Address.
Since a TFT is associated with a MS based on its IP Address, when there is a change of MS IP Address, the MS sends RSVP messages to delete the old and create a new TFT for the new IP address.
TFTs for a session will be deleted only when either the MS sends a delete TFT message, the session goes down, or during PPP renegotiation.
Configuring TFTs
To configure the PDSN to include the Traffic Flow Template error extensions, perform the following tasks:
Step 1
router# cdma pdsn tft reject include error extension
Configure this CLI to include the error extension in the reject message whenever a TFT is rejected.
Example
Here is an example of the cdma pdsn tft reject include error extension command:
cdma pdsn tft ?reject Configure CDMA PDSN TFT rejectcdma pdsn tft reject ?include Configure CDMA PDSN TFT reject includecdma pdsn tft reject include ?error Configure CDMA PDSN TFT reject include errorcdma pdsn tft reject include error ?extension Configure CDMA PDSN TFT reject include error extensioncdma pdsn tft reject include error extension ?
Verifying the Configuration
To verify that the TFT feature is enabled, and to gather information about those TFTs, perform the following tasks:
Example
Here are some configuration examples:
router#show cdma pdsn session tftMobile Station ID IMSI 123456789011122PCF IP Address 10.1.1.1, PCF Session ID 1This session has 1 flowThis session has 1 TftTFT IP Address 3.1.1.1Number of Packet Filters Forward 2, Reverse 1Forward Packet FiltersPacket Filter 1Flow Id 10, Precedence 255, PF Type 0Source Port 125Packet Filter 2Flow Id 10, Precedence 255, PF Type 0Source Port 125Reverse Packet FiltersPacket Filter 1Flow Id 10, Precedence 10, PF Type 0Source Port 125Mobile Station ID IMSI 123456789011123PCF IP Address 10.1.1.1, PCF Session ID 2This session has 1 flowThis session has 1 TftTFTIP Address 3.1.1.2Number of Packet Filters Forward 2, Reverse 3Forward Packet FiltersPacket Filter 1Flow Id 2, Precedence 2, PF Type 0Source Ip 5.5.5.5 Mask 255.255.255.0Packet Filter 2Flow Id 5, Precedence 5, PF Type 0Source Ip 1.1.1.1 Mask 255.255.255.0Reverse Packet FiltersPacket Filter 1Flow Id 10, Precedence 255, PF Type 0Source Port 125Packet Filter 2Flow Id 10, Precedence 255, PF Type 0Source Port 125Packet Filter 3Flow Id 10, Precedence 255, PF Type 0Source Port 125router#show cdma pdsn statisticsLast clearing of "show cdma pdsn statistics" counters neverRP Interface:Reg Request rcvd 1524, accepted 1405, denied 2, discarded 117Initial Reg Request rcvd 18, accepted 17, denied 1, discarded 0, AuxRequest 1Re-registration requests rcvd 1380, accepted 1374, denied 0, discarded 6Re-registration requests containing Active-Start 15, Active-Stop 16, updated QoS Blob 5Re-registration requests containing new connections 10, missing connections 12Handoff requests rcvd 2, accepted 2, denied 0, discarded 0, remapping flows 1De-registration rcvd 13, accepted 12, denied 1, discarded 0De-registration Reg Request with Active-Stop 9Registration Request Errors:Unspecified 0, Administratively prohibited 0Resource unavailable 0, Authentication failed 0Identification mismatch 1, Poorly formed requests 1Unknown PDSN 0, Reverse tunnel mandatory 0Reverse tunnel unavailable 0, Bad CVSE 0Max Service Flows 0, Unsupported SO 0, Non-existent A10 0,Bandwidth unavailable 0Update sent 52, accepted 9, denied 8, not acked 35Initial Update sent 14, retransmissions 38Acknowledge received 17, discarded 0Update reason lifetime expiry 0, PPP termination 11, other 3Registration Update Errors:Unspecified 0, Identification mismatch 8Authentication failed 0, Administratively prohibited 0Poorly formed request 0Handoff statistics:Inter PCF handoff active 2, dormant 0Update sent 5, accepted 2, denied 2, not acked 1Initial Update sent 2, retransmissions 3Acknowledge received 4, discarded 0De-registration accepted 2, denied 0Handoff Update Errors:Unspecified 0, Identification mismatch 2Authentication failed 0, Administratively prohibited 0Poorly formed request 0RP Session Update statistics:Update sent 0, accepted 0, denied 0, not acked 0Initial Update sent 0, retransmissions 0Acknowledge received 0, discarded 0Sent reasons Always On 0, RN-PDIT 0, Subscriber QoS 0RP Session Update Errors:Unspecified 0, Identification mismatch 0Authentication failed 0, Session parameters not updated 0Poorly formed request 0Service Option:Unknown (0) success 1405, failure 2PPP:Current Connections 0Connection requests 17, success 17, failure 0, aborted 0Connection enters stage LCP 17, Auth 6, IPCP 13Connection success LCP 17, AUTH 6, IPCP 13Failure reason LCP 0, authentication 0, IPCP 0, other 0Failure reason lower layer disconnect 0A10 release before LCP nego by PDSN 0, by PCF 0LCP StageFailure Reasons Options 0, MaxRetry 0, Unknown 0LCP Term Req during LCP nego sent 0, rcvd 0A10 release during LCP nego by PDSN 0, by PCF 0Auth StageCHAP attempt 2, success 2, failure 0, timeout 0PAP attempt 4, success 4, failure 0, timeout 0MSCHAP attempt 0, success 0, failure 0, timeout 0EAP attempt 0, success 0, failure 0MSID attempt 0, success 0, failure 0AAA timeouts 0, Auth timeouts 0, Auth skipped 11LCP Term Req during Auth nego sent 0, rcvd 0A10 release during Auth nego by PDSN 0, by PCF 0IPCP StageFailure Reasons Options 0, MaxRetry 0, Unknown 0Options failure reason MN Rejected IP Address 0LCP Term Req during IPCP nego sent 0, rcvd 0A10 release during IPCP nego by PDSN 0, by PCF 0CCP StageConnection negotiated compression 0Compression type Microsoft 0, Stac 0, other 0Connections negotiated MRRU 0, IPX 0, IP 13Connections negotiated VJ-Compression 0, BAP 0PPP bundles 0Connections failed to negotiate compression 0Renegotiation total 0, by PDSN 0, by Mobile Node 0Renegotiation success 0, failure 0, aborted 0Renegotiation reason: address mismatch 0, lower layer handoff 0GRE key change 0, other 0Release total 16, by PDSN 14, by Mobile Node 2Release by ingress address filtering 0Release reason: administrative 4, LCP termination 2Idle timeout 3, echo missed 0L2TP tunnel 0, insufficient resources 0Session timeout 0, service unavailable 0De-Reg from PCF 0, lifetime expiry 0, other 7Echo statsRequest sent 0, resent 0, max retransmit timeout 0Response rcvd 0Discarded PacketsUnknown Protocol Errors 424, Bad Packet Length 0RSVPTFTs Parsed 0TFTs Created Success 0, Failure 0TFTs Updated Success 0, Failure 0TFTs Deleted Sucesss 0, Failure 0TFT Failure StatsTft Unauthorized 0, Unsuccessful Parsing 0Tft Treatment Unsupported 0, Persistency reached 0Packet Filter Add 0, Replace 0Packet Filter Precedence Contention 0, Unavailable 0Packet Filter Maximum Limit 0, Non-Existent Tft add 0router#show cdma pdsn redundancyCDMA PDSN Redundancy is enabledCDMA PDSN Session Redundancy system statusPDSN state = ACTIVEPDSN-peer state = STANDBY HOTCDMA PDSN Session Redundancy StatisticsLast clearing of cumulative counters neverSynced to standby Currentsince peer up ConnectedSessions 0 0SIP Flows 0 0MIP Flows 0 0PMIP Flows 0 0TFT 0 0Subscriber QoS Policy
While establishing a session with PDSN, during authentication Subscriber QoS attributes are downloaded from AAA. The following are the attributes downloaded from AAA as part of Subscriber QoS Profile:
•
•
•
•
•
•
•
The Maximum Authorized Aggregate Bandwidth is used for policing and bandwidth allocation on the PDSN.
The first two items in the above list are used by the PDSN for authorizing and applying on the bearer traffic. The remaining five attributes are stored and forwarded to the PCF as part of A11 Registration Reply and A11 Session-Update.
If different profiles are downloaded for a MN with single NAI, the profile in the PDSN is updated.
If there are multiple NAIs per MN, multiple versions of the above attributes will be received. The PDSN consolidates the attributes and forwards them to the PCF. This consolidation process provides the following details:
•
•
•
•
•
•
When the Subscriber QoS Profile is not downloaded from AAA, the locally configured QoS Profile is applied.
Allowed Differentiated Services Marking
The Allowed Differentiated Services Marking attribute consists of three subtypes
•
•
•
The MS may mark the packet and send the traffic. The PDSN monitors it and checks if the marked value is within the allowed marking. If packets contain DSCP greater than the allowed value, the PDSN may remark those packets if a remark DSCP is configured. If this remark DSCP is not configured, the packet is forwarded using best-effort DSCP.
The PDSN validates the DSCP in the following ways:
•
•
•
•
Allowed Number of Persistent TFTs
In HRPD, there can be only one persistent TFT per MS IP Address. This attribute is not forwarded to the PCF.
If the number of persistent TFT attributes is not downloaded or configured locally, the TFT is rejected with "Unsuccessful TFT Processing" error.
Maximum Authorized Aggregate Bandwidth
Maximum Authorized Aggregate Bandwidth is used for downstream policing. This value is considered as the guaranteed bandwidth for the mobile for the session. It is forwarded to PCF.
Configuring the Subscriber QoS Profile
To configure the Subscriber QoS Profile feature on the PDSN, perform the following tasks:
Configuring the cdma pdsn multiple service flows qos subscriber profile takes you to a submode. The following commands are available to configure various parameters in local subscriber qos profile:
Examples
Here are some example configurations:
router(config)#cdma pdsn multiple service-flows qos subscriber profilerouter(config-qos-profile)#Eg:cdma pdsn multiple service-flows qos subscriber profilerouter# cdma pdsn multiple service-flows qos remark-dscp AF11router#(config-qos-profile)#bandwidth ?<8000-2000000000> Valuerouter#(config-qos-profile)#bandwidth 9000 ?<cr>Here is an example of the dscp command:
router#(config-qos-profile)#dscp ?allowed-class allowed dscp's classes with which user can markpacketsmax-class User may mark packets with a class selector codepointreverse-marking marking level pdsn apply to reverse tunneled packetsrouter#(config-qos-profile)#dscp allowed-class ?AF User can send packets with AF dscp (A bit)EF User can send packets with EF dscp (E bit)O User can mark packets for experiment or local use (O bit)router#(config-qos-profile)#dscp allowed-class AF ?<cr>AF11 AF11AF12 AF12AF13 AF13AF21 AF21AF22 AF22AF23 AF23AF31 AF31AF32 AF32AF33 AF33AF41 AF41AF42 AF42AF43 AF43Default Selector Class 0EF EFclass1 Selector Class 1class2 Selector Class 2class3 Selector Class 3class4 Selector Class 4class5 Selector Class 5class6 Selector Class 6class7 Selector Class 7router(config-qos-profile)#router(config-qos-profile)#dscp reverse-marking ?AF11 AF11AF12 AF12AF13 AF13AF21 AF21AF22 AF22AF23 AF23AF31 AF31AF32 AF32AF33 AF33AF41 AF41AF42 AF42AF43 AF43Default Selector Class 0EF EFclass1 Selector Class 1class2 Selector Class 2class3 Selector Class 3class4 Selector Class 4class5 Selector Class 5class6 Selector Class 6class7 Selector Class 7router(config-qos-profile)#Here is an example or the flow-priority command:
router(config-qos-profile)#flow-priority ?<1-4294967295> Valuerouter(config-qos-profile)#flow-priority 100 ?<cr>Here is an example or the flow-profile direction command:
router#(config-qos-profile)#flow-profile ?direction Configure direction for flow of packetrouter#(config-qos-profile)#flow-profile direction ?<1-3> 1-Reverse 2-Forward 3-Bi-directionrouter#(config-qos-profile)#flow-profile direction 1 ?flow-id defines qos treatment to apply to a packet flowrouter(config-qos-profile)#flow-profile direction 1 flow-id ?<1-65535> Valuerouter#(config-qos-profile)#flow-profile direction 1 flow-id 100 ?Here is an example of the inter-user-priority command:
router#(config-qos-profile)#inter-user-priority ?<1-4294967295> Valuerouter#(config-qos-profile)#inter-user-priority 200 ?<cr>Here is an example of the link-flow command:
router(config-qos-profile)#link-flow ?<1-4294967295> Valuerouter(config-qos-profile)#link-flow 40 ?<cr>router(config-qos-profile)#Here is an example of the TFT command:
router(config-qos-profile)#tft-allowed ?<1-4294967295> Valuerouter(config-qos-profile)#tft-allowed 1 ?<cr>router(config-qos-profile)#tft-allowed 1Here is an example of the subscriber redundancy rate command:
router(config)# subscriber redundancy rate 500 1Verifying the Configuration
To verify the Subscriber QoS Profile feature on the PDSN, perform the following tasks:
Examples
Here is and example of the show cdma pdsn session tft command:
router# show cdma pdsn session tftMobile Station ID IMSI 123456789011122PCF IP Address 10.1.1.1, PCF Session ID 1This session has 1 flowThis session has 1 TftTFT IP Address 3.1.1.1Number of Packet Filters Forward 2, Reverse 1Forward Packet FiltersPacket Filter 1Flow Id 10, Precedence 255, PF Type 0Source Port 125Packet Filter 2Flow Id 10, Precedence 255, PF Type 0Source Port 125Reverse Packet FiltersPacket Filter 1Flow Id 10, Precedence 10, PF Type 0Source Port 125Mobile Station ID IMSI 123456789011123PCF IP Address 10.1.1.1, PCF Session ID 2This session has 1 flowThis session has 1 TftTFT IP Address 3.1.1.2Number of Packet Filters Forward 2, Reverse 3Forward Packet FiltersPacket Filter 1Flow Id 2, Precedence 2, PF Type 0Source Ip 5.5.5.5 Mask 255.255.255.0Packet Filter 2Flow Id 5, Precedence 5, PF Type 0Source Ip 1.1.1.1 Mask 255.255.255.0Reverse Packet FiltersPacket Filter 1Flow Id 10, Precedence 255, PF Type 0Source Port 125Packet Filter 2Flow Id 10, Precedence 255, PF Type 0Source Port 125Packet Filter 3Flow Id 10, Precedence 255, PF Type 0Source Port 125Here is an example of the show cdma pdsn qos local profile command:
router#show cdma pdsn qos ?local CDMA PDSN local qos informationrouter#show cdma pdsn qos local ?profile CDMA PDSN local qos profile informationrouter#show cdma pdsn qos local profile ?| Output modifiers<cr>router#show cdma pdsn qos local profileCDMA PDSN LOCAL QOS PROFILEQoS subscriber profileMax Aggregate Bandwidth : 8000Inter User Priority : 4321Maximum Flow Priority : 4Number of persistent TFT : 10Total link flow : 2Service Option : 59Service Option : 61Flow-profileForward flow-id : 1Reverse flow-id : 2Bi-direction flow-id : 3DSCPAllowed-class AFMax-selector class 4Here is a partial example of the show cdma pdsn statistics command that identifies QoS statistics:
router #show cdma pdsn statisticsQoS:Total Profile Download Success 10, Failure 10, Local Profile selected 4Failure Reason DSCP 1, Bandwidth 1, TFT 1, Flow Profile ID 1,Max per flow 1, IUP 1, Others 4Total Consolidated Profile 4, DSCP Remarked 0Total Policing installed 4, failure 5, removed 4Other QoS Parameters
The MS sends the QoS parameters for the IP flows in R_QOS_SUB_BLOB to PCF. The PCF, after it grants the QoS, forwards the details to the PDSN in an A11 RRQ. This is just stored and forwarded during Accounting, and contains the mapping the definitions of IP Flows (FlowID) which are used for A10 Connection mapping. This blob also contains an indicator of whether the flow id needs to be included in the bearer packets. If it is set, the PDSN adds a new GRE header, including the flow ID, in all the bearer packets for that flow.
Flow Remapping
Many times, even while the session and connections are up, the MS might decide to remap. It may do so when a new application is started. In such cases, QoS is again renegotiated, and the details are forwarded to the PDSN. The PDSN creates or deletes the A10, and also remaps the flows to the corresponding A10 connections.
Per-flow Accounting
Connection Setup
In HRPD systems, if a single A11-Registration Request message is used to establish multiple A10 connections, an A10 Connection Setup Airlink record is included for each of the A10 connections to be established. No field in the QoS blob is used or processed in the PDSN other than forwarding the same to AAA for accounting.
Airlink Start
An accounting start is generated under the following conditions:
•
•
–
•
Note
This record does not include Granted QoS Parameters.
Airlink Stop
An accounting stop will be generated under the following conditions:
•
•
–
–
–
•
For inter-PCF handoff, the source PCF sends an Active-Stop Airlink record for each activated IP flow to the PDSN, and the target PCF send Active-Start Airlink records for each activated IP flow per direction to the PDSN.
During A11 re-registration, if some connections are missing and the flows are deleted, an accounting stop is sent for those connections and flows. Similarly an accounting start is sent for all those newly added flow-ids.
IP flows with received accounting records are identified by the granted QoS that carries the respective IP flow ID and direction. When remapping of IP flows occurs, the flows get mapped from one A10 to another A10. The PDSN sends an accounting stop for the old A10, and an accounting start for the new A10 for that particular IP flow. In this scenario, an accounting Start and Stop is triggered upon receiving an active start and active stop respectively. When an active start and stop are not received and session is torn down, still the pair of accounting stops for the old A10 and the start for new a10 are sent for the IP flow.
When an IP flow receives an active stop with flow status as inactive, it is moved to inactive state. The IP flow becomes active once an active start is received for the same. The PDSN generates a stop accounting stop record when the IP Flow moves from active to inactive state.The IP flow is moved back to active after it receives an active start, and when it changes from inactive to active an accounting start is sent.
Configuring Per-Flow Accounting
To configure the Per-flow Accounting feature on the PDSN, perform the following task:
Example
Here is sample output for PDSN Release 4.0:
cdma pdsn attribute send ?a1 Attribute Calling Station IDa2 Attribute ESN, Electronic Serial Numbera3 Attribute MEID, Mobile Equipment Identifierc5 Service Reference IDesn-optional Send ESN in Access Req/accounting records only when receivedfrom PCFf11 IP Technologyf15 Attribute f15, always-onf16 Forward PDCH RC ------------------------|f17 Forward DCCH MUX ------------------------|f18 Reverse DCCH MUX ------------------------|-----> NEWf19 Forward DCCH RC ------------------------ |f20 Reverse DCCH RC ------------------------|f22 Reverse PDCH RC ------------------------ |f5 Attribute Service Optiong1 Attribute Input Octetsg17 Last known user activityg2 Attribute Output Octetsis835a is835a specified attributes (g3 and g8 to g16)meid-optional Send MEID in Access req/accounting records only when received from PCF
Verifying Per-Flow Accounting
To verify that the Per-flow Accounting feature is configured on the PDSN, perform the following tasks:
Step 1
router# Show cdma pdsn accounting [detail]
In PDSN Release 4.0, the output has been enhanced to display the HRPD and IP flow details.
Example
Here is example output:
router#show cdma pdsn accounting detailUDR for sessionsession ID: 1Mobile Station ID IMSI 123456789123457Mobile Station ID (A1) IMSI 123456789123457ESN (A2) 000100020003005MEID (A3)Session Continue (C3) ' ' 0Serving PCF (D3) 2.2.1.1 Base Station ID (D4) 000000000000User Zone (E1) 0000Forward Mux Option (F1) 1 Reverse Mux Option (F2) 2Service Option (F5) 59 Forward Traffic Type (F6) 6Reverse Traffix type (F7) 7 Fundamental Frame size (F8) 8Forward Fundamental RC (F9) 9 Reverse Fundamntal RC (F10) 10DCCH Frame Format (F14) 14 Always On (F15) 0Forward PDCH RC (F16) 16 Forward DCCH Mux (F17) 17 <--- newReverse DCCH Mux (F18) 18 Forward DCCH RC (F19) 19Reverse DCCH RC (F20) 20 Reverse PDCH RC (F22) 22Bad PPP Frame Count (G3) 0 Active Time (G8) 0Number of Active Transitions (G9) 1SDB Octet Count Terminating (G10) 0SDB Octet Count Originating (G11) 0Number of SDBs Terminating (G12) 0Number of SDBs Originating G13 0Number of HDLC Layer Bytes Received (G14) 225In-Bound Mobile IP Signalling Octet Count (G15) 0Out-bound Mobile IP Signalling Octet Count (G16) 0Last User Activity Time (G17) 0IP Quality of Service (I1) 0Airlink Quality of Service (I4) 0R-P Session ID (Y2) 1UDR for flowMobile Node IP address 20.2.0.0IP Address (B1) 20.2.0.0, Network Access Identifier (B2) mwtcp-sip-basic-user1Account Session ID (C1) 4248Correlation ID (C2) ' ' 240Beginning Session (C4) ' ' 0MIP Home Agent (D1) 0.0.0.0IP Technology (F11) 01 Compulsory Tunnel indicator (F12) 00Release Indicator (F13) 00Data Octet Count Terminating (G1) 0Data Octet Count Originating (G2) 0 Event Time G4:1219295403Rsvp Signaling Inbound Count (G22) 0 Outbound Count (G23) 0 <-- newRsvp Signaling Packets In (G24) 0 Packets Out (G25) 0Packets- in:0 out:0The following are new:
UDR for IPFlow (new: Yes)Session ID : 2 Flow ID : 0x01 Direction : ForwardAccount Session ID (C1) 1095 Correlation (C2) 0Service Reference ID (C5) 2 Flow ID (C6) 1Serving PCF (D3) 2.2.1.1Forward Mux Option (F1) 1 Reverse Mux Option (F2) 2Service Option (F5) 59 Forward Traffic Type (F6) 6Reverse Traffix type (F7) 7 Fundamental Frame size (F8) 8Forward Fundamental RC (F9) 9 Reverse Fundamntal RC (F10) 10DCCH Frame Format (F14) 14 Forward PDCH RC (F16) 16Forward DCCH Mux (F17) 17 Reverse DCCH Mux (F18) 18Forward DCCH RC (F19) 19 Reverse DCCH RC (F20) 20Reverse PDCH RC (F22) 22 Flow Status (F24) ActiveData Octet Count Terminating (G1) 0Data Octet Count Originating (G2) 0 Event Time G4:0Active Time (G8) 0Number of Active Transitions (G9) 1SDB Octet Count Terminating (G10) 0SDB Octet Count Originating (G11) 0Number of SDBs Terminating (G12) 0Number of SDBs Originating G13 0Granted Qos (I5):Flow direction :0 Flow ID :1Flow Profile ID :0Qos Attribute Set ID :1 Traffic Class :0Peak Rate :1 Bucket Size :100Token Rate :100 Maximum Latency :100Max IP Packet Loss Rate :10Packet Size :10 Delay Variance Sensitive :100IP Quality of Service (I1) 0Airlink Quality of Service (I4) 0R-P Session ID (Y2) 2Handoff Scenarios
This section lists various handoff scenarios.
Inter-PCF handoff - Same PDSN (RevA to RevA)
The PDSN, irrespective of PPP Renegotiation or not, will release all of its existing A10 connections with the old PCF and establish the auxiliary connections freshly for the new PCF.
In this case, the TFTs are not cleared. The flow-ids are retained and remapped to the new PCF's A10 connections.
Handoff from 1x to RevA
When a mobile node hands off from a 1x network to a Rev A PCF, the existing flow is considered the main service connection. The auxiliary service flows and the application flows are then freshly created. When a handoff from 1xRTT to EV-DO occurs, the PDSN sends an accounting start upon receiving active start per flow per direction. In this case, there should be a connection setup received for the associated a10 of that IP flow.
Handoff from Rev A to 1x
When a mobile node hands off from a Rev A PCF to a 1x PCF, all the service flows and application flows are deleted except the TFTs. The subscriber QoS profile is retained with the session. The policing and DSCP validations continue if already in place. When there is a handoff from EV-DO to 1xRTT, will be sending one accounting stop per IP flow per direction is sent for those IP flows that are active. A pair of Start-Stops are sent for those IP flows that are inactive, since this is the final stop through which to detach from AAA context.
Call Admission Control
As part of the subscriber QoS profile, bandwidth is downloaded from AAA. The PDSN needs to make that bandwidth available for the mobile station. This helps in case the mobile uses any video services.
There is no specific interface on the PDSN that is considered as egress that defines the maximum available bandwidth. So there is no direct allocation, and the PDSN cannot use generic IOS QoS implementation on allocation failure.
As a solution, a new CLI is introduced which defines the total bandwidth on the box. This bandwidth could be the Gigabit interface on the SAMI card, or the egress interface on the line card. The maximum available bandwidth could be the minimum of the two.
Whenever a session registers with the PDSN, and the PDSN downloads the bandwidth to allocate, it checks the available bandwidth. If the requested bandwidth is available for use, the session is created successfully and the allotted amount is deducted from the available bandwidth. If it runs out of bandwidth, the call is rejected.
Whenever the session is deleted, the bandwidth is returned to the original pool.
Whenever a different bandwidth is downloaded during re-registration, the old one is returned and then the new one is deducted.
BandwidthFactor = (ConsumedBandwidth / Total Bandwidth) * 100
The other factors that can be included are memory, CPU, and the session load.
Session Load:
Currently the load that is calculated and forwarded to the Cluster Controller is the ratio of number of sessions active to the total session capacity of the box.
SessionFactor = (Number of Sessions active / Total session capacity) * 100
Memory:
Memory factor consists of 2 parts—Processor Memory and IO Memory. The RRQ should be accepted only if 10% of memory is available (both processor and IO Memory).
ProcMemoryFactor = (MemoryConsumed/TotalMemory) * 100
IOMemoryFactor = (MemoryConsumed/TotalMemory) * 100
CPU Factor:
The processor could be loaded due to heavy traffic (high packets/sec), or because of high number of requests or heavy data traffic. To consider this parameter, take the current CPU percentage for computation as well.
CPUFactor = (CPU Percentage)
Taking all the four parameters, the new load factor will be the maximum of the four.
If the maximum is memory or CPU, new registration requests are rejected till the value drops below the configured threshold.
If the maximum is because of BandwidthFactor, and if the new request is 1x (not downloading bandwidth), it is allowed. If it is RevA or 1x (downloading bandwidth), the registration proceeds until the bandwidth is downloaded. Then, based on bandwidth availability, the request is either processed or rejected.
If the highest is session count, it proceeds till the maximum is reached.
Controller - Member Calculation
The member now sends the newly calculated load to the controller as the exact load of the system. The controller performs load-balancing with the load value sent by the member. The controller reject calls once any of the load parameters for all the associated members reach the threshold of 100%. CAC is enabled on the member when the BW and CPU thresholds are configured. Multiple flows are enabled in the controller to support PDSN R4.0. The default memory threshold is 90%.
Configuring Call Admission Control on the PDSN
To configure the Call Admission Control feature on the PDSN, perform the following tasks:
Examples
Here is an example of the configuration commands:
router# cdma pdsn cac ?maximum Configure Maximum values for CAC Parameterscdma pdsn cac maximum ?bandwidth Configure Maximum Bandwidthcpu Configure CPU Threshold parameterscdma pdsn cac maximum bandwidth ?<8000-2000000000> Value
cdma pdsn cac maximum cpu ?<30-90> ValueVerifying the Configuration
To verify that the CAC feature is enabled, and to gather information regarding the CAC feature, perform the following task:
Step 1
router# show cdma pdsn cac
Display the various call admission control parameters and their status.
Examples
Here is an example of the show cdma pdsn cac command:
router# show cdma pdsn cac
Router#sh cdma pdsn cac
Output in Values Output in percentage
Total configured bandwidth 200000000 b 100%
Allocated bandwidth 0 b 0%
Available bandwidth 200000000 b 100%
CPU Threshold 90%
CPU Current 0%
Processor Memory Threshold 813609471 90%
Processor Memory Current 73398292 8%
IO Memory Threshold 60397977 90%
IO Memory Current 45603376 67%
Sessions allocated 0 0%
Max sessions allowed 25000 100%
Router#
Resource Management
Resource management defines the mechanism to release packet data session related resources at the network elements like the PDSN and the HA. Resources may be released due to the session handoff or for administrative purposes.
IS-835-C defines two mechanisms for resource management:
•
•
While resource management based on Packet of Disconnect is applicable to Simple IP, Mobile IP and Proxy Mobile IP flows, resource management based on Mobile IP Resource revocation is applicable only to Mobile IP flows.
The Cisco PDSN supports resource management based on both Packet of Disconnect and Mobile IP resource revocation.
Resource Revocation for Mobile IP
Basic Mobile IP resource revocation is an IS-835-C initiative that defines the methods by which a mobility agent (one that provides Mobile IP services to a mobile node) can notify the other mobility agent of the termination of a registration due to administrative reasons or MIP handoff.
When configured on the PDSN/FA, the Mobility Agent Advertisement extension in the Agent advertisement will have the X bit set, thus advertising support for resource revocation on that link. A PDSN configured to support resource revocation in Mobile IPv4 will include a revocation support extension in all MIP RRQ including re-registrations. If the associated MIP RRP from the HA also includes a valid revocation support extension, then the PDSN will assume the associated registration as revocable.
For a registration that is revocable, if the PDSN/FA needs to terminate the session administratively, the PDSN/FA sends a resource revocation message to the HA and releases the resources held for that registration.
If the resource revocation ACK from the HA is not received within a configurable amount of time, the resource revocation message will be retransmitted.
On receipt of a resource revocation message from Home Agent, and a registration (identified by the home address, care-of address, and Home Agent address) is located, the resources held by that registration are freed, and a resource revocation ACK message is sent back to the Home Agent. If no other Mobile IP registrations are active on the PPP session associated with the revoked binding, then the PDSN will release the associated PPP and R-P sessions for the revoked registration.
Restrictions for Registration Revocation
The following restrictions for Registration Revocation on the PDSN apply:
•
•
•
•
•
•
Packet of Disconnect
Radius Disconnect, or Packet of Disconnect (PoD) is a mechanism that allows the RADIUS server to send a Radius Disconnect Message to the PDSN to release Session related resources. Resources may be released due to the session handoff, or for administrative purposes. Some of the resources identified include PPP, RP sessions and Mobile IP bindings. Support for Radius Disconnect on the Cisco PDSN and Home Agent is TIA835C compliant.
The PDSN communicates its Resource management capabilities to the Home AAA in the Access Request message (sent for authentication/authorization procedure) by including a 3GPP2 Vendor Specific Session Termination Capability (STC) VSA. The value communicated in the STC VSA is obtained in the configuration. The PDSN also includes an NAS-Identifier attribute containing its Fully Qualified Domain Name (FQDN) in the Access Request.
The Home AAA server establishes a relationship between the user and the NAS Identifier/ NAS-IP address to detect a inter-PDSN handoff. If the NAS-Identifier/ NAS IP address received in the Access Request is different from the previously stored value (non-zero), an inter-PDSN handoff is detected.
The Disconnect Request contains the NAS-ID and the Username (NAI) attributes. It can optionally contain 3GPP2 Correlation ID Calling station ID (IMSI) and the Framed IP address—some session identification attributes. A Disconnect Reason VSA is included if a inter-PDSN handoff is detected. The session identification attributes supported by the PDSN are 3GPP2 Correlation ID and Calling station ID (IMSI).
If the 3GPP2 Correlation ID and Calling station ID (IMSI) attributes are received in the Disconnect Request, and the PDSN is able to find the session/flow corresponding to them, the PDSN will terminate the associated flow and send a Disconnect ACK message to RADIUS server. If session is not found for the received attributes, the PDSN will reply back with a Disconnect NACK message with error code "session context not found". If the Disconnect request has invalid attributes (for example, an 8 digit IMSI), the PDSN will reply with a Disconnect NACK with error code "Invalid Request".
The PDSN also supports processing Disconnect Requests that only contain the NAI attribute (if configured). In compliance with the standards, the PDSN terminates all sessions corresponding to the Username received.
The Ballot version mentions that a Disconnect Request can be received at the Home Agent (HA,) but details on the action to be taken in such an event is not detailed. Hence the approach followed is to terminate a specific binding if Framed-IP-Address attribute is received along with NAI, or terminate all bindings for the NAI, if only NAI attribute is received in the Disconnect Request.
The following restriction is present for this feature:
•
The command line interface for this feature will be standard AAA interfaces. The preferred method to configure POD in Release 2.0 and above is to use the aaa server radius dynamic-author command, which leads to a sub-configuration mode that has options to configure clients, security keys, and other variables.
The following NAS global AAA command is used to enable listening for POD packets:
•
The full syntax for this command is:
•
The following debug command is also available:
•
Restrictions for RADIUS Disconnect
•
•
•
Radius Enhancements
PDSN R3.0 includes the following RADIUS enhancements:
•
•
Radius Server Load Balancing
The RADIUS Load-Balancing (RLB) feature shares the load of RADIUS Authentication and Accounting transactions across a set of RADIUS servers. Without RLB, all transactions are sent to the first server considered to be alive in a server group. When this server stops responding and is marked dead, the PDSN fails over to the next one in the group. Using only one server, despite the presence of other usable servers in the group, limits the overall throughput for call setup/teardown.
Radius Server Load Balancing allows the PDSN to distribute the transaction load across multiple servers in a server group. It tracks the slower servers and reduces the transaction load on those servers, and it adapts when a server is marked dead and when it comes back up again.
The transactions are grouped into batches (the size of which is configurable), and each server is assigned a batch to process. The feature then load-balances transactions based on these batches, one batch at a time. When the first transaction is received, the algorithm determines the server with the least outstanding transactions, and this server is assigned the next batch of transactions. Once a batch of transactions has been assigned, the algorithm determines the server with the least outstanding transactions, and this server is assigned the next batch of transactions. Thus, the server with the least outstanding transactions always gets assigned the next batch. This load-balancing scheme can be applied based on a server group. Thus, each server group defined on the IOS platform can have its own load-balancing scheme.
You should exercise care while configuring the batch size. The trade-off in large versus a small batch size is that of throughput versus CPU load. A large batch size results in a lesser amount of computations, and a lower CPU load; however, it may cause a particular server within the server-group to be assigned transactions even though others in the group are idle. For very small batch sizes, the CPU load increases, as it computes outstanding load across servers more often. Lab simulations indicate that a batch size of 25 gives a decent throughput while not adversely affecting the CPU load.
High Latency RADIUS Servers
The algorithm adapts well to servers of varying response times. Servers that are quick have a lower number of transactions outstanding, and are assigned larger number of the incoming transactions. Slower servers get proportionately lower numbers of transactions.
Server Failovers
When a transaction fails over to the next server in the group after a failover, its outstanding count is increased. Thus, failed-over transactions are also load-balanced. When the next batch of transactions is assigned, this server's outstanding count will reflect it's load accurately—both new and failover transactions will be accounted for in the outstanding transaction count.
Dealing with Server Groups
Consider the following two server-groups:
Server-group SG1 with servers S1, S2, S3.
Server-group SG2 with servers S3, S4, S5.
Consider that SG1 is configured to be load-balanced, while SG2 is not. When requests are sent to SG2 these requests are assigned to S3, as it is the first server in the group and its outstanding transaction count will increase. When requests are sent to SG1, these requests are load-balanced across these servers. When sending transactions to S3, the outstanding transaction count for the server will be high because SG2 transactions are assigned directly to it. Thus, it will receive a low proportion of transactions in SG1. This is the preferred behavior, since the goal is to send transactions to servers that are quicker and able to handle more load, where the load is the total transactions a server is handling, not just those of the current server-group.
Preferred Servers
In certain cases, it is desirable to use the same server for all requests for a given session. With RADIUS server load balancing there is no guaranty that this will occur. To avoid such situations a preferred-server indication is introduced in Release 3.0.
Note
The preferred server behavior, which is enabled by default, tries to ensure that all the accounting records (Start, Stop, and Interim) for a session are sent to the same RADIUS server. However, authentication and accounting records for the same session may still be sent to different RADIUS servers as determined by the load balancing algorithm.
The following events may cause accounting records for the same session to be sent to different RADIUS servers:
•
•
The PDSN will try to use the server if possible, but if not, it will fall back to other servers in the group based on the load-balancing mechanism.
When this indicator is used, costs are not considered in deciding which server to use. However, it might not be possible to always use the preferred server. The server may have been marked dead. Or the server may not be usable since it is not part of the server-group that was used for a previous transaction during the session (for example, the Accounting server-group may be different from the authentication server-group). In this case, the algorithm is free to select an alternate server, based on the load-balancing scheme.
Incoming RADIUS Requests
The RADIUS server load balancing feature is not applicable to incoming RADIUS requests (for example, Packet of Disconnect). POD responses require that the server requesting service be the one that is responded to, thus you should not load-balance these requests across servers.
Subscriber Authorization Based on Domain
Cisco IOS provides a "Subscriber Authorization" mechanism to authorize subscribers based on their realm. You can find details of this feature at the following URL:
http://www.cisco.com/en/US/partner/products/ps6350/products_configuration_guide_chapter09186a0080455cf0.html#wp1056463
IS-835 Prepaid Support
The Cisco PDSN 2.0 software release provides real-time monitoring and rating of data calls for prepaid users. The prepaid billing solution for the PDSN is based on the RADIUS (AAA) server, and takes advantage of the existing flow-based accounting functionality. The prepaid billing feature requires the RADIUS server to interface with a Prepaid Billing Server (PBS) to relay real-time billing information between the PDSN and the PBS. A third-party Prepaid Billing Server controls the real-time rating of data calls and maintains balances in users' accounts. Cisco does not supply the PBS.
The following three types of Prepaid service are available in PDSN Release 2.1:
•
•
•
Prepaid functionality is supported on PDSN for the following type of data sessions:
•
•
•
•
Prepaid service is also available for sessions opened with MSID-based authentication access.
Note
Volume-based accounting for prepaid flows other than VPDN will count the bytes present in the PPP payload. For VPDN flows, it will count the bytes present in the PPP packet including the PPP packet header. A session that has multiple flows can have some of the flows with prepaid data service enabled, each either Volume-based or Duration-based, while other flows may not be prepaid enabled.
Tariff-based prepaid service is also supported for volume-based prepaid data service on the PDSN. To support tariff-based prepaid service, the Prepaid Billing Server should have the following capabilities:
•
•
Restrictions for Prepaid Support in Cisco PDSN Release 2.1
•
•
•
•
Prepaid Billing
When a user performs Simple IP access with AAA authentication, or Mobile IP access with FA-CHAP, the Prepaid capable PDSN sends a RADIUS Access-Request message for Authentication and Authorization. The Prepaid capable PDSN informs the Billing Server of its own Prepaid capabilities by including a PPAC VSA in the RADIUS Access-Request message.
The Home RADIUS performs Authentication and Authorization procedures as usual. If the HAAA identifies that a user is a prepaid user from its user profile, the HAAA interfaces with the Billing Server to retrieve prepaid related information for the user, and passes on the prepaid related information in the Access Request message. The Billing Server performs prepaid authorization for the user. The prepaid authorization procedure at HAAA and Billing Server consists of the following steps:
•
•
•
When the Billing Server successfully authorizes the user as a valid prepaid user, it notifies the HAAA that it supports prepaid service based on volume, or duration, or both, depending on the configuration at the Billing Server and capabilities as indicated by the PDSN. The HAAA encodes the information in a PPAC VSA to the PDSN, and indicates that volume-based or duration-based prepaid (or both) service is supported by the Billing Server.
HAAA sends the authorization response to the Prepaid capable PDSN using RADIUS Access-Accept/Reject messages. The authorization response includes a PPAQ VSA in the same RADIUS Access-Accept message stating an initial quota, quota-id and a threshold value of the quota for the prepaid flow corresponding to the user.
When the PDSN sends on-line Access Request messages to HAAA for prepaid related functionality, it does not set the User-Password (= 2) field in the message, and normal RADIUS message authentication is set and performed with Message Authenticator. Currently, the User-Password is set in online Access Requests to the default value of "cisco".
If the PDSN does not receive the PPAC VSA from the HAAA in the initial RADIUS Access-Accept message, or the message is included but indicates that "Prepaid Accounting not used", the PDSN will release the user's prepaid flow if the RADIUS Access-Accept message includes a PPAQ VSA. The PDSN will send an Access Request to HAAA to return the quota allocated with Update-Reason VSA that indicates Client Service termination.
If the PDSN is capable of supporting prepaid service based on either volume or duration, then the PDSN will enable prepaid service for the flow based on the Billing server-indicated service that applies to the session in PPAC. If the Billing server also indicates that the PDSN can allocate either volume or duration, then the PDSN will enable prepaid service based on the type of quota (volume or duration) present in PPAQ from HAAA. If both types of quota are present in PPAQ, then prepaid flow is not opened on the PDSN.
If the PDSN is capable of supporting prepaid service based on volume, and Billing Server indicates that it will support prepaid service based on duration, then the PDSN will close the prepaid flow. The PDSN will send an Access Request message with Update-Reason VSA indicating "Client Service termination". The same logic applies to the PDSN if it supports prepaid based on duration, and Billing Server returns prepaid service based on volume.
If the PDSN receives an Access-Accept message containing the PPAC VSA indicating prepaid service supported, but the initial quota is not included in the message, the PDSN will close the flow. Since no quota was received in the Access Accept, the PDSN will not send further RADIUS Access Request message to HAAA.
To ignore Billing Server interaction of HAAA for Access Requests sent by the PDSN during mobile IP re-registration for FA-CHAP, the PDSN will include the Session-Continue VSA set to "TRUE" in the on-line Access Request messages.
If multiple flows are present for the session that hosted the Prepaid flow, and a prepaid flow was stopped, and if it was the last flow for the session, then the session will be deleted by the PDSN. If one of mobile IP flo
Guest
