Table Of Contents
Configuring Enhanced Service-Aware Billing
Service-Aware GGSN Overview
Service-Aware GGSN Data Flows
Prerequisites
Limitations and Restrictions
Configuring a Service-Aware GGSN
Enabling Service-Aware Billing Support
Enabling Enhanced Service-Aware G-CDRs
Configuring CSG/Quota Server Interface Support
Configuring a CSG Server Group
Configuring the Quota Server Process on the GGSN
Advertising the Next Hop Address For Downlink Traffic
Configuring the GGSN to use the Cisco CSG as an Authentication and Accounting Proxy
Monitoring and Maintaining
Configuring Diameter/DCCA Interface Support
Configuring the Diameter Base
Configuring the DCCA Client Process on the GGSN
Enabling Support for Vendor-Specific AVPs in DCCA Messages
Configuring the Enhanced Billing Parameters in Charging Profiles
Specifying a Default Rulebase ID
Specifying a DCCA Client Profile to Use for Online Billing
Suppressing CDRs for Prepaid Users
Configuring the Time and Volume Thresholds for Postpaid Users
Configuring the Validity Timer for Postpaid Users
GTP-Session Redundancy for Service-Aware PDPs Overview
Configuration Example
Configuring Enhanced Service-Aware Billing
This chapter describes how to implement the Cisco Gateway GPRS Support Node (GGSN) as a service-aware GGSN that is capable of real-time credit-control for prepaid users, as well as service-aware billing for postpaid and prepaid users.
Note 
Service-aware GGSN functionality is supported on the Catalyst 6500/Cisco 7600 platform only.
For a complete description of the GGSN commands in this chapter, refer to the Cisco GGSN Release 5.2 Command Reference. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.
This chapter includes the following sections:
•Service-Aware GGSN Overview
•Configuring a Service-Aware GGSN
•Configuration Example
Service-Aware GGSN Overview
With GGSN Release 5.2 and later, the Cisco GGSN can be configured with the Cisco CSG and Cisco IOS Diameter/DCCA to support real-time credit-control for prepaid users and service-aware billing for postpaid and prepaid users.
The GGSN and CSG together, function as a service-aware GGSN. The CSG categorizes traffic, reports usage, and management quota. The GGSN provides a Diameter interface to the Diameter Credit Control Application (DCCA) server for the CSG to request quota and report usage.
The GGSN maintains all PDP contexts and determines if they are prepaid or postpaid. If service-based charging is required (prepaid or postpaid), entries are created on the CSG. The CSG inspects the service categories and reports usage back to the GGSN. If the user is to be treated as a postpaid user (offline charging), the GGSN records usage information reported by the CSG in enhanced G-CDRs. If the user is to be treated as a prepaid user (online charging), the GGSN records usage information reported by the CSG in enhanced G-CDRs and translates and sends to a DCCA server.
The GGSN also handles Gn-side triggers for quota reauthorization and server-initiated reauthorization or termination requests. The CSG sends the authorization requests, quota reports, and service stops to the GGSN, which in turn translates them into DCCA messages for transport over the Diameter interface. When the DCCA server responds with additional quota, the GGSN pushes it to the CSG.
Note If RADIUS is not being used, the Cisco CSG must be configured as a RADIUS endpoint.
Figure 1-1 provides illustrates the functions and characteristics the service-aware GGSN.
Figure 1-1 High-Level Overview of Service-Aware GGSN Functions
Supported Features
The primary new features supported by GGSN Release 5.2 and later to enable the configuration of a service-aware GGSN, include the following:
•Diameter base protocol and DCCA client interface support for online/real-time credit control for pre-paid users (IP PDP contexts only)
•Quota server functionality and interface to Cisco CSG for per-service billing
•Enhanced G-CDRs for service-based CDRs for prepaid and postpaid subscribers
Additionally, GGSN Release 5.2 and later provides enhancements to the following existing interfaces:
•AAA authentication interface—DCCA rulebase support and charging profile selection
•AAA accounting interface—Required for CSG Known User Table (KUT) population and CSG-based proxies
•Ga—Enhanced offline charging interface
Unsupported Features
The following features are not supported with the service aware feature in GGSN Release 5.2:
•Charging differentiation for secondary PDP contexts
•PPP PDP contexts
•PPP Regeneration
•Network Management
•Cell identity
•PDP contexts for both online DCCA exchange and offline service-based usage
•Dynamic configuration for blocking/forwarding traffic while waiting for quota reauthorization
•Diameter proxy, relay, or redirection
•Diameter transport layer security
•SCTP transport
•No Dual Quota Support (for receiving Volume and Time quota)
Service-Aware GGSN Data Flows
The following describes, at a high level, the flow of traffic during a PDP context creation for prepaid and users in an enhanced service-aware billing implementation using the service-aware GGSN.
PDP Context Creation Data Flow for Prepaid Users
1. The SGSN sends a create PDP context request to the service-aware GGSN.
2. The service-aware GGSN sends an AAA Access request message to the RADIUS server.
3. The RADIUS server returns an Access Accept return. The GGSN obtains a default Rulebase ID from the Access Accept return or from a locally configured value in the selected charging profile.
4. The service-aware GGSN sends a credit control request (CCR) to the DCCA server.
5. The DCCA server sends a credit control answer (CCA) to the service-aware GGSN. The CCA might contain a rulebase and quota request.
6. If it contains a rulebase, the service-aware GGSN sends an Accounting Start request with the selected rulebase. The CSG, acting as a RADIUS proxy, receives this message and creates a KUT for the user.
7. The CSG RADIUS proxy sends an Accounting Start response to the GGSN.
8. If the DCCA server sends a quota request is received in a CCA to the service-ware GGSN, the GGSN pushes the quota request to the CSG.
9. When the GGSN receives a quota push response, it sends the create PDP context response to the SGSN.
PDP Context Creation Data Flow for Postpaid Users
1. The SGSN sends a create PDP context request to the service-aware GGSN.
2. The service-aware GGSN sends an Accounting Start request with the selected rulebase. The CSG, acting as a RADIUS proxy, receives this message and creates a KUT for the user. The GGSN waits for an Accounting Start response.
3. The AAA server sends an Accounting Start Response.
4. The service-aware GGSN sends a create PDP context response to the SGSN.
Prerequisites
Implementing a service-aware GGSN using GGSN Release 5.2 requires the following:
•Two Catalyst 6500 series switches / Cisco 7600 series Internet routers in which Sup720s with the 512-MB Multilayer Switch Feature Card 2 (MSFC2) are installed and running Cisco IOS Release 12.2(18)SXE and later.
•Depending on GGSN scaling and redundancy, Multiple Cisco Multi-Processor WAN Application Module (MWAMs), each with the 1 GB memory option.
•IPSec VPN card (for security)
•A Cisco Content Services Gateway (CSG) module in each of the Cisco 7600 series routers. The CSGs must be running the same Cisco CSG software release, Release 3.1(3)C6(1) or later.
•On the SGSN, the values configured for the number GTP N3 requests and T3 retransmissions must be larger than the sum of all possible server timers (RADIUS, DCCA, and CSG).
Specifically the SGSN N3*T3 must be greater than:
2 x RADIUS timeout + N x DCCA timeout + CSG timeout
where:
–2 is for both authentication and accounting.
–N is for the number of diameter servers configured in the server group.
Limitations and Restrictions
Before implementing enhanced service-aware billing, please note the following:
•Service-Aware GGSN functionality is supported on the Catalyst 6500 / Cisco 7600 platform only.
•If session redundancy is needed, the GGSN supports a maximum of 21 categories per user.
•RADIUS accounting is enabled between the CSG and GGSN to populate the Known User Entries Table table entries with the PDP context user information
•CSG must be configured with the QS addresses of all the GGSN instances
•Service IDs on the CSG must be configured as numeric strings that match the category IDs on the DCCA server.
•If RADIUS is not being used, the Cisco CSG must be configured as a RADIUS endpoint on the GGSN.
Configuring a Service-Aware GGSN
To configure a service-aware GGSN, complete the tasks in the following sections:
•Enabling Service-Aware Billing Support (Required)
•Configuring CSG/Quota Server Interface Support (Required)
•Configuring Diameter/DCCA Interface Support (Required)
•Configuring the Enhanced Billing Parameters in Charging Profiles (Required)
Enabling Service-Aware Billing Support
Enhanced service-aware billing must be enabled on the GGSN before you can configure a service-aware GGSN.
To enable service-aware billing support on the GGSN, complete the following task while in global configuration mode:
Command
|
Purpose
|
Router(config)# gprs service-aware
|
Configures a service-aware GGSN.
|
To enable service-aware billing support for a particular access-point, complete the following task while in access-point configuration mode.
Command
|
Purpose
|
Router(access-point-config)# service-aware
|
Enables an APN to support service-aware billing.
|
If service-aware billing is enabled for an APN, the GGSN must be configured to wait for a RADIUS accounting response before sending a create PDP context response to the SGSN.
To configure the GGSN to wait for a RADIUS accounting response before sending a create PDP context response to the SGSN, complete the following task while in global configuration mode:
Command
|
Purpose
|
Router(config)# gprs gtp response-message wait-accounting
|
Configures the GGSN to wait for a RADIUS accounting response before sending a create PDP context response to the SGSN.
|
Enabling Enhanced Service-Aware G-CDRs
G-CDRs are contain information for part, or the entire duration, of a PDP context. The G-CDR includes information such as the subscriber (MSISDN, IMSI), APN used, QoS applied, SGSN ID (as the mobile access location), a time stamp and duration, data volume recorded separately for the upstream and downstream direction, and volume thresholds for intermediate CDR generation and tariff time switches.
In addition to all of the above, additionally, enhanced G-CDRs contain a service-record part that contains the usage data of each service flow used by a PDP session (specified by category ID). For example, the upstream and downstream volume and duration is recorded per service flow.
By default, the GGSN does not generate enhanced service-aware G-CDRs. To support a service-aware GGSN implementation, the GGSN must be configured to include the service-record information in G-CDRs.
To configure the GGSN to include the service-record information in G-CDRs, use the following command while in global configuration mode:
Command
|
Purpose
|
Router(config)# gprs charging cdr-option
service-record [1-100]
|
Configures the GGSN to include service and service usage information in G-CDRs and specifies the maximum number of service records a G-CDR can contain before the G-CDR is closed and a partial G-CDR is opened. The default is 5.
|
Configuring CSG/Quota Server Interface Support
Together, configured as a service-aware GGSN, the Cisco CSG and GGSN provide the following functions:
•The Cisco CSG:
–Inspects packets and categorizes traffic
–Requests quota and reports usage
–Provides billing plans, service names, and content definitions
–Acts as a RADIUS proxy for non-DCCA traffic
–Functions in prepaid mode for each service-flow charging recording
For detailed information about configuring the CSG, see Cisco Content Services Gateway Installation and Configuration Guide.
•The GGSN:
–Functions as a quota server to the CSG
–Provides the Diameter interface to the DCCA server for quota requests and returns
–Manages quota requested by the CSG and received from the DCCA server
–Maps DCCA server rulebases to CSG billing plans
–Maps DCCA server category quota to CSG service quota
To configure the CSG/quota server interface on the GGSN, complete the tasks in the following sections:
•Configuring a CSG Server Group (Required)
•Configuring the Quota Server Process on the GGSN (Required)
•Configuring the GGSN to use the Cisco CSG as an Authentication and Accounting Proxy (Required if RADIUS is not being used)
•Monitoring and Maintaining
Configuring a CSG Server Group
We recommend that two Cisco CSGs (one Active, the other Standby) should be configured to function as one when interacting with the quota server process on the GGSN. To the quota server process on the GGSN, the pair of CSGs appears as one.
Therefore, when configuring the CSG group that the quota server process will use to communicate with the Cisco CSG, a virtual IP address must be specified along with the real IP addresses of each of the CSGs that make up the redundant pair. The quota server process communicates with the virtual address and the active CSG listens to the virtual IP address.
To configure a CSG group on the GGSN, complete the following tasks, beginning in global configuration mode.
| |
Command
|
Purpose
|
Step 1
|
Router(config)# ggsn csg csg-group-name
|
Specifies a name for the CSG server group and enters CSG group configuration mode.
|
Step 2
|
Router(config-csg-group)# virtual-address ip-address
|
Specifies the virtual IP address of the CSG group. This is the IP address that the quota server process on the GGSN will use to communicate with the CSG.
|
Step 3
|
Router(config-csg-group)# port port-number
|
(Optional) Configures the port on which the CSG listens for communications from quota server. The default is 3386.
Note The CSG always sends messages to the quota server on port 3386.
|
Step 4
|
Router(config-csg-group)# real-address ip-address
|
Configures the IP address of a real CSG for source checking on inbound messages from a CSG. Configure an real IP address for each of the CSGs that make up the redundant pair.
|
Configuring the Quota Server Process on the GGSN
The GGSN functions as a quota server when interacting with a Cisco CSG server group. The quota server process on the GGSN supports the following attributes in Accounting Start messages to the CSG:
•Billing Plan ID—Corresponds with the rulebase ID received from the DCCA server. The quota server process on the GGSN maps the rulebase ID to the billing plan ID.
•Quota server address and port—IP address and port of the quota server the CSG should use for a user.
•Downlink nexthop address—Next hop address (user address) for downlink traffic (CSG-to-GGSN).
In addition, the quota server process supports the following TLVs:
•Quota Consumption Timer (QCT). The QCT is assumed to be zero.
•Quota Holding Timer (QHT)
•Quota Threshold
For more information on enhancements to the quota server interface, billing plans, and the QCT and QHT, see the Cisco Content Services Gateway Installation and Configuration Guide.
To configure the quota server process on the GGSN, complete the following tasks, beginning in global configuration mode:.
| |
Command
|
Purpose
|
Step 1
|
Router(config)# ggsn quota-server server-name
|
Enables the quota server process on the GGSN and enters quota server configuration mode.
|
Step 2
|
Router(config-quota-server)# interface interface-name
|
Specifies the logical interface, by name, to be used by the quota server. We recommend that a loopback interface be used as the quota server interface.
Note The quota server must use a different address than the GTP virtual template address.
|
Step 3
|
Router(config-quota-server)# echo-interval [ 0 |
60-65535]
|
Specifies the number of seconds that the quota server waits before sending an echo request message to the CSG. Valid values are 0 (quota server-initiated echo messages are disabled) or a value between 60 to 65535. The default is 60.
|
Step 4
|
Router(config-quota-server)# n3-requests 1-65535
|
Specifies the maximum number of times that the quota server attempts to send a signaling request to the CSG. The default is 5.
|
Step 5
|
Router(config-quota-server)# t3-response 1-65535
|
Specifies the initial time that the quota server waits before resending a signaling request message when a response to a request has not been received. The default is 1.
|
Step 6
|
Router(config-quota-server)# csg-group csg-group-name
|
Specifies the CSG group that the quota server process is to use to communicate with a CSG.
Note The quota server process supports one path to a CSG, therefore, only one CSG group can be specified at a time.
|
Advertising the Next Hop Address For Downlink Traffic
To configure the next hop address (the user address) for downlink traffic (CSG-to-GGSN) to be advertised in Accounting Start requests, complete the following task while in access-point configuration mode:
Command
|
Purpose
|
GGSN(access-point-config)# advertise downlink
next-hop ip-address
|
Configures the next hop address to which downlink traffic destined for the GGSN will be routed to be advertised in Accounting Start requests.
|
Configuring the GGSN to use the Cisco CSG as an Authentication and Accounting Proxy
If RADIUS is not being used, the Cisco CSG must be configured as a RADIUS endpoint.
To configure the GGSN to use the CSG as an AAA proxy, you must complete the following tasks:
5. Define the RADIUS server globally.
1. Define a AAA RADIUS server group and include the CSG as a server in the server group.
2. Specify the type of services the server group will support using AAA method lists.
3. Reference the method list in APNs that will use the CSG as a RADIUS proxy.
To specify the RADIUS server globally, complete the following tasks while in global configuration mode:
| |
Command
|
Purpose
|
Step 1
|
Router(config)# radius-server host {hostname |
ip-address} [auth-port port-number]
[acct-port port-number]
|
Specifies a RADIUS server host.
|
Step 2
|
Router(config)# radius-server key {0 string | 7 string
| string}
|
Sets the authentication and encryption key for all RADIUS communications between the GGSN and the RADIUS daemon.
|
To define a AAA RADIUS server group, and include the CSG as a server in the server group, complete the following tasks, beginning in global configuration mode:
| |
Command
|
Purpose
|
Step 1
|
Router(config)# aaa group server radius group-name
|
Specifies a AAA server group and assigns the selected server group for authentication services.
|
Step 2
|
Router(config-sg-radius)# server ip_address [auth-port
port-number] [acct-port port-number]
|
Configures the IP address of the RADIUS server in the server group.
|
Step 3
|
Router(config-sg-radius)# exit
|
Exits server group configuration mode.
|
To specify the types of services the group will support using AAA method lists, complete the following tasks, beginning in global configuration mode:
| |
Command
|
Purpose
|
Step 1
|
Router(config)# aaa authentication ppp list-name group
group-name
|
Specifies one or more AAA authentication methods for use on serial interfaces that are running PPP.
|
Step 2
|
Router(config)# aaa authorization network list-name
group group-name
|
Sets parameters that restrict network access to a user.
|
Step 3
|
Router(config)# aaa accounting network list-name
start-stop group group-name
|
Enables AAA accounting of requested services for billing or security purposes when you use RADIUS.
|
To reference the method list in APNs that will use the CSG as a RADIUS proxy, complete the following tasks while in access-point configuration mode:
| |
Command
|
Purpose
|
Step 1
|
Router(access-point-config)# aaa-group authentication
server-name
|
Specifies a AAA server group and assigns the selected server group for authentication services on the access point.
|
Step 2
|
Router(access-point-config)# aaa-group accounting
server-name
|
Specifies the logical interface, by name, to be used by the quota server.
|
Monitoring and Maintaining
Use the following privilege EXEC commands to monitor and maintain the quota server-to-CSG configuration.
Command
|
Purpose
|
Router# clear ggsn quota-server statistics
|
Clears quota server-related statistics (messages and error counts).
|
Router# show ggsn quota-server [parameters |
statistics]
|
Displays quota server parameters or statistics about quota server messages and error counts.
|
Router# show ggsn csg [parameters | statistics]
|
Displays the parameters used by the CSG group or the number of path and quota management messages sent and received by the quota server.
|
Configuring Diameter/DCCA Interface Support
The GGSN functions as a DCCA client when communicating with a DCCA server to provide the following functions:
•Diameter interface to the DCCA server for quota negotiation
•Sends quota requests from the CSG to the DCCA server and pushes quota returns from the server to the CSG
•Maps DCCA server rulebases to CSG billing plans
•Maps DCCA server category quota to CSG service quota
Messaging
The GGSN DCCA client process and DCCA server exchange the following messages:
•Credit Control Request (CCR)—Initial, Update, and Final
•Credit Control Answer (CCA)—Initial, Update, and Final
The GGSN Diameter interface supports the following Diameter base messages:
•Capability Exchange Request (CER) and Capability Exchange Answer (CEA)—The GGSN advertises DCCA support in CER messages. In addition, the GGSN can be configured to advertise support for vendor-specific AVPs using the diameter vendor support global configuration command.
•Disconnect Peer Request (DPR) and Disconnect Peer Answer (DPA)—The GGSN sends a DPR message when the CER with a Diameter peer fails or there is no Diameter server configured.
•Device Watchdog Request (DWR) and Device Watchdog Answer (DWA)—The GGSN uses DWR and DWA messages to detect transport failures with a Diameter peer. A watchdog timer can be configured for each Diameter peer using the timer watchdog Diameter peer configuration command.
•Re-auth Request (RAR) and Re-auth Answer (RAA)
•Abort Session Request (ASR) / Abort Session Answer (ASA)
Additionally, as a DCCA client, the GGSN receives the following notifications from Cisco IOS AAA:
•Receipts of CCA messages
•Asynchronous session termination requests
•Server-initiated reauthorization requests (RARs)
To configure Diameter/DCCA support, complete the tasks in the following sections:
•Configuring the Diameter Base
•Configuring the DCCA Client Process on the GGSN
•Enabling Support for Vendor-Specific AVPs in DCCA Messages
Configuring the Diameter Base
To configure the Diameter protocol base, complete the tasks in the following sections:
•Configuring a Diameter Peer
•Enabling Diameter AAA
•Configuring Diameter Protocol Parameters Globally
•Monitoring and Maintaining the Diameter Base
Configuring a Diameter Peer
To configure a Diameter peer, use the following commands, beginning in global configuration mode:.
| |
Command
|
Purpose
|
Step 1
|
Router(config)# diameter peer peer-name
|
Defines a Diameter peer and enters Diameter peer configuration mode.
|
Step 2
|
Router(config-dia-peer)# address ipv4 ip-address
|
Configures a route to the host of the Diameter peer using IPv4.
|
Step 3
|
Router(config-dia-peer)# transport {tcp | sctp}
port port-num
|
Configures the transport protocol to use to connect to the Diameter peer.
Note GGSN Release 5.2 supports TCP only.
|
Step 4
|
Router(config-dia-peer)# security ipsec
|
Configures IPSec as the security protocol to use for the Diameter peer-to-peer connection.
|
Step 5
|
Router(config-dia-peer)# source interface interface
|
Configures the interface to use to connect to the Diameter peer.
|
Step 6
|
Router(config-dia-peer)# timer {connection |
transaction | watchdog} value
|
Configures Diameter base protocol timers for peer-to-peer communication. Valid range, in seconds, is 1 to 1000. The default is 30.
•connection—Maximum amount of time the GGSN attempts to reconnect to a Diameter peer after a connection to the peer has been brought down due to a transport failure. A value of 0 configures the GGSN to not try to reconnect.
•transaction—Maximum amount of time the GGSN waits for a Diameter peer to respond before trying another peer.
•watchdog—Maximum amount of time the GGSN waits for a Diameter peer to respond to a watchdog packet.
When the watchdog timer expires, a DWR is sent to the Diameter peer and the watchdog timer is reset. If a DWA is not received before the next expiration of the watchdog timer, a transport failure to the Diameter peer has occurred.
When configuring timers, note that the value for the transaction timer, should be larger than the TX-timeout value, and, on the SGSN, the values configured for the number GTP N3 requests and T3 retransmissions must be larger than the sum of all possible server timers (RADIUS, DCCA, and CSG). Specifically, the SGSN N3*T3 must be greater than 2 x RADIUS timeout + N x DCCA timeout + CSG timeout where:
•2 is for both authentication and accounting.
•N is for the number of diameter servers configured in the server group.
|
Step 7
|
Router(config-dia-peer)# destination host string
|
Configures the Fully Qualified Domain Name (FQDN) of a Diameter peer.
|
Step 8
|
Router(config-dia-peer)# destination realm string
|
Configures the destination realm (part of the domain "@realm") in which a Diameter peer is located.
The realm might be added by the AAA client when sending a request to AAA. However, if the client does not add the attribute, then the value configured while in Diameter peer configuration mode is used when sending messages to the destination Diameter peer. If a value is not configured while in Diameter peer configuration mode, the value specified globally using the diameter destination realm global configuration command is used.
|
Step 9
|
Router(config-dia-peer)# ip vrf forwarding name
|
Associates a VRF with a Diameter peer.
Note If a VRF name is not configure for a Diameter server, the global routing table will be used.
|
Enabling Diameter AAA
To enable Diameter AAA, complete the tasks in the following sections:
•Defining the Diameter AAA Server Group
•Defining an Authorization Method List for Prepaid Subscribers
Defining the Diameter AAA Server Group
For redundancy, Diameter servers should be configured as Diameter AAA server groups that consist of a primary and secondary server.
To define a Diameter AAA server group, use the following commands, beginning in global configuration mode:.
| |
Command
|
Purpose
|
Step 1
|
Router(config)# aaa new-model
|
Enables AAA.
|
Step 2
|
Router(config)# aaa group server diameter server
|
Defines a Diameter AAA server group.
Configuring AAA server groups allows different servers to be used for each element of AAA. It also defines a redundant set of servers for each element.
|
Step 3
|
Router(config-sg-diameter)# server name auth-port 1645
acct-port 1646
|
Configures the name of the Diameter server for the Diameter AAA server group.
The name specified for this command should match the name of a Diameter peer defined using the diameter peer command.
Note The above port numbers are defaults, for authorization and accounting, respectively. Explicit port numbers are required only if non-default ports are used.
|
Defining an Authorization Method List for Prepaid Subscribers
To apply parameters that restrict access to a network for prepaid subscribers, use the following command while in global configuration mode:
Command
|
Purpose
|
Router(config)# aaa authorization prepaid method_list group
server_group [group server_group]
|
Defines an authorization method list for prepaid subscribers and defines the Diameter AAA groups to send records.
|
Configuring Diameter Protocol Parameters Globally
Global Diameter protocol parameters are used if Diameter parameters have not been defined at a Diameter peer level.
To configure global Diameter parameters, complete the following tasks while in global configuration mode:
| |
Command
|
Purpose
|
Step 1
|
Router(config)# diameter timer {connection
| transaction | watchdog} value
|
Configures Diameter base protocol timers to use if none have been configured at the Diameter peer level. Valid range, in seconds, is 0 to 1000. The default is 30.
•connection—Maximum amount of time the GGSN attempts to reconnect to a Diameter peer after a connection to the peer has been brought down due to a transport failure. A value of 0 configures the GGSN to not try to reconnect.
•transaction—Maximum amount of time the GGSN waits for a Diameter peer to respond before trying another peer.
•watchdog—Maximum amount of time the GGSN waits for a Diameter peer to respond to a watchdog packet.
When the watchdog timer expires, a DWR is sent to the Diameter peer and the watchdog timer is reset. If a DWA is not received before the next expiration of the watchdog timer, a transport failure to the Diameter peer has occurred.
When configuring timers, note that the value for the transaction timers, should be larger than the value for the TX timer, and, on the SGSN, the values configured for the number GTP N3 requests and T3 retransmissions must be larger than the sum of all possible server timers (RADIUS, DCCA, and CSG). Specifically, the SGSN N3*T3 must be greater than 2 x RADIUS timeout + N x DCCA timeout + CSG timeout where:
•2 is for both authentication and accounting.
•N is for the number of diameter servers configured in the server group.
|
Step 2
|
Router(config)# diameter redundancy
|
Enables the Diameter node to be a Cisco IOS Redundancy Facility (RF) client and track session states.
The Diameter base does not initiate a connection to a Diameter peer that is in standby mode. Upon a standby-to-active mode transition, a connection to the newly active peer is established.
Note This command is required for Service-aware PDP session redundancy. For more information about service-aware PDP session redundancy, see the "GTP-Session Redundancy for Service-Aware PDPs Overview" section.
|
Step 3
|
Router(config)# diameter origin realm
string
|
Configures the realm of origin (part of the domain "@realm") in which this Diameter node is located.
Origin realm information is sent in requests to a Diameter peer.
|
Step 4
|
Router(config)# diameter origin host string
|
Configures the Fully Qualified Domain Name (FQDN) of the host of this Diameter node.
The origin host information is sent in requests to a Diameter peer.
|
Step 5
|
Router(config)# diameter vendor support
{Cisco | 3gpp | Vodafone}
|
Configures this Diameter node to advertise the vendor AVPs it supports in capability exchange messages with Diameter peers.
Multiple instances of this command can be configured if the vendor IDs differ.
|
Monitoring and Maintaining the Diameter Base
Use the following privilege EXEC command to monitor and maintain Diameter peer configurations.
Command
|
Purpose
|
Router# show diameter peer
|
Displays Diameter peer-related information.
|
Configuring the DCCA Client Process on the GGSN
The GGSN functions as a DCCA client when interacting with the DCCA server to obtain and request quota. As a DCCA client, the GGSN sends CCR messages to and receives CCAs from the DDCA server for credit control session (one credit control session per PDP session). In addition, the defaults configured in the DCCA client profile dictate how the GGSN handles credit control sessions if a server failover should occur and no instructions are sent by the server.
Failure Handling Defaults on the DCCA Client
Two AVPs determine how the CC sessions are handled if a failover occurs:
•CC-Session-Failover AVP—Indicates that a CC session should fail over to the alternate Diameter server (set using the session-failover DCCA client profile configuration command).
•Credit-Control-Failure-Handling (CCFH)—Determines how the GGSN behaves if a failure does occur (set using the ccfh DCCA client profile configuration command)
Defaults for these AVPs can be configured in the DCCA client profile for failure handling, however, values received from the DCCA server will override the defaults configured on the GGSN.
The CCFH AVP is determines the action the DCCA client takes on a session, when the following fault conditions occur:
•Tx timeout expires.
•CCA message containing protocol error (Result-Code 3xxx) is received.
•CCA fails (for example, a CCA with a permanent failure notification [Result-Code 5xxx]) is received).
•Failure-to-send condition exists (the DCCA client is not able to communicate with the desired destination).
•An invalid answer is received
To configure a DCCA client profile, in which the details of a DCCA client process are defined and is referenced from the charging profile, use the following commands, beginning in global configuration mode:.
| |
Command
|
Purpose
|
Step 1
|
Router(config)# gprs dcca profile name
|
Defines the DCCA client process on the GGSN and enters DCCA client profile configuration mode.
|
Step 2
|
Router(config-dcca-profile)# authorization
method_list_name
|
Defines the method list that is used to specify the Diameter AAA server groups.
|
Step 3
|
Router(config-dcca-profile)# tx-timeout seconds
|
Configures a TX timeout value, in seconds, used by this DCCA client to monitor the communication of Credit Control Requests (CCRs) with a Diameter server.
Valid range is 1 to 1000 seconds. The default is 10.
When configuring timers, note that the value for the transaction timer, should be larger than the TX-timeout value, and, on the SGSN, the values configured for the number GTP N3 requests and T3 retransmissions must be larger than the sum of all possible server timers (RADIUS, DCCA, and CSG). Specifically, the SGSN N3*T3 must be greater than 2 x RADIUS timeout + N x DCCA timeout + CSG timeout where:
•2 is for both authentication and accounting.
•N is for the number of diameter servers configured in the server group.
|
Step 4
|
Router(config-dcca-profile)# ccfh {continue |
terminate | retry_terminate}
|
Configures the default Credit Control Failure Handling (CCFH) action to take on PDP contexts when a fault condition occurs.
•CONTINUE—Allows the PDP context and user traffic for the relevant category or categories to continue, regardless of the interruption. Quota management of other categories is not affected.
•TERMINATE—Terminates the PDP context and the CC session.
•RETRY—Allows the PDP context and user traffic for the relevant category or categories to continue. The DCCA client retries to send the CRR to an alternate server and if a failure-to-send condition occurs with the alternate server, the PDP context is terminated.
The default is terminate.
A value from the DCCA server in a CCA overrides this default.
|
Step 5
|
Router(config-dcca-profile)# session-failover
|
Specifies that a session should failover to the alternate DCCA server Configures Credit Control Session Failover (CCSF) AVP support when a CCA message from a DCCA server does not contain a value for the CCSF AVP.
By default, session failover is not supported.
|
Step 6
|
Router(config-dcca-profile)# destination-realm string
|
Specifies the destination realm to be sent in CCR initial requests to the DCCA server. For subsequent CCRs, the Origin-Realm AVP received in the last CCA is used as the Destination-Realm.
|
Step 7
|
Router(config-dcca-profile)# trigger {sgsn-change |
qos-change}
|
Specifies that SGSN and QoS changes trigger quota-reauthorization.
Modifying this command will not affect existing PDP contexts using a DCCA client profile.
Note This command is supported by the generic DCCA client only.
|
Enabling Support for Vendor-Specific AVPs in DCCA Messages
The GGSN can be configured to send Vodafone vendor-specific AVPs in DCCA messages to the DCCA server.
Table 1-1 lists and describes the Vodafone vendor-specific AVPs that the GGSN can be configured to send in DCCA messages.
Table 1-1 Vodafone Vendor-Specific AVPs in CCRs
Number
|
Vendor-Proprietary Attribute
|
Description
|
| |
Rulebase-ID
|
Billing Plan ID (string)
|
| |
Context-Type
|
Type of PDP context (PRIMARY). For secondary PDP contexts, no CCR is sent. This AVP is sent in CCR (Initial) only.
|
| |
User-Location-Info
|
Cell Global Identification (CGI) is used as geographical location type. RAI, obtained from the SGSN, is sent.
|
To enable the GGSN to send Vodafone vendor-specific AVPs in DCCA messages to the DCCA server, complete the following task while in global configuration mode.
Command
|
Purpose
|
Router(config)# gprs dcca clci
|
Configures the GGSN to send Vodafone vendor-specific AVPs in DCCA messages to the server.
|
Configuring the Enhanced Billing Parameters in Charging Profiles
The GGSN supports up to 255 charging profiles (numbered 0 to 255). Charging profiles 1 through 255 are configurable, charging profile 0 is a box-level default configured while in global configuration mode. For information on how a charging profile is selecting and how to configure charging profiles, see the Configuring Charging chapter.
In addition to the previous charging profile support, with GGSN Release 5.2 and later, the charging profile can also be configured to:
•Allow eG-CDRs
•Specify a default charging type (to be used primarily for a prepaid or postpaid user)
•DCCA server to contact for quota requests (presence indicates online charging)
•Suppress CDRs for all or only online charging
•Default Rulebase-ID to apply to a user
To configure service-aware billing characteristics in a charging profile, complete the tasks in the following sections:
•Specifying a Default Rulebase ID
•Specifying a DCCA Client Profile to Use for Online Billing
•Suppressing CDRs for Prepaid Users
•Configuring the Time and Volume Thresholds for Postpaid Users
Specifying a Default Rulebase ID
Rulebases contain the rules for defining categories of traffic; categories on which decisions such as whether to allow or disallow traffic, and how to measure the traffic, are based. The GGSN maps Diameter Rulebase IDs to CSG billing plans.
To configure a default rulebase ID to apply to PDP contexts using a particular charging profile, use the following command while in charging profile configuration mode:
Command
|
Purpose
|
Router(ch-prof-conf)# content rulebase id
|
Defines a default rulebase ID to apply to PDP contexts using this charging profile.
|
Note The rulebase value presented in a RADIUS Access Accept message overrides the default rulebase ID configured in a charging profile. A rulebase ID received in a CCA initial message from a DCCA server overrides the Rulebase ID received from the RADIUS server and the default rulebase ID configured in a charging profile.
Specifying a DCCA Client Profile to Use for Online Billing
The charging profile is selected when the primary PDP context is created. If a DCCA profile has been configured in the charging profile, online billing is indicated. Therefore, regardless of whether or not a subscriber is prepaid or postpaid, the GGSN will contact the DCCA server if the content dcca profile configuration is present. If the subscriber is to be treated as a postpaid user, the DCCA server will return a CAA with a result-code of CREDIT_CONTROL_NOT_APPLICABLE (4011) and the user will be treated as a postpaid user.
If a charging profile does not contain a DCCA profile configuration, users are treated as postpaid (offline billing).
To specify the DCCA client profile to use to communicate with a DCCA server, use the following command while in charging profile configuration mode:
Command
|
Purpose
|
Router(ch-prof-conf)# content dcca profile profile-name
|
Specifies the profile to use to communicate with a DCCA server.
|
Suppressing CDRs for Prepaid Users
Charging for prepaid users is handled by the DCCA client, therefore, G-CDRs do not need to be generated for prepaid users.
To configure the GGSN to suppress G-CDRs for users with an active connection to a DCCA server, use the following command while in charging profile configuration mode:
Command
|
Purpose
|
Router(ch-prof-conf)# cdr suppression prepaid
|
Specifies that CDRs be suppressed for prepaid users
|
Note When enabled, if a Diameter server error occurs while a session is active, the user is reverted to postpaid status, but CDRs for the PDP context are not generated.
Configuring the Time and Volume Thresholds for Postpaid Users
If a user is a prepaid user, all the credit control, including thresholds and quota, is controlled by the DCCA server. If the user is a postpaid user, and service-aware billing is enabled, default values configured in a charging profile define the volume and time thresholds. These thresholds control how often usages should be reported.
To configure the time and volume thresholds for postpaid users, use the following commands while in charging profile configuration mode:
| |
Command
|
Purpose
|
Step 1
|
Router(ch-prof-conf)# content postpaid time value
|
Specifies as a trigger condition for postpaid users, the time duration limit that when exceeded, causes the GGSN to collect upstream and downstream traffic byte counts and close and update the G-CDR for a particular PDP context. Valid value is between 300 and 4294967295 seconds. The default is 1048576.
|
Step 2
|
Router(ch-prof-conf)# content postpaid volume value
|
Specifies as a trigger condition for postpaid users, the maximum number of bytes that the GGSN maintains across all containers for a particular PDP context before closing and updating the G-CDR. Valid value is between 1 and 4294967295. The default is 1,048,576 bytes (1 MB).
|
Configuring the Validity Timer for Postpaid Users
To configure an amount of time granted quota for postpaid users is valid before it expires, use the following command while in charging profile configuration mode:
| |
Command
|
Purpose
|
Step 1
|
Router(ch-prof-conf)# content postpaid
validity seconds
|
Specifies the amount of time, in seconds, that quota granted for a postpaid user is valid. Valid range is 900 to 4294967295 seconds. The default is no validity timer is configured.
|
GTP-Session Redundancy for Service-Aware PDPs Overview
GTP-Session Redundancy (GTP-SR) support was introduced in GGSN Release 5.1. It ensures that when an Active GGSN fails, a Standby GGSN has all the necessary information about a PDP context to continue service without interruption. In an enhanced service-aware billing environment, this means service-related information must also be synchronized from the Active to Standby service-aware GGSN. Therefore, with GGSN Release 5.2 and later, service-aware data necessary to establish charging for service-aware PDP sessions is sychronized to the Standby GGSN.
This includes data for the following:
•Per-PDP context services—Rulebase ID and DCCA failure handling settings (CCSF and CCSH AVPs).
•Per-category information—Category ID, CSG session, and category state and event triggers. Many category states are intermediate states, therefore, they are not sychronized to the Standby service-aware GGSN. The following category states are sychronized: blacklist, idle, and authorized.
All event triggers are recorded. At the end of the processing of an event on the Active GGSN, the clearing of the event's trigger is synchronized to the Standby. If a switchover occurs, if an event trigger is found present on a category, the newly Active GGSN reinitiates the event.
•Path states—The quota server process on the Active GGSN synchronizes the state of the path to a CSG to the quota server process on the Standby GGSN. The path echo timer on the Standby quota server is not started unless the Standby quota server becomes Active. Path sequence numbers are not synchronized. After a switchover occurs, the newly-active quota server starts from 0.
Note Category usage data is not synchronized from an Active to the Standby GGSN. This prevents over-reporting of usage if a switchover occurs.
GTP-SR for Service-Aware PDP Sessions Guidelines
In addition to the prerequisites listed in Chapter 4, "Configuring GGSN GTP Session Redundancy," to achieve session redundancy for service-aware PDP sessions, ensure that the following configurations exist on the redundantly configured service-aware GGSNs:
•GTP-SR is enabled on the GGSN using the gprs redundancy global configuration command. Also, the GGSN, functioning as a Diameter node, is enabled it to track session states by using the diameter redundancy global configuration command. See the "Configuring the Diameter Base" section for information on configuring Diameter redundancy.
•The quota server process is configured the same on both the Active and Standby GGSNs. Specifically, on each Active/Standby pair, the quota server address is the same. To ensure that the CSG only talks to the active quota server process, it should be configured to always route messages for the quota server through the virtual HSRP address for the Gi interface. In reverse, the virtual CSG address is used by the GGSN to deliver messages to the Active CSG of a redundant pair. See "Configuring a CSG Server Group" section for more information about configuring a virtual CSG address.
•A DCCA client source address must be configured on both the Active and Standby GGSN. This is the local address used in the TCP connection to the DCCA server. We recommend that a logical interface be used, that is routable via a virtual HRSP address between the Active and Standby GGSN.
For information on configuring Cisco IOS HRSP, see Configuring the Hot Standby Router Protocol section of the Cisco IOS IP Configuration Guide, Release 12.3. For detailed information on GTP-SR, see Chapter 4, "Configuring GGSN GTP Session Redundancy." For information about fault-tolerance on the Cisco CSG, see Cisco Content Services Gateway Installation and Configuration Guide.
Configuration Example
Current configuration :3537 bytes
! Last configuration change at 15:26:45 UTC Fri Jan 7 2005
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!Configures the CSG RADIUS server group
aaa group server radius CSG-group
server 10.10.65.100 auth-port 1812 acct-port 1813
!Configures the Diameter server group
aaa group server diameter DCCA
!Assigns AAA services to the CSG RADIUS and Diameter server groups
aaa authentication ppp CSG-list group CSG-group
aaa authorization prepaid DCCA group DCCA
aaa authorization network CSG-list group CSG
aaa accounting network CSG-list start-stop group CSG-group
gprs access-point-list gprs
!Enables service-aware billing on the GGSN
gprs access-point-list gprs
access-point-name cisco.com
access-mode non-transparent
aaa-group authentication CSG-list
aaa-group accounting CSG-list
gtp response-message wait-accounting
charging profile any 1 override
advertise downlink next-hop 10.10.150.2
access-point-name yahoo.com
access-mode non-transparent
aaa-group authentication CSG
gtp response-message wait-accounting
charging profile any 1 override
!Configures a DCCA client profile
destination-realm cisco.com
content postpaid volume 64000
content postpaid time 1200
!Congigures the quota server
virtual-address 10.10.65.10
radius-server host 10.10.65.100 auth-port 1812 acct-port 1813
radius-server host 10.20.154.201 auth-port 1812 acct-port 1813
radius-server vsa send accounting
radius-server vsa send accounting 3gpp2
!configures Diameter global parameters
diameter origin realm corporationA.com
diameter origin host sup-mwam42.corporationA.com
diameter vendor supported cisco
!configures Diameter peer
address ipv4 172.18.43.59
destination realm corporationA.com
Feedback
