GGSN and Mobile IP Service in a Single System Configuration Example


GGSN and Mobile IP Service in a Single System Configuration Example
 
This chapter provides information for several configuration examples that can be implemented on the system to support GGSN and Mobile IP data services in a single system.
 
Important: This chapter does not discuss the configuration of the local context. Information about the local context can be found in System Administration Guide.
Important: When configuring Mobile IP take into account the MIP timing considerations discussed in Mobile-IP and Proxy-MIP Timer Considerations.
Using the System as Both a GGSN/FA and an HA
The system supports both GGSN and Mobile IP functionality. For Mobile IP applications, the system can be configured to perform the function of a Gateway GPRS Support Node/Foreign Agent (GGSNSN/FA) and/or a Home Agent (HA). This example describes what is needed for and how a single system simultaneously supports both of these functions.
In order to support GGSN, FA, and HA functionality, the system must be configured with at least one source context and at least two destination contexts as shown in the following figure.
The source context facilitates the following:
 
The destination context facilitates the following:
 
The Mobile IP destination context facilitates the following:
 
This configuration supports IP (transparent and non-transparent) and PPP PDP contexts as well as network requested PDP contexts. In addition, Mobile IP and Proxy Mobile IP are supported for IP PDP contexts.
Simple and Mobile IP Support Within a Single System
Information Required
Prior to configuring the system as shown in this example, there is a minimum amount of information required. The following sections describe the required information to configure the source and destination contexts.
Source Context Configuration
The following table lists the information that is required to configure the source context.
Required Information for Source Context Configuration
Mobile Country Code (MCC): The MCC can be configured to any integer value from 0 to 999.
Mobile Network Code (MNC): The MNC can be configured to any integer value from 0 to 999.
Behavior Bits:If charging characteristics will be configured on the GGSN, behavior bits for the following conditions can be configured:
Profile Index:If the GGSN’s charging characteristics will be used for subscriber PDP contexts, profile indexes can be modified/configured for one or more of the following conditions:
IP address:The IP address of the CGF server to which the GGSN will send accounting information.
Priority:If more than on CGF is configured, this is the server’s priority. It is used to determine the rotation order of the CGFs when sending accounting information.
Maximum number of messages:The maximum number of outstanding or unacknowledged GTPP messages allowed for the CGF.
IP address:The static IP address of the mobile station’s for which network-requested PDP context activation will be supported.
Destination context name:The name of the destination context configured on the system that contains the IP address pool containing the mobile station’s static address.
International Mobile Subscriber Identity (IMSI): The IMSI of the mobile station.
APN: The name of the access point that will be passed to the SGSN by the GGSN for the mobile station.
Destination Context Configuration
The following table lists the information that is required to configure the destination context.
Required Information for Destination Context Configuration
NOTE: For this configuration, the destination context name should not match the domain name of a specific APN.
NOTE: The examples discussed in this chapter assumes GTPP is used.
NOTE: The profile index parameters are configured as part of the GGSN service.
Dynamic: Address can be dynamically assigned from one of the sources:
Dynamic Host Control Protocol (DHCP) server: The system can be configured to act as a DHCP proxy and receive address from the server in advance and assign them as needed or it can relay DHCP messages from the MS.
Local address pools The system can be configured with local address pools.
Static: MS IP addresses can be permanently assigned.
Home Agent IP Address: The IP address of an HA with which the system will tunnel subscriber Mobile IP sessions.
Mobile IP Requirement: The APN can be configured to require Mobile IP for all sessions it facilitates. Incoming PDP contexts that do/can not use Mobile IP are dropped.
Minimum Lease Time: Measured in seconds and can be configured to any integer value from 600 to 3600. The default is 600 seconds.
Maximum Lease Time: Measured in seconds and can be configured to any integer value from 10800 to 4294967295. The default is 86400 seconds.
IP Address:Specifies the IP address of the RADIUS authentication server the system will communicate with to provide subscriber authentication functions.
Shared Secret:The shared secret is a string between 1 and 15 characters (alpha and/or numeric) that specifies the key that is exchanged between the RADIUS authentication server and the source context.
UDP Port Number:Specifies the port used by the source context and the RADIUS authentication server for communications. The UDP port number can be any integer value between 1 and 65535. The default value is 1812.
IP Address: Specifies the IP address of the RADIUS accounting server that the source context will communicate with to provide subscriber accounting functions.
Shared Secret: The shared secret is a string between 1 and 15 characters (alpha and/or numeric) that specifies the key that is exchanged between the RADIUS accounting server and the source context.
UDP Port Number:Specifies the port used by the source context and the RADIUS Accounting server for communications. The UDP port number can be any integer value between 1 and 65535. The default value is 1813.
Mobile IP Destination Context Configuration
The following table lists the information that is required to configure the destination context.
Required Information for Mobile IP Destination Context Configuration
NOTE: For this configuration, the destination context name should not match the domain name of a specific domain. It should, however, match the name of the context in which the HA service is configured if a separate system is used to provide HA functionality.
HA IP address: Specifies the IP address of the HAs with which the FA service communicates. The FA service allows the creation of a security profile that can be associated with a particular HA.
Index: Specifies the shared SPI between the FA service and a particular HA. The SPI can be configured to any integer value between 256 and 4294967295.Multiple SPIs can be configured if the FA service is to communicate with multiple HAs.
Secrets: Specifies the shared SPI secret between the FA service and the HA. The secret can be between 1 and 127 characters (alpha and/or numeric).An SPI secret is required for each SPI configured.
Hash-algorithm: Specifies the algorithm used to hash the SPI and SPI secret. The possible algorithms that can be configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The default is hmac-md5.A hash-algorithm is required for each SPI configured.
NOTE: The system will only support multiple Mobile IP sessions per subscriber if the subscriber’s mobile node has a static IP address.
NOTE: The initial registration and de-registration will still be handled normally)
FA IP address: The HA service allows the creation of a security profile that can be associated with a particular FA.
Index: Specifies the shared SPI between the HA service and a particular FA. The SPI can be configured to any integer value between 256 and 4294967295.
Secret: Specifies the shared SPI secret between the HA service and the FA. The secret can be between 1 and 127 characters (alpha and/or numeric).
Hash-algorithm: Specifies the algorithm used to hash the SPI and SPI secret. The possible algorithms that can be configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The default algorithm is hmac-md5.
Index: Specifies the shared SPI between the HA service and a particular FA. The SPI can be configured to any integer value between 256 and 4294967295.
Secret: Specifies the shared SPI secret between the HA service and the FA. The secret can be between 1 and 127 characters (alpha and/or numeric).
Hash-algorithm: Specifies the algorithm used to hash the SPI and SPI secret. The possible algorithms that can be configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The default algorithm is hmac-md5.
Replay-protection process: Specifies how protection against replay-attacks is implemented. The possible processes are nonce and timestamp. The default is timestamp with a tolerance of 60 seconds.
NOTE: For this configuration, the IP context name should be identical to the name of the destination context.
How This Configuration Works
This system configuration supports typical GGSN and Mobile IP functionality.
 
System operation for typical GGSN functionality behaves as described in GGSN Configuration Example chapter of this guide for each of the various call types. This section focusses on how this system configuration functions to process a Mobile IP session. The following figure and the text that follows describe how this configuration works to process calls
Call Processing When Using the System as a GGSN, FA, and HA
 
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883