Simple IP Configuration Examples


Simple IP Configuration Examples
 
 
This chapter provides information for several configuration examples that can be implemented on the system to support Simple IP data services.
Important: This chapter does not discuss the configuration of the local context. Information about the local management context can be found in the Command Line Interface Reference guide.
 
Example 1: Simple IP Support Using a Single Source and Destination Context
The most simple configuration that can be implemented on the system to support Simple IP data applications requires that two contexts (one source and one destination) be configured on the system as shown below.
Simple IP Support Using a Single Source and Destination Context
The source context will facilitate the packet data serving node (PDSN) service(s) and the R-P and AAA interfaces. The source context will also be configured to provide AAA functionality for subscriber sessions. The destination context will facilitate the packet data network interface(s).
In this configuration, the wireless carrier provides the function of an Internet Service Provider (ISP) to their subscribers. The PDSN service in the source context terminates subscriber point-to-point protocol (PPP) sessions and routes their data traffic through the destination context to and from a packet data network such as the Internet.
 
Information Required
Prior to configuring the system as shown in this example, there is a minimum amount of information required. The following sections describe the information required to configure the source and destination contexts.
 
Source Context Configuration
The following table lists the information that is required to configure the source context.
Required Information for Source Context Configuration
NOTE: For this configuration, the IP context name should be identical to the name of the destination context.
 
Destination Context Configuration
The following table lists the information that is required to configure the destination context.
Required Information for Destination Context Configuration
NOTE: For this configuration, the destination context name should not match the domain name of a specific domain.
 
How This Configuration Works
The following figure and the text that follows describe how this configuration with a single source and destination context would be used by the system to process a Simple IP data call.
 
Call Processing Using a Single Source and Destination Context
 
1.
2.
For this example, the result of this process is that PDSN service determined that AAA functionality should be provided by the Source context.
3.
The system communicates with the AAA server specified in the Source context’s AAA configuration to authenticate the subscriber.
4.
The system determines that the egress context is the destination context based on the configuration of either the Default subscriber’s ip-context name or from the SN-VPN-NAME or SN1-VPN-NAME attributes that is configured in the subscriber’s RADIUS profile.
5.
6.
 
Example 2: Simple IP Using a Single Source Context and Multiple Outsourced Destination Contexts
The system allows the wireless carrier to easily generate additional revenue by providing the ability to configure separate contexts that can then be leased or outsourced to various enterprises or ISPs, each having a specific domain.
In order to support multiple outsourced domains, the system must first be configured with at least one source context and multiple destination contexts as shown in the following figure . The AAA servers could be owned/maintained by either the carrier or the domain. If they are owned by the domain, the carrier will have to receive the AAA information via proxy.
 
Simple IP Support Using a Single Source Context and Multiple Outsourced Destination Contexts
The source context will facilitate the PDSN service(s), and the R-P interface(s). The source context will also be configured with AAA interface(s) to provide AAA functionality for subscriber sessions. The destination contexts will each be configured to facilitate PDN interfaces. In addition, because each of the destination contexts can be outsourced to different domains, they will also be configured with AAA interface(s) to provide AAA functionality for that domain.
In addition to the source and destination contexts, there are additional system-level AAA parameters that must be configured.
 
Information Required
Prior to configuring the system as shown in this example, there is a minimum amount of information required. The following sections describe the information required to configure the source and destination contexts.
 
Source Context Configuration
The following table lists the information that is required to configure the source context.
Required Information for Source Context Configuration
NOTE: For this configuration, the IP context name should be identical to the name of the destination context.
 
Destination Context Configuration
The following table lists the information that is required to configure the destination context.
Required Information for Destination Context Configuration
NOTE: For this configuration, the destination context name should not match the domain name of a specific domain.
 
System-Level AAA Configuration
The following table lists the information required to configure the system-level AAA parameters.
Required Information for System-Level AAA Configuration
NOTE: The default domain name can be the same as the source context.
NOTE: The last-resort context name can be the same as the source context.
NOTE: The username string is searched from right to left for the separator character. Therefore, if there is one or more separator characters in the string, only the first one that is recognized is considered the actual separator. For example, if the default username format was used, then for the username string user1@enterprise@isp1, the system resolves to the username user1@enterprise with domain isp1.
 
How This Configuration Works
The following figure and the text that follows describe how this configuration with a single source and destination context would be used by the system to process a Simple IP data call.
 
Call Processing Using a Single Source and Destination Context
 
1.
The system-level AAA settings were configured as follows:Default subscriber domain name = DomainxSubscriber username format = username @No subscriber last-resort context name was configured.The IP context names for the Default subscriber were configured as follows:Within the Source context, the IP context name was configured as Domainx.Within the Domainx context, the IP context name was configured as Domainx.Sessions are received by the PDSN service from the PCF over the R-P interface for subscriber1@Domain1, subscriber2, and subscriber3@Domain37. The PDSN service attempts to determine the domain names for each session.For subscriber1, the PDSN service determines that a domain name is present and is Domain1.For subscriber2, the PDSN service determines that no domain name is present.For subscriber3, the PDSN service determines that a domain name is present and is Domain37.The PDSN service determines which context to use to provide AAA functionality for the session. This process is described in the How the System Selects Contexts section located in the Understanding the System Operation and Configuration chapter of the System Administration Guide.For subscriber1, the PDSN service determines that a context is configured with a name that matches the domain name specified in the username string (Domain1). Therefore, Domain1 is used.For subscriber2, the PDSN service determines that Domainx was configured as the subscriber default domain name. Therefore, Domainx was used.For subscriber3, the PDSN service determines that no context was configured that matched the domain name specified in the username string (Domain37). Because no subscriber last-resort context name is configured, the source context is used.The system then communicates with the AAA servers specified in each of the selected context’s AAA configuration to authenticate the subscriber. Upon successful authentication of all three subscribers, the PDSN service determines which destination context to use for each of the subscriber sessions. This process is described in the How the System Selects Contexts section located in the Understanding the System Operation and Configuration chapter of the System Administration Guide.For subscriber1, the PDSN service receives the SN-VPN-NAME or SN1-VPN-NAME attribute equal to Domain1 as part of the authentication accept message from the AAA server on Domain1’s network. Therefore, Domain1 is used as the destination context.For subscriber2, the PDSN service determined that the SN-VPN-NAME or SN1-VPN-NAME attribute was not returned with the Authentication Accept response, and determines the subscriber IP context name configured for the Default subscriber within the Domainx context. Because this parameter is configured to Domainx, the Domainx context will be used as the destination context.For subscriber3, the PDSN service determines that the SN-VPN-NAME or SN1-VPN-NAME attribute was not returned with the Authentication Accept response, and determined the Default subscriber IP context name configured within the Source context. Because this parameter is configured to Domainx, the Domainx context is used as the destination context.Data traffic for the subscriber session is routed through the PDN interface in each subscriber’s destination context.Accounting messages for the session are sent to the AAA servers over the AAA interfaces
A subscriber session from the PCF is received by the PDSN service over the R-P interface.
2.
For this example, the result of this process is that PDSN service determined that AAA functionality should be provided by the Source context.
3.
The system communicates with the AAA server specified in the Source context’s AAA configuration to authenticate the subscriber.
4.
The system determines that the egress context is the destination context based on the configuration of either the Default subscriber’s ip-context name or from the SN-VPN-NAME or SN1-VPN-NAME attributes that is configured in the subscriber’s RADIUS profile.
5.
6.
1.
2.
3.
4.
5.
6.
7.
8.
9.
 
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883