The proprietary
concept of an operator policy, originally architected for the exclusive
use of an SGSN, is non-standard and currently unique to the ASR
5x00. This optional feature empowers the carrier with flexible control
to manage functions that are not typically used in all applications
and to determine the granularity of the implementation of any operator
policy: to groups of incoming calls or to simply one single incoming
call.
What Operator Policy
Can Do
Operator policy
enables the operator to specify a policy with rules governing the
services, facilities and privileges available to subscribers.
A Look at Operator
Policy on an SGSN
The following is only
a sampling of what working operator policies can control on an SGSN:
- APN information included
in call activation messages are sometimes damaged, misspelled, missing.
In such cases, the calls are rejected. The operator can ensure calls
aren't rejected and configure a range of methods for handling APNs,
including converting incoming APNs to preferred APNs and this control
can be used in a focused fashion or defined to cover ranges of subscribers.
- In another example,
it is not unusual for a blanket configuration to be implemented
for all subscriber profiles stored in the HLR. This results in a
waste of resources, such as the allocation of the default highest
QoS setting for all subscribers. An operator policy provides the
opportunity to address such issues by allowing fine-tuning of certain
aspects of profiles fetched from HLRs and, if desired, overwrite
QoS settings received from HLR.
The Operator Policy
Feature in Detail
This flexible
feature provides the operator with a range of control to manage
the services, facilities and privileges available to subscribers.
Operator policy definitions
can depend on factors such as (but not limited to):
- roaming agreements
between operators,
- subscription restrictions
for visiting or roaming subscribers,
- provisioning of defaults
to override standard behavior.
These policies can
override standard behaviors and provide mechanisms for an operator
to circumvent the limitations of other infrastructure elements such
as DNS servers and HLRs in 2G/3G networks.
By configuring the
various components of an operator policy, the operator fine-tunes
any desired restrictions or limitations needed to control call handling
and this can be done for a group of callers within a defined IMSI
range or per subscriber.
Re-Usable Components -
Besides enhancing operator control via configuration, the operator
policy feature minimizes configuration by drastically reducing the number
of configuration lines needed. Operator policy maximizes configurations
by breaking them into the following reusable components that can
be shared across IMSI ranges or subscribers:
- call control profiles
- IMEI profiles (SGSN
only)
- APN profiles
- APN remap tables
- operator policies
- IMSI ranges
Each of these components
is configured via a separate configuration mode accessed through the
Global Configuration mode.
Call Control Profile
A call control profile
can be used by the operator to fine-tune desired functions, restrictions,
requirements, and/or limitations needed for call management
on a per-subscriber basis or for groups of callers across IMSI ranges.
For example:
- setting access restriction
cause codes for rejection messages
- enabling/disabling
authentication for various functions such as attach and service requests
- enabling/disabling
ciphering, encryption, and/or integrity algorithms
- enabling/disabling
of packet temporary mobile subscriber identity (P-TMSI) signature allocation
(SGSN only)
- enabling/disabling
of zone code checking
- allocation/retention
priority override behavior (SGSN only)
- enabling/disabling
inter-RAT, 3G location area, and 4G tracking area handover restriction lists
(MME and S-GW only)
- setting maximum bearers
and PDNs per subscriber (MME and S-GW only)
Call control profiles
are configured with commands in the Call Control Profile configuration mode.
A single call control profile can be associated with multiple operator
policies
For planning purposes,
based on the system configuration, type of packet services cards, type
of network (2G, 3G, 4G, LTE), and/or application configuration
(single, combo, dual access), the following call control profile
configuration rules should be considered:
- 1 (only one) - call
control profile can be associated with an operator policy
- 1000 - maximum number
of call control profiles per system (e.g., an SGSN).
- 15 - maximum number
of equivalent PLMNs for 2G and 3G per call control profile
- 15 - maximum number
of equivalent PLMNs for 2G per ccprofile.
- 15 - maximum number
of supported equivalent PLMNs for 3G per ccprofile.
- 256 - maximum number
of static SGSN addresses supported per PLMN
- 5 - maximum number
of location area code lists supported per call control profile.
- 100 - maximum number
of LACs per location area code list supported per call control profile.
- 100 - maximum number
of LACs allowed per zone code list per call control profile.
- 2 - maximum number
of integrity algorithms for 3G per call control profile.
- 3 - maximum number
of encryption algorithms for 3G per call control profile.
APN Profile
An APN profile groups
a set of access point name (APN)-specific parameters that may be
applicable to one or more APNs. When a subscriber requests an APN
that has been identified in a selected operator policy, the parameter
values configured in the associated APN profile will be applied.
For example:
- enable/disable
a direct tunnel (DT) per APN. (SGSN)
- define charging characters
for calls associated with a specific APN.
- identify a specific
GGSN to be used for calls associated with a specific APN (SGSN).
- define various quality
of service (QoS) parameters to be applied to calls associated with
a specific APN.
- restrict or allow PDP
context activation on the basis of access type for calls associated
with a specific APN.
APN profiles are configured
with commands in the APN Profile configuration mode. A single APN
profile can be associated with multiple operator policies.
For planning purposes,
based on the system configuration, type of packet processing cards and
2G, 3G, 4G, and/or dual access, the following APN profile
configuration rules should be considered:
- 50 - maximum number
of APN profiles that can be associated with an operator policy.
- 1000 - maximum number
of APN profiles per system (e.g., an SGSN).
- 116 - maximum gateway
addresses (GGSN addresses) that can be defined in a single APN profile.
IMEI-Profile (SGSN-only)
The IMEI is a unique
international mobile equipment identity number assigned by the manufacturer
that is used by the network to identify valid devices. The IMEI
has no relationship to the subscriber.
An IMEI profile group
is a set of device-specific parameters that control SGSN behavior when
one of various types of Requests is received from a UE within a
specified IMEI range. These parameters control:
- Blacklisting devices
- Identifying a particular
GGSN to be used for connections for specified devices
- Enabling/disabling
direct tunnels to be used by devices
IMEI profiles are configured
with commands in the IMEI Profile configuration mode. A single IMEI
profile can be associated with multiple operator policies.
For planning purposes,
based on the system configuration, type of packet processing cards, type
of network (2G, 3G, 4G, LTE), and/or application configuration
(single, combo, dual access), the following IMEI profile configuration
rules should be considered:
- 10 - maximum number
of IMEI ranges that can be associated with an operator policy.
- 1000 - maximum number
of IMEI profiles per system (such as an SGSN).
APN Remap Table
APN remap tables allow
an operator to override an APN specified by a user, or the APN selected
during the normal APN selection procedure, as specified by 3GPP TS
23.060. This atypical level of control enables operators to deal
with situations such as:
- An APN is provided
in the Activation Request that does not match with any of the subscribed
APNs; either a different APN was entered or the APN could have been
misspelled. In such situations, the SGSN would reject the Activation
Request. It is possible to correct the APN, creating a valid name
so that the Activation Request is not rejected.
- In some cases, an operator
might want to force certain devices/users to use a specific
APN. For example, all iPhone4 users may need to be directed to a
specific APN. In such situations, the operator needs to be able
to override the selected APN.
An APN remap table
group is a set of APN-handling configurations that may be applicable to
one or more subscribers. When a subscriber requests an APN that
has been identified in a selected operator policy, the parameter
values configured in the associated APN remap table will be applied.
For example, an APN remap table allows configuration of the following:
- APN aliasing - maps
incoming APN to a different APN based on partial string match (MME
and SGSN) or matching charging characteristic (SGSN only).
- Wildcard APN - allows
APN to be provided by the SGSN when wildcard subscription is present
and the user has not requested an APN.
- Default APN - allows
a configured default APN to be used when the requested APN cannot be
used – for example, the APN is not part of the HLR subscription.
APN remap tables are
configured with commands in the APN Remap Table configuration mode.
A single APN remap table can be associated with multiple operator
policies, but an operator policy can only be associated with a single
APN remap table.
For planning purposes,
based on the system configuration, type of packet processing cards, type
of network (2G, 3G, 4G, LTE), and/or application configuration
(single, combo, dual access), the following APN remap table configuration
rules should be considered:
- 1 – maximum
number of APN remap tables that can be associated with an operator policy.
- 1000 – maximum
number of APN remap tables per system (such as an SGSN).
- 100 – maximum
remap entries per APN remap table.
Operator Policies
The profiles and tables
are created and defined within their own configuration modes to
generate sets of rules and instructions that can be reused and assigned
to multiple policies. An operator policy binds the various configuration
components together. It associates APNs, with APN profiles, with
an APN remap table, with a call control profile, and/or an
IMEI profile and associates all the components with filtering ranges
of IMSIs.
In this manner, an
operator policy manages the application of rules governing the services, facilities,
and privileges available to subscribers.
Operator policies are
configured and the associations are defined via the commands in
the Operator Policy configuration mode.
The IMSI ranges are
configured with the command in the SGSN-Global configuration mode.
For planning purposes,
based on the system configuration, type of packet processing cards, type
of network (2G, 3G, 4G, LTE), and/or application configuration
(single, combo, dual access), the following operator policy configuration
rules should be considered:
- 1 – maximum
number of call control profiles associated with a single operator
policy.
- 1 – maximum
number of APN remap tables associated with a single operator policy.
- 10 – maximum
number of IMEI profiles associated with a single operator policy.
- 50 – maximum
number of APN profiles associated with a single operator policy.
- 1000 – maximum
number of operator policies per system (e.g., an SGSN); this number includes
the single default operator policy.
- 1000 – maximum
number of IMSI ranges defined per system (e.g., an SGSN).
IMPORTANT:
SGSN operator policy
configurations created with software releases prior to Release 11.0
are not forward compatible. Such configurations can be converted
to enable them to work with an SGSN running Release 11.0 or higher.
Your Cisco Account Representative can accomplish this conversion
for you.
IMSI Ranges
Ranges of international
mobile subscriber identity (IMSI) numbers, the unique number identifying
a subscriber, are associated with the operator policies and used
as the initial filter to determine whether or not any operator policy
would be applied to a call. The range configurations are defined
by the MNC, MCC, a range of MSINs, and optionally the PLMN ID. The
IMSI ranges must be associated with a specific operator policy.
IMSI ranges are defined
differently for each product supporting the operator policy feature.
Operator Policy
Configuration
This section
provides a high-level series of steps and the associated configuration
examples to configure an operator policy. By configuring an operator
policy, the operator fine-tunes any desired restrictions or limitations
needed to control call handling per subscriber or for a group of
callers within a defined IMSI range.
Most of the operator
policy configuration components are common across the range of products
supporting operator policy. Differences will be noted as they are
encountered below.
IMPORTANT:
This section provides
a minimum instruction set to implement operator policy. For this feature
to be operational, you must first have completed the system-level
configuration as described in the System Administration
Guide and the service configuration described in your product’s administration
guide.
The components can
be configured in any order. This example begins with the call control profile:
-
Create and configure
a call control profile, by applying the example configuration presented
in the Call Control Profile Configuration section.
-
Create and configure
an APN profile, by applying the example configuration presented
in the APN Profile Configuration section.
IMPORTANT:
It is not necessary
to configure both an APN profile and an IMEI profile. You can associate
either type of profile with a policy. It is also possible to associate
one or more APN profiles with an IMEI profile for an operator policy.
-
Create and configure
an IMEI profile by applying the example configuration presented
in the IMEI Profile
Configuration section.
-
Create and configure
an APN remap table by applying the example configuration presented
in the APN Remap Table
Configuration section.
-
Create and configure
an operator policy by applying the example configuration presented
in the Operator Policy
Configuration section.
-
Configure an IMSI
range by selecting and applying the appropriate product-specific
example configuration presented in the IMSI Range Configuration sections below.
-
Associate the configured
operator policy components with each other and a network service
by applying the example configuration in the Operator Policy Component Associations section.
-
Save your configuration
to flash memory, an external memory device, and/or a network
location using the Exec mode command save configuration.
For additional information on how to verify and save configuration
files, refer to the System
Administration Guide .
-
Verify the configuration
for each component separately by following the instructions provided
in the Verifying the
Feature Configuration section of this chapter.
Call Control Profile
Configuration
This section
provides the configuration example to create a call control profile
and enter the configuration mode.
Use the call control
profile commands to define call handling rules that will be applied
via an operator policy. Only one call control profile can be associated
with an operator policy, so it is necessary to use (and repeat as
necessary) the range of commands in this mode to ensure call-handling
is sufficiently managed.
Configuring the
Call Control Profile for an SGSN
The example below includes
some of the more commonly configured call control profile parameters
with sample variables that you will replace with your own values.
configure
call-control-profile <profile_name>>
attach
allow access-type umts location-area-list instance <list_id>
authenticate
attach
location-area-list
instance <instance>
area-code <area_code>
sgsn-number
<E164_number>
end
Note:
- Refer to the Call Control Profile
Configuration Mode chapter in the Command Line Interface
Reference for command details and variable options.
- This profile will only
become valid when it is associated with an operator policy.
Configuring the
Call Control Profile for an MME or S-GW
The example below includes
some of the more commonly configured call control profile parameters
with sample variables that you will replace with your own values.
configure
call-control-profile <profile_name>>
associate
hss-peer-service <service_name>
s6a-interface
attach
imei-query-type imei verify-equipment-identity
authenticate
attach
dns-pgw
context <mme_context_name>
dns-sgw
context <mme_context_name>
end
Note:
- Refer to the Call Control Profile
Configuration Mode chapter in the Command Line Interface
Reference for command details and variable options.
- This profile will only
become valid when it is associated with an operator policy.
APN Profile Configuration
This section
provides the configuration example to create an APN profile and
enter the apn-profile configuration mode.
Use the apn-profile commands
to define how calls are to be handled when the requests include
an APN. More than one APN profile can be associated with an operator
policy.
The example below includes
some of the more commonly configured profile parameters with sample
variables that you will replace with your own values.
configure
apn-profile <profile_name>
gateway-address 123.123.123.1 priority <1>(SGSN only)
direct-tunnel
not-permitted-by-ggsn (SGSN only)
idle-mode-acl
ipv4 access-group station7 (S-GW only)
end
Note:
- All of the parameter
defining commands in this mode are product-specific. Refer to the APN Profile Configuration
Mode chapter in the Command
Line Interface Reference for command details and variable options.
- This profile will only
become valid when it is associated with an operator policy.
IMEI Profile Configuration
- SGSN only
This section
provides the configuration example to create an IMEI profile and
enter the imei-profile configuration mode.
Use the imei-profile commands to
define how calls are to be handled when the requests include an
IMEI in the defined IMEI range. More than one IMEI profile can be
associated with an operator policy.
The example below includes
some of the more commonly configured profile parameters with sample
variables that you will replace with your own values.
configure
imei-profile <profile_name>
ggsn-address 211.211.123.3
direct-tunnel
not-permitted-by-ggsn (SGSN only)
associate
apn-remap-table remap1
end
Note:
- It is optional to configure
an IMEI profile. An operator policy can include IMEI profiles and/or
APN profiles.
- This profile will only
become valid when it is associated with an operator policy.
APN Remap Table
Configuration
This section
provides the configuration example to create an APN remap table
and enter the apn-remap-table configuration mode.
Use the apn-remap-table commands
to define how APNs are to be handled when the requests either do
or do not include an APN.
The example below includes
some of the more commonly configured profile parameters with sample
variables that you will replace with your own values.
configure
apn-remap-table <table_name>
apn-selection-default
first-in-subscription
wildcard-apn
pdp-type ipv4 network-identifier <apn_net_id>
blank-apn
network-identifier <apn_net_id> (SGSN only)
end
Note:
- The apn-selection-default
first-in-subscription command is used for APN redirection
to provide “guaranteed connection” in instances
where the UE-requested APN does not match the default APN or is missing
completely. In this example, the first APN matching the PDP type
in the subscription is used. The first-in-selection keyword is an
MME feature only.
- Some of the commands
represented in the example above are common and some are product-specific.
Refer to the APN-Remap-Table
Configuration Mode chapter in the Command Line Interface
Reference for command details and variable options.
- This profile will only
become valid when it is associated with an operator policy.
Operator Policy
Configuration
This section
provides the configuration example to create an operator policy
and enter the operator policy configuration mode.
Use the commands in
this mode to associate profiles with the policy, to define and associate
APNs with the policy, and to define and associate IMEI ranges.
The example below includes
sample variable that you will replace with your own values.
configure
operator-policy <policy_name>
associate
call-control-profile <profile_name>
apn
network-identifier <apn-net-id_1>
apn-profile <apn_profile_name_1>
apn
network-identifier <apn-net-id_2>
apn-profile <apn_profile_name_1>
imei
range <imei_number>
to <imei_number>
imei-profile name <profile_name>
associate
apn-remap-table <table_name>
end
Note:
- Refer to the Operator-Policy Configuration
Mode chapter in the Command
Line Interface Reference for command details and variable options.
- This policy will only
become valid when it is associated with one or more IMSI ranges (SGSN)
or subscriber maps (MME and S-GW).
IMSI Range Configuration
This section
provides IMSI range configuration examples for each of the products
that support operator policy functionality.
Configuring IMSI
Ranges on the MME or S-GW
IMSI ranges
on an MME or S-GW are configured in the Subscriber Map Configuration Mode.
Use the following example to configure IMSI ranges on an MME or
S-GW:
configure
subscriber-map <name>
precedence
<number>
match-criteria imsi mcc <mcc_number>
mnc <mnc_number>
msin first <start_range> last
<end_range>
operator-policy-name <policy_name>
end
Note:
- The precedence number
specifies the order in which the subscriber map is used. 1 has the
highest precedence.
- The operator policy
name identifies the operator policy that will be used for subscribers
that match the IMSI criteria and fall into the MSIN range.
Configuring IMSI
Ranges on the SGSN
The example
below is specific to the SGSN and includes sample variables that
you will replace with your own values.
configure
sgsn-global
imsi-range
mcc 311 mnc 411 operator-policy oppolicy1
imsi-range
mcc 312 mnc 412 operator-policy oppolicy2
imsi-range
mcc 313 mnc 413 operator-policy oppolicy3
imsi-range
mcc 314 mnc 414 operator-policy oppolicy4
imsi-range
mcc 315 mnc 415 operator-policy oppolicy5
end
Note:
- Operator policies are
not valid until IMSI ranges are associated with them.
Operator Policy
Component Associations - MME
After configuring
the various components of an operator policy, each component must
be associated with the other components and, ultimately, with a
network service.
Associating Operator
Policy Components on the MME
The MME service
associates itself with a subscriber map. From the subscriber map,
which also contains the IMSI ranges, operator policies are accessed.
From the operator policy, APN remap tables and call control profiles
are accessed.
Use the following
example to configure operator policy component associations:
configure
operator-policy <name>
associate
apn-remap-table <table_name>
associate
call-control-profile <profile_name>
exit
lte-policy
subscriber-map <name>
precedence
match-criteria all operator-policy-name <policy_name>
exit
exit
context <mme_context_name>
mme-service <mme_svc_name>
associate
subscriber-map <name>
end
Notes:
- The precedence command
in the subscriber map mode has other match-criteria types.
The all type
is used in this example.
Verifying the Feature
Configuration
This section
explains how to display the configurations after saving them in
a .cfg file as described in the System Administration
Guide .
IMPORTANT:
All commands listed
here are under Exec mode. Not all commands are available on all
platforms.
-
Verify that the operator
policy has been created and that required profiles have been associated
and configured properly by entering the following command in Exec
Mode:
show operator-policy
full name oppolicy1
The output of this
command displays the entire configuration for the operator policy
configuration.
[local]asr5x00# show
operator-policy full name oppolicy1
Operator Policy Name = oppolicy1
Call Control Profile Name :
ccprofile1
Validity :
Valid
APN Remap Table Name :
remap1
Validity :
Valid
IMEI Range 711919739 to 711919777
IMEI
Profile Name :
imeiprof1
Include/Exclude :
Include
Validity :
Valid
APN NI homers1
APN
Profile Name :
apn-profile1
Validity :
Valid
Note:
If the profile name
is shown as “Valid”, the profile has actually
been created and associated with the policy. If the Profile name
is shown as “Invalid”, the profile has not been created/configured.
If there is a valid
call control profile, a valid APN profile and/or valid
IMEI profile, and a valid APN remap table, the operator policy is
valid and complete if the IMSI range has been defined and associated.