Introduction
This document describes the maximum prefix length of framed routes received from the RADIUS server that are accepted by GGSN or PGW.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- StarOS
- Packet Data Network Gateway (PGW)/Gateway GPRS Support Node (GGSN)
Components Used
The information in this document is based on the PGW (StarOS), VPC-DI (Virtualized Packet Core—Distributed Instance) software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Overview
The Framed-Route attribute provides routing information to be configured for the user on the network access server (NAS). The Framed-Route information is sent by the RADIUS server in the Access-Accept message. Framed-Route can work at a context level or Virtual Routing and Forwarding(VRF) level. VRF can be on per context and each can have its own set of framed-routes. In such configuration, framed routes can be installed in VRF dedicated for respective context. Association of Framed-Route with VRF can be done based on subscriber IP pool.
Mobile Router enables a router to create a PDN Session which the GGSN authorizes using RADIUS server. The RADIUS server authenticates this router and includes a Framed-Route attribute in the access-accept response packet. Framed-Route attribute also specifies the subnet routing information to be installed in the GGSN for the mobile router. If the GGSN receives a packet with a destination address matching the Framed-Route, the packet is forwarded to the mobile router through the associated PDN session.
Routing Behind the Mobile Station on an APN
These rules apply:
- AAA interface of GGSN/P-GW supports receiving Framed Route AVP in Radius Access-Accept Message from the Radius Server.
- AAA interface of GGSN/P-GW supports maximum 16 Framed Route AVP in Radius Access-Accept Message.
- GGSN/P-GW does not accept framed route with destination address as 0.0.0.0 and/or netmask as 0.0.0.0.
- GGSN/P-GW does not accept framed route where gateway address in the route is not matching with the address that would be assigned to Mobile station.
- GGSN/P-GW ignores duplicate framed routes.
- GGSN/P-GW supports controlling enabling/disabling of this feature through CLI in APN Configuration.
- GGSN/P-GW supports controlling number of framed-routes to be installed through this feature.
- GGSN/P-GW supports controlling number of hosts (addresses) supported behind the mobile station per route.
- The routing behind an MS is supported only for IPv4 PDP contexts.
- Packets routed behind the MS share the same 3GPP QoS settings of the MS.
Largest Prefix of Framed Routes Received from RADIUS AVP Accepted by GGSN/PGW
To determine the largest prefix that the GGSN can accept, the scenario was simulated using these IP prefixes in the Framed-Route AVP sent by the RADIUS server:
INBOUND>>>>> From aaamgr:4 aaamgr_radius.c:2184 (Callid 00e52fe4) 02:07:02:253 Eventid:23900(6)
RADIUS AUTHENTICATION Rx PDU, from 192.168.2.2:1812 to 192.168.2.1:10048 (105) PDU-dict=starent-vsa1
Code: 2 (Access-Accept)
Id: 2
Length: 105
Authenticator: 14 CA 5C 76 02 3F 32 16 40 C2 0B C7 DD 79 43 E5
Attribute Type: 6 (Service-Type)
Length: 6
Value: 00 00 00 02 ....
(Framed)
Attribute Type: 7 (Framed-Protocol)
Length: 6
Value: 00 00 00 01 ....
(PPP)
Attribute Type: 22 (Framed-Route)
Length: 11
Value: 30 2E 30 2E 30 2E 30 2F 0.0.X.X/
32 2
Attribute Type: 22 (Framed-Route)
Length: 12
Value: 31 36 2E 30 2E 30 2E 30 2F 16.X.X.0
34 /4
Attribute Type: 22 (Framed-Route)
Length: 12
Value: 31 30 2E 30 2E 30 2E 30 10.X.X.0
2F 38 /8
Attribute Type: 22 (Framed-Route)
Length: 16
Value: 31 39 30 2E 31 37 30 2E 19X.X.
30 2E 30 2F 31 36 X.0/16
Attribute Type: 22 (Framed-Route)
Length: 17
Value: 31 39 32 2E 31 36 38 2E 19X.XXX.
31 2E 34 38 2F 32 38 1.X/28
Attribute Type: 22 (Framed-Route)
Length: 17
Value: 31 30 2E 39 36 2E 32 35 10.XX.X
31 2E 34 30 2F 33 32 X.40/32
These are the framed-routes that were sent from Radius server in the Access-Accept msg:
Framed-Route =0.0.X.X/2
Framed-Route = 16.X.X.0/4
Framed-Route = 10.X.X.0./8
Framed-Route = 19X.X.X.0./16
Framed-Route = 19X.XXX.1.X/28
Framed-Route = 10.XX.XX.40/32
Below are the ones that got accepted.
[SGi]sim-lte# show ip route
Tuesday September 03 02:13:14 EDT 2024
"*" indicates the Best or Used route. S indicates Stale.
Destination Nexthop Protocol Prec Cost Interface
*0.0.X.X/0 192.168.XX.XX static 1 0 SGi
*10.X.X.0/8 0.0.0.0 connected 0 0 // Framed-Route
*10.X.X.X/16 0.0.0.0 connected 0 0 pool v4Pool-1
*10.XX.XX.40/32 0.0.0.0 connected 0 0 // Framed-Route
*XX.3.0.0/22 0.0.0.0 connected 0 0 pool nat44pool1
*XX.3.0.0/22 0.0.0.0 connected 0 0 pool nat44pool2
*19X.X.X.0/16 0.0.0.0 connected 0 0 // Framed-Route
*19X.XXX.1.X/28 0.0.0.0 connected 0 0 // Framed-Route
*19X.XXX.2.0/24 0.0.0.0 connected 0 0
*19X.XXX.2.1/32 0.0.0.0 connected 0 0
*19X.XXX.2.5/32 0.0.0.0 connected 0 0
*19X.XXX.X.0/24 0.0.0.0 connected 0 0
*19X.XXX.X.1/32. 0.0.0.0 connected 0 0
Total route count : 13
Unique route count: 13
Connected: 12 (Framed Route: 4) Static: 1
Conclusion
The PGW installs Framed-Route prefixes received from the RADIUS server only if they are /8 or more specific — such as /8, /16, /28, or /32. These prefixes represent subnets with a sufficient level of specificity to be considered valid routing entries. However, broader or less specific prefixes like /0 (default route), /2, or /4 are not accepted or installed by the PGW.
Feedback