Cisco Service Control GRE and GTP Insertion Solution Guide, Release 5.2.x
Accounting and Bandwidth Management
GRE Tunnel Concatenation (GRE over Other Tunnels)
GTP Configuration and Monitoring
Example of GTP-U Packets with Sequence Number Option
Example of GTP-U Packets Without Sequence Number Option
Overview of the Service Control GRE and GTP Insertion Solution
GRE and GTP Insertion Solution Limitations
Obtaining Documentation and Submitting a Service Request
This section provides an overview of the Generic Routing Encapsulation (GRE) and GPRS Tunneling Protocol (GTP) insertion solution. The GRE and GTP insertion solution enables the Cisco SCE to monitor and control the GRE and GTP. This section includes:
Tunneling protocols are used in many networks for various purposes, including VPNs, traffic engineering (TE), security, and so on. Some encapsulations are IP based such as GRE, and some are placed in lower levels, for example in Layer 2.5.
Cisco SCE natively analyzes IP-based traffic. IP addresses are the basis for flow classification (the 5-tuple contains IP addresses) and subscriber identification (most commonly used subscriber ID is the subscriber IP address).
In tunneled networks, the IP packet is further encapsulated by some encapsulation protocol. To analyze the IP packet, Cisco SCE needs to perform specific parsing of the encapsulating protocol.
Furthermore, in some networks, the IP addresses used inside the tunneled traffic are private IP addresses. For example, addresses that are not unique among the flows seen on a single Cisco SCE. In these cases, the identification of the source and destination of the packet must be based on both the IP address and the tunnel information found in the packet.
In networks with private IP addresses, or without them, it is desirable to treat a whole segment of the network as a single subscriber. Such a segment may be a whole VPN, a specific VLAN, a specific tunnel, and so on. In these cases, Cisco SCE defines the subscriber by a general identifier that applies to all the IP addresses generating traffic over that network segment. This method allows the Cisco SCE to disregard the specific client, and refer only to the group it is associated with, when defining the subscribers.
In a General Packet Radio Service (GPRS) backbone network, GTP is a high-level tunneling protocol used to carry signaling and data.
A GPRS backbone network (or core network) contains several nodes of GPRS Support Node (GSN), which communicate with each other using IP as shown in Figure 1. GSNs are either Serving GPRS Support Nodes (SGSNs) or Gateway GPRS Support Nodes (GGSNs). The SGSN is used to communicate with Mobile Terminal (MT) equipment or relay data inside the backbone network to outside connections and the GGSNs in turn controls these SGSNs. This relaying is implemented in the backbone network by using GTP on top of UDP/IP (GTPv1).
Figure 1 Cisco eGGGSN PCC Reference Model With DPI Intercept Application Manager
A GTP tunnel is a virtual connection between two GSNs (usually between SGSN/RNC and GGSN). One GTP Tunnel can contain several multiplexed user data connections (several MTs can share same GTP tunnel without any knowledge of each other). The GTP tunnel uses a packet data path in the GPRS backbone network, which is the UDP/IP path.
The evolvement of the wireless technology makes the wireless segment more similar to the wire line market and as a result the demand for deep packet inspection (DPI) applications in this segment is increased.
The GTP support allows Cisco SCE to monitor local and roaming traffic in the Gn/Gp pipes. Differentiated Services Code Point (DCSP) marking of active application can be implemented in the GTP environment as well.
This section summarizes the Cisco SCE 10000 support for GRE tunneling. It gives you these GRE tunneling information:
This section contains these subsections:
For GRE support to work, the GRE skip mode must be enabled. The default setting of the GRE skip mode is disabled. Use an administrator-level CLI command to configure the GRE skip mode. For additional information, see the “GRE and GTP CLI Commands” section.
Active actions (drop, block, redirect, and so on) have the same level of support for GRE tunneling (including GRE over other tunnels) as in case of plain IP.
The protocol field in the GRE header indicates the protocol of the inner payload; the only supported protocol type is IP version 4 (IPv4) with the value of 0x800. However, the system may be configured by using the CLI to support the value of 0xFFFF also as the protocol value for protocol type IPv4. For additional information, see the “GRE and GTP CLI Commands” section.
The SCOS supports internal and external fragmentation of the GRE tunneling protocol. When the GRE skip mode is disabled, the Cisco SCE hardware treats the GRE tunneling protocol as plain IP. When GRE skip is enabled, the fragments are handled as described in these sections:
The first external fragment is delivered to the SCOS and then, if necessary, to the application. The additional fragments are bypassed.
Minimal reordering of external fragments might be experienced because the first fragment is sent to the software application while the following fragments are bypassed.
The reordering can be prevented by using an appropriate Quick Forwarding Traffic rule. Using a Quick Forwarding rule might result in loss of certain active actions support, such as HTTP redirect.
Accounting and bandwidth management are handled as usual in the context of fragmented GRE traffic.
A mix of GRE traffic and traffic over other tunnels is fully supported.
This means that any type of tunnel supported by the Cisco SCE is still supported in GRE skip mode. For example, GRE alongside MPLS/VPN, and so on.
GRE tunneling can be configured over other tunneling protocols.
In the GRE skip mode, DSCP marking can be configured on either the external IP header or the internal IP header. Both headers cannot be marked concurrently. The default is to mark the external header. Marking the internal IP header is configured through the CLI. For additional information, see the “GRE and GTP CLI Commands” section.
In external fragmentation, only the first fragment is marked.
This section describes the additional details of the GTP feature. It contains this subsection:
GTP Configuration and Monitoring
The behavior of the Cisco SCE in association with GTP is as follows:
– Internal fragments—The internal packet is fragmented.
– External fragments—The original packet was encapsulated with the tunnel header and then it was fragmented. In this case, the mid or last fragments are bypassed.
GTP, like IPinIP, GRE, L2TP, and MPLS, is yet another tunnel header that the Cisco SCE supports. In general, the Cisco SCE has two modes of support for tunnels, namely skip and VPN aware. In these modes, the Cisco SCE uses the tunnel information for the classification. For GTP tunneling, the Cisco SCE supports only the skip mode.
GTP skip is configured by using a CLI command. When GPT skip mode is configured, the hardware applies quick forwarding on all GTP traffic to avoid GTP-U packet reordering. Additionally, the FPGA configuration of the GTP-U UDP port (default is 2152) is done by using a CLI command. For additional information on the CLI command, see the “GRE and GTP CLI Commands” section.
The GTP-U UDP port is searched on UDP destination port.
To check if there is Layer 3 data over GTP-U, the GTP header message type is compared to 0xFF to verify if the GTP-U data has a message type of 0xFF. GTP-U data with a message type other than 0xFF is bypassed through quick forwarding by using the skip mode. The default setting for the Cisco SCE GTP skip mode configuration is disabled.
Table 1 lists the hardware platform limitations for the GTP and GRE insertion solution.
Table 2 lists the GRE and GTP CLI commands.
This section contains examples of protocol packets and contains these subsections:
This is an example of GTP-U Packets with sequence number option:
This is an example of GTP-U packets without sequence number option:
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html.
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation as an RSS feed and delivers content directly to your desktop using a reader application. The RSS feeds are a free service.