Cisco Packet Data Serving Node Release 5.1 for Cisco IOS Release 12.4(22)XR1
Available Languages
Table Of Contents
Cisco Packet Data Serving Node Release 5.1 for Cisco IOS Release 12.4(22)XR1
PMTU Discovery by Mobile IP Client
Features From Previous Releases
Simple IP-based Service Access
Mobile IP-based Service Access
Session Redundancy Infrastructure
In Process Synchronization Events
AAA - Authentication and Authorization
Simple IP Client IP Accounting Support
SNMP New MIB Objects for Per PCF
Proxy MIP Changes for Latest IS-835
PMIP-based Mobility Capability Attribute
PMIP-HA-Info-IPv4-Service Attribute
Base Station Identifier (D4) Attribute
Framed IP Address (B1) Attribute
Authentication Phase Failure Counters
GRE CVSE and MN NAI Extension in Revocation Message
Single Interface for MIP, Simple IP, VPDN-based calls or A11 Registrations
Single Interface for Configuration
Single Interface for SNMP Management
Single Interface for Troubleshooting and Debugging
Chassis-Wide MIB for Application-Related Parameters
AAA Responsiveness Test Tool and Traps
Intra-Chassis Configuration Synchronization
Redundancy Support in Cisco PDSN Release 5.0
Single IP Support - Reused and New CLI Commands
Distributed Configuration, Show and Debug commands in Single IP PDSN
Improved Throughput and Transaction Handling
Cluster Controller Support in Single IP Blade
Clustering Architecture in PDSN
Functions of Cluster Controller
Metrics for Cluster Controller
Metrics Between Member and Controller
Backward Compatibility of Cluster Controller
Configuring Cluster Controller Support
Cluster Controller Member Configuration
Features of IMSI and PCF-based Redirection
Limitations of IMSI and PCF-based Redirection
Mobile IP and AAA Attributes for China Telecom
Proxy Mobile IP Indicator Attribute
Proxy Mobile IP Capability Indicator Attribute
Trap Generation for AAA Server Unresponsiveness
Flow Trigger Classification for DOS
Flow Marking Based on Classification Criteria for DOS
SDB Accounting Record sent by 1xRTT PCF
Differentiated Services Code Point Marking Support
Flow Trigger Classification for DSCP
Flow Marking Based on Classification Criteria for DSCP
Changes Related to Single IP Architecture
Functional Flow in SingleIP Architecture
Limitations for Masking Off the IMSI Prefix
Configuring Masking Off the IMSI Prefix
Conserve Unique IP-ID for FA-HA IP-in-IP Tunnel
GRE CVSE Support in FA-HA Tunnel
Support for 835B-Compliant RAA Table Index Downloaded from RADIUS
Configuring Remote Address Accounting
Default Service Option Implementation
Configurable Per-Flow Accounting Options
Configuring Per-Flow Accounting Options
Functional Flow for Configuring Per-Flow Accounting Options
Session and Flow Setup for Configurable Per-Flow Accounting Options
Limitations in Configuring Per-Flow Accounting Options
IP Flow Discriminator Support for PCF Backward Compatibility
Support for Remark DSCP to Max-class Value
Command Support for Fragmentation Size
New Statistics Counters for China Telecom
Prepaid Statistics per PCF level
EVDO Network Initial Aux A10 Connection Request
EVDO Network Accepted Initial Aux A10 Connection
Successful PPP Connection Request
Successful PPP Initial Request
PCF Terminate A10 Before LCP Stage
Initial Connection Requests for L2TP tunnel
Successful Request for L2TP Tunnel
Failed Request for L2TP Tunnel
Outbound and Inbound Bytes on RP Interface
Features From Previous Releases
Virtual Route Forwarding with Sub-interfaces
Configuring PDSN Session Redundancy
Configuring PDSN Session Redundancy Infrastructure
Protocol Layering and RP Connections
Identification of Data Packets For SDB Indication
SDB Indicator Marking for PPP Control Packets
Session Creation—A11 Registration Request
Configuring Multiple Service Connections
Configuring the Subscriber QoS Profile
Configuring Per-Flow Accounting
Configuring Call Admission Control on the PDSN
Resource Revocation for Mobile IP
Subscriber Authorization Based on Domain
Volume-based Prepaid Data Service Flow
Duration-based Prepaid Data Service Flow
Volume-based Prepaid Data Service with Tariff Switching
Support for G17 Attribute in Acct-Stop and Interim Records
Configuring Subscriber Qos Profile to PCF
Configuring Bandwidth Policing
Configuring VSAs in Subscriber QoS Profiles
Mobile IP Call Processing Per Second Improvements
Cisco Proprietary Prepaid Billing
Hardware IPSec Acceleration Using IPSec Acceleration Module—Static IPSec
Conditional Debugging Enhancements
Enhancements in Releases Earlier Than Cisco PDSN 3.0
Electronic Serial Number in Billing
Support for Mobile Equipment Indentifier
PDSN Cluster Controller / Member Architecture
PDSN Controller-Member Clustering
Upgrading the Member PDSN Software from Cisco PDSN Release 1.2 to Release 2.0 and Higher
Related Features and Technologies
Supported Standards, MIBs, and RFCs
Determining the Software Version
Upgrading to a New Software Release
Creating the CDMA Ix Interface
Creating a Virtual Template Interface and Associating it with the PDSN Application
Enabling R-P Interface Signaling
Configuring User Session Parameters
Configuring PDSN Session Redundancy Infrastructure
Configuring AAA Server in the PDSN Environment
Configuring RADIUS in the PDSN Environment
Configuring Prepaid in the PDSN Environment
Enabling VPDN in a PDSN Environment
Configuring Proxy Mobile IP Attributes Locally
Configuring Mobile IP Security Associations
Configuring PDSN Cluster Controller
Configuring PDSN Cluster Member
Configuring A11 Session Updates
Configuring SDB Indicator Marking
Configuring SDB Indicator Marking for PPP Control Packets
Configuring Mobile IP Resource Revocation on the PDSN
Configuring Short Data Burst Flagging
Configuring PDSN Accounting Events
Configuring CDMA RADIUS Attributes
Monitoring and Maintaining the PDSN
Cisco PDSN Standalone Configuration
Cisco PDSN Session Redundancy Configuration
Cisco PDSN Redundancy Configuration (Auto Synchronization Enabled)
Cisco PDSN Cluster Configuration
Cisco PDSN Member Configuration
Cisco PDSN Controller Configuration
Cisco PDSN Controller Collocated Member with Redundancy
Cisco PDSN Controller Collocated Member (Redundancy with Auto Synchronization Enabled)
Cisco PDSN Configuration for Simple IP
Cisco PDSN Configuration for Simple IP with VPDN
Cisco PDSN Configuration for Mobile IP
Combined Configuration for Cisco PDSN
Simple IPv6 Configuration Example
AAA Server Authentication and Authorization Profile
AAA Server Profiles for Various Service Types
Authentication and Authorization RADIUS Attributes
Accounting Services RADIUS Attributes
Mandatory AVPs in Connection Setup/Release Messages
Q.931 Cause Codes Used in Call Disconnect Notify Message
Cisco Packet Data Serving Node Release 5.1 for Cisco IOS Release 12.4(22)XR1
Feature History
This table describes feature support for Cisco Packet Serving Node (PDSN) releases.
12.4(22)XR1
Release 5.1 of Cisco PDSN. The following new features are introduced:
•
Simple IP Client IP Accounting Support
•
•
12.4(22)XR
Release 5.0 of Cisco PDSN. The following new features are introduced:
•
•
•
•
•
•
•
•
•
•
•
•
12.4(15)XR2
Release 4.1 of Cisco PDSN. The following new features are introduced:
•
•
12.4(15)XR
Release 4.0 of Cisco PDSN. The following new features are introduced:
•
Closed-RP support is removed from release 4.0.
PPPoGRE RP Interface support is removed from release 4.0.
12.4(15)XN
Release 3.5 of Cisco PDSN. The following new features are introduced:
12.3(14)YX8
Release 3.0 of Cisco PDSN. The following commands are updated:
•
•
Deleted sections on ODAP and PDSN Selection Peer-to-Peer clustering.
12.3(14)YX1
Release 3.0 of Cisco PDSN. The following new feature is introduced:
12.3(14)YX
Release 3.0 of Cisco PDSN. The following new features are introduced:
•
•
12.3(11)YF3
Release 2.1 of Cisco PDSN.
Added support for:
The following new command is added:
•
12.3(11)YF2
Release 2.1 of Cisco PDSN.
Added support for:
•
•
•
The following new commands are added or modified:
•
•
•
12.3(11)YF1
Release 2.1 of Cisco PDSN.
A restriction for Registration Revocation is removed.
The following new commands are added or modified:
•
•
•
•
•
•
•
•
12.3(11)YF
Release 2.1 of Cisco PDSN. Four new features are added, including the Closed-RP Interface.
12.3(8)XW
Release 2.0 of Cisco PDSN. Five new features are added, including the Always On.
12.3(4)T
Cisco PDSN (a Cisco IOS software) feature is integrated into Cisco IOS Release 12.3(4)T.
12.2(8)ZB8
One new CLI command is added.
12.2(8)ZB7
Six CLI commands are added or modified.
12.2(8)ZB6
Two CLI commands are added or modified.
12.2(8)ZB5
Four new CLI commands are added.
12.2(8)ZB1
Cisco PDSN feature is introduced on the Cisco 7600 Series Router.
12.2(8)ZB
Cisco PDSN feature is introduced on the Cisco Catalyst 6500 Switch.
12.2(8)BY
Cisco PDSN feature is introduced on the Cisco 7200 Series Router.
This document describes the Cisco Packet Data Serving Node (PDSN) software for use on the Cisco Service and Application Module for IP (SAMI) card that resides on the Cisco 7600 Series Router. It includes information on the features and functions of the product, supported platforms, related documents, and configuration tasks.
This document includes the following sections:
•
•
•
•
•
•
•
•
Feature Overview
A PDSN provides access to the Internet, intranets, and Wireless Application Protocol (WAP) servers for mobile stations using a Code Division Multiple Access 2000 (CDMA 2000) Radio Access Network (RAN). The PDSN is a Cisco IOS software feature that runs on SAMI cards on the Cisco 7600 Series Router, where PDSN acts as an access gateway for Simple IP (SIP) and Mobile IP (MIP) stations. The PDSN provides foreign agent (FA) support and packet transport for virtual private networking (VPN). It also acts as an Authentication, Authorization, and Accounting (AAA) client.
The PDSN supports all relevant 3rd Generation Partnership Project 2 (3GPP2) standards, including those that define the overall structure of a CDMA 2000 network, and the interfaces between radio components and the PDSN.
System Overview
CDMA is one of the standards for Mobile Station communication. A typical CDMA 2000 network includes terminal equipment, mobile termination, base transceiver stations (BTSs), base station controllers (BSCs or Packet Control Functions (PCFs)), PDSNs, and other CDMA network and data network entities. The PDSN is the interface between a BSC or PCF and a network router.
Figure 1 illustrates the relationship of the components of a typical CDMA 2000 network, including a PDSN. In this illustration, a roaming mobile station user receives data services from a visited access provider network, rather than from the mobile station user's subscribed access provider network.
Figure 1 The CDMA Network
As the illustration shows, the mobile station, which must support either SIP or MIP, connects to a radio tower and BTS. The BTS connects to a BSC, which contains a component called the Packet Control Function (PCF). The PCF communicates with the PDSN through an A10/A11 interface. The A10 interface is for user data and the A11 interface is for control messages. This interface is also known as the RAN-to-PDSN (R-P) interface.
Figure 2 illustrates the communication between the RAN and the PDSN.
Figure 2 RAN-to-PDSN Connection: the R-P Interface
The IP networking between the PDSN and external data networks is through the PDSN-to-intranet or Internet (Pi) interface. For the Cisco PDSN Release 2.0 and higher, you can use either an FE or GE interface as the Pi interface.
For "back office" connectivity, such as connections to a AAA server, or to a RADIUS server, the interface is media independent. Any of the interfaces supported on the Cisco 7206 can be used to connect to these types of services; however, Cisco recommends that you use either an FE or GE interface.
How PDSN Works
When a mobile station makes a data service call, it establishes a Point-to-Point Protocol (PPP) link with the PDSN. The PDSN authenticates the mobile station by communicating with the AAA server. The AAA server verifies that the user is a valid subscriber, determines available services, and tracks usage for billing.
The method used to assign an IP address and the nature of the connection depends on service type and network configuration. SIP operation and MIP operation are referred to as service types. The service type available to a user is determined by the mobile station, and by the type of service that the service provider offers. In the context of PDSN, a mobile station is the end user in both SIP and MIP operation.
Once the mobile station is authenticated, it requests an IP address. SIP stations communicate the request using the Internet Protocol Control Protocol (IPCP). MIP stations communicate the request using MIP registrations.
The following sections describe the IP addressing and communication levels for each respective topic:
•
PDSN Simple IP
With SIP, a service provider's Cisco PDSN assigns a dynamic or static IP address to the mobile station during the PPP link setup. The mobile station retains this IP address as long as it is served by a radio network that has connectivity to the address-assigning PDSN.
Therefore, as long as the mobile station remains within an area of RANs that is served by the same PDSN, the MS can move or roam inside the coverage area and maintain the same PPP links. If the mobile station moves outside the coverage area of the given PDSN, the mobile station is assigned a new IP address, and any application-level connections are terminated.
Note
Figure 3 illustrates the placement of the PDSN in a Simple IP scenario.
Figure 3 CDMA Network - Simple IP Scenario
PDSN Simple IP with VPDN Scenario
A Virtual Private Data Network (VPDN) allows a private network dial-in service to span to a remote access server called Network Access Server (NAS).
Figure 4 illustrates a VPDN connection in the PDSN environment with SIP. In this scenario, the PDSN acts as the NAS.
Figure 4 CDMA Network —Simple IP with VPDN Scenario
A VPDN connection is established in the following order:
1.
2.
3.
The PPP client is forwarded through a Layer 2 Tunneling Protocol (L2TP) tunnel over User Datagram Protocol (UDP).
4.
PDSN Mobile IP
With MIP, the mobile station can roam beyond the coverage area of a given PDSN and still maintain the same IP address and application-level connections.
Figure 5 shows the placement of the PDSN in a MIP scenario.
Figure 5 CDMA Network — Mobile IP Scenario
The communication process occurs in the following order:
1.
2.
As part of the registration process, the HA creates a binding table entry to associate the mobile station's home address with its Care-of address.
Note
3.
4.
5.
6.
7.
Note
Randomized IMSI Handling
The PDSN cannot recognize 1xRTT to EVDO as a handoff due to a change of IMSI. The result is that the "cdma-reason-ind" in the account stop message will not reflect the same.
By default, the PDSN keeps the first call session if the Mobile does a static home address. In this release, the PDSN supports deleting the first call session for dynamic home address cases (for example, 1x-RTT to EVDO handoff where the IMSI changes during the handoff).
•
–
–
•
–
A new CLI command is introduced in this release that allows you to delete the old session. When you issue the ip mobile cdma imsi dynamic command, the PDSN releases the old session and allows the new session to come up.
The limitation with this CLI command is that the error message "PLATFORM-3-SAMI_IPC_IXP_FAIL: Msgcode 26: Bad Param Error received from IXP" may displayed during high stress scenarios.
PMTU Discovery by Mobile IP Client
FTP upload and ping from the end node may fail when PMTU Discovery (done by setting the DF bit) is done by a MobileIP client (an end node) for packet sizes of about 1480. Due to failure of PMTUD algorithm, the IP sender will never learn the smaller path MTU, but will continue unsuccessfully to retransmit the too-large packet, until the retransmissions time out.
Refer to http://www.cisco.com/warp/public/105/38.shtml#2000XP for disabling PMTUD for Windows 2000 or Windows XP platforms.
PDSN Proxy Mobile IP
Currently, there is a lack of commercially available MIP client software. Conversely, PPP, which is widely used to connect to an Internet Service Provider (ISP), is ubiquitous in IP devices. As an alternative to MIP, you can use Cisco Proxy Mobile IP (PMIP) feature. This capability of the PDSN, which is integrated with PPP, enables a MIP FA to provide mobility to authenticated PPP users.
Note
The communication process occurs in the following order:
1.
2.
3.
4.
5.
6.
PDSN on SAMI
The SAMI blade supports the feature set of Cisco PDSN Release 5.1, and a Cisco 7600 chassis supports a maximum of six application modules. Each application module has six PPCs, each with two Gigabytes of RAM, and uses one instance of a Cisco IOS software application image. Each PPC can function as a PDSN.
Additionally, instances of the cluster controller functionality will be configured as required. One active and standby controller can support three single IP PDSN members. Each PDSN image supports 1,75,000 user sessions.
Migration Scenarios
Table 1 lists currently available PDSN releases and the migration path to the SAMI platform.
Based on Table 2, there are many possible migration scenarios. In this section, we focus on those scenarios closest to current customer deployments. The actual migration path has to be determined per-customer end-to-end deployment. Additionally, migration should be engineered, and we recommend that you perform the migration in a maintenance window in your deployment.
Customers may take this opportunity to redesign their network, for example, redesigning IP addresses scheme and configuring the routing protocols, network connectivity between PDSN and HA, application connectivity between PDSN and AAA servers, routing on the new SAMI PDSN or HA, and so on.
Note
Table 2 lists the most common migration scenarios:
Migration Steps
Migration to Cisco PDSN Release 5.1 is more than replacing Multi-processor WAN Application Module (MWAM) cards with SAMI modules. Your migration must be well planned and conducted in a way that has a minimal impact on an existing mobile subscriber's service connections. Migration to Cisco PDSN Release 5.1 image means changing to the architecture of the single PDSN per blade level. The single IP feature reallocates functionality on a SAMI service blade from the 4.0 model of six independent IOS processors. Each IOS processor executes both control and traffic plane functions, to a model where one IOS processor is designated as a Control Plane (PCOP) processor and the other five designated as Traffic Plane (TCOP) processors.
Note
•
Table 3 lists the migration tasks that are based on the scenarios that were previously established in Table 2.
1. MS = Mobile Station.2. PCF = Packet Control Function.Features
This section lists the features introduced in the current release (Cisco PDSN Release 5.1) and the previous releases:
•
New Features in This Release
This section lists the new features in the Cisco PDSN Release 5.1:
•
•
•
•
Features From Previous Releases
This section lists features that were introduced before Cisco PDSN Release 5.1:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
–
–
•
–
•
•
•
•
•
•
•
Note
Note
Please note that Cisco PDSN Release 4.0 does not support Closed-RP clustering. Additionally, Closed-RP support is removed in the release.
Note
PDSN Performance Metrics
Cisco PDSN Release 4.x and later releases deliver performance improvements such as significant improvement in 1XRTT call setup rates, compared to Release 3.0 and Release 3.5.
Performance metrics on the Cisco 7600 S eries Router are as follows:
•
•
•
•
•
•
Note
•
Packet Data Service Access
The PDSN supports two types of service accesses. The type of service access for a mobile session is determined by the capabilities of the mobile station:
•
•
Simple IP-based Service Access
The PDSN facilitates a mobile user to access the internet and corporate intranet by using SIP-based service access. SIP mode of access, however, limits user mobility to the coverage area of the serving PDSN. Inter-PDSN handoff causes renegotiation of PPP between the mobile station and the new PDSN. The old IP address assigned at the previous PDSN cannot usually be assigned to the mobile user from the new PDSN, and results in reset and restart of user applications.
Some of the salient features for SIP-based service access are:
•
•
•
•
•
•
•
•
•
•
•
User Network Access Identifier (NAI) is available during the PPP CHAP/PAP authentication phase. Domain name information in the NAI determines the domain responsible for user authentication. Based on the type of packet routing model, SIP-based service access can be categorized as follows:
•
•
•
Simple IP Routed Access
After receiving username and password during PPP LCP negotiations, the PDSN forwards authentication information to the local AAA server through an access-request message. This, in turn, may be proxied to the AAA server in the user's home domain, via broker AAA servers, if necessary. On successful authentication, the user is authorized services based on its service profile. User Class/CDMA_IPTECH information, along with other authorization parameters are returned to the PDSN using an access-accept message from the home AAA server. On successful negotiation of an IP address, SIP-based services are made available to the mobile user.
SIP routed access method is applicable for users that are not configured for VPDN or PMIP services. With PPP terminated at the PDSN, uplink user traffic is routed toward the IP network from the PDSN. The address assigned to the mobile user would be from within the PDSN routable domain. Private addresses may also be used if a NAT is configured. User mobility is limited to the PDSN coverage area. Inter-PCF handoffs do not disrupt service. Inter-PDSN handoffs, however, result in PPP renegotiation at the new PDSN, another IP address being assigned at the new PDSN, and reset and restart of user applications.
Simple IP VPDN Access
After receiving username and password during PPP LCP negotiations, the PDSN forwards authentication information to the local AAA server via an access-request message. This, in turn, may be proxied to the AAA server in the user's home domain, via broker AAA servers, if necessary. On successful authentication, the user is authorized services based on user's service profile. If the user is configured for VPDN based access services, User Class information, along with other authorization parameters including tunneling options and tunneling parameters, are returned to the PDSN through an access-accept message from the home AAA server. The following type of VPDN services is supported at the PDSN:
L2TP - Layer 2 Tunneling Protocol
For L2TP type layer2 tunneling, the PDSN establishes an L2TP tunnel with the tunneling endpoints specified by the tunneling parameters. The L2TP tunnel would be established between the Link Control Protocol (LAC) at the PDSN and L2TP Network Server (LNS) at the NAS in user's home domain. The PPP connection would be between the mobile station and the LNS in the home network. Despite the PPP connection termination at the LNS, the PDSN monitors the PPP session for inactivity. Status of the PPP connection is also linked with the state of the underlying A10 connection. PPP connection is deleted when the underlying A10 connection is deleted. IPSec encryption methods can also be enabled over the L2TP tunnels for enhanced security.
On successful negotiation of an IP address between the mobile and the LNS, IP-based services are made available to the mobile.
The LNS may be configured to authenticate the mobile user based on the challenge and challenge response information from the PDSN. Additionally, the LNS may also be configured to challenge the user again after the layer2 tunnel has been established. The following authentication options are supported for L2TP:
•
The LAC (PDSN) challenges the mobile user and forwards authentication-related information to the LNS as part of tunnel-setup parameters. The LNS may be configured to authenticate the user either locally or through the home AAA server, based on the authentication-related information from the LAC (PDSN). On successful authentication, the mobile and the LNS proceed with the IPCP phase and negotiate an IP address for the user session.
•
The LAC (PDSN) challenges the mobile and forwards authentication-related information to the LNS as part of tunnel-setup parameters. The LNS may be configured to authenticate the user either locally or through the home AAA server, based on the authentication-related information from the LAC (PDSN). On successful authentication, the LNS challenges the mobile again. After successful authentication, the LNS and the mobile proceed with IPCP phase and negotiate the IP address for the user session.
Proxy Mobile IP Access
After receiving username and password during PPP LCP negotiations, the PDSN forwards authentication information to the local AAA server via an access-request message. This, in turn, may be proxied to the AAA server in the user's home domain, using broker AAA servers, if necessary. On successful authentication, the user is authorized services based on its service profile. User Class information, along with other authorization parameters, are returned to the PDSN via an access reply from the home AAA server.
If the user is configured for PMIP-based access, authorization parameters from the home AAA server include the HA address, and the security parameter (SPI) to be used for computing the MN-HA Authentication extension for the mobile station. The HA is allocated from the list of HAs configured at the home AAA server. Round robin or hashing algorithms based on user NAI can be used for allocating a HA at the AAA server. Other authorization attributes returned from the AAA server include MN-AAA authenticating extension as defined in RFC 3012. Based on this information, the PDSN performs PMIP procedures on behalf of the mobile user by sending a MIP Registration Request message to the allocated HA. On successful authentication of the mobile with the AAA server and registration at the HA, the HA assigns a home address for this mobile user This address is returned to the mobile during IPCP IP address negotiation phase.
On successful negotiation of an IP address, PMIP-based services are made available to the mobile user. To the mobile, these services are no different from SIP services with tunneling being done through the HA. This feature, however, extends the coverage area of the call beyond the coverage area of the serving PDSN. If, as a result of a handoff event, another PDSN is allocated to the call, the target PDSN performs MIP registration with the HA, thereby ensuring that the same home address is allocated to the mobile.
Mobile IP-based Service Access
The PDSN allows a mobile station with MIP client function to access the Internet and corporate intranet using MIP-based service access. With this mode of service access, user mobility is extended beyond the coverage area of currently serving PDSN. Resulting from a handoff, if another PDSN is allocated to the call, the target PDSN performs MIP registration with the HA, thereby ensuring that the same home address is allocated to the mobile.
Some of the salient features for MIP services access are:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
A MIP capable mobile client may be configured to skip PAP/CHAP based authentication during the PPP LCP phase. Once the PPP is established, the PDSN sends a burst of MIP Agent Advertisement messages that include the MIP Agent Advertisement Challenge extension specified in RFC 3012. The number and timing of the burst is configurable. The mobile user responds with a MIP Registration Request message that includes the mobile user's NAI and MN-FA Challenge extension in response to the challenge in the Agent Advertisement message. If the mobile user does not respond to the initial burst, advertisements can be solicited.
The Foreign Agent function at the PDSN can be configured to authenticate the mobile user by forwarding an access-request message to the local AAA server. The local AAA server would proxy the message to the home AAA server, through broker AAA servers, if necessary. On successful authentication, the home AAA server may assign a HA to the call and return its address in the access reply message. Other authorization parameters in the access-reply message include the SPI and IPSec shared key to be used between the FA and the HA. The PDSN or FA and HA establish a secure IPSec tunnel, if required, and the PDSN/FA forwards the Registration Request message to the HA. The Registration Request message includes the NAI and MN-FA-Challenge Extension also. It may also include MN-AAA Authentication extension.
The HA can be configured to authenticate the mobile again with the home AAA server. On successful authentication and registration, the HA responds with a Registration Reply message to the PDSN or FA that is forwarded to the mobile station. The Registration Reply message contains the home address also (static or dynamically assigned) for the user session.
Potential home addresses are available to the PDSN from the following:
•
•
•
The mobile may be configured to perform PPP PAP/CHAP authentication in addition to performing Foreign Agent Challenge based authentication specified in RFC 3012. In this case the PDSN would support one SIP flow, in addition to one or more MIP flows.
For MIP services, the HA would typically be located within an ISP network or within a corporate domain. However, many of the ISPs and/or corporate entities may not be ready to provision HAs by the time service providers begin rollout of third-generation packet data services. Access service providers could mitigate this situation by provisioning HAs within their own domain, and then forward packets to ISPs or corporate domains via VPDN services.
Binding Update Procedures
When a mobile first registers for packet data services, a PPP session and associated MIP flows are established at the PDSN. In the event of an inter-PDSN handoff, another PPP session is established at the target PDSN, and the mobile registers with the HA through the new PDSN/FA. The Visitor list binding and the PPP session at the previous PDSN are, however, not released until the PPP inactivity timer expires.
Idle/unused PPP sessions at a PDSN consume valuable resources. The PDSN and HA support MIP Resource Revocation as defined in IS83C and Cisco Proprietary Binding Update and Binding Acknowledge messages for releasing such idle PPP sessions as soon as possible. MIP Resource Revocation is described in Section 16 in greater detail
If Cisco Proprietary binding update feature is used, in the event of an inter-PDSN handoff and MIP registration, the HA updates mobility binding information for the mobile with the Care-of-Address (COA) of the new PDSN/FA. If simultaneous bindings are not enabled, the HA sends a notification in the form of a Binding Update message to the previous PDSN/FA. The previous PDSN/FA acknowledges with Binding Acknowledge, if required, and deletes visitor list entry for the MIP session. The previous PDSN/FA initiates the release of the PPP session when there are no active flows for that mobile station.
The sending of the binding update message is configurable at the HA.
Note
Simple IPv6 Access
The PDSN SIP service has been enhanced to allow both simple IPv4 and simple IPv6 access. These protocols can be used one at a time, or at the same time. The ipcp and the ipv6cp are equivalent for each protocol.
An IPv6 access uses the same PPP LCP authentication and authorization procedures, as well as the AAA server access. When an RP connection is established, the MS sends a PPP Link Control Protocol (LCP) Configuration-Request for a new PPP session to the PDSN. The PPP authentication (CHAP/PAP/none) is one of the parameters negotiated during the LCP phase. After the LCP parameters are negotiated between the MS and the PDSN, an LCP Configure-Acknowledge message is exchanged. Once LCP is up, the PPP authentication is started.
The authentication phase uses CHAP, PAP, or none, depending on the configuration and LCP negotiation. After authentication, the NCPs, ipcp or ipv6cp or both, can be started. A simultaneous IPv4 and IPv6 access from an MS shares the common LCP authentication and authorization as well as the AAA server correlation-ID parameter.
The ipv6cp protocol negotiates a valid non-zero 64-bit IPv6 interface identifier for the MS and the PDSN. The PDSN has only one interface-identifier associated with the PPP connection, so it will be unique. Once ipv6cp has been successfully negotiated, the PDSN and MS both generate unique link-local addresses for the IPv6 interface. The link-local addresses are generated by pre-pending the link-local prefix, FE80:/64, to the 64-bit interface-identifier negotiated during the ipv6cp phase (for example, FE80::205:9AFF:FEFA:D806). This gives a 128-bit link-local address.
The PDSN immediately sends an initial unsolicited Router Advertisement (RA) message on the PPP link to the MS. The link-local address of the PDSN is used as the source address and the destination address will be FF02::1, the "all nodes on the local link" IPv6 address. The PDSN includes a globally unique /64 prefix in the RA message sent to the MS. The prefix may be obtained from a local prefix pool or from the AAA server. The MS will construct a global IPv6 unicast address by prepending the prefix received in the RA to the lower 64-bit interface identifier. You should carefully configure the PDSNs so that the /64 prefix is globally unique for each MS.
After a successful ipv6cp negotiation phase and configuration of the link-local address, the MS transmits a Router Solicitation (RS) message if an RA message has not been received from the PDSN within some specified period of time. The RA is necessary for the MS to construct its 128-bit global unicast address.
In contrast to IPv4, an IPv6 MS will have multiple IPv6 addresses, including:
•
•
•
An IPv6 address is 128-bits for both source and destination addresses. The /64 designation means that 64-bits are used for the prefix (upper 64-bits). This is similar to an IPv4 netmask. A /128 address would mean that the entire address is used. See RFC 3513 for additional IPv6 addressing details and information.
Note
Configuring Simple IPv6
The following commands are used to configure simple IPv6 on the PDSN, and are listed in the Cisco IOS IPv6 Command Reference guide:
•
•
•
•
•
•
•
The following configuration commands are required for IPv6:
Global Configuration Commands
•
•
•
Virtual-template Interface Commands
•
•
•
•
•
Other commands
•
See the Cisco IOS IPv6 Command Reference at the following URL for detailed information about these configuration commands:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_book09186a00801d661a.html
Session Redundancy Infrastructure
In Cisco PDSN Release 5.0, a redundant PDSN is updated with the session details at the following two different times:
•
•
–
–
–
–
–
–
The new parameters introduced in this feature are synchronized to stand by for both scenarios.
Functional Overview
PDSN session redundancy is focused on preserving user flows on failover. Support for the continuity of billing records, internal counters, and MIB variables is secondary. The following conditions need to exist for failover to be successful on the PDSN:
•
•
•
The PDSN Session Redundancy feature provides user session failover capability to minimize the impact of a PDSN failure on the mobile user experience. The PDSN uses a 1:1 redundancy model, with a standby present for every active PDSN. The active PDSN sends state information to the standby PDSN for synchronization on an as-needed basis. When a PDSN failure occurs, the standby PDSN has the necessary state information to provide service to all existing sessions. It then takes over as the active PDSN and services user sessions, thus providing session redundancy. When the previously active PDSN comes back online, it assumes the role of standby for the now active PDSN, and receives state information for all existing sessions from the newly active PDSN.
Under normal operating conditions, the active and standby PDSN pairs are two separate PDSN images that have identical configurations. They share one or more HSRP interfaces, which are used by all external entities to communicate with them. The active PDSN synchronizes session data to the standby PDSN based on events described below.
Session Events
When a new user session needs to be established, the PCF first sets up an A10 connection to the active PDSN using the HSRP address known to the PCF. The MN then sets up a PPP connection with the active PDSN using the A10 tunnel. Once the call is in a stable state (the PPP session is successful), the active PDSN then synchronizes relevant state information to the standby PDSN. The standby then duplicates the actions of the active PDSN with regards to the A10 connection and the PPP session, and awaits further updates from the active. When any of the other events as listed below occurs, the active PDSN sends state information to the standby.
In order to minimize the loss of accounting data in the event of a failover, a periodic accounting update, with configurable frequency will run on the active PDSN. Every periodic update for a session will trigger a synchronization sent to the standby PDSN, which will update its accounting data. Only counters and attributes that undergo a change on the active PDSN are synchronized to the standby periodically. Information since the last accounting synchronization point will be lost. Also, in order to ensure that the latest information is correctly conveyed to the billing system, the standby unit will never send out any accounting records to the AAA server. The records are always sent from the active unit.
Session events that lead to a synchronization are:
•
•
•
•
•
•
•
•
•
Active PDSN Failure
In the event that the standby PDSN detects that the active PDSN has failed (using HSRP), it then takes over as the active PDSN. Since all external entities, including PCFs, AAA servers, and HAs are configured to communicate with the PDSN pair only using the HSRP addresses, once the standby PDSN takes over those addresses, they are unable to detect a failure. All stable calls also have their state synchronized to the standby; therefore the standby is able to start forwarding user traffic once it takes over as active. On the standby all timers (such as A11 lifetime, PPP timers, and MIP lifetime) are started at the time it takes over as active. Accounting data is also synchronized to the extent that the periodic accounting synchronization timer has been configured on the PDSNs.
Standby PDSN Start-up
When a PDSN comes up when there is an existing active, it takes over the standby role. When the active PDSN learns that a standby PDSN is available, it goes through a process of transferring state data for all existing user sessions to the standby, called a Bulk synchronization. After this process is complete, the standby PDSN is then ready to take over as active in the event of a failure.
Handling Active-Active Scenario
If there is a link failure or a failure in an intermediate node, HSRP packets sent will not reach the peer and the standby node would assume that the active has reloaded and transitioned to active state. This leads to a situation of Active-Active PDSN nodes. The requirement is that, in case one of the PDSNs continues to receive traffic while the other is isolated from the network, it is ensured that the node which received traffic should remain active once the link is restored.
To achieve this, an application tracking object is introduced and HSRP priority is altered based on whether PDSN is processing traffic after the HSRP peer is lost. The PDSN will lower its HSPR priority once it detects that the peer PDSN is lost. Afterward, when the PDSN processes traffic (either control or data packets), it raises its priority back to the configured value. This helps to choose the active node after the link is restored between the PDSNs. So the node which received traffic in Active-Active situation remains to be active after link restoration.
Other Considerations
A Redundancy Framework (RF) MIB is available in order to monitor the active and standby status of the two PDSNs. Other MIB variables and internal counters are not synchronized between the active and standby. They start from the values following IOS-Load or Reload on the backup image. The backup image is treated as a new box.
The PDSN redundant pair is treated as a single member by the cluster controller, and is transparent to the PDSN clustering mechanism. The cluster controller is oblivious to a failover from an active PDSN to its redundant standby.
Similarly, a PDSN redundant pair appears as a single PDSN to all external entities, such as the PCF, the HA, and the AAA server.
IPSec security associations for FA-HA connectivity are maintained across failover.
Note
Note
In Process Synchronization Events
The following subsections explain the expected behavior of the PDSN in session redundancy for various synchronization events in process.
Call Setup
The state of "sessions-in-progress" is not preserved during failover. Mechanisms such as R-P connection retry from the PCF will ensure that sessions will be established as required.
It is possible that a failover can occur when the PCF has established an R-P session for a user flow, but user flow establishment is not completed. In this case, failover will result in the R-P session not being present on the standby. The PCF will timeout the R-P session on the next R-P session lifetime refresh. If the user attempts to establish a new session during this time, a new session will be created.
Call Teardown
There are four scenarios for session termination and include:
•
•
•
•
For each of these cases, session teardown is a multi-step process. For example, a failover can occur when a Registration Update message has been sent from the PDSN and the acknowledgement has not been received. In this case, the standby PDSN will already have been told to delete the session. The active PDSN will not wait for an update acknowledgement from the PCF.
If a failover occurs after sending the Registration Update to the PCF but before the standby has been told to delete the session, or the request to delete the session is lost, the session will remain established on the standby.
Another case is that the PPP context has been deleted as a result of mobile-initiated termination, and then failover occurs prior to the R-P session being terminated.
Similarly, expiry of the PPP Idle timer on the PDSN could also result in deleting the PPP context followed by failover prior to R-P session termination.
In these cases, either the MIP Registration Lifetime or the PPP Idle Timeout will expire, and the session is terminated.
Flow Setup
Flows that are in the process of being established are not preserved. You will see this as failure to establish the flow, and you will have to re-establish the flow.
Flow Teardown
This section applies when a session has two or more flows. Currently, only a MIP call supports this case. For a single IP call, only one flow is allowed.
Although a MIP flow is preserved after switchover, it is possible that registration lifetime expiration will lead to deleting the flow. If the same user registers again before the lifetime expires, it will be considered as a reregistration because this is an existing visitor. However, the reregistration may or may not succeed, depending on the following conditions:
•
•
Dormant-Active Transition
The transition is synchronized between active and standby, and occurs in the following scenarios:
•
•
•
•
Handoff
Inter-PCF Handoff (Dormant or Active) - Same PDSN
The most significant problem with handoff is to re-establish the data path between the target PCF and the now-active PDSN for the preserved session, irrespective of whether this is an active or dormant handoff. Again, there is a window between handoff actually being completed and the state being synchronized within which a failover can occur.
These are the following scenarios:
•
•
•
Inter-PCF Handoff (Dormant or Active) - Different PDSN
This kind of handoff is indicated to the PDSN by receipt of an A11 Registration Request containing the PANID and CANID. It also includes the Mobility Event Indicator and Accounting Data (R-P Session Setup Air-link Record). From the perspective of High Availability, this looks like a new session establishment on the newly active PDSN and a 'regular' session termination on the old PDSN.
A11 Reregistrations
A11 Reregistration RRQ is received by the active unit. The registration life timer does not start on the standby, but it keeps track of the life timer value so that it can restart the life timer once it becomes active. If the lifetime in the reregistration RRQ is different from the previous RRQ, the new lifetime is synchronized to the standby. For example, if a previous RRQ carries a lifetime of 300 seconds and now a new RRQ has the value changed to 500 seconds, the new value is synchronized to the standby. Other significant parameters included in the reregistration RRQ are also synchronized to the standby.
Now, in the above example, if the failover occurs before synchronizing the new lifetime to the standby, the standby will start the lifetime for 300 seconds.
PPP Renegotiation
On PPP renegotiation, the PDSN deletes all the flows on the RP session and sends accounting STOP for each flow. After PPP is up again, the PDSN creates new flow(s) for the session. Therefore, when PPP renegotiation happens on the active, the active unit will send a PPP renegotiation notification to the standby which will then delete all the flows from the RP session on the standby. After PPP is up again and a new flow is created on the active, the active unit sends each flow's data to the standby. If the failover occurs during PPP renegotiation, the renegotiation will fail, and the session may be torn down on the newly active unit.
Other Considerations
Timers
The following timers are normally running when a session is established:
•
•
•
•
The below timer may be running, depending on configuration
•
These timers are restarted on the standby when failover occurs, and the elapsed time is not synchronized to the standby. The effect will be to extend the timers beyond their original values by a time equal to the time that has already expired. This ensures that the user will not perceive a session failure on failover.
Restrictions
The following restrictions exist for the PDSN Session Redundancy Feature:
•
Setting the revocation timestamp to "msec" (ip mobile foreign-service revocation timeout 5 retransmit 4 timestamp msec) for PMIP flows with Session Redundancy is not permitted.
The "msec" option puts the uptime in the timestamp field, and the uptime of the standby router is expected to be lower after switchover when the standby PDSN takes over as active (and when the PMIP flow was closed). Therefore, revocation on HA will be ignored because the identifier value in the revocation message is less than what is expected by HA.
•
•
•
Internals
The following sections identify information that is synchronized to the standby unit:
Asynchronous High-Level Data Link Control
The control character mapping per used Asynchronous High-Level Data Link Control (AHDLC) channel is preserved. As the default is normally used, only those that are different are synchronized. The AHDLC channel number is not synchronized; an available channel will be selected independently on the standby.
GRE - RP Interface
The GRE Key is synchronized. The flags are synchronized as the sequence flag can be set on a per user basis.
RP Signaling
The contents of the A11 messaging will be treated as described here.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
PPP
All LCP options are synchronized. For IPCP, only the IP address and IPHC parameters are synchronized. DNS server IP address negotiated during IPCP negotiation is not synchronized to the standby unit. All per user attributes downloaded from the AAA server during authentication or authorization are synchronized to the standby unit.
Compression - Header and Payload
There is no synchronization of compression context for either header or payload compression. Fail-over to a standby PDSN results in the compression context being re-established.
Header compression - First packet for a session after switchover is dropped, and peer retries the packet after acknowledge timeout.
Payload compression - There is no compression history present after switchover on the standby. A CCP reset is automatically generated when decode fails. No special treatment is needed.
IP Address Assignment
When an IP address is dynamically assigned from a pool configured on the PDSN, it is necessary that the standby associates the same address with the session. The IP address will be synchronized as part of PPP state. If the IP address is received from the AAA server or a static IP address is used that does not come from a local pool, this address will also be associated with the session on the standby. Similarly, the address pool will be synchronized.
AAA - Authentication and Authorization
Table 5 lists the relevant authentication and authorization parameters. This is required on the standby to allow accurate recreation of the AAA state.
GPP2 Packet Data Service Attributes
Table 6 lists the 3GPP2 Packet Data Service Attributes.
AAA Server Accounting
GPP2 Accounting Records Fields
Table 7 identifies the GPP2 accounting records fields.
RADIUS Server Group Support
The IP address of the AAA server chosen will not be synchronized.
Mobile IP Signaling
For MIP service, the parameters to be synchronized, per MIP flow, include the following:
•
•
•
•
•
•
•
•
Mobile IP Tunneled Traffic
This traffic is carried in either GRE tunnels or IP-in-IP tunnels. The only information that needs to be synchronized is the tunnel endpoint of the peer.
Locally Configured IPSec
For the PDSN on the Catalyst 76xx series, IPSec tunnels are terminated on the VPN Acceleration Module. The role of the PDSN is to retrieve parameters from the AAA server and, based on these parameters, 'trigger' IPSec tunnel establishment. Synchronization of these parameters is sufficient to preserve IPSec tunnels in the event of PDSN failover for intra-chassis configurations. PDSN failover is not coupled with VPN Acceleration Module/SUP failover. Inter chassis configurations and intra-chassis SUP failover does not currently support stateful IPSec.
FA-HA IPSec
FA-HA IPSec tunnels will be preserved when PDSN on 7600 failover occurs for intra-chassis configurations. They will not be preserved for inter chassis configurations.
AAA Server Accounting
Periodic Accounting Synchronization
Accounting information is optionally synchronized between the active and standby images. This synchronization occurs at the configured periodic accounting interval. The counters that are synchronized are g1 and g2, along with the packet counts. Sending an Interim Accounting record will trigger synchronization of the byte and packet counts. Setting the operator-defined periodic accounting interval determines the accuracy of the user-billing record as impacted by PDSN failover. It is possible that undercharging could occur; however, overcharging is not possible.
Accounting with VSA Approach
After a switchover takes place, the first interim or stop accounting record (as appropriate) includes a Vendor Specific Attribute (VSA) (cdma-rfswact) indicating that a switchover has occurred. The inclusion of this VSA is controllable by issuing the cdma pdsn redundancy accounting send vsa swact command.
Note
Here is a sample accounting debug with vsa:
Sep 13 18:23:10.179: RADIUS: Cisco AVpair [34] 16Sep 13 18:23:10.179: RADIUS: 63 64 6D 61 2D 72 66 73 77 61 63 74 3D 31 [cdma-rfswact=1]System Accounting
In a session redundancy setup, an accounting ON will be sent by the active unit only when the whole setup is brought up (accounting ON will not be sent by the newly active unit after a failover). The standby unit does not send any system accounting events under any scenarios. The events, however, are sent in a standalone mode.
A sys-off is sent if reload is issued on the active unit.
New Features in This Release
This section explains new features in Cisco PDSN Release 5.1:
•
•
•
•
Simple IP Client IP Accounting Support
Cisco PDSN provides support for simple IP customers to connect to the L2TP Network Server (LNS) on their home network for IP address assignment. The Cisco PDSN watches for the IPCP configuration acknowledgement returning from the LNS during PPP negotiation between the MS and the LNS. It then extracts the IP address and uses this address, instead of 0.0.0.0 for all subsequent AAA packets.
Note
A new CLI command, cdma pdsn accounting vpdn address [include renegotiation], is introduced in Cisco PDSN Release 5.1. In earlier releases of Cisco PDSN, the accounting-start (with MN IP using all zeroes) is sent out as soon as an L2TP tunnel is established. When you enable the cdma pdsn accounting vpdn address [include renegotiation] command, the accounting-start is delayed till Cisco PDSN gets a valid IP address for the mobile. If the call goes down before the IP address is negotiated, no accounting message is sent.
Note
SNMP New MIB Objects for Per PCF
The Cisco PDSN requires SNMP management support for per-PCF PPP statistics. The MIB object defines the manageable objects. Table 8 and 9 describe the new MIB objects per PCF and the VPDN MIB objects that are introduced in Cisco PDSN Release 5.1, respectively.
Table 8 lists the new MIB objects per PCF in Cisco PDSN Release 5.1.
Table 9 lists the new VPDN MIB objects in Cisco PDSN Release 5.1.
Support for Common NAI
The common NAI feature, introduced in Cisco PDSN Release 5.1, involves a global NAI and calling station identification (CLID) on all interactions with external entities, and the CLID as the local identifier (local NAI) within the entity (Foreign Agent).
With a redundancy setup, this attribute is synchronized to standby mode for each flow in both active and standby modes. This attribute is synchronized to standby mode along with other flow attributes. The following CLI command is used to enable this feature:
router(config)# ip mobile foreign-agent mn-identifier calling-station-idTo remove the configuration, use:
router(config)# no ip mobile foreign-agent mn-identifier calling-station-idConfigure the following CLI commands also.
To send 3GPP2 CLID NVSE in MIP RRQ:router(config)# [no] cdma pdsn attribute send a1 mip-rrqTo send CT CLID NVSE in MIP RRQ:Router(config)# [no] cdma pdsn attribute vendor 20942 send a1 mip rrqTo send CLID VSA in FA-CHAP:Router(config)# [no] cdma pdsn attribute send a1 fa-chap
Note
Proxy MIP Changes for Latest IS-835
The proxy MIP changes for the IS-835 feature, introduced in Cisco PDSN Release 5.1, supports the draft version of 3GPP2 X.S0061-0 Version 1.0, entitled Network PMIP Support for PMIPv4.
The following are different PMIP-related attributes that are used at the AAA server level to indicate different functionalities of PMIP:
•
•
Network-PMIP-NAI Attribute
The network-PMIP-NAI VSA specifies the NAI to be used by the access gateway (AGW) for network PMIP binding between AGW and HA. The network-PMIP-NAI attribute is included in the RADIUS access-accept message if the AGW supports network PMIP and the AT is authorized for network PMIP-based mobility.
Note
Cisco PDSN accepts this attribute only if you enable the PMIP-based mobility capability command cdma pdsn attribute send 3gpp2 pmip-indicator auth-req from the CLI. Otherwise, the call is rejected.
PMIP-based Mobility Capability Attribute
The PMIP-based mobility capability VSA indicates that the AGW supports network PMIP to the AAA server. A new PMIP-based mobility capability CLI command, cdma pdsn attribute send 3gpp2 pmip-indicator auth-req, is introduced in Cisco PDSN Release 5.1.
The PMIP-based mobility capability attribute is included in the RADIUS access-request message sent from the AGW to the HAAA server if the AGW supports network PMIP. Cisco PDSN sends this attribute through RADIUS to the AAA server in the access-request message to indicate to the AAA server that the Cisco PDSN supports PMIP and that PMIP is enabled. The absence of the PMIP-based mobility capability attribute indicates that PMIP is not supported by the Cisco PDSN.
While sending the access-request message, Cisco PDSN checks whether the CLI command, cdma pdsn attribute send 3gpp2 pmip-indicator auth-req, is enabled. If yes and if FA service is enabled, the PMIP-based mobility capability attribute with value 1 (representing PMIP4 support) is sent in the access-request message to the AAA server.
Note
•
Cisco PDSN supports only sending the PMIP-based mobility capability attribute with value 1 (representing PMIP4 support).
The AAA server supports both PMIPv4 and PMIPv6. The AAA server may sends this attribute with value either 1 (supports PMIPv4), or 2 (supports PMIPv6), 3 (supports both) to Cisco PDSN in access-reply. Because the AAA server supports PMIPv4 and PMIPv6, Cisco PDSN too supports PMIPv4 establishing the call.
In the access-reply message from the AAA server, if the PMIP-based mobility capability attribute is present, Cisco PDSN verifies the value. The value of the attribute must be either 1 (PMIP4 support) or 3 (for both PMIP4 and PMIP6 support). Otherwise, Cisco PDSN rejects the call.
If a customer-specific PMIP indicator is received along with the PMIP-based mobility capability attribute in the access-accept message from the AAA server, priority is given to the PMIP-based mobility capability attribute.
PMIP-HA-Info-IPv4-Service Attribute
The PMIP-HA-Info-IPv4-Service VSA specifies the network PMIP4 HA or PMIP6 local mobility anchor (LMA)-related information that is used for IPv4 services. This VSA is included in the RADIUS access-request message sent from the AGW or the visiting AAA (VAAA) server to the Home AAA (HAAA) server. This VSA is also included in the RADIUS access-accept message that is sent from the HAAA server to the VAAA or the AGW.
Note
This attribute will be received from the AAA server in the access-reply message only.
Note
This attribute has the following subtypes:
•
•
•
•
Note
•
•
When this attribute is received from the AAA server, the presence of the subtypes is verified and the subtype values are retrieved.
Note
•
•
Also, Cisco PDSN does not support sending this attribute to HAAA or VAAA in access-request.
Simple IPv6 Support
While Cisco PDSN supported IPv6 in releases earlier than Cisco PDSN 5.0, Cisco PDSN Release 5.1 extends IPv6 support for single IP architecture.
Cisco PDSN is the PPP termination point for wireless MS with simple IP access. The MS currently supports IPv4 and has been enhanced to support IPv6. An MS may choose IPv4, IPv6, or both simultaneously to access simple IP services in the network. Cisco PDSN supports simple IPv6 access and existing simple IPv4 access.
Access-Request Attributes
Cisco PDSN configures CLI commands to send the attributes in the AAA server authorization request depending on requirements. In Cisco PDSN Release 5.1, Cisco PDSN optionally sends the other existing attributes in the AAA server access-requests. These options are available for prepaid online access-request also and for framed-IP with value 0.0.0.0.
When Cisco PDSN sends an access-request or fa-chap or online-req to the AAA server, Cisco PDSN checks for the respective CLI commands and updates the attributes accordingly.
For example, if cdma pdsn attribute send d4 {auth-req | fa-chap | online-req} is enabled, the D4 attribute is sent in the access-request message along with the other attributes.
The following attributes are sent in the AAA server access-requests:
•
•
•
Base Station Identifier (D4) Attribute
The base station identifier (BSID) attribute represents the BSID, which is a number formed by combining the SID (4 octets), NID (4 octets) and cell identifier (type 2 of 4 octets).
While sending the access-request, Cisco PDSN checks whether the required CLI command, cdma pdsn attribute send d4 {auth-req | fa-chap | online-req}, is enabled. If the CLI command is not enabled, the attribute is not sent in the authentication-request message to the AAA server. The BSID attribute is added for prepaid online access-request message in much the same manner.
PCF IP Address (D3) Attribute
The PCF IP address attribute represents the IP address of the serving PCF; in other words, the PCF in the serving RAN. While sending the access-request message, Cisco PDSN checks whether the required CLI command, cdma pdsn attribute send d3 {auth-req | fa-chap | online-req}, is enabled. If yes, Cisco PDSN sends the PCF IP address attribute set to the PCF IP address in the authentication-request message to the AAA server. The PCF IP address attribute is added for prepaid online access-request message in much the same manner. If the CLI command is not enabled, the attribute is not sent in the authentication-request message to the AAA server.
User Zone (E1) Attribute
The user zone attribute represents the tiered services user zone. While sending the access-request message, Cisco PDSN checks whether the required CLI command, cdma pdsn attribute send e1 {auth-req | fa-chap | online-req}, is enabled. If yes, Cisco PDSN sends the user zone attribute in an authentication-request message to the AAA server. This attribute is added in much the same manner for prepaid online access-request. If the CLI command is not enabled, the attribute is not sent in the authentication-request message to the AAA server.
NAS Port Attribute
The NAS port attribute represents NAS port identification. While sending the access-request message, Cisco PDSN checks whether the required CLI command is enabled. If yes, Cisco PDSN sends the NAS port attribute set to the NAS port identification in the authentication-request message to the AAA server. For prepaid online access-request messages, this attribute is already sent by default. If the CLI command, cdma pdsn attribute send nas-port include-in-authen-req, is disabled, the attribute is not sent in the authentication-request message to the AAA server.
Framed IP Address (B1) Attribute
The framed IP address attribute represents the IP address of the MS. While sending the access-request message, Cisco PDSN checks whether the required CLI command, cdma pdsn attribute send b1 auth-req, is enabled. If yes, Cisco PDSN sends the framed IP address attribute set to 0.0.0.0 in the authentication-request message to the AAA server. For prepaid online access-requests, this attribute is already sent by default. If the CLI command is disabled, the attribute is not sent in the authentication-request message to the AAA server.
Note
•
To configure the CLI command cdma pdsn attribute send b1 auth-req, the CLI command ip mobile foreign-agent send-mn-address must be configured already. Without configuring the ip mobile foreign-agent send-mn-address CLI command, you can not configure cdma pdsn attribute send b1 auth-req.
Similarly, if both the CLI commands, ip mobile foreign-agent send-mn-address and cdma pdsn attribute send b1 auth-req are enabled, then to disable the CLI command ip mobile foreign-agent send-mn-address, first disable the cdma pdsn attribute send b1 auth-req CLI command.
New PPP Per PCF Counters
The Cisco PDSN supports PPP-related failure and success global statistics. From Cisco PDSN Release 5.1, Cisco PDSN also supports PPP failure statistics per PCF.
The following PPP failure statistics are added per PCF:
•
LCP Phase Failure Counters
Table 10 lists the LCP phase failure counters.
Authentication Phase Failure Counters
Table 11 lists the authentication phase failure counters.
IPCP Phase Failure Counters
Table 12 lists the IPCP phase failure counters.
VPDN Conditional Debugging
The conditional debugging feature enables you to verify or observe the debugs of a particular session. You can enable conditional debugging depending on the IMSI or the username, by using the following CLI command.
PDSN# debug condition ?called called numbercalling calling --------------------> for IMSIglbp interface groupinterface interfaceip IP addressmac-address MAC addressmatch-list apply the match-liststandby interface groupusername username -------------------> for usernamevcid VC IDvoice-port voice-port numberxconnect Xconnect conditional debugging on segment pairIn Cisco PDSN Release 5.1, conditional debugging is enabled for VPDN calls. If you enable IMSI (calling station ID)-based conditional debugs, you must verify if the session IMSI matches the IMSI that was set through the conditional debugging CLI command. If a match exists, VPDN context debug flags are set. If a match does not exist, the debug flags in the VPDN context are not set, avoiding printing of the debugs for other sessions. If IMSI-based debugging is enabled, the IMSI is added in the debug message; similarly for username condition also. If both the username and IMSI-based conditional debugs are enabled for a session, priority is given to the IMSI to display with L2TP and VPDN call event debug messages.
The following command shows the condition as part of L2TP and VPDN call event debugs, which is set through the conditional debug CLI command, when the username or IMSI conditional debugging is enabled for VPDN session.
lac(config)# vpdn debug ?show-conditions Show Conditions (IMSI/Username) with debug messageslac(config)# vpdn debug show-conditions ?GRE CVSE and MN NAI Extension in Revocation Message
Cisco PDSN Release 5.1 meets the CDMA standard 3GPP2 X.S0011-003-D. As per the CDMA standard (3GPP2 X.S0011-003-D), Cisco PDSN sends previously negotiated GRE encapsulation and GRE key in the revocation message and MN-NAI extension in all the revocation messages.
The following are the conditions for sending GRE CVSE and MN NAI extension in the revocation message:
•
•
•
•
•
•
Single IP per Blade
This section discusses concepts related to single IP Infrastructure and Manageability requirements for the Service Provider PDSN gateway application. This application is resident on the SAMI service blade of the Cisco 7600 Series Router and is part of the Mobile Internet product family. This section also provides details about how to configure this feature.
This section includes the following sub sections:
•
–
–
–
–
–
–
–
–
•
•
•
Overview of Single IP Feature
The current Mobile Internet gateway-on-SAMI solutions, (WiMax ASNGW, GGSN, and PDSN except HA) all offer a multiple-routers-on-a-stick model with the attendant manageability and operational issues. The system design for PDSN single IP allows you to manage the gateway-on-SAMI on a per-blade basis. This results in a "factor-of-6 decrease" in operational complexity compared to the previous presentation of six individual processors per blade.
Here is an additional targeted subset of functionality that is presented in a per-chassis model. The presentation of a per-blade model applies to the following areas:
•
•
•
•
•
Additionally, the presentation of a per-chassis model applies to the following targeted functionality:
•
•
•
•
Single IP Interface
The following features fall under the umbrella of a single IP per blade:
•
•
•
•
•
Single Interface for MIP, Simple IP, VPDN-based calls or A11 Registrations
The service blade presents one IP address for the A11 registration request. This IP address is common across all processors in the blade. The IP address for vaccess interface is also common across all processors in the blade. Thus, the blade presents one IP address for the single IP calls. Similarly, the service blade presents a distinct IP address (PDSN IP address) for each of its service including Simple IPv6. These addresses are configured as done for Cisco PDSN Release 4.0, but only on one of the processors of the blade. The IP address configuration is present on both control plane and traffic plane processors.
The service blade implements a packet distribution function in IXP ucode, which ensures that user traffic packets are dispatched to the correct traffic plane processor. Packets identified as control plane traffic (such as A11 packets, packet of disconnect POD packets, MIP registration revocation packets, and so on) are sent to the control plane processor. The rest of the control plane packets (PPP Negotiation, AAA authentication, accounting, MIP, and so on) are dispatched to the correct traffic plane processor. Packets that do not match a specific identification are sent to the control plane processor for treatment.
Single Interface for Configuration
The service blade provides a single point of configuration for blade functionality. This means that you can establish a session to the service blade, the same as performed in Cisco PDSN Release 4.0. The session is established to the control processor on the service blade. From that single session to the service blade, you can configure PDSN features each command required for a feature. That configuration is then propagated to all processors that require the same configuration without you performing any additional configuration.
The default treatment for any IOS configuration command is that the configuration takes effect on all IOS processors on the service blade. It is possible to define a set of commands that only executes on the processor hosting the configuration session. Some examples of filtered configuration commands are those relating to OSPF, SNMP, HSRP, BGP, Eigrp, CDP, and sub-commands in the interface configuration mode relating to any of the above.
Single Interface for SNMP Management
The service blade provides a distinct configurable IP address that is the target address for SNMP operations. This IP address is hosted on the control plane processor. All MIBs on a service blade related to PDSN functionality are accessible through this IP address. Information required from processors other than the control plane processor is either pushed or pulled depending on the MIB target.
There are two MIBs related to processor resource usage and memory usage that present information on a per-processor basis. There is a single Processor Resource MIB result returned with six individual entries, one per processor. Similarly, this also occurs for memory usage.
Single Interface for Troubleshooting and Debugging
The service blade provides a single point of entry (session into the control plane processor) to execute show and debug commands. By default, show commands are executed on the control plane processor only. Each command that requires execution on one or more traffic plane processors is individually instrumented.
For debug commands the HA model for single IP is followed for the PDSN as well. For commands that require additional information from the traffic plane processor and are qualified per user (either NAI or IP address), the traffic plane processor hosting that user is identified and the command executed on that specific processor.
The results from the various processors are combined into a single presentation before a response to the command is provided.
Conditional debug commands use a similar approach. The model proposed by Osler for HA is followed in the PDSN as well.
Single Interface for AAA
The service blade presents a single IP address for AAA interactions. This IP address may be one address for both RADIUS-based interactions, or separate IP address configurations for each protocol.
RADIUS-based authentication and authorization is executed from the traffic plane processor.
The service blade packet distribution function directs RADIUS traffic to a specific processor based on the destination UDP port.
Single Interface for Failover
The current SAMI failure mode is for a per-processor failure whenever possible. For the single IP model, a failure detected on the blade results in a blade-level failover, even if a processor-level failover is sufficient. This feature is similar to the HA single IP.
Operation and Management
This section discusses features that fall under the umbrella of Operation and Management and describes:
•
•
•
•
Chassis-Wide MIB for Application-Related Parameters
This feature provides a single MIB within which all application-related parameters are reported across the chassis. For PDSN, this functionality is provided on a per-PDSN instance basis.
For all PDSN instances on a single service blade, this information is available through an SNMP Get to a single IP address. The information is available in the CISCO-PDSN-MIB. CISCO-CDMA-PDSN-EXT-MIB and in the CISCO-IP-LOCAL-POOL-MIB. The SNMP manager is responsible for executing the necessary number of SNMP GET operations to retrieve a MIB per PDSN instance. This release of the single IP PDSN feature supports one PDSN instance per service blade, thereby reducing the number of Get operations from 12 per service blade to 2.
AAA Responsiveness Test Tool and Traps
There are two aspects to this function:
•
•
AAA Responsiveness Test Tool
This release does not support the AAA responsiveness test tool.
Trap Generation for AAA Unresponsiveness
See Trap Generation for AAA Server Unresponsiveness section.
Show Subscriber
This feature provides—from a single point in the chassis—summary listings of subscribers hosted by the PDSN instances in the chassis. This release supports a single PDSN instance per service blade, so the sequence of steps necessary is limited to requesting the desired information using IOS CLI commands for one, or all, service blades.
Table 12 lists the feature's functionality:
Here is a list of the possible output display formats:
•
•
•
This functionality is not supported through SNMP.
Intra-Chassis Configuration Synchronization
This feature provides that any configuration command executed on the active blade must automatically be synchronized on the partner standby blade by enabling autosynchronization feature. This applies to all commands, except the configuration commands on the active or standby partnering model, PDSN redundancy, and the configuration commands for configuring HSRP, standby command, as a failure detection mode for redundancy.
This feature is disabled by default and can be enabled by the auto-sync all command in configuration mode. The "write memory" needs to be performed before the standby is up.
Note
How an active or standby PDSN is determined is based on the Radio Frequency (RF) infrastructure that is used for Stateful SwitchOver (SSO) support, as well as for Session Redundancy support for various Mobile Severely Errored Frames (mSEF) gateways.
Initialization
The SSO configuration synchronization happens automatically during bootup without any pre-required configurations. The same synchronization cannot be applied to the PDSN as IP connectivity between the redundant units is required before RF negotiation. Therefore, different yet related configurations are necessary for the active and standby blades.
Additionally, the SSO configuration synchronization feature does not support any unique configuration on each of the redundant units. On the PDSN, HSRP and RF Interdev protocols are required, both of which require certain unique configurations on the redundant units.
The existing commands that require unique configurations for each unit are modified to accommodate configurations for the peer unit. A new command identifies the peer slots. These commands are parsed and the RF negotiation state RF_PROG_STANDBY_CONFIG is used to trigger configuration synchronization automatically. See the Configuration Details section for the new commands.
RF Client
As in the case of SSO configuration synchronization, the PDSN configuration synchronization is also an RF client. The configuration synchronization feature registers a callback with RF for the progression and status events. The RF notifies each of these registered clients in order with the progression and status of events, thus allowing the PDSN to know when to synchronize the configuration files.
Configuration Files and Synchronization
The configuration synchronization feature comprises the startup configuration and the running configuration processes.
The startup configuration is stored in the NVRAM as a text file. This file is synchronized whenever you perform operations such as write memory, copy running startup, and so on. If the file is opened for a write operation, synchronization starts after the file is closed.
A running configuration synchronization is dynamically generated by certain operations, so any time a synchronization is performed, the running configuration must be generated.
In the SSO implementation, before the synchronization process begins, the primary is locked. A bulk synchronization of the startup configuration and the running configuration is performed, followed up by a parser mode synchronization.
After both the processes are in synchronization and the primary is unlocked, the line-by-line synchronization begins.
All the synchronizing processes require a transport mechanism to communicate between the redundant units.
The PDSN configuration synchronization feature may use one the following transport mechanisms:
•
•
•
The first is the fastest solution from an implementation perspective but it does not scale well for an inter-chassis solution. In this release, PDSN supports the second option, RF or CF SCTP.
Bulk Synchronization
RF Interdev communication needs to be established between the two units prior to initiating the bulk synchronization. Each unit parses its startup configuration and this will cause the unit to become active or go into standby. The active unit will then bulk synchronize its running and private configuration files to the standby if there has been running or private configuration modifications on it after bootup.
After the bulk synchronization, the standby will reload itself and come up with the altered configurations. During this standby reload phase, no configurations are allowed on the active unit.
The configurations that are synchronized during initialization include:
•
•
The startup configuration is not synchronized because the startup config files in the SUP are always in synchronization.
If a private configuration is changed after bootup, the active unit copies its private configuration file into a buffer and transports the file using RF Interdev SCTP to the standby.
If running configurations change after bootup, the active unit copies its running configuration file to a buffer and transports the file using RF Interdev SCTP to the standby. Following these steps, the active sends a message to the standby to start parsing the received buffers.
The standby unit saves the received buffer contents locally, and reloads itself to apply the modified configuration to itself.
Note
Line-by-Line Synchronization
When both active and standby units are up and running, the CLI command entered from the active unit is executed first, the command is then propagated to the standby and executed, and the results are returned back to the active unit.
The Parser Return Code (PRC) scheme is used in the SSO implementation to have all the parser action routine for each CLI command set the return code. This return code is a combination of the class of the error code, component ID, sync-bit, sub-code, and so on.
Parser Mode Synchronization maintains the same parser mode between the active and standby units before a command is sent to slave for synchronization.
In the SSO implementation, the synchronization is done through RPC, which blocks the current process until the active RP receives return code message from the standby RP. Thus, the commands are executed in order for both units.
If a command fails on the standby unit, then the result is conveyed back to the active. On the active, a stub registry for the policy maker is invoked that leaves the decision on what to do with the returned result to the calling or upper layer.
The single IP PDSN configuration synchronization feature uses the SSO line-by-line synchronization implementation as is.
Startup Configuration Synchronization
In the SSO implementation, the startup configuration is synchronized during bootup when the RF state is ready to perform bulk synchronization. You must lock the router before initiating the startup configuration synchronization.
When a write memory or copy file1 startup-config is executed, there are two ways to handle the scenario:
•
•
For the single IP PDSN, bulk synchronization of the startup configuration file is used because it allows the active unit to save configuration changes to the standby location.
Running Configuration Synchronization
With a running configuration synchronization, the redundancy units carry the same state of information.
Initially, after the secondary unit establishes RF Interdev communication, the running configuration file is bulk synchronized. The bulk synchronization induces a self-reload of the standby unit if the running configuration has changed on the active unit prior to its bootup. After the reload, the standby comes up with the running config of the active unit.
After this the line-by-line synchronization occurs between the two units. As you configure each command, the same command is passed on to the secondary side after executing the same on the primary.
The bulk synchronization of the running configuration is done using the RF Interdev SCTP for the single IP PDSN feature.
Limitations
The following are the limitations when configuring the intra-chassis:
•
•
•
•
Configuration Details
Using the autosynchronization feature, the configurations are synchronized, and the CLIs on both the units must be identical. This feature is disabled by default. The following commands are currently unique to each redundant unit and have been modified:
•
•
•
•
•
•
•
The following new command is introduced under the interface GigabitEthernet0/0.23:
redundancy ip address unit1 ip1 mask1 unit2 ip2 mask2The redundancy ip address command is a per-interface command. The HSRP protocol uses this IP address configured for its negotiation, and not the one configured using the regular ip address command. You do not require the ip address configuration for a sub-interface that is dedicated for HSRP negotiation with the peer.
redundancy unit1 slot x unit2 slot yThe redundancy slot command is a global configuration and is used for identifying the peer slot.
To configure intra-chassis configuration synchronization, perform the following tasks:
redundancy unit1 slot x unit2 slot yunit1-port portnum , unit2-port portnumunder the ipc-assoc-protocol-sctp mode.
unit1-ip address1 , unit2-ip address2under the ipc-unit1-port and ipc-unit2-port modes respectively.
redundancy ip address unit1 address1 mask1 unit2 address2 mask2under the interface and sub-interface modes.
Sequence of configuration steps that must be performed on each of the cards:
When session redundancy is configured for the first time with autosynchronization feature enabled, you must configure only one unit and the other unit must be powered down.
After the configuration is done, ensure that you run the write memory on unit1, then power up unit2.
Monitor Subscriber
This feature allows you from a single point in the chassis to establish conditional debugs based on the NAI or the assigned IP address. This is possible without knowing which PDSN instance in the chassis hosts the subscriber session or is selected to host the subscriber session for cases when the session is not yet established. This feature make use of the Osler tool that allows centralized execution of IOS commands with the ability to receive responses and present those responses in a clear and concise format.
There are two output formats, brief, where the debug output is succinctly presented, and verbose which is the complete debug output.
You must log in to the Supervisor of the 7600, and then execute the command debug condition "qualifier" protocols.
You need to implement the below two-stage process:
1.
2.
It is possible to specify the protocol subsystems for which conditional debugging applies. The choices are Session, Accounting, TFT, VPDN, MIP, PMIP, All and so on.
There is a limit of ten simultaneous pre-triggers.
Note
Show Subscriber Session
You log in to the Supervisor of the 7600 and then execute the show subscriber session command where the subscriber is identified by IMSI, NAI or IP address.
You need to implement the below two-stage process:
•
•
Bulk Statistics Collection
This feature is capable at a single point:
•
•
•
You can set the statistics collection period to increment by 15 minutes, the minimum collection period being 30 minutes. The maximum collection period is 24 hours.
The file content contains summary statistics for each blade except that relating to CPU usage and memory occupation available on a per-CPU basis collected per blade. The per-blade file has an entry for each application CPU on that blade.
The file format is a sequence of "variable_name value" pairs separated by commas.
In Cisco PDSN Release 5.0, the variable name is the OID of the variable as this is the level of support available from the IOS Bulk Statistics Collection CLI command.
There is a predefined set of statistics that is collected, including the variables available in the MIBs that are supported by the PDSN application. The OID assigned to the statistic corresponds directly to the OID in the related MIB.
The following variables of interest are not present in a MIB. These are not supported as part of the Bulk Statistics Collection feature:
•
•
•
•
•
•
The time-period over which collection is made is indicated in the file in the format yy:mm:dd:hh:mm:ss yy:mm:dd:hh:mm:ss. The first date is the start; the second date the end.
If you want to alter the set of subsystems for which statistics collection is enabled, you must first cancel the ongoing statistics collection and begin a new collection. Any information that you collect during the cancelled session is saved.
In the event that the external server is unavailable, the file is saved in local non-volatile memory. The last transferred file is saved locally until the next file is successfully transferred. On successful transfer of the new file, the currently saved file is replaced with the new one.
No new IOS commands are used to support the bulk statistics feature in the single IP PDSN Release 5.0.
Redundancy Support in Cisco PDSN Release 5.0
Redundancy support for Cisco PDSN Release 5.0 features is identical to that supported in Release 4.0.
The session redundancy is extended to support the single IP architecture. Only one processor (that is PCOP) per SAMI is involved in redundancy management. All the other processors (such as TCOPs) follow the PCOP's state. Configuration synchronization from active to standby is supported in Cisco PDSN Release 5.0.
Performance Requirements
The single IP PDSN supports the following performance figures:
•
•
•
•
Single IP Support - Reused and New CLI Commands
The following CLI commands are provided to allow IPC to communicate with IXP, and to allow GTP and IPC over GTP modules to provide reliable, acknowledged and unacknowledged communication capabilities between the SAMI PPCs:
EXEC Mode
•
•
•
•
•
•
•
•
Show Commands
•
•
•
Configuration Mode:
•
•
•
•
•
•
•
•
The sami ipc crashdump command in configuration mode is as follows:
pdsn-Stdby-ftb3-73(config)# sami ipc crashdump ?
never Do not crash in response to an IPC failure.
tolerance Specifies permitted duration of IPC link failure.
Distributed Configuration, Show and Debug commands in Single IP PDSN
The following sections describe the distributed configuration, show and debug commands in single IP PDSN.
Distributed Configuration
The Distributed CLI agent distributes the configuration information from the PCOP to each of the TCOPs using the IPC protocol.
By default, the CLI agent allows all the commands, but filter the ones that may trigger some functionality on the TCOP that is not needed.
Non-CDMA (the Rest of IOS) Configuration Commands
A set of non-CDMA CLI commands are blocked or filtered on the PCOP.
The list of commands that are filtered on the PCOP are:
•
•
•
•
•
•
•
The routing protocols are not sent to TCOPs. We do not recommend configuring the routing protocols on SAMI, it is preferable to set up static routing configurations between SAMI and SUP.
While allocating the IP address pools on the SAMI, we recommend you to configure their respective static routing entries on the SUP.
IP Local Pool Command Change
This command is reused from the GGSN Centralized Pools implementation.
CDMA-related Configuration Commands
For the single IP model, an EXEC banner appears when logging in to a TCOP and warns you to be aware that "normal" maintenance activities should be run from PCOP.
The Table 14 lists the commands that PDSN single IP supports, and indicates whether they are filtered at the PCOP or also sent to the TCOPs.
If the command is sent to the TCOPs, then it is executed at each of the TCOPs.
PDSN Commands for Local Subscriber QoS Profile
The cdma pdsn multiple service flows qos subscriber profile command takes you to a submode. Table 15 lists the commands that you can use to configure various parameters in the local subscriber QoS profile.
Note
See the Configuring the PDSN Image section for the below configuration tasks:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Configuring Host Routes
Host routes are added in general on the TCOPs for the mobile. In case of SingleIP, any ARP request for the MIP address lands on the PCOP. To enable PCOP to respond to ARP requests, enable this CLI command. This CLI command installs the host route for the mobile on the PCOP when the flow comes up, and deletes the host route whenever the flow goes down.
This CLI command is required only when the host routes are not added at the Supervisor for MIP. By default, this CLI command is not configured (Table 16):
Table 16 Configuring Host Routes
[no] cdma pdsn sm add mobile route
Configures or removes configuration of host route on the PDSN.
TCOP
Clear Commands
Table 17 lists the clear commands:
Distributed Show and Debug
By default, all the debug commands are executed in the TCOPs, and the trace is displayed from the PCOP. The PCOP does not perform any aggregation for distributed debug.
Distributed Show - The rule to be followed for distributed show command is that, only for the commands mentioned in the Existing show Commands, aggregation is done at the PCOP for the data collected from the TCOPs. By default, the show commands are not executed at all TCOPs.
Distributed Debug - The rule to be followed for distributed debug commands is that, by default, all the debug commands are executed in the TCOPs, and the trace is displayed from the PCOP. The PCOP does not perform any aggregation for distributed debug.
New Show Commands in The Single IP Architecture
The following example snippets show the new show commands in the single IP architecture:
pdsn# show sami sm imsi IMSIshow sami sm imsi 12345678910112Session Manager User DetailsIMSI: 12345678910112 Location:7(7000000)Call DetailsIP Address: 12.1.1.31 VRF ID:0HA IP Address: 0.0.0.0 NAI: user1pdsn# show sami sm statisticsSession Manager StatisticsRequest Sent:Session: 4 Control: 0Control AAA: 0 Control HA: 0Request Received:Session Create: 5 Session Delete: 4Flow Create: 6 Flow Delete: 5Agg resp: 0Response Sent:Session Create Success: 5 Session Create Failure: 0Session Delete Success: 4 Session Delete Failure: 0IMSI update: 0 IMSI delete Generated : 0Flow Create Success: 6 Flow Create Failure: 0Flow Delete Success: 5 Flow Delete Failure: 0IXP Update:Total: 0 Success: 0Failure: 0Failure:Message parsing: 0 Internal 1: 0Internal 2: 0 PPC not found: 0Timer Expiry: 0 Pool Manager: 0Flow message parse : 0PDSN-Act-ftb3-83# sh cdma pdsn statistics smPPC Stats:Imsi Create Request to PPC Success 4, Failure 0Imsi Delete Request to PPC Success 4, Failure 0Imsi Response from PPC Success 4, Failure 0CCB Create Request to PPC Success 0, Failure 0CCB Delete Request to PPC Success 0, Failure 0CCB HA Create Request to PPC Success 4, Failure 0CCB HA Delete Request to PPC Success 4, Failure 0CCB Response from PPC Success 4, Failure 0IXP A10 Add Send Success 4 Failure 0, Received Success 4 Failure 0IXP A10 Delete Send Success 4 Failure 0, Received Success 4 Failure 0IXP CCB Add Send Success 0 Failure 0, Received Success 0 Failure 0IXP CCB Delete Send Success 0 Failure 0, Received Success 0 Failure 0IXP CCB HA Add Send Success 4 Failure 0, Received Success 4 Failure 0IXP CCB HA Delete Send Success 4 Failure 0, Received Success 4 Failure 0IXP Nack terminated session 0 flow 0Ack timer expiry Imsi 0, Ccb 0Tunnel PPC Stats:Tunnel Create Request Rcvd 3, Sent Ack 3 Nack 0Tunnel Delete Request Rcvd 3, Deleted 3Invalid Tunnel Request Type Rcvd 0PDSN-Act-ftb3-83#PDSN-Act-ftb3-83#Table 18 lists the distributed show commands.
Existing show Commands
The show commands can be categorized into Data Aggregator (DA)/Data Provider (DP) model or remote console and logging (RCAL) model. Commands under the RCAL model are executed directly on the TCOP from either the SUP or the PCOP without any aggregation using execute-on command. All non-cdma related commands can be executed only through this method.
Commands under DA/DP category are executed on the PCOP and either show the values present in the PCOP itself or show the aggregated output received from all TCOPs.
These commands are further classified as push commands and pull commands.
Push commands - The push commands do aggregation from all the TCOPs periodically and get displayed on the PCOP on demand (that means, on executing the corresponding CLI command).
The list of existing push-based show commands are:
•
•
•
•
•
•
•
•
•
•
Pull commands - The pull commands do aggregation only on executing the commands under this category. On executing the CLI command, the data or statistics are fetched from the TCOPs at that instant and displayed.
The list of existing pull-based show commands are:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Changes to Clustering show Commands
The changes to clustering show commands are given below:
show cdma pdsn cluster controller member 2.1.1.1PDSN cluster member 2.1.1.1 (local) state ready, Group NONE <--- Newregistered with PDSN controller 11.1.1.50reported load 1 percent, will be sought in 2 secondsMember 2.1.1.1 statistics:Number of sessions 0Controller seek rcvd 6122, Member seek reply rcvd 6122Member state changed 0 time to readyMember state changed 0 time to Admin prohibitedSession-Up message rcvd 0, Session-Down message received 0Member seek not replied in sequence 0show cdma pdsn cluster controller configurationcluster interface GigabitEthernet0/0.341 (collocated)no R-P signaling proxytimeout to seek member = 10 secondswindow to seek member is 2 timeouts in a row if no reply (afterwards the member is declared offline)default: spi 101, Timestamp +/- 0, key ascii hellothis PDSN cluster controller is configuredController maximum number of load units = 100show cdma pdsn cluster member configurationcluster interface GigabitEthernet0/0.341IP address of controller is 11.1.1.50 (collocated) <--- Newno prohibit administrativelytimeout to resend status or seek controller = 10 sec or less, randomizedresend a msg for 2 timeouts sequentially if no reply, then inform operatordefault: spi 101, Timestamp +/- 0, key ascii hellothis PDSN cluster member is configuredChanges to Show commands
The changes to show commands are given below:
show cdma pdsn pcf:pdsn_act# show cdma pdsn pcfPCF 2.2.2.4 has 1 session, 1 service flowReceived 382 pkts (9750 bytes), sent 391 pkts (10585 bytes)pdsn_act#Displays only the tunnel information. Sessions associated with that tunnel will not be displayed.show cdma pdsn pcf <pcf-ip-addr>:pdsn_act# show cdma pdsn pcf 2.2.2.4PCF 2.2.2.4 has 1 session, 1 service flowReceived 382 pkts (9750 bytes), sent 391 pkts (10585 bytes)pdsn_act#Displays only the tunnel information. Sessions associated with that tunnel will not be displayed.show cdma pdsn statistics:san-pdsn# show cdma pdsn statisticsLast clearing of "show cdma pdsn statistics" counters neverLast Update received at 00:12:54 UTC Mar 1 2009 <--- NewRP Interface:Reg Request rcvd 0, accepted 0, denied 0, discarded 0Initial Reg Request rcvd 0, accepted 0, denied 0, discarded 0, AuxRequest 0Re-registration requests rcvd 0, accepted 0, denied 0, discarded 0Re-registration requests containing Active-Start 0, Active-Stop 0Re-registration requests containing new connections 0, missing connections 0, remapping flows 0Handoff requests rcvd 0, accepted 0, denied 0, discarded 0,AuxRequest 0De-registration rcvd 0, accepted 0, denied 0, discarded 0De-registration Reg Request with Active-Stop 0Registration Request Errors:Unspecified 0, Administratively prohibited 0Resource unavailable 0, Authentication failed 0Identification mismatch 0, Poorly formed requests 0Unknown PDSN 0, Reverse tunnel mandatory 0Reverse tunnel unavailable 0, Bad CVSE 0Max Service Flows 0, Unsupported So 0, Non-Existent A10 0Bandwidth Unavailable 0Update sent 0, accepted 0, denied 0, not acked 0Initial Update sent 0, retransmissions 0Acknowledge received 0, discarded 0Update reason lifetime expiry 0, PPP termination 0, other 0Registration Update Errors:Unspecified 0, Identification mismatch 0Authentication failed 0, Administratively prohibited 0Poorly formed request 0Handoff statistics:Inter PCF handoff active 0, dormant 0Update sent 0, accepted 0, denied 0, not acked 0Initial Update sent 0, retransmissions 0Acknowledge received 0, discarded 0De-registration accepted 0, denied 0Handoff Update Errors:Unspecified 0, Identification mismatch 0Authentication failed 0, Administratively prohibited 0Poorly formed request 0RP Session Update statistics:Update sent 0, accepted 0, denied 0, not acked 0Initial Update sent 0, retransmissions 0Acknowledge received 0, discarded 0Sent reasons Always On 0, RN-PDIT 0, Subscriber Qos 0RP Session Update Errors:Unspecified 0, Identification mismatch 0Authentication failed 0, Session parameters not updated 0Poorly formed request 0Service Option:Address Stats:Simple IP: Static 0, Dynamic 0Mobile IP: Static 0, Dynamic 0Proxy Mobile IP: Static 0, Dynamic 0Simple IP VPDN: Static 0, Dynamic 0Flow Stats:Simple IP: Success 0, Failure 0Mobile IP: Success 0, Failure 0Proxy Mobile IP: Success 0, Failure 0Simple IP VPDN: Success 0, Failure 0Unknown Service Failures: 0PPP:Current Connections 0Connection requests 0, success 0, failure 0, aborted 0Connection enters stage LCP 0, Auth 0, IPCP 0Connection success LCP 0, AUTH 0, IPCP 0Failure reason LCP 0, authentication 0, IPCP 0, other 0Failure reason lower layer disconnect 0A10 release before LCP nego by PDSN 0, by PCF 0LCP StageFailure Reasons Options 0, MaxRetry 0, Unknown 0LCP Term Req during LCP nego sent 0, rcvd 0A10 release during LCP nego by PDSN 0, by PCF 0Auth StageCHAP attempt 0, success 0, failure 0, timeout 0PAP attempt 0, success 0, failure 0, timeout 0MSCHAP attempt 0, success 0, failure 0, timeout 0EAP attempt 0, success 0, failure 0MSID attempt 0, success 0, failure 0AAA timeouts 0, Auth timeouts 0, Auth skipped 0LCP Term Req during Auth nego sent 0, rcvd 0A10 release during Auth nego by PDSN 0, by PCF 0IPCP StageFailure Reasons Options 0, MaxRetry 0, Unknown 0Options failure reason MN Rejected IP Address 0LCP Term Req during IPCP nego sent 0, rcvd 0A10 release during IPCP nego by PDSN 0, by PCF 0CCP StageConnection negotiated compression 0Compression type Microsoft 0, Stac 0, other 0Connections negotiated MRRU 0, IPX 0, IP 0Connections negotiated VJ-Compression 0, BAP 0PPP bundles 0Connections failed to negotiate compression 0Renegotiation total 0, by PDSN 0, by Mobile Node 0Renegotiation success 0, failure 0, aborted 0Renegotiation reason: address mismatch 0, lower layer handoff 0GRE key change 0, other 0Release total 0, by PDSN 0, by Mobile Node 0Release by ingress address filtering 0Release reason: administrative 0, LCP termination 0Idle timeout 0, echo missed 0L2TP tunnel 0, insufficient resources 0Session timeout 0, service unavailable 0De-Reg from PCF 0, lifetime expiry 0, other 0Echo statsRequest sent 0, resent 0, max retransmit timeout 0Response rcvd 0Discarded PacketsUnknown Protocol Errors 0, Bad Packet Length 0RSVP:IEs Parsed 0TFTs Created Success 0, Failure 0TFTs Updated Success 0, Failure 0TFTs Deleted Success 0, Failure 0Other Failure 0Unknown 0, Unsupported Ie types 0Tft Ipv4 Failure StatsTft Unauthorized 0, Unsuccessful Processing 0Tft Treatment Unsupported 0Packet Filter Add 0, Replace 0Packet Filter Precedence Contention 0, Unavailable 0Packet Filter Maximum Limit 0, Non-Existent Tft add 0QOS:Total Profile Download Success 0, Failure 0Local Profile selected 0Failure Reason DSCP 0, Flow Profile ID 0,Service option profile 0, Others 0Total Consolidated Profile 0, DSCP Remarked 0Total policing installed 0, failure 0, removed 0slot 0:AHDLC Engine Type: CDMA HDLC SW ENGINEEngine is ENABLEDtotal channels: 375000, available channels: 375000Framing input 0 bytes, 0 paksFraming output 0 bytes, 0 paksFraming errors 0, insufficient memory 0, queue overflow 0Invalid size 0Deframing input 0 bytes, 0 paksDefaming output 0 bytes, 0 paksDeframing errors 0, insufficient memory 0, queue overflow 0Invalid size 0, CRC errors 0RADIUS DISCONNECT:Disconnect Request rcvd 0, accepted 0Disconnect Request Errors:Unsupported Attribute 0, Missing Attribute 0Invalid Request 0, NAS Id Mismatch 0Session Cxt Not Found 0, Administratively ProhibitedSimilar to show cdma pdsn statistics, if we execute any of the individual statistics except for sm, the following line appears at the start:
Last Update received at 00:12:54 UTC Mar 1 2009 <--- Newrouter# show cdma pdsn statistics ?ahdlc AHDLC informationppp CDMA PDSN ppp statisticsprepaid CDMA PDSN prepaid statisticsqos CDMA PDSN QOS statisticsraa CDMA PDSN RAA statisticsradius CDMA PDSN traffic statisticsrp CDMA PDSN RP statisticssm CDMA PDSN SM statisticstft CDMA PDSN TFT statistics| Output modifiers<cr>router#show cdma pdsn statistics rp error:san-pdsn# show cdma pdsn statistics rp errorLast clearing of "show cdma pdsn statistics rp error" counters neverLast Update received at 00:12:54 UTC Mar 1 2009 <--- NewRP Registration Request Error Reasons:Invalid Packet length 0, Protocol 0, Flags 0Invalid Connection ID 0, Authentication Key 0, SPI 0, Mismatch SPI 0Invalid Mobile ID 0, ID type 0, ID length 0Invalid Extension Order 0, VSE type 0, Vendor id 0Invalid Application type 0, Sub Application type 0Missing extension SSE 0, MHAE 0Duplicate Application type 0, GRE Key 0, CVSE 0Airlink Retransmission with same sequence number 0Airlink Invalid attribute length 0, sequence number 0, record 0Airlink Unknown attribute 0, Duplicate attribute 0Airlink Initial RRQ No Setup 0, Contains Stop 0, Contains SDB 0Airlink Start before Setup 0, Start in De-Registration 0Airlink GRE Key change no Setup 0, Rereceive Setup with same GRE Key 0Airlink Start rcvd during active 0, Stop rcvd during dormant 0De-Registration received for unknown session 0Re-Registration received during session disconnect 0Processing error due to memory failure 0RP Registration Update Ack Error Reasons:Invalid Packet length 0, Protocol 0Invalid Connection ID 0, Authentication Key 0, SPI 0Invalid Mobile ID 0, ID type 0, ID length 0Invalid Extension Order 0, VSE type 0Missing extension SSE 0, RUAE 0Received for unknown session 0, discard memory failure 0RP Session Update Ack Error Reasons:Invalid Packet length 0, Protocol 0Invalid Connection ID 0, Authentication Key 0, SPI 0Invalid Mobile ID 0, ID type 0, ID length 0Invalid Extension Order 0, VSE type 0Missing extension SSE 0, RUAE 0Received for unknown session 0, discard memory failure 0RP Registration Reply Error Reasons:Not sent memory allocation failure 0, Internal error 0Reply not sent to PCF security not found/parse error 0RP Registration Update Error Reasons:Not sent memory allocation failure 0, Internal error 0RP Session Update Error Reasons:Not sent memory allocation failure 0, Internal error 0Other Error Reasons:Maximum configured/limit number of session reached 0show cdma pdsn cac:pdsn_act# show cdma pdsn cacOutput in Values Output in percentageTotal configured bandwidth 2000000 b 100%Allocated bandwidth 100 b 0%Available bandwidth 1999900 b 100%Sessions allocated 1 0%Max sessions allowed 175000 100%PDSN_ACT#
Note
Debug Commands in the Single IP Architecture
Table 19 shows the debug commands in the single IP architecture:
Network Management and MIBs
See the Radius disconnect enabled section.
Features Not Supported
Cross chassis configuration synchronization.
Summary of Features Reused from Other Gateways
•
•
•
•
•
•
•
•
•
Summary of Features Reuseable in Other Gateways
The following features that are included in the single IP subsystem as part of PDSN single IP are reused by other gateways:
•
•
•
•
See the Command Reference for Cisco PDSN Release 5.1 in IOS Release 12.4(22)XR1 for more information about configuration commands for Single IP per Blade in Cisco PDSN Release 5.1.
Osler Support
The Operator Interface for Multiple Service blades for the single IP PDSN product is used to provide a single OAM viewpoint for a defined set of functionality. This support means that you can see the whole chassis as a black box without worrying about the multiple service blades having multiple processors, active or standby configuration, and so on.
The implementation reduces dependence on customer OAM deployments and provides real-time diagnostics to allow quick or proactive problem resolution. It also helps in ongoing verification of dimensioning parameters; namely, network predictability, repair or recovery based on problem identification.
This section describes:
Installing Osler
The PDSN Osler Package is a TCL executable file (pdsn_Osler-Package.tcl) along with an archival file (pdsn_osler.tar). You need to download the executable file and archival file to the flash of the supervisor from where you choose to use PDSN Osler Policies.
As the PDSN Osler Package is bundled as part of the SAMI image, first you need to copy both the files (that is, pdsn_Osler-Package.tcl and pdsn_osler.tar) from the respective SAMI LCP (Processor 0) to disk0: of SUP.
Installation Commands for Osler
You need to issue the following commands on SUP prompt:
pdsn-osler# copy sami# slot_number-fs:image/scripts/pdsn_Osler-Package.tcl disk0:
pdsn-osler# copy sami# slot_number-fs:image/scripts/ pdsn_osler.tar disk0:
Once both the files have been copied to the disk0: of SUP, to see the options available within the package on the SUP execute the command tclsh disk0:pdsn_Osler-Package.tcl --help. The command output is as shown below (Table 20).
Sample Installation of Osler
To install the PDSN Osler Package, the following is an example:
Single chassis environment:
tclsh disk0:pdsn_Osler-Package.tcl -pkg install -f disk0:pdsn_osler.tar -maxP 9 -tftpN 1.1.1.19 -statLD disk0:stats -statRD dirname/stats/globalStats -statT 30 -subRD nishigup/Osler_Lib -traceLD disk0:/traces -traceRD dirname/tracesThe above example assumes that:
•
•
Tip
To uninstall the PDSN Osler Package, the following is an example:
Single chassis environment:
tclsh disk0:pdsn_Osler-Package.tcl -pkg uninstall
Note
•
•
•
Show Subscriber Commands
The CLI commands are invoked on the processors running the active PDSN instances to query the subscriber, matching one or more of various conditions. The conditions are:
•
•
•
•
•
•
•
•
•
•
Three display formats are provided: summary, brief, and verbose.
•
•
•
The Osler CLI collects the output of the commands from the processors, collates the results and presents, as if one command is executed. You must provide the option to collect the data in a file or to display the data on the screen for the verbose and brief options.
Show Subscriber Verbose All
This command shows all the subscribers on the chassis. This command internally use show cdma pdsn session detail and parse the output.
Caution
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server.
Note
The below example is a snippet of the display output:
----------- Slot 1/CPU 5, show cdma pdsn session detail-------------Mobile Station ID IMSI 09003000001PCF IP Address 6.6.6.2, PCF Session ID 1A10 connection time 02:25:51, registration lifetime 65535 secNumber of successful A11 reregistrations 0Remaining session lifetime INFINITEAlways-On not enabled for the userCurrent Access network ID 0006-0606-02Last airlink record received is Active Start, airlink is activeGRE protocol type is 0x8881GRE sequence number transmit 867, receive 860Using interface Virtual-Access2.1, status OPNUsing AHDLC engine on slot 0, channel ID 10Service Option EV-DO Flow Discrimination 0 DSCP Included 0Flow Count forward 0 reverse 0This session has 1 flowThis session has 0 service flowsSession Airlink State ActiveThis session has 0 TFTsQos subscriber profileMax Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Flow service Simple, NAI osler1Mobile Node IP address 4.4.4.1Packets in 0, bytes in 0Packets out 0, bytes out 0Qos per flow : osler1Max Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Number of Persistent Tft : 34567Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Show Subscriber Brief All
This command is implemented to show all the subscribers in the chassis. This command internally uses show cdma pdsn session brief and parses the output.
Caution
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server.
Note
The below example is a snippet of the display output:
----------- Slot 1/CPU 5, show cdma pdsn session brief-------------MSID PCF IP Address PSI Age St SFlows Flows Interface09003000001 6.6.6.2 1 00:27:02 OPN 0 1 Virtual-Access2.109003000053 6.6.6.5 51 00:00:32 OPN 0 1 Virtual-Access2.2Show Subscriber Summary All
This command is implemented to show summary of all the subscribers in the chassis. This command internally uses show cdma pdsn session summary and parse the output.
The below example is a snippet of the display output:
SHOW SUBSCRIBER SUMMARY-------------------------------Total Number of sessions :121Total Number of Paks in :83866Total Number of Paks out :87872Total Number of bytes in :1341130Total Number of bytes out :2601436Show Subscriber Verbose Card
This command shows all the subscribers on a specific SAMI card. This command internally uses show cdma pdsn session detail on the specified card and then parse the output.
Caution
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server.
Note
The below example is a snippet of the display output:
>> Now enter the SAMI Card ID ([1-13]): 1----------- Slot 1/CPU 5, show cdma pdsn session detail-------------Mobile Station ID IMSI 09003000003PCF IP Address 6.6.6.5, PCF Session ID 1A10 connection time 00:08:36, registration lifetime 65535 secNumber of successful A11 reregistrations 0Remaining session lifetime INFINITEAlways-On not enabled for the userCurrent Access network ID 0006-0606-05Last airlink record received is Active Start, airlink is activeGRE protocol type is 0x8881GRE sequence number transmit 14, receive 0Using interface Virtual-Access2.1, status OPNUsing AHDLC engine on slot 0, channel ID 54Service Option EV-DO Flow Discrimination 0 DSCP Included 0Flow Count forward 0 reverse 0This session has 1 flowThis session has 0 service flowsSession Airlink State ActiveThis session has 0 TFTsQos subscriber profileMax Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Flow service Mobile, NAI scdma_osler3@ark.comMobile Node IP address 9.9.9.2HA IP address 5.5.5.2Packets in 0, bytes in 0Packets out 0, bytes out 0Qos per flow : scdma_osler3@ark.comMax Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Number of Persistent Tft : 34567Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Show Subscriber Brief Card
This command shows all the subscribers on a specific card. This command internally uses show cdma pdsn session brief on the specified card and then parse the output.
Caution
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server.
Note
The below example is a snippet of the display output:
>> Now enter the SAMI Card ID ([1-13]): 1----------- Slot 1/CPU 5, show cdma pdsn session brief-------------MSID PCF IP Address PSI Age St SFlows Flows Interface09003000001 6.6.6.2 1 00:28:39 OPN 0 1 Virtual-Access2.109003000053 6.6.6.5 51 00:02:09 OPN 0 1 Virtual-Access2.2Show Subscriber Summary Card
This command shows summary of all the subscribers on a specific card. This command internally uses show cdma pdsn session summary on the specified card and parse the output.
The below example is a snippet of the display output:
>> Now enter the SAMI Card ID ([1-13]): 1SHOW SUBSCRIBER SUMMARY <-> (All Subscribers on the Card: 1)-------------------------------Total Number of sessions :121Total Number of Paks in :84555Total Number of Paks out :88561Total Number of bytes in :1352154Total Number of bytes out :2620915Show Subscriber Verbose CPU
This command shows all the subscribers from the specific TCOP on a SAMI card. This command internally uses execute-on [TCOP] show cdma pdsn session detail on the specified {Card, PCOP} and parse the output.
Caution
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
>> Now enter the ',' separated SAMI Card & CPU ID (e.g. 4,5): 1,5----------- Slot 1/CPU 5, show cdma pdsn session detail-------------Mobile Station ID IMSI 09003000051PCF IP Address 6.6.6.2, PCF Session ID 51A10 connection time 00:08:24, registration lifetime 65535 secNumber of successful A11 reregistrations 0Remaining session lifetime INFINITEAlways-On not enabled for the userCurrent Access network ID 0006-0606-02Last airlink record received is Active Start, airlink is activeGRE protocol type is 0x8881GRE sequence number transmit 62, receive 55Using interface Virtual-Access2.2, status OPNUsing AHDLC engine on slot 0, channel ID 53Service Option EV-DO Flow Discrimination 0 DSCP Included 0Flow Count forward 0 reverse 0This session has 1 flowThis session has 0 service flowsSession Airlink State ActiveThis session has 0 TFTsQos subscriber profileMax Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Flow service Simple, NAI osler1Mobile Node IP address 4.4.4.5Packets in 0, bytes in 0Packets out 0, bytes out 0Qos per flow : osler1Max Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Number of Persistent Tft : 34567Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Show Subscriber Brief CPU
This command shows all the subscribers from the specific TCOP on a SAMI card. This command internally uses execute-on [TCOP] show cdma pdsn session brief on the specified {Card, PCOP} and parse the output to present it in short form.
Caution
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
>> Now enter the ',' separated SAMI Card & CPU ID (e.g. 4,5): 1,5>> Large number of records to process. Should I tftp it (y/n): yRedirected the file PPC3-SLOT1-04_33_58.19_Feb_2009***********************************************************************=================== Total OP-REDIRECTED Records Found ==================Show Subscriber Summary CPU
This command shows the subscribers from the specific TCOP on a SAMI card. This command internally uses execute-on [TCOP] show cdma pdsn session summary on the specified {Card, PCOP} and parse the output.
The below example is a snippet of the display output:
>> Now enter the ',' separated SAMI Card & CPU ID (e.g. 4,5): 1,5SHOW SUBSCRIBER SUMMARY <-> (All Subscribers on the Slot,CPU: [1,5])-------------------------------Total Number of sessions :121Total Number of Paks in :120771Total Number of Paks out :124777Total Number of bytes in :1931750Total Number of bytes out :3648760Show Subscriber Verbose with Connect
This command shows the subscribers with a lifetime within the specified parameters in hh:mm:ss format.This command internally uses show cdma pdsn session lifetime age {greater | less | equals} [time] detail and parse the output.
Because of the huge amount of data to the SUP card, the policy takes an extended period of time to process the data, if the criterion matches for large number of subscribers.
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
>> Now enter the lifetime (hh:mm:ss format): 0:2:29>> Enter the value type for Life Time Record (e.g: greater|lesser|equals): greater----------- Slot 1/CPU 5, show cdma pdsn session lifetime age greater 0:2:29 detail-------------Mobile Station ID IMSI 09003000051PCF IP Address 6.6.6.2, PCF Session ID 51A10 connection time 00:04:25, registration lifetime 65535 secNumber of successful A11 reregistrations 0Remaining session lifetime INFINITEAlways-On not enabled for the userCurrent Access network ID 0006-0606-02Last airlink record received is Active Start, airlink is activeGRE protocol type is 0x8881GRE sequence number transmit 38, receive 31Using interface Virtual-Access2.2, status OPNUsing AHDLC engine on slot 0, channel ID 55Service Option EV-DO Flow Discrimination 0 DSCP Included 0Flow Count forward 0 reverse 0This session has 1 flowThis session has 0 service flowsSession Airlink State ActiveThis session has 0 TFTsQos subscriber profileMax Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Flow service Simple, NAI osler1Mobile Node IP address 4.4.4.5Packets in 0, bytes in 0Packets out 0, bytes out 0Qos per flow : osler1Max Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Number of Persistent Tft : 34567Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Show Subscriber Brief with Connect
This command shows the subscribers with a lifetime within the parameters in the hh:mm:ss format. This command internally uses show cdma pdsn session lifetime age {greater | less | equals} [time] brief and parse the output.
Because of large amount of data to the SUP card, the policy takes an extended period of time to process the data, if the criterion matches for large number of subscribers.
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
>> Now enter the lifetime (hh:mm:ss format): 0:2:59>> Enter the value type for Life Time Record (e.g.: greater|lesser|equals): greater----------- Slot 1/CPU 5, show cdma pdsn session lifetime age greater 0:2:59 brief-------------MSID PCF IP Address PSI Age St SFlows Flows Interface09003000051 6.6.6.2 51 00:05:10 OPN 0 1 Virtual-Access2.2Show Subscriber Summary with Connect
This command shows the subscribers with a lifetime within the parameters in the hh:mm:ss format. This command internally uses show cdma pdsn session lifetime age {greater | less | equals} [time] summary and parse the output.
The below example is a snippet of the display output:
>> Now enter the lifetime (hh:mm:ss format): 1:23:0>> Enter the value type for Life Time Record (e.g: greater|lesser|equals): greaterSHOW SUBSCRIBER SUMMARY <-> (With specified lifetime: 1:23:0)-------------------------------Total Number of sessions with lifetime greater than the given time :120Total Number of Paks in :121117Total Number of Paks out :125114Total Number of bytes in :1937152Total Number of bytes out :3657995Show Subscriber Verbose from FA-Chassis
This command shows the total number of visitors serviced by the FA in the chassis. This command internally uses show ip mobile visitor and parse the output.
Caution
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
----------- Slot 1/CPU 5, show ip mobile visitor-------------Mobile Visitor List:Total 1scdma_osler3@ark.com:Home addr 9.9.9.2Interface Virtual-Access2.1, MAC addr 0000.0000.0000IP src 0.0.0.0, dest 5.5.5.1, UDP src port 434HA addr 5.5.5.2, Identification CD1EB19A.10000Lifetime 00:10:00 (600) Remaining 00:03:05Tunnel0 src 5.5.5.1, dest 5.5.5.2, reverse-allowedRouting OptionsShow Subscriber Brief From FA-Chassis
This command shows total number of visitors serviced by the FA in the chassis. This command internally uses show ip mobile visitor brief and parses the output to present in a short form.
If the specific FA has a large number of subscribers in the chassis, the policy may take an extended period of time to display all the subscribers. In such cases, we recommend that you do not run this command often.
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
----------- Slot 1/CPU 5, show ip mobile visitor brief-------------Mobile Visitor List:Total 1scdma_osler3@ark.com:Home addr 9.9.9.1MAC addr 0000.0000.0000HA addr 5.5.5.2FA addr 5.5.5.1Lifetime 00:10:00 (600) Remaining 00:08:03Show Subscriber Summary from FA-Chassis
This command shows the total number of visitors serviced by the FA in the chassis. This command internally uses show ip mobile visitor summary and parse the output.
The below example is a snippet of the display output:
SHOW SUBSCRIBER SUMMARY <-> (FA-Chasis Visitors)-------------------------------FA-Chasis visitors List:Total 1Show Subscriber Verbose from FA-Member
This command shows the total number of visitors serviced by FA in the specified service card. This command internally uses show ip mobile visitor [Card] and parse the output.
Caution
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
>> Now enter the Card number for FA-Member visitors: 1----------- Slot 1/CPU 5, show ip mobile visitor-------------Mobile Visitor List:Total 1scdma_osler3@ark.com:Home addr 9.9.9.2Interface Virtual-Access2.3, MAC addr 0000.0000.0000IP src 0.0.0.0, dest 5.5.5.1, UDP src port 434HA addr 5.5.5.2, Identification CD229382.10000Lifetime 00:10:00 (600) Remaining 00:02:39Tunnel0 src 5.5.5.1, dest 5.5.5.2, reverse-allowedRouting OptionsShow Subscriber Brief from FA-Member
This command shows the total number of visitors serviced by FA in the specified service card. This command internally uses show ip mobile visitor [card] brief and parse the output.
If the specific FA has a large number of subscribers in card, the policy takes an extended period of time to display all the subscribers. In such cases, we recommend that you do not run this command often.
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
>> Now enter the Card number for FA-Member visitors: 1----------- Slot 1/CPU 5, show ip mobile visitor brief-------------Mobile Visitor List:Total 1scdma_osler3@ark.com:Home addr 9.9.9.2MAC addr 0000.0000.0000HA addr 5.5.5.2Lifetime 00:10:00 (600) Remaining 00:04:57Show Subscriber Summary from FA-Member
This command shows the total number of visitors serviced by FA in the specified service card. This command internally uses show ip mobile visitor [card] summary and parse the output.
The below example is a snippet of the display output:
SHOW SUBSCRIBER SUMMARY <-> (FA-Member Visitors: 1)-------------------------------FA-Member Visitors List:Total 1Show Subscriber Verbose from HA-User
This command shows the total number of users registered with a particular HA. This command internally uses show ip mobile visitor ha-addr [ha-ip] on all the TCOPs and parse the output.
Caution
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
>> Now enter the HA-User address (HA IP): 5.5.5.2----------- Slot 1/CPU 5, show ip mobile visitor ha-addr 5.5.5.2-------------Mobile Visitor List:Total 1scdma_osler3@ark.com:Home addr 9.9.9.2Interface Virtual-Access2.3, MAC addr 0000.0000.0000IP src 0.0.0.0, dest 5.5.5.1, UDP src port 434HA addr 5.5.5.2, Identification CD228505.10000Lifetime 00:10:00 (600) Remaining 00:07:33Tunnel0 src 5.5.5.1, dest 5.5.5.2, reverse-allowedRouting OptionsShow Subscriber Brief from HA-User
This command shows the total number of users registered with a particular HA. This command internally uses show ip mobile visitor ha-addr [ha-ip] brief and parse the output.
If the specific HA has large number of subscribers in card, the policy takes an extended period of time to display all the subscribers; not recommended to run more often.
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
>> Now enter the HA-User address (HA IP): 5.5.5.2----------- Slot 1/CPU 5, show ip mobile visitor ha-addr 5.5.5.2 brief-------------Mobile Visitor List:Total 1scdma_osler3@ark.com:Home addr 9.9.9.2MAC addr 0000.0000.0000HA addr 5.5.5.2Lifetime 00:10:00 (600) Remaining 00:04:07Show Subscriber Summary from HA-user
This command is implemented to show the total number of users registered with a particular HA. This command internally uses show ip mobile visitor ha-addr [ha-ip] summary and parses the output.
The below example is a snippet of the display output:
>> Now enter the HA-User address (HA IP): 5.5.5.2SHOW SUBSCRIBER SUMMARY <-> (HA-User IP: 5.5.5.2)-------------------------------HA User Subscriber List:Total 1Show Subscriber Verbose within Address Space
This command shows all the subscribers within the given address space. This command internally uses show cdma pdsn flow mn-ip-address range [mn-ip] detail and parse the output.
Caution
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
>> Now enter the ',' separated starting IP address & end IP address(e.g. 10.114.200.49,10.114.200.180) : 4.4.4.1,4.4.4.10----------- Slot 1/CPU 5, show cdma pdsn flow mn-ip-address range 4.4.4.1 4.4.4.10 detail-------------Flow service Simple, NAI osler1@cisco.comMobile Node IP address 4.4.4.1Packets in 0, bytes in 0Packets out 0, bytes out 0Qos per flow : osler1@cisco.comMax Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Number of Persistent Tft : 34567Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Flow service Simple, NAI osler1@cisco.comMobile Node IP address 4.4.4.2Packets in 1, bytes in 108Packets out 1, bytes out 76Qos per flow : osler1@cisco.comMax Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Number of Persistent Tft : 34567Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Show Subscriber Brief within Address Space
This command shows all the subscribers within the given address space. This command internally uses show cdma pdsn flow mn-ip-address range <mn-ip> brief and parse the output.
Caution
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
>> Now enter the ',' separated starting IP address & end IP address(e.g. 10.114.200.49,10.114.200.180) : 4.4.4.1,4.4.4.10----------- Slot 1/CPU 5, show cdma pdsn flow mn-ip-address range 4.4.4.1 4.4.4.10-------------MSID NAI Type MN IP Address St09003000001 osler1@cisco.com Simple 4.4.4.2 ACTShow Subscriber Summary within Address Space
This command shows summary of all the subscribers within the given address space. This command internally uses show cdma pdsn flow mn-ip-address range [mn-ip] summary and parse the output.
The below example is a snippet of the display output:
>> Now enter the ',' separated starting IP address & end IP address (e.g. 10.114.200.49,10.114.200.180) : 4.4.4.1,4.4.4.10SHOW SUBSCRIBER SUMMARY <-> (Subscriber in address range: 4.4.4.1 4.4.4.10)-------------------------------Number of flows having mn-ip-adress between 4.4.4.1 4.4.4.10 : 8Total Number of Packs in :0Total Number of Packs out :0Total Number of bytes in :0Total Number of Packs out :0Show Subscriber Verbose for Calltype
This command shows the total number of users for a particular Calltype. This command internally uses show cdma pdsn session service-option [so] detail and parse the output.
Caution
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
Select Service type:1. EVDO2. 1xRTT3. QuitEnter the service Type choice from the above menu (1/2/3): 1----------- Slot 1/CPU 5, show cdma pdsn session service-option 59 detail-------------Mobile Station ID IMSI 09003000051PCF IP Address 6.6.6.2, PCF Session ID 51A10 connection time 00:11:13, registration lifetime 65535 secNumber of successful A11 reregistrations 0Remaining session lifetime INFINITEAlways-On not enabled for the userCurrent Access network ID 0006-0606-02Last airlink record received is Active Start, airlink is activeGRE protocol type is 0x8881GRE sequence number transmit 78, receive 71Using interface Virtual-Access2.2, status OPNUsing AHDLC engine on slot 0, channel ID 55Service Option EV-DO Flow Discrimination 0 DSCP Included 0Flow Count forward 0 reverse 0This session has 1 flowThis session has 0 service flowsSession Airlink State ActiveThis session has 0 TFTsQos subscriber profileMax Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Flow service Simple, NAI osler1Mobile Node IP address 4.4.4.5Packets in 0, bytes in 0Packets out 0, bytes out 0Qos per flow : osler1Max Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Number of Persistent Tft : 34567Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Show Subscriber Brief for Calltype
This command shows the total number of users for a particular Calltype. This command internally uses show pdsn session service-option [so] brief and parse the output.
If the specific card has large number of subscribers, the policy may take an extended period of time to display all the subscribers; not recommended to run more often.
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
Select Service type:1. EVDO2. 1xRTT3. QuitEnter the service Type choice from the above menu (1/2/3): 1----------- Slot 1/CPU 5, show cdma pdsn session service-option 59 brief-------------MSID PCF IP Address PSI Age St SFlows Flows Interface09003000051 6.6.6.2 51 00:12:00 OPN 0 1 Virtual-Access2.209003000003 6.6.6.5 1 00:04:33 OPN 0 1 Virtual-Access2.1Show Subscriber Summary for Calltype
This command shows the total number of users for a particular Calltype. This command internally uses show pdsn session service-option [so] summary and parse the output.
The below example is a snippet of the display output:
Select Service type:1. EVDO2. 1xRTT3. QuitEnter the service Type choice from the above menu (1/2/3): 1SHOW SUBSCRIBER SUMMARY <-> With CallType Option 59-------------------------------Total Number of sessions with service option 59:121Total Number of Paks in :124122Total Number of Paks out :128128Total Number of bytes in :1985366Total Number of bytes out :3744118Show Subscriber Verbose with NAI
This command shows the subscribers with specific string within the NAI. For example, you can view subscribers for the push to talk that will have "ptt" within the NAI. This command internally uses show cdma pdsn session user *ptt* detail' and parse the output. It returns only bindings that match the "ptt" string in the NAI.
Because of the large amount of data to the SUP card, depending on the matching criterion, the policy takes an extended time to process the data.
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
>> Now enter the NAI (wild-carded or specific): *_osler*----------- Slot 1/CPU 5, show cdma pdsn session user *_osler* detail-------------Mobile Station ID IMSI 09003000053PCF IP Address 6.6.6.5, PCF Session ID 51A10 connection time 00:01:37, registration lifetime 65535 secNumber of successful A11 reregistrations 0Remaining session lifetime INFINITEAlways-On not enabled for the userCurrent Access network ID 0006-0606-05Last airlink record received is Active Start, airlink is activeGRE protocol type is 0x8881GRE sequence number transmit 14, receive 0Using interface Virtual-Access2.3, status OPNUsing AHDLC engine on slot 0, channel ID 11Service Option EV-DO Flow Discrimination 0 DSCP Included 0Flow Count forward 0 reverse 0This session has 1 flowThis session has 0 service flowsSession Airlink State ActiveThis session has 0 TFTsQos subscriber profileMax Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Flow service Mobile, NAI scdma_osler3@ark.comMobile Node IP address 9.9.9.2HA IP address 5.5.5.2Packets in 0, bytes in 0Packets out 0, bytes out 0Qos per flow : scdma_osler3@ark.comMax Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Number of Persistent Tft : 34567Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Show Subscriber Brief with NAI
This command shows the subscribers with specific string within the NAI. For example, you can view subscribers for the push to talk that will have "ptt" within the NAI. This command internally uses show cdma pdsn session user *ptt* brief and parse the output. It returns only bindings that match the "ptt" string in the NAI.
The policy runs the summary command first and checks for the users per PCOP. If the number of the subscribers exceeds the recommended numbers for the terminal display, you need to select the file option. If you have not selected the file option, the PCOP is ignored.
You can use the IOS CLI command show cdma pdsn session detail for this purpose. tftp://tftp-ip/user/[dir]/PPC3-SLOTNumber-subs-[date-time].txt is used collect all the data into a file on the TFTP server location.
Note
The below example is a snippet of the display output:
>> Now enter the NAI (wild-carded or specific): osler*----------- Slot 1/CPU 5, show cdma pdsn session user osler* brief-------------MSID PCF IP Address PSI Age St SFlows Flows Interface09003000051 6.6.6.2 51 00:01:35 OPN 0 1 Virtual-Access2.2Show Subscriber Summary With NAI
This command shows the subscribers with specific string within the NAI. For example, you can view subscribers for the push to talk that will have "ptt" within the NAI. This command internally uses show cdma pdsn session user *ptt* summary and parse the output. It returns only bindings that match the "ptt" string in the NAI.
The below example is a snippet of the display output:
>> Now enter the NAI (wild-carded or specific): osler1*SHOW SUBSCRIBER SUMMARY <-> (Matching NAI: osler1*)-------------------------------Total Number of sessions with user osler1* :121Total Number of Paks in :124644Total Number of Paks out :128650Total Number of bytes in :1993718Total Number of bytes out :3759382Monitor Subscriber Commands
Osler implements trace commands to perform all the tasks for subscriber tracing. The subscriber is identified based on the NAI or IMSI.
To trace the subscriber, the policy invokes multiple CLI commands on the processors running the active or standby PDSN to set conditional debugs, using existing IOS CLIs for that subscriber.
The set of conditional debugs is based on session, accounting, MIP, PMIP, VPDN and TFT, which results in invoking multiple commands on the processors. You do not have to set the debug conditions on all the processors.
The monitor commands must configure each SAMI processor mode command debug condition [username | calling] {NAI | IMSI} to enable the inclusion of your name or NAI in the traces.
Note
The following command provides an option to start the subscriber tracing based on NAI or IMSI:
Note
SUP-7600#traces
For NAI-based tracing, the traces command uses the following commands to set the trace conditions:
trace condition
debug condition username [NAI]
For IMSI-based tracing, the traces command uses the following commands to set the trace conditions:
trace condition
debug condition calling [IMSI]
To configure show debug condition, use the command cdma pdsn debug show-conditions in configuration mode. For MIP and PMIP debugs to display debug conditions, use the ip mobile debug include username command in configuration mode.
The application specific traces are configured as below:
application specific traces
Session
debug cdma pdsn a11
debug cdma pdsn session
debug ppp negotiation
debug radius authentication
Accounting
debug radius accounting
debug cdma pdsn accounting
TFT
debug cdma pdsn rsvp
debug cdma pdsn tft
VPDN
debug vpdn l2x-errors
debug vpdn l2x-events
MIP
debug ip mobile
PMIP
debug ip mobile proxy
After debugging on PDSN instances, the traces command creates a trace log file on the local disk of the supervisor card to dump the traces. It also displays the traces on the terminal.
The trace command continuously collects the traces of subscriber, until it receives the trace stop request or the trace command registration time (default is one hour) expires. On receiving the trace stop request, it stops the subscriber tracing and it resets the trace conditions that were set while starting the tracing for the subscriber.
Stop Subscriber Tracing
You can send the trace stop request to a single subscriber at a time to stop tracing. The trace stop request contains information about transferring the trace log file to an external host and you need to confirm this information before PDSN sends the trace stop request to the corresponding trace session.
If the trace stop request needs transferring the trace log file to an external host, the trace command transfers the trace log file to an external host and deletes the trace log file from the local directory of the supervisor card.
If the trace stop request does not need transferring the trace log file to an external host, the traces command retains the trace log file in a local directory of the supervisor card.
Show Subscriber Trace Sessions
You can use the trace command to view information about all the existing trace sessions in the system.
This option shows the number of existing trace sessions and the list of subscribers for which tracing is enabled. To view the information about Osler trace conditions, this option invokes the CLI command show debugging on all PDSN instances.
Clear All Subscriber Trace Sessions
You can also clear all existing trace sessions.
Before clearing the trace sessions, this option displays the information about all the existing trace sessions in the system.
The trace clear session request also contains the information about transferring the trace log file to an external host and you need to confirm this information before PDSN sends the trace clear session request.
After sending the clear trace session request, the policy removes the conditional debug from all active and standby PDSN instances for the specific NAI or assigned IP address.
If only one debug condition exists, the application-specific traces are removed first to avoid trace flooding and then the condition is removed.
If there is no active trace session in system, this option provides the mechanism to reset the Osler trace condition which are left unclear (if any) on PDSN instances.
Note
Traces Representation
After starting the subscriber tracing, the traces command continuously reads the traces from the system log. While logging the traces in trace log file and displaying the traces on the terminal, the trace command reformats them and categorizes the traces based on timestamps and protocols. Within the protocol, the traces are sub-categorized based on the processing stage of a particular request from the subscriber.
Trace Mode
Osler implements the subscriber tracing for brief and verbose mode, where brief mode includes only meaningful traces and verbose mode includes all subscriber traces. All the brief mode traces are maintained in one separate database file. If you want to get more traces, you can add the tokens in the database file. Pre-defined tokens are default tokens for brief traces. To add a new token, add it in a new line in a particular topic.
Protocol Selection
Osler provides the subscriber tracing on Session, Accounting, TFT, MIP, PMIP and VPDN protocols. You can thus trace the subscribers for specific protocols only.
While starting the tracing, the trace command provides an option to select one or more protocols among Session, Accounting, TFT, MIP, PMIP and VPDN protocols. The trace command enables the trace conditions, logs, and displays the conditions for selected protocols only.
Other Conditions
Because the tracing is a continuous process, it consumes CPU resources. Therefore, to meet the CPU requirements, the trace command performs the following checks:
•
•
•
•
•
•
Show Subscriber Session
The CLI or script commands are implemented as part of this module to determine which service blade is hosting the subscriber and then executes the set of IOS CLIs on that service blade and collates the results and presents in a single coherent output format.
This module runs the following CLIs on all the active SAMI card and get the session and accounting details from the card which is holding the session.
The CLI command for NAI as the condition is:
pdsn# show cdma pdsn session user NAI detail
pdsn# show cdma pdsn accounting user NAI
The CLI command for IMSI as the condition is:
pdsn# show cdma pdsn session msid IMSI_value detail
pdsn# show cdma pdsn accounting session IMSI_value
The CLI command for Mobile Node (mn) IP address as condition is:
pdsn# show cdma pdsn session mn-ip-address IP-Address detail
pdsn# show cdma pdsn accounting mn-ip-addr IP-Address
The below example is a snippet of the display output for the co mmand showSession:
pdsn-osler# showSessionSubscriber IP Address/NAI/IMSI: osler1@cisco.com################### SUBSCRIBER SESSION FOUND ###################User ID: osler1@cisco.com [Slot:1 CPU:3]Session Details:Mobile Station ID IMSI 09003000001PCF IP Address 6.6.6.2, PCF Session ID 1A10 connection time 00:00:12, registration lifetime 65535 secNumber of successful A11 reregistrations 0Remaining session lifetime INFINITEAlways-On not enabled for the userCurrent Access network ID 0006-0606-02Last airlink record received is Active Start, airlink is activeGRE protocol type is 0x8881GRE sequence number transmit 14, receive 7Using interface Virtual-Access2.1, status OPNUsing AHDLC engine on slot 0, channel ID 3Service Option EV-DO Flow Discrimination 0 DSCP Included 0Flow Count forward 0 reverse 0This session has 1 flowThis session has 0 service flowsSession Airlink State ActiveThis session has 0 TFTsQos subscriber profileMax Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Flow service Simple, NAI osler1@cisco.comMobile Node IP address 4.4.4.1Packets in 0, bytes in 0Packets out 0, bytes out 0Qos per flow : osler1@cisco.comMax Aggregate Bandwidth : 1Inter User Priority : 1000Maximum Flow Priority : 120980Number of Persistent Tft : 34567Forward profile-id : 4660Forward profile-id : 9097Forward profile-id : 14454Reverse profile-id : 6295Reverse profile-id : 17185Bidirectional profile-id : 22136Bidirectional profile-id : 26505Accounting Details:UDR for sessionsession ID: 1Mobile Station ID IMSI 09003000001A - A1:09003000001 A2: A3:C - C3:0D - D3:6.6.6.2 D4:000000000000E - E1:0000F - F1:00F1 F2:00F2 F5:003B F6:F6 F7:F7 F8:F8F9:F9 F10:FA F14:00 F15:0F16:00 F17:00 F18:00F19:00 F20:00 F22:00G - G3:0 G8:0 G9:1 G10:0 G11:0 G12:0G13:0 G14:245 G15:0 G16:270 G17:0I - I1:0 I4:0Y - Y2:1UDR for flowMobile Node IP address 4.4.4.1B - B1:4.4.4.1 B2:osler1@cisco.comC - C1:000F C2:7 C4:0D - D1:0.0.0.0F - F11:01 F12:00 F13:00G - G1:0 G2:0 G4:1232699771G22:0 G23:0 G24:0 G25:0Packets- in:0 out:0
Note
Bulk Statistics Collection
Statistics is collected with the SNMP MIB bulk statistics feature available on the Cisco router. With the help of Osler script, the SNMP MIB object list is configured on the control processor. After enabling the bulk statistics feature, for a specified time interval, the statistics is collected and sent to the configured TFTP server. If TFTP file transfer failed, the statistics is sent to the SUP disk specified in the secondary URL.
Start Bulk Statistics
This command configures SNMP MIB objects on all the control processor. While running this command you must not use the Telnet connection, as the command fails to configure SNMP MIB objects on each PCOP. The command establishes Telnet session to each active PCOP and configures various SNMP options such as transfer parameters, object list, and schema definition. Finally, it enables statistics collection.
To enable periodic reporting of the bulk statistics, you must run startStats command. The below example is a snippet of the display output:
pdsn-osler# startStatsmwtcp-PDSN_SUP-ftb6#startStatsAddress or name of remote host to dump statistics[9.11.44.1]?Directory path on remote host[raseshad/stats]?Directory path on local host[disk0:/stats]?Statistics dumping periodicity (in minutes)[30]?Add MIP object names for statistics reporting? [y/n]y <<<<<Add VPDN object names for statistics reporting? [y/n]y <<<<<Collecting Cisco Object Names for Statistics Reporting ....##############################################################################Configuring Slot:1, Processor:3...##############################################################################Successfully enabled bulk stats reporting for Slot:1, Processor:3##############################################################################Configuring Slot:2, Processor:3...#############################################################################Successfully enabled bulk stats reporting for Slot:2, Processor:3#############################################################################Stop Bulk Statistics
This command removes configuration of SNMP MIB objects on all the control processors. While running this command, you must not telnet to any processor, as the command fails to remove configurations of SNMP MIB objects from that processor. The telnet session to each active PCOP disables statistics collection, and removes all the configuration from the control processor.
To disable the periodic reporting of the bulk statistics, you must run the stopStats command. The below example is a snippet of the display output:
pdsn-osler# stopStatsStopping periodic bulk statistics collection and dumping...#############################################################################Configuring Slot:1, Processor:3...#############################################################################Successfully stopped the periodic bulk stats reporting for Slot:1, Processor:3#############################################################################Configuring Slot:2, Processor:3...##############################################################################Successfully stopped the periodic bulk stats reporting for Slot:2, Processor:3##############################################################################Successfully stopped the periodic reporting of bulk statistics for all active CPs!
Timesaver
Update Statistics Mapping File
Adds new OIDs to the mapping file, which contains all the OIDs with the Cisco object name, vendor object name, and object ID. To update the mapping file with new OIDs that need to be included in the global statistics, you can run the upStatsMap command.
The following example shows output for the upStatsMap command:
pdsn-osler# upStatsMapEnter the Cisco Object Name: cCdmaServiceOptionSucessesEnter the SNMP OID: 1.3.6.1.4.1.9.9.157.1.7.6.2.1.3Enter the Vendor Object Name: ServiceOptionSucessesUpdating the mapping file disk0:/pdsn_osler/pdsn_Mappings.txt...Done !!See the Command Reference for Cisco PDSN Release 5.0 in IOS Release 12.4(22)XR1 for more information about configuration commands for Osler Support in Cisco PDSN Release 5.1.
Improved Throughput and Transaction Handling
This release provides improved throughout, enabling PDSN to deliver 3 Gbps. Improved throughout at 3 Gbps is possible under the following assumptions:
•
–
–
–
•
•
–
–
–
All throughput parameters must be No Drop Rate (NDR), with 1 in 10,000 packet drop allowable.
Cluster Controller Support in Single IP Blade
This release introduces support for cluster controller in single IP blade. The cluster controller improves cluster capacity by reducing the resource utilization on the PDSN cluster member.
The following sections describe:
•
•
•
•
•
•
Clustering Architecture in PDSN
The following flow describes the clustering architecture in PDSN:
•
•
•
•
•
•
•
•
Functions of Cluster Controller
The call flow of cluster controller starts with receiving the A11 RRQ from PCF. On receiving the A11 RRQ, the controller checks whether a session already exists for IMSI. If no session exists, the controller selects the member based on the load. The load table is maintained by the controller and contains the load of all the registered members.
If the member-selected resides on another blade, the controller adds the IMSI in a temporary queue in the session manager (if the controller-periodic is configured) and rejects the A11.
The PCF then resends the A11 RRQ to the suggested member. When the session comes up on the selected member, the member sends a session-up for the IMSI. The controller, on processing the session-up from the member, makes the IMSI permanent on the session manager. The member, selected based on the load, is the co-existing member and the A11 RRQ is given to the session manager.
During handoff, the new PCF sends the A11 RRQ to the controller and the controller looks up the IMSI.
The session manager returns the IMSI with the hosted Member IP address.If the IMSI already exists on the member, the controller sends a reject message with the already hosted member IP address. If the session manager returns TCOP address, the controller forwards the A11 RRQ to the session manager, which forwards to the selected TCOP.
Metrics for Cluster Controller
The load-balancing metric used between PCOP and TCOP is on the lines of Dynamic Feedback Protocol (DFP). The TCOPs calculate the TCOPs overall weight and send to PCOP. The PCOP performs load balancing based on the weight.
The same metric is also extended to members and the controller.
The default value for dfp_max_weight is 100 as release 4.0 is based on percentage. So the weight reported is from dfp_max_weight (when no load is present) to zero (when load is maximum).
The CPU and memory utilization are converted to a range between 0 and 16 and included in the weight calculation. When the CPU reaches 100 percentage utilization, the weight reported is zero, so that no further redirection happens to the member for the period of time. The DFP parameters are tuned after performance tests are done.
When the available bandwidth reaches the total configured bandwidth, the weight is sent as zero. The TCOP sends this metric to the PCOP.
Note
Metrics Between Member and Controller
The controller is based on percentage (based on Cisco PDSN Release 4.0) and also assumes 0 is lightweight and 100 is maximum weight. To retain the logic, the consolidated weight is inverted and converted to percentage when sent to the controller. So, when the member sends the data, it is loaded in terms of 0 as lightly loaded and 100 as heavily loaded.
The consolidated weight is the weight of the least-loaded TCOP. If the maximum number of sessions or the maximum bandwidth for the blade is reached, the load is reported as 100 (heavily loaded).
The metric used between the controller and member has changed from Cisco PDSN Release 3.0 and release 4.0. To retain the backward compatibility, the new member also uses the load extension. Also, session count and maximum session count are "short" (two bytes) fields. With the member now handling the whole blade, the session count and maximum session count are exceeding their limit. So the extension must be reused but replaced with the newly defined weight.
The attributes in the load extension are:
•
•
•
Backward Compatibility of Cluster Controller
The maximum weight (or old maximum session count) in the PDSN_LOAD extension is only two bytes, and the blade capacity is close to 200,000 sessions; the session count extension cannot be used as in previous versions of PDSN.
As the session load CVSE is reused, Cisco PDSN Release 3.0 or release 4.0 controllers still assume it to be the session counts. So, when the member session count is zero, the controllers flush their session records. In Cisco PDSN Release 5.1, the member session count is a weight and weight can be zero in the initial phases of the PDSN member that services sessions. To avoid the earlier controllers from clearing when the reported weight is zero, the new PDSN release 5.0 member sends the weight as one, if the weight computed is zero but has some sessions servicing it.
The following section describes about the various scenarios of controller and member combination:
Case 1: 3.0 Controller and 5.0 Member
As the load is sent in session count CVSE, Cisco PDSN Release 3.0 controller proceeds to work based on the session count. But we recommend the round robin selection.
Case 2: 4.0 Controller and 5.0 Member
As with Cisco PDSN Release 3.0 controller, the session count CVSE is considered and the controller continues to work. But we recommend the round robin selection.
Case 3: 5.0 Controller and 3.0 Member
The member reports the load only in terms of sessions. The load is calculated as a percentage and is used.
Case 4: 5.0 Controller and 4.0 Member
The Cisco PDSN Release 4.0 controller interprets the data and gathers the weight in terms of percentage. This weight must be used for the member.
The Controller Redundancy
The controller redundancy is not affected in the single IP. When standby controller is configured, the whole blade is used for redundancy. With single IP, when a processor in a blade reloads, the whole blade reloads. So with single IP, it is necessary to configure the session redundancy also on the blade. This configuration ensures that all the member functionality on the active blade are synchronized to the standby blade.
Configuring Cluster Controller Support
The below example snippet shows the cluster controller configuration:
pdsn# show cdma pdsn cluster controller configurationcluster interface GigabitEthernet0/0.341 (collocated)no R-P signaling proxytimeout to seek member = 10 secondswindow to seek member is 2 timeouts in a row if no reply (afterwards the member is declared offline)default: spi 101, Timestamp +/- 0, key ascii hellothis PDSN cluster controller is configuredController maximum number of load units = 100The below example snippet shows the cluster controller-member configuration:
pdsn# show cdma pdsn cluster member configurationcluster interface GigabitEthernet0/0.341IP address of controller is 11.1.1.50 (collocated)no prohibit administrativelytimeout to resend status or seek controller = 10 sec or less, randomizedresend a msg for 2 timeouts sequentially if no reply, then inform operatordefault: spi 101, Timestamp +/- 0, key ascii hellothis PDSN cluster member is configuredCluster Controller Member Configuration
The below example snippet shows the cluster controller-member configuration:
cdma pdsn cluster controller interface GigabitEthernet0/0.20cdma pdsn cluster controller standby PDSN-ssp2-43-RPcdma pdsn cluster controller timeout 120cdma pdsn cluster controller member periodic-updatecdma pdsn cluster member controller 20.2.43.254cdma pdsn cluster member interface GigabitEthernet0/0.20cdma pdsn cluster member timeout 120cdma pdsn redundancyTo enable round-robin method for member selection on controller, you need to enable the cdma pdsn cluster controller member selection-policy round-robin command.
The below example snippet shows the cluster member configuration:
cdma pdsn cluster member controller 20.2.43.254cdma pdsn cluster member interface GigabitEthernet0/0.20cdma pdsn cluster member timeout 120cdma pdsn cluster member periodic-update 300Also, the show command output in context with the above configuration:
For controller:
PDSN-controller-member# show cdma pdsn cluster controller configurationcluster interface GigabitEthernet0/0.20 (collocated)no R-P signaling proxytimeout to seek member = 10 secondswindow to seek member is 2 timeouts in a row if no reply (afterwards the member is declared offline)default: spi 300, Timestamp +/- 0, key ascii ciscothis PDSN cluster controller is configuredFor controller redundancy:
database in-sync or no need to syncgroup: PDSN-ssp2-43-RPController maximum number of load units = 100For collocated member:
PDSN-controller-member# show cdma pdsn cluster member configurationcluster interface GigabitEthernet0/0.20IP address of controller is 20.2.43.254 (collocated)no prohibit administrativelytimeout to resend status or seek controller = 120 sec or less, randomizedresend a msg for 2 timeouts sequentially if no reply, then inform operatordefault: spi 300, Timestamp +/- 0, key ascii ciscothis PDSN cluster member is configuredFor remote member:
PDSN-cluster-member# show cdma pdsn cluster member configurationcluster interface GigabitEthernet0/0.20IP address of controller is 20.2.43.254no prohibit administrativelytimeout to resend status or seek controller = 120 sec or less, randomizedresend a msg for 2 timeouts sequentially if no reply, then inform operatordefault: spi 300, Timestamp +/- 0, key ascii ciscothis PDSN cluster member is configuredIMSI and PCF Redirection
This release supports International Mobile Subscriber Identifier (IMSI) and Packet Control Function (PCF) redirection in both cluster controller and standalone PDSN. This feature enables directing a call to a specific PDSN for troubleshooting. You can also use this feature to send specific line ranges of IMSI to a different set of PDSNs.
The following sections describe:
•
•
IMSI-based Redirection
You can add IMSI-based redirection feature to the cluster controller, member, or standalone PDSN to redirect A11 Registration Requests (RRQ) from a specific or a range of IMSIs to a configured member or non-member PDSN IP.
PCF-based Redirection
You can add PCF-based redirection feature to the cluster controller, member, or standalone PDSN. Adding PCF-based redirection redirects A11 RRQs from a specific or a range of PCFs to a configured member or non-member PDSN IP.
Features of IMSI and PCF-based Redirection
This section describes the common functionality between IMSI and PCF-based redirection. Both features follow the same functionality in storage and lookup, except that IMSI-based lookup is performed before PCF-based redirection. IMSI-based redirection, therefore, takes precedence over PCF-based redirection.
The workflow of IMSI and PCF-based redirection begins with receiving the A11 RRQ. On receiving the A11 RRQ, PDSN checks whether any session exists for the IMSI. If a session exists, the packet is handed over for normal A11 processing. If no session exists, PDSN looks for a match in the IMSI redirection table that is configured with the IMSI derived from the A11 RRQ. On identifying a match, the A11 RRQ is rejected with the matched PDSN IP filled under unknown HA with code as 0x88H (136 decimal).
If no match is found, PDSN looks for a match in the PCF redirection table configured with the PCF IP address in the A11 RRQ. On identifying a match, the A11 RRQ is rejected with the matched PDSN IP filled under unknown HA with code as 0x88H (136 decimal). If no match is found in the IMSI and PCF redirection table, or if PCF or IMSI redirection is not configured, the A11 RRQ is handled by normal A11 processing.
When removing configuration of the IP address range or IMSI range, it is sufficient to give the start value of the IP or IMSI to delete the entire range. When removing a configuration, PDSN ignores the upper value of the IP or IMSI range, even if you have provided the value.
Limitations of IMSI and PCF-based Redirection
The following are the limitations that impact the functioning of IMSI and PCF-based redirection:
•
•
•
•
Functions of Controller PDSN
The workflow of the controller PDSN starts with receiving the A11 RRQ. On receiving the A11 RRQ, PDSN checks whether a session exists for the IMSI. If a session already exists, the packet is handed over for normal A11 processing. If no session exists, PDSN checks for a match in the IMSI redirection table that is configured with the IMSI derived from the A11 RRQ. If no match is found in the IMSI redirection table, PDSN checks if the PCF address in the A11 RRQ falls within the IP address range configured under different PCF groups. If there is no match with the PCF group, the A11 RRQ is handed over to the controller load balancer to select the member PDSN from all the members available in the cluster.
If a match is identified (either IMSI or PCF), the controller gets a PDSN group. The controller then checks whether the "force" option has been configured. If "force" is configured, the controller sends an A11 Reject with the primary IP configured under PDSN. If "force" is not configured, the controller checks the PDSN whether any least-loaded member is available in the matched PDSN group.
If all the member PDSNs under the group are loaded, then the controller sends a A11 Reject with the reason "Insufficient Resources". If the controller returns a least-loaded member from the PDSN group, then with that least-loaded member a A11 Reject is sent.
Before configuring IMSI and PCF redirection, note the following points:
•
Caution
•
•
Note
•
•
•
•
The following is a sample configuration that enables you to configure IMSI redirection for a standalone PDSN from the CLI command:
pdsn# cdma pdsn redirect imsi {Single-bound IMSI | Lower-bound IMSI} [Upper Bound IMSI] member [Member IP]cdma pdsn redirect ?imsi - IMSI Redirectionpcf - PCF Redirectioncdma pdsn redirect imsi ?Single or Start IMSI - 15 digit IMSI addresscdma pdsn redirect imsi 123456789012345 ?Ending IMSI - 15 digit IMSI addresscdma pdsn redirect imsi 123456789012345 123456789012400 ?member - PDSN membercdma pdsn redirect imsi 123456789012345 123456789012400 member ?PDSN IP address - IP address of PDSN where A11 need to be redirectedTo remove IMSI redirection for a standalone PDSN from the CLI command:
pdsn# no cdma pdsn redirect imsi {Single-bound IMSI | Lower-bound IMSI}
Note
To configure PCF redirection CLI command for a standalone PDSN from the CLI command:
pdsn# cdma pdsn redirect pcf {Single or Lower-bound PCF IP_address | Upper-bound PCF IP_address} member Member_IPpdsn# cdma pdsn redirect ?imsi - MSID Redirectionpcf - PCF Redirectionpdsn# cdma pdsn redirect pcf ?PCF IP address - Single or Start of the range of PCF IP addresspdsn# cdma pdsn redirect pcf 11.11.11.11 ?PCF IP address - Last PCF address in the rangepdsn# cdma pdsn redirect pcf 11.11.11.11 11.11.11.200 ?member - PDSN memberpdsn# cdma pdsn redirect pcf 11.11.11.11 11.11.11.200 member ?PDSN IP address - IP address of PDSN where A11 need to be redirectedTo remove PCF redirection for a standalone PDSN from the CLI command:
pdsn# no cdma pdsn redirect pcf Single or Lower-bound PCF IP address
Note
The following commands introduced in Cisco PDSN Release 5.0 enable you to configure the cluster controller PDSN:
To configure the cluster controller for a PCF group:
pdsn# cdma pdsn cluster controller pcf group number
description group name
pcf ip [end_ip]
pcf ip [end_ip]
To configure the cluster controller for a PDSN group:
pdsn# cdma pdsn cluster controller pdsn group number
description group name
pdsn ip [end_ip]
pdsn ip [end_ip]
primary ip
To configure the cluster controller for IMSI or PCF redirection:
pdsn# cdma pdsn cluster controller redirect
imsi IMSI_range pdsn pdsn_group_number [force]
pcf pcf_group_number pdsn pdsn_group_number [force]
Mobile IP and AAA Attributes for China Telecom
This release introduces support for MIP and AAA attributes required for China Telecom (CT).
The following sections describe:
•
•
•
Calling Station ID in MIP RRQ
The calling station ID as the normal vendor specific extension (NVSE) is the carrier in MIP Registration Request (RRQ) between the FA and HA.
The configuration for the calling station ID:
router(config)# cdma pdsn attribute vendor 20942 send a1 mip_rrq
Correlation ID in MIP RRQ
The correlation ID as NVSE is the carrier in the MIP RRQ between the FA and HA. The correlation ID from PDSN is sent in the MIP RRQ to the HA. This ID is sent in all HA-generated accounting records.
The configuration for the correlation ID:
router(config)# cdma pdsn attribute vendor 20942 send c2 mip_rrq
Proxy Mobile IP Indicator Attribute
The PMIP indicator is a VSA. The PMIP indicator is returned via Remote Authentication Dial-In User Service (RADIUS) to PDSN as an access-accept packet, so that PDSN starts PMIP on behalf of the subscriber.
Proxy Mobile IP Capability Indicator Attribute
The PMIP capability indicator is a VSA. PDSN sends the capability indicator through RADIUS to the AAA server as an access-request packet to indicate to the AAA server that PDSN supports PMIP and it is enabled. If the capability indicator attribute is missing, then PMIP is not supported by PDSN.
The configuration for the PMIP capability indicator:
router(config)# cdma pdsn attribute vendor 20942 send pmip_capability access_request
PDSN Service Address
PDSN service address is a VSA. This service address is sent to AAA by accounting-start message.
The configuration for PDSN service message:
pdsn-stby-ftb4-73(config)# cdma pdsn attribute vendor 20942 send pdsn-src-addr ?
pdsn-stby-ftb4-73(config)# acct_reqs Send pdsn-src-addr attribute in acct-reqs ?
pdsn-stby-ftb4-73(config)# cdma pdsn attribute vendor 20942 send pdsn-src-addr ac ?
pdsn-stby-ftb4-73(config)# cdma pdsn attribute vendor 20942 send pdsn-src-addr acct_reqs
Charging Type
The charging type is a CT VSA that is downloaded in the access-accept message form the AAA server (if charging type is configured in the AAA subscriber profile for a particular user). Cisco PDSN sends this downloaded attribute value to the AAA server by using the accounting-start message.
This charging type is of three types as below:
•
•
•
To download the charging type, the following CLI command must be enabled:
pdsn_active(config)# cdma pdsn attribute vendor 20942
To remove the configuration:
pdsn_active(config)# no cdma pdsn attribute vendor 20942
The following example snippet shows the downloaded charging type for each flow:
pdsn_active# show cdma pdsn sessionMobile Station ID MIN 2000000003PCF IP Address 10.1.1.1, PCF Session ID 1A10 connection time 00:00:05, registration lifetime 500 secNumber of successful A11 re-registrations 0Remaining session lifetime 494 secAlways-On not enabled for the userCurrent Access network ID 000A-0101-01Last airlink record received is Connection Setup, airlink is activeGRE protocol type is 0x8881GRE sequence number transmit 14, receive 22Using interface Virtual-Access2.1, status OPNUsing AHDLC engine on slot 0, channel ID 6Service Option EV-DO Flow Discrimination 0 DSCP Included 0Flow Count forward 0 reverse 0This session has 1 flowThis session has 0 service flowsSession Airlink State SetupThis session has 0 TFTsQos subscriber profileMax Aggregate Bandwidth : 200Inter User Priority : 1000Flow service Mobile, NAI mwts-mip-np-user11@ispxyz.comMobile Node IP address 12.1.1.10Home Agent IP address 4.1.1.2Packets in 0, bytes in 0Packets out 0, bytes out 0Charge Type 1Radius disconnect enabledMIB Support
This release introduces support for several new MIBs, related to single IP and chassis-wide MIBs. Many MIBs are used as a source of Key Performance Indicators (KPIs).
The following sections describe:
MIBs as source of KPIs
The MIBs that are used as a source of KPIs are:
•
•
•
•
•
•
•
•
•
•
•
•
The CISCO-PROCESS-MIB, http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&mibName=CISCO-PROCESS-MIB, and the CISCO-MEMORY-POOL-MIB, http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&step=2&mibName=CISCO-MEMORY-POOL-MIB are affected by the requirement to provide a single MIB report per-service blade, PDSN-SIP-50.
Note
•
•
•
Both these MIBs contain per-processor content. The information for all six application processors is reported with one SNMP GET, each MIB contains six entries, one per-application processor.
The IF-MIB contains information for interfaces of the traffic plane processors, in addition to the interfaces of the control plane processor.
The CISCO-PROCESS-MIB contains a facility to provide information for one or more CPUs. The CSG2 project developed a solution, which requires usage of the ENTITY-MIB in conjunction with the CISCO-PROCESS-MIB.
The CISCO-MEMORY-POOL-MIB does not support this capability. However, the CSG2 project developed a solution, incorporating the CISCO-ENHANCED-MEMPOOL-MIB, http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&step=2&submitClicked=true&mibName=CISCO-ENHANCED-MEMPOOL-MIB#dependencies, which is reused for this release.
Both CISCO-CDMA-PDSN-MIB and CISCO-CDMA-PDSN-EXT-MIB currently support only global statistics and PCF-based statistics. All these attributes are independent of multiple CPUs. So, aggregation of values is done on the PCOP.
Both CISCO-VPDN-MGMT-MIB and CISCO-VPDN-MGMT-EXT-MIB currently support only VPDN information,VPDN tunnel information,VPDN tunnel user information, and failure history per-user. All these attributes are independent of multiple CPUs. Aggregation of values is done on the PCOP.
CISCO-AAA-SERVER-MIB currently supports only distinct statistics for each AAA function, status of servers providing AAA functions, and table for configuring AAA servers. All these attributes are independent of multiple CPUs (except configuration table). Aggregation of values is done on the PCOP.
Model for MIBs
The model followed for each MIBs is described in this section. The TCOPs are provided with a mechanism whereby they periodically PUSH data that is required by the SNMP MIBs to the PCOP. A process on the PCOP periodically receives this data and puts it into appropriate temporary structures indexed by TCOP index.
When an SNMP GET arrives at the PCOP, the PCOP aggregates the data or in the case of individual entries per-TCOP, does not aggregate the data; and fills in the summed value or the non-summed value into the SNMP variables that are relevant to the GET request. The rest of the code fills in the SNMP variables into the response PDU and sends it back to the entity that requested the GET.
Aggregate counters are available on PCOP or each counter is turned into a table, indexed by the TCOP index. PCOP either pulls the data at the time of SNMP GET to fill in the SNMP response PDU or it uses the values in the pushed data in temporary structures to fill in the SNMP variables; and then fill in the SNMP response PDU back to the manager entity. The model for MIBs is either a push model or an on-demand pull model to get the data on the PCOP.
Table 21 describes the different MIBs that are supported in this release:
Trap Generation for AAA Server Unresponsiveness
This release introduces support for sending an SNMP trap or a notification to NMS server when the AAA server unresponsiveness is noticed by PDSN while authenticating MNs.
For each RADIUS server, you can configure the threshold percentage values; that is, normal or high threshold values. When the round-trip time of RADIUS messages between PDSN and the AAA server exceeds or falls below the threshold values, an SNMP trap or notification is sent to the NMS server indicating the AAA server's responsiveness or unresponsiveness. Similarly, when the number of RADIUS retransmit messages rises above or falls below the threshold values, an SNMP trap or message is sent to the NMS server indicating the AAA server's responsiveness or unresponsiveness. By default, the threshold values for both round-trip time and retransmits are:
•
•
For example, when the round-trip time or the number of retransmits exceeds the high threshold value, an SNMP trap or notification is sent to the NMS server indicating that the AAA server state is BUSY or DOWN. Similarly, when round-trip time or number of retransmits falls below the low threshold value, an SNMP trap or notification is sent to the NMS server indicating that the AAA server state is NORMAL. Round-trip time and retransmits generate separate traps for the threshold values configured on them .
The conditions for notification are:
•
•
•
•
To enable this feature, perform the following tasks:
Note
The RADIUS-CLIENT-AUTHENTICATION-MIB is implemented per PDSN instance and each of these instances generate a trap.
The RADIUS-CLIENT-AUTHENTICATION-MIB contains entries for timeout on AAA access. A trap is added based on this timeout occurring. It is also possible to set a threshold on round trip delay (defined as a percentage of the maximum response time), and generate a trap when that threshold is exceeded. An additional trap is generated when the round-trip delay falls below a second threshold. This provides a level of delay for trap generation.
Supervisor Support
This release introduces support for SUP32, SUP720, and RSP720 variants.
Supervisor support is provided for: Cisco Catalyst 6500 Supervisor Engine 32 (WS-SUP32-GE-3B and WS-SUP32-10GE-3B), Cisco Catalyst 6500 Supervisor Engine 720 (WS-SUP720-3B and WS-SUP720), and the new Cisco Route Switch Processor 720 (RSP720-3C-GE, RSP720-3CXL-GE, and RSP720-3CXL-10GE)
Data Over Signaling
This release introduces support for Data Over Signaling (DOS), also known as Short Data Burst feature enabling you to send short data bursts to and from mobile station (MS) using the available signaling channel.
IOS uses the Modular QoS CLI (MQC) command set and Common Classification Engine (CCE) APIs to support the flow-based infrastructure for policing. CCE is a general framework that provides classification and feature association functions to IOS applications (for example, QoS and ACL). An IOS flow is defined in CCE as a unique instance of a class and as a whole or subset of source address, source port, destination address, destination port, and protocol.
While only one vaccess per MIP session is available, there are multiple flows and each flow downloads a different policy name. So, vaccess is not a target. To enable flow-based QoS on PDSN, a virtual object is created on PDSN, which acts as an interface and attaches the service policy. This virtual object identifies flow and marking parameters to QoS.
DOS packet is identified based on the policy map configured (flow-based policy) on the router. This policy map must be downloaded from the AAA server during access-accept for each direction, The downloaded policy is installed on the PDSN over that virtual interface for that particular direction.
QoS marks the packet as eligible for DOS marking. PDSN must mark the packets with DOS attribute in the GRE header in downstream or forward direction only based on the classification criteria and only when the session is in dormant state.
Note
Note
The following sections describe:
•
•
•
Flow Trigger Classification for DOS
When a packet arrives at the PDSN, based on the flow, the service policy associated with the virtual interface is identified and the QoS functions that need to be applied to the data packet are also identified. IOS QoS triggers flow classification because of virtual object , which is unique per flow to indicate that the classification criteria is a PDSN flow.
Flow Marking Based on Classification Criteria for DOS
For PDSN, each packet is classified and marked based on classification criteria. Currently, PDSN supports only set marking; set dos is used to mark the SDB packet based on the classification criteria.
Note
AT-terminated DOS
When a PDSN sends downstream traffic over a dormant session, PDSN adds the SDB or DOS attribute in the GRE header with a flag to indicate that it is SDB traffic. This attribute signals to the PCF that it must handle the traffic appropriately while sending it to the Access Network (AN).
1x SDB/HRPD DoS Indicator
If the packet is tagged by PDSN as being suitable for 1x SDB or High Rate Packet Data (HRPD) DoS transmission, it is identified by an attribute defined as:
Type '000 0001' - Short Data Indication
Length 02H
SDI/DoS 0 - Reserved
1 - packet suitable for 1x SDB or HRPD DoS transmission
AT-generated DOS
In case of AT-generated DOS, PDSN does not perform any special handling of the received packet.
SDB Accounting Record sent by 1xRTT PCF
1xRTT PCF sends an airlink record to indicate to PDSN that an SDB transaction has occurred; this is done by sending an airlink-record Y1 set to four. PDSN increments G11 by the value of G10 and increments G13 by one, when mobile originated (y4) or mobile terminated equals zero. PDSN increments G10 by the value of G10 and increments G12 by one, when mobile originated (y4) or mobile terminated equals one.
Limitations for DOS
Performing DOS is subject to the following limitations:
•
•
•
Configuring DOS
To enable DOS in the PDSN:
cdma pdsn dos
For flow-based DOS classification and marking:
class-map class-pdsnMatch anypolicy-map policy-pdsnClass class-pdsnset dosThe following CLI command in Exec mode displays flow-based QoS marking statistics when flow-based classification is enabled for a particular flow. The statistics include details such as the number of DOS-marked packets. The statistics is displayed based on specific NAI.
pdsn_active# show policy-map apn realm user1MSID NAI Type MN IP Address St HA IP01002647325 user1 Simple 3.1.1.5 ACT 0.0.0.0Service-policy output: SIP-POLICYClass-map: SIP-CLASS (match-all)5 packets, 520 bytes30 second offered rate 0 bps, drop rate 0 bpsMatch: anyQoS SetdosPackets marked 5Class-map: class-default (match-any)0 packets, 0 bytes30 second offered rate 0 bps, drop rate 0 bpsMatch: anyThe following CLI command in Exec mode displays flow-based QoS policy installation and download statistics:
pdsn_active-4# show cdm pds stat qosQoS:Total Profile Download Success 10, Failure 0Local Profile selected 1Failure Reason DSCP 0, Flow Profile ID 0,Service option profile 0, Others 0Total Consolidated Profile 5, DSCP Remarked 5Total policing installed 5, failure 0, removed 3Flow based QoS:Input policy:Total policy download success 2, failure 0Failure reason policy not configured 0, policy downloaded already 0Total policy installed 1, failure 0, removed 1Output policy:Total policy download success 2, failure 0Failure reason policy not configured 0, policy downloaded already 0Total policy installed 1, failure 0, removed 1The following CLI command in Exec mode displays the number of flows using flow-based QoS:
pdsn_active-4# show cdm pdsPDSN software version 5.0, service is enabledA11 registration-update timeout 5 sec, retransmissions 5A11 session-update timeout 5 sec, retransmissions 3Mobile IP registration timeout 10 secA10 maximum lifetime allowed 65534 secGRE sequencing is onMaximum PCFs limit not setMaximum sessions limit not set (default 35000 maximum)SNMP failure history table size 100MSID Authentication is disabledIngress address filtering is disabledSending Agent Adv in case of IPCP Address Negotiation is enabledAllow CI_ADD option during IPCP Phase is disabledAging of idle users disabledRadius Disconnect Capability enabledMultiple Service flows enabledMaximum number of service-flows per MN allowed is 7Call Admission Control disabledPolice Downstream enabledData Over Signaling disabledFlow based policy enabledNumber of pcfs connected 1,Number of pcfs 3GPP2-RP 1,Number of sessions connected 1,Number of sessions 3GPP2-RP 1,Number of sessions Active 1, Dormant 0,Number of sessions using HDLCoGRE 1, using PPPoGRE 0Number of sessions using Auxconnections 0, using Policing 1, using DSCP 1Number of service flows 0Number of flows using flow based qos 1Number of sessions connected to VRF 0,Simple IP flows 1, Mobile IP flows 0,Proxy Mobile IP flows 0, VPDN flows 0Differentiated Services Code Point Marking Support
This release introduces support for Differentiated Services Code Point (DSCP) marking, which uses flow-based policy.
IOS uses Modular QoS CLI (MQC) command set and Common Classification Engine (CCE) APIs to support the flow-based infrastructure for policing. CCE is a general framework that provides classification and feature association functions to IOS applications (for example, QoS, ACL, and so on). An IOS flow is defined in CCE as a unique instance of a class and as a whole or subset of source address, source port, destination address, destination port, and protocol.
While only one vaccess per MIP session is available, there are multiple flows and each flow downloads a different policy name. So, vaccess is not a target. To enable flow-based QoS on PDSN, a virtual object is created on PDSN, which acts as an interface and attaches the service policy. This virtual object identifies flow and marking parameters to QoS.
DSCP packet is identified based on the policy map configured (flow-based policy) on the router. This policy map must be downloaded from AAA during access-accept for each direction, The downloaded policy is installed on the PDSN over the virtual interface for that particular direction.
PDSN must mark the packets with DSCP in both upstream or reverse and downstream or forward direction based on the classification criteria.
Note
The following sections describe:
•
•
Flow Trigger Classification for DSCP
When a packet arrives at the PDSN, based on the flow, the service policy associated with the virtual interface is identified and the QoS functions that need to be applied on the data packet are also identified. IOS QoS triggers flow classification because of "apn_qos_info_t", which is unique per flow to indicate that the classification criteria is a PDSN flow.
Flow Marking Based on Classification Criteria for DSCP
For PDSN, each packet is classified and marked based on classification criteria. PDSN supports only set marking, such as set dos, set dscp, and set qos-group. Because qos-group and set dos are mutually exclusive, you must use either qos-group or set dos.
Note
Limitations for DSCP
Performing DSCP is subject to the following limitations:
•
•
•
Configuring DSCP
For flow-based DSCP classification and marking:
Class-map class-pdsnMatch anyPolicy-map policy-pdsn-outClass class-pdsnset dscp 1Policy-map policy-pdsn-inClass class-pdsnset dscp 1The following CLI command in Exec mode displays flow-based QoS marking statistics when flow-based classification is enabled for a particular flow. The statistics include details such as the number of DSCP marked packets. The statistics is displayed based on specific NAI.
pdsn_active# show policy-map apn realm user1MSID NAI Type MN IP Address St HA IP01002647325 user1 Simple 3.1.1.5 ACT 0.0.0.0Service-policy input: policy-pdsn-inClass-map: class-pdsn (match-all)5 packets, 520 bytes30 second offered rate 0 bps, drop rate 0 bpsMatch: anyQoS Setdscp 1Packets marked 5Class-map: class-default (match-any)0 packets, 0 bytes30 second offered rate 0 bps, drop rate 0 bpsMatch: anyService-policy output: policy-pdsn-outClass-map: class-pdsn (match-all)5 packets, 520 bytes30 second offered rate 0 bps, drop rate 0 bpsMatch: anyQoS SetdosPackets marked 5Class-map: class-default (match-any)0 packets, 0 bytes30 second offered rate 0 bps, drop rate 0 bpsMatch: anyThe following CLI command in execution mode displays flow-based QoS policy installation and download statistics:
pdsn_active-4# show cdm pds stat qosQOS:Total Profile Download Success 10, Failure 0Local Profile selected 1Failure Reason DSCP 0, Flow Profile ID 0,Service option profile 0, Others 0Total Consolidated Profile 5, DSCP Remarked 5Total policing installed 5, failure 0, removed 3Flow based QoS:Input policy:Total policy download success 2, failure 0Failure reason policy not configured 0, policy downloaded already 0Total policy installed 1, failure 0, removed 1Output policy:Total policy download success 2, failure 0Failure reason policy not configured 0, policy downloaded already 0Total policy installed 1, failure 0, removed 1The following CLI command in execution mode displays the number of flows using flow-based QoS:
pdsn_active-4# show cdm pdsPDSN software version 5.0, service is enabledA11 registration-update timeout 5 sec, retransmissions 5A11 session-update timeout 5 sec, retransmissions 3Mobile IP registration timeout 10 secA10 maximum lifetime allowed 65534 secGRE sequencing is onMaximum PCFs limit not setMaximum sessions limit not set (default 35000 maximum)SNMP failure history table size 100MSID Authentication is disabledIngress address filtering is disabledSending Agent Adv in case of IPCP Address Negotiation is enabledAllow CI_ADD option during IPCP Phase is disabledAging of idle users disabledRadius Disconnect Capability enabledMultiple Service flows enabledMaximum number of service-flows per MN allowed is 7Call Admission Control disabledPolice Downstream enabledData Over Signaling disabledFlow based policy enabledNumber of pcfs connected 1,Number of pcfs 3GPP2-RP 1,Number of sessions connected 1,Number of sessions 3GPP2-RP 1,Number of sessions Active 1, Dormant 0,Number of sessions using HDLCoGRE 1, using PPPoGRE 0Number of sessions using Auxconnections 0, using Policing 1, using DSCP 1Number of service flows 0Number of flows using flow based qos 1Number of sessions connected to VRF 0,Simple IP flows 1, Mobile IP flows 0,PMIP flows 0, VPDN flows 0Nortel Aux A10 Support
This release introduces support for Nortel Aux A10, which enables PDSN to accept the Aux A11 Request with protocol type set to 0x88D2. The Aux A10 connection with protocol type set to 0x88D2 carries a packet with AHDLC encoding. With the new support, PDSN can handle AHDLC encoding and decoding for the packets destined to the Aux A10 with protocol type 0x88D2.
Masking Off IMSI Prefix
This release introduces support for masking off the IMSI prefix. Masking off the IMSI prefix is needed for inter-technology handoff (1xRTT to or from EVDO). In inter-technology handoff, the same PPP session is maintained when the subscriber's IMSI changes from 15 digits to or from 10 digits, or vice versa, with the upper five digits set as all ones or all zeros to or from EVDO that uses the country code in the upper five digits.
This feature masks off the upper five digits and then looks for a matching session on the PDSN. Any handoff from 1xRTT to EVDO or vice versa is treated as the same session.
The following sections describe:
•
•
•
•
Changes Related to Single IP Architecture
With the IMSI MIN equivalence feature, a new flag, "strict", is introduced in the message communicated between TCOP and the IXP. The "strict" flag is set to false on enabling the IMSI MIN equivalence feature, while the default is true. For any incoming IMSI, the IXP tries to match all the digits with any IMSI entry (strict or non-strict). If it does not match, IXP checks the last 10 digits and tries to match with non-strict IMSI entries.
Functional Flow in SingleIP Architecture
The functional flow in a single IP architecture is as follows:
•
•
•
•
•
•
•
•
•
–
–
•
•
•
•
Limitations for Masking Off the IMSI Prefix
•
•
•
•
•
Configuring Masking Off the IMSI Prefix
The following CLI command configures masking off the IMSI prefix in PDSN. We recommend you to configure this CLI command in a new window (with no sessions).
Router(config)# cdma pdsn imsi-min-equivalence
To remove the configuration:
Router(config)# no cdma pdsn imsi-min-equivalence
The following example snippet shows the output with lower 11 digits for show cdma pdsn session msid command:
pdsn-act# show cdma pdsn session msid 45678987655Mobile Station ID IMSI 112345678987655PCF IP Address 4.0.0.1, PCF Session ID 1A10 connection time 00:02:33, registration lifetime 20000 secNumber of successful A11 reregistrations 0Remaining session lifetime 19846 secAlways-On not enabled for the userCurrent Access network ID 0004-0000-01Last airlink record received is Active Start, airlink is activeGRE protocol type is 0x8881GRE sequence number transmit 13, receive 0Using interface Virtual-Access3, status OPNUsing AHDLC engine on slot 0, channel ID 2Service Option 1xRTT Flow Discrimination 0 DSCP Included 0Flow Count forward 0 reverse 0This session has 1 flowThis session has 0 service flowsSession Airlink State ActiveThis session has 0 TFTsQos subscriber profileThe following example snippet shows the output with lower 10 digits for show cdma pdsn session msid command:
pdsn-act# show cdma pdsn session msid 5678987655Mobile Station ID IMSI 112345678987655PCF IP Address 4.0.0.1, PCF Session ID 1A10 connection time 00:02:48, registration lifetime 20000 secNumber of successful A11 reregistrations 0Remaining session lifetime 19831 secAlways-On not enabled for the userCurrent Access network ID 0004-0000-01Last airlink record received is Active Start, airlink is activeGRE protocol type is 0x8881GRE sequence number transmit 13, receive 0Using interface Virtual-Access3, status OPNUsing AHDLC engine on slot 0, channel ID 2Service Option 1xRTT Flow Discrimination 0 DSCP Included 0Flow Count forward 0 reverse 0This session has 1 flowThis session has 0 service flowsSession Airlink State ActiveThis session has 0 TFTsQos subscriber profileThe following example snippet shows the output for show cdma pdsn accounting command:
pdsn1# show cdma pdsn accountingUDR for sessionsession ID: 1Mobile Station ID IMSI 112345678987655A - A1:5678987655 A2: A3:C - C3:0D - D3:11.1.1.12 D4:000000000000E - E1:0000F - F1:0000 F2:0000 F5:003B F6:00 F7:00 F8:00F9:00 F10:00 F14:00 F15:0F16:00 F17:00 F18:00F19:00 F20:00 F22:00G - G3:0 G8:0 G9:0 G10:0 G11:0 G12:0G13:0 G14:176 G15:0 G16:0 G17:0I - I1:0 I4:0Y - Y2:1UDR for flowMobile Node IP address 9.1.1.9B - B1:9.1.1.9 B2:g7SIP1@xxx.comC - C1:0025 C2:98 C4:0D - D1:0.0.0.0F - F11:01 F12:00 F13:00G - G1:0 G2:0 G4:1243836799G22:0 G23:0 G24:0 G25:0Packets- in:0 out:0The following example snippet shows the output for show cdma pdsn accounting detail command:
pdsn1# show cdma pdsn accounting detailUDR for sessionsession ID: 1Mobile Station ID IMSI 112345678987656Mobile Station ID (A1) IMSI 5678987656ESN (A2)MEID (A3)Session Continue (C3) ' ' 0Serving PCF (D3) 11.1.1.12 Base Station ID (D4) 000000000000User Zone (E1) 0000Forward Mux Option (F1) 0 Reverse Mux Option (F2) 0Service Option (F5) 59 Forward Traffic Type (F6) 0Reverse Traffix type (F7) 0 Fundamental Frame size (F8) 0Forward Fundamental RC (F9) 0 Reverse Fundamntal RC (F10) 0DCCH Frame Format (F14) 0 Always On (F15) 0Forward PDCH RC (F16) 0 Forward DCCH Mux (F17) 0Reverse DCCH Mux (F18) 0 Forward DCCH RC (F19) 0Reverse DCCH RC (F20) 0 Reverse PDCH RC (F22) 0Bad PPP Frame Count (G3) 0 Active Time (G8) 0Number of Active Transitions (G9) 0SDB Octet Count Terminating (G10) 0SDB Octet Count Originating (G11) 0Number of SDBs Terminating (G12) 0Number of SDBs Originating G13 0Number of HDLC Layer Bytes Received (G14) 290In-Bound Mobile IP Signalling Octet Count (G15) 0Out-bound Mobile IP Signalling Octet Count (G16) 0Last User Activity Time (G17) 0IP Quality of Service (I1) 0Airlink Quality of Service (I4) 0R-P Session ID (Y2) 1UDR for flowMobile Node IP address 9.1.1.1IP Address (B1) 9.1.1.1, Network Access Identifier (B2) g7SIP1@xxx.comAccount Session ID (C1) 2Correlation ID (C2) ' ' 18Beginning Session (C4) ' ' 0MIP Home Agent (D1) 0.0.0.0IP Technology (F11) 01 Compulsory Tunnel indicator (F12) 00Release Indicator (F13) 00Data Octet Count Terminating (G1) 0Data Octet Count Originating (G2) 0 Event Time G4:1243950581Rsvp Signaling Inbound Count (G22) 0 Outbound Count (G23) 0Rsvp Signaling Packets In (G24) 0 Packets Out (G25) 0Packets- in:0 out:0Persistent TFT Support
This release introduces support for installing Traffic Flow Template (TFT), which requires dependency on the AAA server attribute. PDSN rejects Resource reSerVation Protocol (RSVP) messages and fails to install the TFT if it does not receive the 3GPP2 attribute Type 89 (cdma-num-persistent) attribute from the AAA server as part of access-accept. To remove dependency on the AAA server attribute, this release merges the AAA server and local QoS profiles.
The following new command enables you to check the 3rd Generation Partnership Project 2 (3GPP2) attribute Type 89 (cdma-num-persistent) downloaded from the AAA server before installing TFT:
router(config)# cdma pdsn tft persistent-check
Depending on your configuration, PDSN behaves in the following ways:
•
•
–
–
–
–
–
•
To remove the configuration, use the following command:
router(config)# no cdma pdsn tft persistent-check
Conserve Unique IP-ID for FA-HA IP-in-IP Tunnel
This release enables PDSN to set a valid value to the ID field in the IP header when the packet has the chance of fragmenting, by conserving the unique ID in the IP header. By using this feature, you can avoid repeating the ID number within a short time, preventing the duplication of the packet.
The following new command enables you to configure the threshold for the packet size:
Router(config)# ip mobile tunnel ip-ip conserve-ip-id threshold value
Where value represents the threshold value of the packet and now the ip-id could be:
•
•
The following example snippets show the outputs for the ip mobile tunnel ip-ip conserve-ip-id threshold command:
pdsn_active(config)# ip mobile tunnel ip-ip conserve-ip-id threshold ?<576-1500> length in bytespdsn_active(config)# ip mobile tunnel ip-ip conserve-ip-id threshold 600pdsn_active(config)# endpdsn_active#To remove the configuration:
pdsn_active(config)# no ip mobile tunnel ip-ip conserve-ip-id threshold 600pdsn_active(config)# endpdsn_active#GRE CVSE Support in FA-HA Tunnel
This release enables PDSN and the HA to negotiate a Generic Routing Encapsulation (GRE) key, though in the earlier releases, the packets passing through the GRE-enabled reverse tunnel (FA-to-HA) have the default key value as zero. This negotiation is made possible using GRE critical vendor-specific extension (CVSE) support in the Foreign Agent-Home Agent (FA-HA) tunnel.
Here, the FA and HA can generate their own key or both of them can use the FA-generated key. You can send the GRE key CVSE to the HA by configuring the following commands:
•
Router(config)# cdma pdsn attribute send gre_cvse mip_rrq
•
Router(config)# ip mobile foreign-agent extension gre home-agent address range or a single address
The following example snippet shows the output for the show ip mobile visitor command:
pdsn_active# show ip mobile visitorMobile Visitor List:Total 1mwts-mip-np-user11@ispxyz.com:Home addr 12.1.1.10Interface Virtual-Access2.1, MAC addr 0000.0000.0000IP src 0.0.0.0, dest 4.1.1.1, UDP src port 434HA addr 4.1.1.2, Identification CDF2DC2A.10000Lifetime 00:01:00 (60) Remaining 00:00:45Tunnel0 src 4.1.1.1, dest 4.1.1.2, reverse-allowedgre cvse enableFA provided key 1253037210, HA returned key 2926312514Routing Options - (G)GRE (T)Reverse TunnelingThe following example snippet shows the output for the show ip mobile proxy registration command:
pdsn_active# show ip mobile proxy registrationProxy Mobile Node Registrations:userpmip1@ispxyz.com:Registration accepted 06/29/09 06:27:11Next Re-registration 00:00:13Registration sequence number 1Care-of addr 4.1.1.1, HA addr 4.1.1.2, Home addr 12.1.1.12gre cvse enableFA provided key 1527991487, HA returned key 3076709629Flags sbdmG-T-, Identification CDF2DD3F.8CB49CB8Lifetime requested 00:01:00 (60), granted 00:01:00, remaining 00:00:43The following example snippet shows the output for show ip mobile tunnel command:
pdsn_active# show ip mobile tunnelMobile Tunnels:Total mobile ip tunnels 1Tunnel0:src 4.1.1.1, dest 4.1.1.2encap GRE/IP, mode reverse-allowed, tunnel-users 1Multiple GRE keys supportedInput ACL users 0, Output ACL users 0IP MTU 1472 bytesPath MTU Discovery, mtu: 0, ager: 10 mins, expires: neveroutbound interface Ethernet1/0FA created, CEF switching enabled, ICMP unreachable enabled5 minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec0 packets input, 0 bytes, 0 drops0 packets output, 0 bytesTo configure the cdma pdsn attribute send gre_cvse mip_rrq command:
pdsn_active# conf termdsn_active(config)# cdma pdsn attribute send gre_cvse mip_rrqpdsn_active(config)# endTo configure the ip mobile foreign-agent extension gre home-agent command:
pdsn_active# conf termpdsn_active(config)# ip mobile foreign-agent extension gre home-agent 4.1.1.2pdsn_active(config)# endTo remove the configuration:
pdsn_active# conf termpdsn_active(config)# no cdma pdsn attribute send gre_cvse mip_rrqpdsn_active# conf termpdsn_active(config)# no ip mobile foreign-agent extension gre home-agent 4.1.1.2Remote Address Accounting
This release enables the PDSN to support remote address-based accounting (RAA). Using RAA, the number of octets exchanged between the Mobile Station (MS) and a remote IP address during a packet-data session can be counted. The PDSN enables this accounting functionality on a per-user basis, as specified in the User Profile received from the Home RADIUS server during authentication procedures. The PDSN supports Remote Address Table Index attributes from the AAA server to enable RAA in a session. The PDSN supports RAA only when the IP address is visible to it. For example, in Virtual Packet Data Networks (VPDNs), there are no IP packets and hence, the PDSN does not support RAA for VPDN calls.
The following sections describe:
•
Setting up a Session
This section describes the workflow to set up a session. During initial call setup, the PDSN authenticates with the AAA server and downloads the remote table index attribute as part of the access-accept. On downloading the RAA table index during access-accept, the downloaded RAA Table indices are matched against the table index configured on the PDSN. The matched indices are associated with the session; unmatched indices are dropped and not associated with the session. If the force index match is configured, and the downloaded index does not match with the configured RAA table index, the session is dropped.
About the G5 Attribute
The G5 container contains counters for forward octet count, reverse octet count, either the RAA index or the remote-network-and-mask pair , forward octet overflow count, and reverse octet overflow count.
Note
A remote address mask is used to indicate a range of addresses for remote address accounting. The PDSN aggregates the octet counts for all the remote IP addresses of that mask and generates one remote IPv4 octet-count attribute.
The G5 attribute is included in the accounting stop and accounting interim. Some features of the attribute are:
•
•
•
•
•
The following workflow describes updates to the G5 attribute during traffic flow:
1.
2.
a.
b.
c.
Support for 835B-Compliant RAA Table Index Downloaded from RADIUS
To support the IS835B-compliant RAA table index downloaded from the AAA server, use the new cdma pdsn accounting remote address compliance 835b command in global configuration mode:
Note that:
•
•
•
•
Note
•
•
•
•
•
Configuring Remote Address Accounting
The following commands have been introduced for configuring remote address accounting.
To configure the remote address table:
pdsn(config)# cdma pdsn accounting remote address table
pdsn(config-raa)# index number
pdsn(config-raa-table)# description string
pdsn(config-raa-table)# remote address ip-addr ip-addr mask
To remove the remote address that is configured in the table:
pdsn(config)# cdma pdsn accounting remote address table
pdsn(config-raa)# index number
pdsn(config-raa-table)# no remote address ip-addr
To remove the index:
pdsn(config)# cdma pdsn accounting remote address table
pdsn(config-raa)# no index number
To remove the remote address table and to disable remote address accounting feature:
pdsn(config)# no cdma pdsn accounting remote address table
Note
To force remote address accounting:
pdsn(config)# cdma pdsn accounting remote address table index match
Note
To remove force remote address accounting:
pdsn(config)# no cdma pdsn accounting remote address table index match
The following example snippet shows output for the show run command when remote address accounting is enabled:
cdma pdsn accounting remote address tableindex 1description test1remote address 1.1.1.1 255.255.255.255remote address 2.2.2.0 255.255.255.0remote address 10.10.10.5 255.255.255.255index 2description test2remote address 3.3.3.3 255.255.255.255remote address 4.4.4.0 255.255.255.255cdma pdsn accounting remote address index matchThe following command clears all RAA-related statistics:
pdsn# clear cdma pdsn statistics
The following command enables support for the 835B-compliant RAA table index that is downloaded from the AAA server:
pdsn(config)# cdma pdsn accounting remote address compliance 835b
When you use this command, the PDSN accepts only the IS835B-compliant RAA table index downloaded from the AAA server. On disabling this command, the PDSN accepts the RAA table indexes downloaded from the AAA server that are compliant with IS835C or D and B; other forms are rejected. This command is disabled by default.
The following command disables support only for the 835B-compliant RAA table index that is downloaded from the AAA server:
pdsn(config)# no cdma pdsn accounting remote address compliance 835b
The following new commands enable you to debug remote address accounting:
pdsn# debug cdma pdsn accounting raa errors
CDMA PDSN Remote address based accounting errors debugging is on.
pdsn#debug cdma pdsn accounting raa events
CDMA PDSN Remote address based accounting events debugging is on.
See the debug commands in the Cisco Packet Data Serving Node Release 5.0 for Cisco IOS Release 12.4(22)XR1 for more information about debugging remote address accounting in Cisco PDSN Release 5.1.
Default Service Option Implementation
As part of accounting records, the PDSN sends zero to the AAA server in either these instances:
•
or
•
To set the F5 Service Option value to be a non-zero value in a controlled manner, you can now set the default SO value for accounting using the following new command:
Router(config)# [no] cdma pdsn a11 default-service-option value
The new command enables you to configure a default SO value for accounting.
To remove this setting, use the no form of this command.
Note
Configurable Per-Flow Accounting Options
Currently, the PDSN supports per-flow based accounting, which means accounting records are sent per flow (IP flow). This release enables the PDSN to support configurable per-flow accounting optionally, which is decided either by configuring the CLI command or downloading the accounting option.
The following sections describe:
•
•
•
•
Configuring Per-Flow Accounting Options
The following commands are used to configure per-flow accounting options in the PDSN.
To configure CDMA PDSN accounting with main flow:
pdsn_act(config)# cdma pdsn accounting [main flow] ?
where, main flow configures main flow optionally for accounting.
To configure CDMA PDSN accounting main flow, including IP flows:
pdsn_act(config)# cdma pdsn accounting [main flow include ipflows]
where, main flow include ipflows includes IP flow data optionally in the accounting main flow.
To remove the configuration of CDMA PDSN accounting:
pdsn_act(config)# no cdma pdsn accounting ?
local-timezone Enable local timezone values for accounting
main flow Accounting on Main Flow
prepaid Prepaid related configurations
remote Configure Remote Accounting
send Accounting option
time-of-day Generate accounting record at specified time
pdsn_act(config)# no cdma pdsn accounting main flow ?
The following are the options for configuring the accounting options:
Option 1 - Configuring Accounting Option Only for Main Flow:
If the accounting option (Cisco VSA generic) is downloaded from the AAA server as 2 or the cdma pdsn accounting main flow command is enabled.
Option 2 - Configuring Accounting Option for Including Ipflows in Main Flow:
If the accounting option (Cisco VSA generic) is downloaded from the AAA server as 3 or the cdma pdsn accounting main flow include ipflows command is enabled, the accounting records are sent for main flow alone and include IPflows details.
Default Option - Per-Flow Accounting:
Per-flow accounting is performed, if option 1 is configured. If the accounting option (Cisco VSA generic) downloaded from the AAA server is other than option 1 or option 2, or if neither cdma pdsn accounting main-flow or cdma pdsn accounting main-flow include ipflows commands are enabled, the default option is configured.
Functional Flow for Configuring Per-Flow Accounting Options
The functional flow for this feature includes three options: Only Main Flow, Include IP flow in Main Flow, and Per-Flow Accounting (default).
Option 1 - Only Main Flow:
Accounting is done only on main flow. No accounting records are sent for IPflows. But upstream and downstream traffic are accounted in the respective IPflows and aux A10, if the TFT matches. However, the accounting records (start or stop or interim) are not sent for IPflows. Counters for G1 or G2, packets in or out for IPflows are not included, when the accounting records (interim and stop) of the main flow are sent.
Option 2 - Include IP Flow in Main Flow:
Accounting is done only on main flow. No accounting records are sent for IPflows. But upstream and downstream traffic are accounted in the respective IPflows and aux A10, if the TFT matches. However, the accounting records (start or stop or interim) are not sent for IPflows. Counters for G1 or G2, packets in or out for IPflows are added to G1 or G2 and packets in or out of main flow, when the accounting records (interim and stop) of main flow are sent.
Default Option - Per Flow Accounting:
Per-flow (IP flow)-based accounting is done. Accounting records are sent for main flow and IPflows.
Session and Flow Setup for Configurable Per-Flow Accounting Options
During initial call setup, the PDSN authenticates with the AAA server and downloads the accounting option as part of access-accept. On downloading the attribute, the PDSN checks whether the downloaded option is valid. If it is a valid option, the option is copied to the session. If it is not valid, the PDSN checks for configured CLI command. If the accounting option is configured, it is copied to the session. If the accounting option is not configured, there is no accounting option.
If airlink records are received for the IPflows, the records are parsed and updated. If the accounting option is valid, the accounting records for the IPflows, however, are not sent. The upstream and downstream traffic are sent over the respective IPflows and aux A10s after checking the TFT.
Before sending the accounting records (interim and stop), the PDSN checks for the accounting option and depending on the accounting option value, you can decide about including the G1 or G2, packets in or packets out to the respective attributes of the main flow. If accounting option is valid, you can reset G1 or G2, packets in or out of IPflows when you flush the IPflows for main flow.
Limitations in Configuring Per-Flow Accounting Options
The following are the limitations in configuring per-flow accounting options:
•
•
•
•
•
•
IP Flow Discriminator Support for PCF Backward Compatibility
PDSN adds the 4-byte IP flow discriminator to the GRE header. But some PCFs are based on the standard A.S0008 v3.0, or a lesser value that defines the IP flow discriminator to be 3 bytes without the reserved byte.
This release supports IP flow discriminator for backward compatibility of PCFs using the following new command in global configuration mode:
pdsn# cdma pdsn compliance hrpd ipflow-discriminator
On configuring this command, the IP flow discriminator is defined in the new format of 3 bytes. The A10s carry the IP flow discriminator of 3 bytes without a reserved byte. By default, the command is disabled.
Support for Remark DSCP to Max-class Value
The PDSN remarks the upstream packet with the value of the unauthorized Differentiated Services Code Point (DSCP), either to zero or to the value specified by the global configuration command cdma pdsn multiple service-flows qos remark-dscp remark_value. So all unauthorized packets are remarked only to 0 or to a global value as specified in the command.
Note
To remark the DSCP value of the unauthorized packet to a DSCP value on per-user basis, this release introduces a new command.
To remark the DSCP value of the packet either to the max-class value downloaded from the AAA server or to be configured locally:
pdsn# cdma pdsn multiple service-flows qos remark-maxclass
From this release, the PDSN remarks the DSCP value in the following three ways:
•
•
•
Command Support for Fragmentation Size
This release introduces a new command that enables you to set the fragmentation size of the first packet and thereby avoid further fragmentation of the second fragment in the network. With IP fragmentation, the first fragment may not include the Layer-4 header information of the inner packet. Thus, firewalls on the network that performs extensive inspection up to Layer 4, may drop the first fragment.
You can use the following new command in global configuration mode to set the fragmentation size of the first packet with Offset = 0 to set the first fragment size and ensure that the network does not drop the first segment.
pdsn# ip fragment first minimum size ?
where, size represents a number between 8 and 560 in bytes.
The size must include only the payload in multiples of 8 bytes and not any header. Otherwise, the command is rejected with the following error message:
%% First fragment payload size is not in multiples of 8.New Statistics Counters for China Telecom
This release introduces support for new statistics counters for China Telecom.
Currently, only the PDSN-related statistics in the CLI are supported and Exhaustion of Prepaid Quota is provided by the CLI. This release supports A11 registration update per-PCF counter.
A list of new metrics is made available to China Telecom through SNMP on the PDSN. The following statistics counters are supported:
•
•
•
•
•
•
•
•
•
•
Prepaid Statistics per PCF level
The CLI command in Exec mode show cdma pdsn statistics prepaid is enhanced to per-PCF level. The updated command gives prepaid statistics at the per-PCF level.
The per-PCF level prepaid statistics counter does not have the Total Online Access Response Received and Discarded counters. But, these counters are available at the global-level prepaid statistics; if the session is deleted while processing an online response, you cannot control to increment the per-PCF level of the counters.
The following example snippet shows the output for the show cdma pdsn statistics prepaid pcf command:
pdsn1_act# show cdma pdsn statistics prepaid pcf 2.2.2.1PCF 2.2.2.1, Service Option 59Total prepaid flows opened: 0Volume-based 0, Duration-based 0Simple IP 0, VPDN 0, Proxy Mobile IP 0, Mobile IP 0Total online Access Requests sent 0Total online Access ResponseAccepted 0, Timeout 0Online Access Requests sent with Update Reason:Pre-Initialization 0Initial Request 0Threshold Reached 0Quota Reached 0Remote Forced Disconnect 0Client Service Termination 0Main SI Released 0SI not eastablished 0Tariff Switch Update 0Inter-PCF Handoff RRQ
Currently, only the PDSN-related statistics in the CLI are supported. This release supports inter-PCF handoff RRQ. A counter for inter-PCF handoff on a per-PCF basis is provided in the PDSN.
Accepted Inter-PCF Handoff
Currently, only the PDSN-related statistics in the CLI are supported. This release supports accepted inter-PCF handoff. A counter for accepted inter-PCF handoff on a per-PCF basis is provided in the PDSN.
EVDO Network Initial Aux A10 Connection Request
Currently, only the PDSN-related statistics in the CLI are supported. This release supports EVDO network initial aux A10 connection request. In this release, the total number of aux A10 connections is requested and a new counter is added under "statistics rp", and the per-PCF level is supported.
EVDO Network Accepted Initial Aux A10 Connection
This release supports EVDO network-accepted initial auxiliary A10 connection. In this release, the total number of aux A10 connections is successfully created and a new counter is added under "statistics rp", and a per-PCF level is supported.
New Aux Connection Requested and Accepted
Two new counters, New Aux Connection Requested and New Aux Connection Accepted are added under the show cdma pdsn statistics rp CLI command in the Exec mode. These counters are also available at the per-PCF level.
Whenever a registration or reregistration request is received by the PDSN to create n number of new aux connections, the New Aux Connection Requested counter is incremented by n. If all the aux connections are successfully created, the New Aux Connection Accepted counter is incremented by n. In case there are problems in creating any of the requested aux connections, the New Aux Connection Accepted is not incremented.
The following example snippet shows the output for the show cdma pdsn statistics rp pcf pcf IP address command:
pdsn1_act# show cdma pdsn statistics rp pcf 2.2.2.1PCF 2.2.2.1, Service Option 59Reg Request rcvd 2, accepted 2, denied 0, discarded 0Initial Reg Request rcvd 1, accepted 1, denied 0,discarded 0, AuxRequest 0Re-registration requests rcvd 1, accepted 1, denied 0, discarded 0Re-registration requests containing Active-Start 1, Active-Stop 0Re-registration requests containing new connections 0, missing connections 0, remapping flows 0New Aux Connection Requested 4, New Aux Connection Accepted 4Handoff requests rcvd 0, accepted 0, denied 0, discarded 0, AuxRequest 0.Successful PPP Connection Request
Currently, the successful PPP connection request counter is not compliant with China Telecom. In this release, this counter is updated and also added to MIB and per-PCF-based counters.
IPCP is updated in the PPP connection request counter, in both negotiations and renegotiations. For VPDN, the PDSN receives an authentication response success message from the AAA server, and updates this counter. The total successful PPP connection request is calculated as below:
Total successful PPP connection request = (Connection success + Renegotiation success).
PPP renegotiation for a VPDN call is transparent to the PDSN. Only the initial PPP connection status is updated for the VPDN call.
Successful PPP Initial Request
Currently, the successful PPP initial request counter is not compliant with China Telecom definition. In this release, this counter is updated and also added to the per-PCF-based counter.
IPCP is updated in the PPP initial request counter in the initial stage. For VPDN case, PDSN receives authentication response success message from AAA, and updates this counter.
PPP Statistics Connection Success Counter
For a VPDN call, as soon as an authentication get success is received, the connection success counter is incremented regardless of the status of the L2TP tunnel.
The following example snippet shows the output for the show cdma pdsn statistics ppp command:
pdsn1_act# show cdma pdsn statistics pppLast clearing of "show cdma pdsn statistics ppp" counters neverPPP:Current Connections 2Connection requests 2, success 2, failure 0, aborted 0Failed PPP Connection Request
Not having IP resource for allocation is one of the reasons for code failure. Currently, this failure reason is not supported and only the PDSN-related statistics in CLI commands are supported. This release supports this failure reason and a failed PPP connection request is added in MIB and per-PCF-based counter.
New Counter for Not Having IP Resource for Allocation in PPP Statistics
Currently, when the IP pool is exhausted, the unknown count available under the IPCP stage is incremented if the IP pool name is downloaded from the AAA server. The other counters under release are incremented, if the pool name is locally configured. A new counter is introduced, under the show cdma pdsn statistics PPP command, to reflect the number of sessions that failed at the IPCP stage because of the IP pool exhaustion, irrespective of whether the pool name is downloaded from the AAA server or locally configured.
The old counter's behavior related to IP address exhaustion has not been changed. The new counter value does not match with the total number of failures under IPCP stage, because the IP pool exhaustion of a local pool is not considered an IPCP failure.
The following example snippet shows the output for the show cdma pdsn statistics ppp command:
pdsn_act# show cdm pdsn statistics pppLast clearing of "show cdma pdsn statistics ppp" counters 00:09:33Last update received at 02:51:38 UTC Mar 1 2002PPP:Current Connections 2Connection requests 11, success 2, failure 9, aborted 0Connection enters stage LCP 11, Auth 11, IPCP 11Connection success LCP 11, AUTH 11, IPCP 2Failure reason LCP 0, authentication 0, IPCP 9, other 0Failure reason lower layer disconnect 0A10 release before LCP nego by PDSN 0, by PCF 0IPCP StageFailure Reasons Options 0, MaxRetry 0, Unknown 9Options failure reason MN Rejected IP Address 0LCP Term Req during IPCP nego sent 9, rcvd 0A10 release during IPCP nego by PDSN 0, by PCF 0No enough IP resource for allocation 9PCF Terminate A10 Before LCP Stage
Currently, only the PDSN-related statistics in the CLI are supported. This release supports PCF terminate A10 before the LCP stage counter.
PPP Statistics at Per-PCF Level
The counter that gives the PPP statistics about "PCF Terminate A10 before LCP Stage" and renegotiation details are now made available at the per-PCF level.
The following example snippet shows the output for the show cdma pdsn statistics ppp pcf pcf ip address command:
pdsn1_act# show cdma pdsn statistics ppp pcf 2.2.2.1PCF 2.2.2.1, Service Option 59Current Connections 1Connection requests 1, success 1, failure 0, aborted 0A10 release before LCP nego by PDSN 0, by PCF 0Renegotiation total 0, by PDSN 0, by Mobile Node 0Renegotiation success 0, failure 0, aborted 0Renegotiation reason: address mismatch 0, lower layer handoff 0GRE key change 0, other 0Initial Connection Requests for L2TP tunnel
Currently, only the PDSN-related statistics in the CLI are supported. This release supports initial connection requests for L2TP tunnel as a global counter. The Start-Control-Connection-Reply (SCCRQ) counter from XMIT gives the details about the initial connection request for the L2TP tunnel, when you execute the command show l2tp counters tunnel.
Successful Request for L2TP Tunnel
Currently, only the PDSN-related statistics in CLI are supported. This release supports successful request for the L2TP tunnel as a global counter. The Start-Control-Channel-Connected (SCCCN) counter from XMIT gives the details about the successful connection request for the L2TP tunnel, when you execute the show l2tp counters tunnel command.
Failed Request for L2TP Tunnel
Currently, only the PDSN-related statistics in the CLI are supported. This release supports failed request for the L2TP tunnel as a global counter. The SCCRQ - SCCCN counter from XMIT gives the details about the failed request for the L2TP tunnel, when you execute the show l2tp counters tunnel command.
Active and Dormant Session Counters
The active counters, also available at the per-PCF level, and dormant session counters give details about the total number of main connections in dormant state.
The following example snippet shows the output for the show cdma pdsn statistics pcf pcf ip address command:
pdsn1_act# show cdma pdsn pcf 2.2.2.1PCF 2.2.2.1 has 1 sessionReceived 6 pkts (185 bytes), sent 15 pkts (640 bytes)PCF Session ID 1, Mobile Station ID IMSI 09884708943A10 connection age 01:40:24A10 registration lifetime 65535 sec, time since last registration 6024 secNumber of sessions Active 2, Dormant 0,Outbound and Inbound Bytes on RP Interface
This release supports outbound and inbound bytes on RP interface (SO=33,SO=59,SO=64,SO=67) are added in the per-PCF-based counter.
Counters for Inbound and Outbound Bytes on RP Interface by Service Option
A new CLI command in Exec mode is introduced to give the total number of inbound and outbound bytes on the RP interface based on service option. This command is also available at the per-PCF level.
The following example snippet shows the output for the show cdma pdsn statistics service-option command:
san-pdsn# show cdma pdsn statistics service-option 33 ?pcf give pcf ip for faster response!!| Output modifiers<cr>san-pdsn# show cdma pdsn statistics service-option 33 pcf ?A.B.C.D PCF IP addresssan-pdsn# show cdma pdsn statistics service-option 33 pcf 41.1.1.2Service Option: 50 PCF: 41.1.1.2Bytes in: 0 Bytes out: 0Packs in: 0 Packs out: 0san-pdsn# show cdma pdsn stat serv 59Service Option: 59Bytes in: 184 Bytes out: 506Packs in: 30 Packs out: 1san-pdsn# show cdma pdsn stat serv 59 pcf 41.1.1.3Service Option: 59 PCF: 41.1.1.3Bytes in: 0 Bytes out: 0Packs in: 0 Packs out: 0Features From Previous Releases
This section explains the features that were introduced in releases earlier than Cisco PDSN Release 5.1.
Inter-User Priority
PCF uses the inter-user priority attribute to schedule packets to the MN. PDSN receives this attribute from the AAA server in a RADIUS access-accept message.
Roamer Identification
Roamer Identification is a home area attribute defined by Lucent, and PDSN receives this attribute from the AAA server in a RADIUS access-accept message.
Served MDN
Served MDN is a vendor-specific attribute defined by China Telecom. It is similar to the Class IETF attribute. The Served MDN attribute is received by the PDSN from the AAA server in a RADIUS-access accept message and is included in all the accounting request messages sent to the AAA server for the session or IP flow.
The Served-MDN attribute is a China Telecom VSA that is downloaded from the AAA server as part of RADIUS access-accept message per user.
When you configure the cdma pdsn attribute vendor 20942 command, the PDSN parses the served MDN attribute, and sends the attribute in accounting messages. If parsed successfully, the attribute value is stored as part of the flow structure for the user that has received the RADIUS access-accept message.
If downloaded, this attribute is sent in all accounting request messages (start, stop, and interim-update) of the corresponding flow and its associated IP flows. If the PDSN receives multiple values of this attribute in a single access-accept message, and if they are parsed successfully, the last instance in the list of attributes downloaded is stored in the flow structure.
The PDSN drops the access-accept if it gets an invalid format or incorrect length for the Served-MDN VSA. The corresponding failure counter is then incremented. When a new value of the attribute is received in an access-accept during PPP-renegotiation or MIP reregistration, the latest value downloaded will update the existing value. And when a subsequent access-accept does not download this value, then the existing value is retained.
In case of inter-PCF handoff, this attribute is sent in both the accounting stop and accounting start message. In case of PPP renegotiation, if PDSN receives a new value, then the new value is stored in the flow structure. If a new attribute value is downloaded when the session is dormant and accounting start stop is not enabled, the accounting stop contains the old served MDN attribute value and the accounting start contains the new served MDN attribute value.
If unknown China Telecom attributes are received, these attributes are ignored.
If both IETF class attribute and CT VSA served MDN attribute is downloaded as a part of access-accept, both attributes are sent to the AAA server in accounting messages for the session.
To support the served MDN attribute in accounting, show and debugging, run the following command:
router (config)# cdma pdsn attribute vendor 20492
This new command enables the PDSN to parse the served MDN attribute, and send the attribute in accounting messages.
Framed Pool
The Framed Pool attribute is an IETF attribute downloaded by the PDSN from the AAA server in RADIUS access-accept message. This attribute value is used by the PDSN to match the IP pools configured in the PDSN, and allocates an IP address from the selected pool through PPP IPCP negotiation. The PDSN supports Cisco VSA for downloading the pool names from the AAA server. This feature is required to download the pool name as an IETF VSA.
The PDSN downloads the IETF framed-pool attribute from the AAA server as part of the access-accept message per user flow. If the local pool name matches the pool name downloaded, and if the pool has an IP address available for allocation, an IP address is allocated to the MN and the allocated IP address is sent as part of the IPCP CONFNAK message to the MN.
If the MN requests a static IP address and the IETF pool name is downloaded as well during the access-accept, the static IP address requested by the MN is given preference only when the IP address preferred is within the pool range configured in the PDSN. Otherwise, the IP address is assigned from the downloaded Pool.
If no local pool matches the pool name configured in the PDSN, or if the matched pool name does not have any address to allocate, the PPP IPCP negotiation fails, and the call is terminated. If framed IP pool and Cisco av pair pool name attributes are downloaded, the IP address is allocated from the framed pool. When multiple framed IP pool names are downloaded, the IP address is allocated from the first of the downloaded pools. If the IP addresses in the framed IP pool are exhausted, the session goes down.
The IETF pool name is synchronized to the standby unit by the AAA server subsystem. Parsing and validation of this attribute is performed by the AAA server subsystem.
Other Considerations
SIP calls are supported. For all other calls, IP address assignment will be done by the HA and the pool configuration in VAAA will be ignored by the PDSN.
For PMIP calls, the address allocated by the HA is negotiated with the MN as a part of IPCP even if a IETF pool name attribute value was downloaded.
3GPP2 DNS Server IP
The DNS server IP address attribute is a 3GPP2 VSA downloaded by PDSN from the AAA server in RADIUS access-accept message. These IP addresses downloaded from the AAA server must be sent to the MN if requested during IPCP negotiation.
The PDSN downloads the 3GPP2 DNS IP address VSA with Vendor ID 117 from the AAA server as a part of the access-accept message. Downloaded attributes are parsed for the primary and secondary IP addresses and are stored in the AAA server list for the user session. The values that are sent in sub-type 3 and 4 are not used by the PDSN. This attribute (if requested) is sent to the MN during IPCP negotiation from the AAA server list.
During PPP IPCP negotiation, the MN requests an IP address in the IPCP CONFREQ message by sending the primary DNS IP address as 0.0.0.0 and secondary DNS IP address as 0.0.0.0. If a user is authorized for the DNS IP addresses, addresses downloaded from the AAA server are sent to the MN through the IPCP CONFNAK message.
If invalid attributes are downloaded in the DNS VSA (for example, an invalid length or an invalid subtype), the PDSN drops the access-accept, and the corresponding failure counter is incremented. The PDSN does not check the content of the IP address in the primary and secondary fields and the value is sent to the MN as received.
If a user requests is sent for the DNS IP address, but the PDSN does not download the DNS IP address VSA, an IPCP CONFREJ message is sent rejecting the DNS request sent by the MN. Then the MN sends a new CONFREQ without the primary DNS address or secondary DNS address in its CONFREQ.
The attributes downloaded are sent to the MN for SIP calls when configured in VAAA. Flags downloaded are ignored by the PDSN for SIP and PMIP calls. For MIP calls, DNS is sent by the HA through MIP RRP. No configuration is required in the VAAA.
For PMIP calls, the DNS address downloaded by the HA is given preference. If the DNS IP address is downloaded from the AAA server for PMIP calls, it would not be suggested to the MN even if the MN requests for the DNS server IP address.
If multiple 3GPP2 attributes, or a combination of 3GPP2 attributes, and CISCO VSA DNS attribute are downloaded, the last downloaded attribute value is taken into consideration. In case the 3GPP2 DNS server IP address attribute is downloaded but not negotiated with the MN, it would be displayed on the session.
Virtual Route Forwarding with Sub-interfaces
The Virtual Route Forwarding (VRF) attribute is a Cisco-specific vendor attribute downloaded by the PDSN from the AAA server in a RADIUS access-accept message. The vaccess (sub-interface created per session on the PDSN) is added to the VRF matching the VRF attribute value downloaded from the AAA server. The PDSN downloads the Cisco vendor-specific VRF attribute from the AAA server as a part of the access-accept message. If this VSA is received in user authorization, and if the VRF name returned from RADIUS is configured globally on the PDSN, the PDSN will apply this VRF information for the session.
The current support on IOS creates a full vaccess interface for this user session to support VRF. VRF forces the creation of a full access interface that limits the number of sessions to 8,000 (only 8K software IDBs exist).
The VRF, when configured in PDSN, creates an instance of the routing table. When the VRF is applied to the vaccess created, after the PPP IPCP negotiation, the route inserted is in the VRF routing table and not in the global routing table. The current implementation supports VRF as an LCP-based configuration request.
Basic Functionality
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
–
–
•
•
•
•
•
•
•