Managing Mobile Networks

The following topics provide an overview of mobile technologies and describe how to work with mobile technologies using the Vision client. If you cannot perform an operation that is described in these topics, you may not have sufficient permissions; see Permissions Required to Perform Tasks Using the Prime Network Clients

GPRS/UMTS Networks

These topics describe how to use Prime Network to manage GPRS/UMTS networks:

Overview of GPRS/UMTS Networks

General Packet Radio Service (GPRS) and Universal Mobile Telecommunication System (UMTS) are evolutions of Global System for Mobile Communication (GSM) networks.

GPRS is a 2.5G mobile communications technology that enables mobile wireless service providers to offer their mobile subscribers packet-based data services over GSM networks. UMTS is a 3G mobile communications technology that provides wideband code division multiple access (CDMA) radio technology. Figure 27-1 shows a basic GPRS/UMTS network topology.

Figure 27-1 Basic GPRS/UMTS Network Topology

 

285173.tif

The GPRS/UMTS packet core comprises two major network elements:

  • Gateway GPRS support node (GGSN)—A gateway that provides mobile cell phone users access to a Packet Data Network (PDN) or specified private Internet Protocol (IP) networks.
  • Serving GPRS support node (SGSN)—Connects the radio access network (RAN) to the GPRS/UMTS core and tunnels user sessions to the GGSN. The SGSN sends data to and receives data from mobile stations, and maintains information about the location of a mobile station (MS). The SGSN communicates directly with the MS and the GGSN.

PDNs are associated with Access Point Names (APNs) configured on the system. Each APN consists of a set of parameters that dictate how subscriber authentication and IP address assignment is to be handled for that APN.

The Vision client allows you to configure the mobile technologies by using commands and also view the properties configured for the mobile technologies. Figure 27-2 shows an example of the Inventory window with the mobile technology nodes/containers under the Mobile context.

To see which devices support mobile technologies, refer to Cisco Prime Network 5.2 Supported VNEs.

Figure 27-2 Mobile Technology Nodes in Logical Inventory

 

320087.tif

Working With GPRS/UMTS Network Technologies

The following topics explain how to work with GPRS/UMTS network technologies in the Vision client:

Working with the Gateway GPRS Support Node (GGSN)

The GGSN works in conjunction with SGSNs within the network to perform the following functions:

  • Establish and maintain subscriber Internet Protocol (IP) or Point-to-Point Protocol (PPP) type Packet Data Protocol (PDP) contexts originated by either the mobile or the network.
  • Provide charging detail records (CDRs) to the charging gateway ((CG), also known as the Charging Gateway Function (CGF)).
  • Route data traffic between the subscriber’s Mobile Station (MS) and a PDN such as the Internet or an intranet.

In addition, to providing basic GGSN functionality as described above, the system can be configured to support Mobile IP and/or Proxy Mobile IP data applications in order to provide mobility for subscriber IP PDP contexts. When supporting these services, the system can be configured to function as a GGSN and Foreign Agent (FA), a stand-alone Home Agent (HA), or a GGSN, FA, and HA simultaneously within the carrier's network.

The following topics explain how to work with GGSN in the Vision client:

Viewing GGSN Properties

The Vision client displays the GGSNs in a GGSN container under the Mobile node in the logical inventory. The icon used for representing GGSNs in the logical inventory is explained in NE Logical Inventory Icons.

To view GGSN properties:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > GGSN Container.

The Vision client displays the list of GGSNs configured under the container. You can view the individual GGSN details from the table on the right pane or by choosing Logical Inventory > Context > Mobile > GGSN Container > GGSN.

Table 27-1 describes the details available for each GGSN.

 

Table 27-1 GGSN Properties in Logical Inventory

Field
Description

Service Name

The name of the GGSN service.

Status

The status of the GGSN service. Value could be Unknown, Running, or Down.

PLMN Policy

The PLMN policy for handling communications from SGSNs that are not configured to communicate with.

Newcall Policy

Specifies whether to accept or reject a new incoming call.

Authentication Server Timeout

The code used by the GGSN as a response message if communication with an authentication server times out. Value could be System Failure or User Authentication Failed.

Accounting Server Timeout

The code used by the GGSN as a response message if communication with an accounting server times out. Value could be System Failure or No Resources.

Accounting Context

The context that processes accounting for PDP contexts handled by the GGSN service

GTPU

The GTPU that is associated with the GGSN and manages the GTP messages between GGSN and a radio access network equipment (RNC).

P-GW

A PDN Gateway (P-GW) is the node that terminates the SGi interface towards the PDN

Associated IPNE Service

The IP Network Enabler (IPNE) service, which defaults to Not Defined.

Associated Peer Map

Specifies the Network side Peer map for the SGW service

S6b IPv6 Reporting

Configures the IPv6 address reporting through Authorization-Authentication-Request (AAR) towards the

S6b interface

Local IPv6 Address

The local IPv6 address bounded with the GGSN service.

Maximum Primary Sessions

Configures the maximum number of primary sessions for using this service.

Maximum Secondary Sessions

Configures the maximum number of secondary sessions for using this service.

Unlisted SGSN Rat Type

Specifies the unlisted SGSN rat-type option, which could be gan, geran, hspa, utran, or wlan.

Message Rate [Msgs/Sec]

Specifies the message rate to be in msgs or secs.

Delay Tolerance

Specifies the delay tolerance in secs.

Queue Size

Specifies the size of the queue.

SGSN MCC MNC Preference

Specifies the MCC and MNC portions of PLMN identifier.

Duplicate Subscriber Address Request

Displays how duplicate sessions with same address request are configured.

Duplicate Subscriber Address Request IPV6

Shows how duplicate sessions with same IPv6 address request are configured. The default configuration disables the support to accept duplicate v6 address request.

Gx Li Transport

Displays the Gx LI X3 interface content delivery transport. Default transport is UDP.

Gx Li X3 Interface Context

The Gx LI X3 interface context associated with the service.

Internal QOS Application

The mechanism for deriving the Internal QOS value.

Internal QOS Policy

The derived Internal QOS value for Data Traffic.

DNS Client Context

The context name where a DNS client is configured. The context name associates an existing DNS client configuration with the GGSN to perform a DNS query for P-CSCF, if a P-CSCF query request in an AAA message is received from the Diameter node.

Trace Collection Entity

Shows the configured trace collection entity IP address. Trace collection entity is the destination node to which trace files are transferred and stored.

Path Failure Detection On Gtp Messages

Determines the GTP path-failure behavior on echo or non-echo messages.

MBMS Policy

This command enables or disables the Multimedia Broadcast Multicast Services (MBMS) user service support for multicast or broadcast mode. It also specifies the policy for MBMS user service mode.

Local IP Port

The local UDP port that the GGSN service can use.

Maximum PPP Sessions

Maximum context limits allowed for the service.

If the GGSN is associated with SGSNs and Public Land Mobile Networks (PLMNs), you can view the details from the respective tabs for that GGSN.

Table 27-2 describes the SGSN and PLMN information associated with the GGSN.

 

Table 27-2 SGSN and PLMN information for a GGSN

Field
Description

SGSNs

IP Address

The IP address of the SGSN.

Subnet Mask

The subnet mask of the SGSN.

PLMN ID

The PLMN ID associated with the SGSN.

MCC

The mobile country code (MCC) portion of the PLMN.

MNC

The mobile network code (MNC) portion of the PLMN.

PLMN Foreign

Indicates whether the SGSN belongs to a home or foreign PLMN. This field is available only if MCC and MNC are not available.

Reject Foreign Subscriber

Specifies whether to accept or reject foreign subscriber. Value could be True or False.

RAT Type

The type of radio access technology (RAT) that is used for communication.

Description

The description of the SGSN entry in the GGSN service.

PLMNs

PLMN ID

The ID of the PLMN associated with the GGSN.

Primary

Indicates whether the PLMN ID is the primary PLMN ID for the GGSN. Value could be True or False. When multiple PLMN IDs are configured, the one configured as primary is used for the Authentication, Authorization, and Accounting (AAA) attribute.


 

Viewing Additional Characteristics of a GGSN

To view additional characteristics of a GGSN:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Mobile > GGSN Container > GGSN.

Step 3blank.gif Expand the GGSN node. The following list of characteristics configured for the GGSN are displayed:

  • Charging Characteristics
  • GTPC Characteristics
  • Timers And QoS

Step 4blank.gif Choose Charging Characteristics to view the properties on the right pane. See Table 27-3 for more details on the charging characteristics configured for the GGSN.

 

Table 27-3 GGSN Charging Characteristics

Field
Description
Profiles

Profile No

Type of billing. For example:

  • 1—Hot billing
  • 2—Flat billing
  • 4—Prepaid billing
  • 8—Normal billing

All other profiles from 0 - 15 are customized billing types.

Buckets

Denotes container changes in the GGSN Call Detail Record (GCDR).

Prepaid

Prepaid type, which could be Prohibited or Use-rulebase-configuration.

Down Link Octets

Downlink traffic volume of the bucket.

Uplink Octets

Uplink traffic volume of the bucket.

Total Octets

Total traffic volume of the bucket.

Tariff Time Triggers

Profile No

Type of billing.

Time1, Time2, and so on

First time-of-day time values, and so on, to close the current statistics container.

Intervals

Profile No

Type of billing.

No. of SGSNs

Number of SGSN changes (inter-SGSN switchovers) resulting in a new Routing Area Identity (RAI) that can occur before closing an accounting record.

Interval

Normal time duration that must elapse before closing an accounting record.

Down Link Octets

Downlink traffic volume reached within the time interval.

Up Link Octets

Uplink traffic volume reached within the time interval.

Total Octets

Total traffic volume reached within the time interval.

Step 5blank.gif Under the GGSN node, choose Timers and QoS to view the properties on the right pane. See Table 27-4 for more details on the Timers and QoS parameters configured for the GGSN.

 

Table 27-4 GGSN Timers and QoS

Field
Description

Retransmission Timeout

Timeout, in seconds, for retransmission of GTP control packets.

Max Retransmissions

Maximum retries for transmitting GTP control packets.

Setup Timeout

Maximum time, in seconds, allowed for session setup.

Echo Interval

Echo interval, in seconds, for GTP.

Guard Interval

Interval, in seconds, for which the GGSN maintains responses sent to SGSN. This optimizes the handling of retransmitted messages.

QCI to DSCP Mapping

QoS class index

A set of transport characteristics used to differentiate various packet flows.

DSCP

Differentiated Services Code Point (DSCP), a mechanism for classifying and managing network traffic and providing QoS.

QCI & ARP DSCP Mapping

QoS class index

A set of transport characteristics used to differentiate various packet flows.

Allocation retention priority

The priority of allocation and retention of the service data flow. This parameter allows prioritizing allocation of resources during bearer establishment and modification. During network traffic congestions, a lower ARP flow is dropped to free up the capacity.

DSCP

A mechanism for classifying and managing network traffic and providing QoS.


 

GGSN Commands

The following GGSN-related commands can be launched from the inventory by right-clicking a GGSN and choosing GGSN > Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-5 GGSN Commands

Command
Navigation
Description

Create PLMN Identifier

Right-click the GGSN group > Commands > Configuration

Use this command to create a PLMN Identifier.

Create SGSN

Use this command to create an SGSN.

Delete GGSN

Use this command to delete a GGSN profile.

Modify GGSN

Use this command to modify a GGSN profile details.

Working with the GPRS Tunneling Protocol User Plane (GTPU)

The GGSN communicates with SGSNs on a Public Land Mobile Network (PLMN) using the GPRS Tunneling Protocol (GTP). The signaling or control aspect of this protocol is referred to as the GTP Control Plane (GTPC) while the encapsulated user data traffic is referred to as the GTP User Plane (GTPU). GTPU is used for transferring user data in separated tunnels for each PDP context.

You can configure various parameters for a GTPU using the configuration commands in the Vision client. You can view the configured parameters for a GTPU in the logical inventory.

The following topics explain how to work with GTPU in the Vision client:

Viewing GTPU Properties

The Vision client displays the GTPUs in a GTPU container under the Mobile node in the logical inventory. The icon used for representing GTPUs in the logical inventory is explained in NE Logical Inventory Icons.

To view GTPU properties:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > GTPU Container.

The Vision client displays the list of GTPUs configured under the container. You can view the individual GTPU details from the table on the right pane or by choosing Logical Inventory > Context > Mobile > GTPU Container > GTPU.

Table 27-6 describes the details available for each GTPU.

Table 27-6 GTPU Properties in Logical Inventory

Field
Description

Service Name

The name of the GTPU service.

State

The status of the GTPU service. Status could be Unknown, Running, or Down.

Max Retransmissions

The maximum limit for GTPU echo retransmissions. Default value is 4.

Retransmission Timeout

The timeout in seconds for GTPU echo retransmissions. Default value is 5 Secs.

Echo Interval

The rate at which the GTPU echo packets are sent.

IPSEC Tunnel Idle Timeout

The IPSec tunnel idle timeout after which IPSec tunnel deletion is triggered. Default value is 60 Secs.

Allow Error Indication

Specifies whether error indication is dropped or sent without IPSec tunnel. Default value is Disabled.

Include UDP Port Ext Hdr

Specifies whether to include an extension header in the GTPU packet for error indication messages. Default value is False.

IP Address

The list of IP addresses configured on the GTPU. The IP addresses are available only when configured for the GTPU.

Smooth Factor

Configures the smooth-factor used in the dynamic echo timer for GTPU Service, ranging from 1 to 5. Default is 2.

IP QOS DSCP Value

Designates IP Quality of Service - Differentiated Services Code Point.

Source Port Configuration

Configures GTPU data packet source port related parameters.

Path Failure Detection

Specifies policy to be used. Default is GTPU echo message.

Path Failure Clear Trap

Specifies trigger for clearing path failure trap. By default, path failure trap is cleared on receiving first control plane message for that GTPU peer allocation.

UDP Checksum

Detects transmission errors inside GTPU packets.

Echo Interval

Specifies the time of echo interval.

Echo Mode

Specifies the type of echo mode.

Echo Retransmission Timeout

Configures the echo retransmission timeout for GTPU Service, in seconds, ranging from 1 to 20. Default is 5.

Ike Bind Address

Configures an Ike bind address.

Bearer Type

Configures media type supported for the GTPU end point.

Crypto Template

Configures Crypto template for IP-Sec.

Table 27-7 describes the IP address details available for each GTPU.

Table 27-7 GTPU Properties with IP Address Details

Field
Description

IP Address

The list of IP addresses configured on the GTPU. The IP addresses are available only when configured for the GTPU.

Ike Bind Address

Configures an IKE bind address.

Bearer Type

Configures media type supported for the GTPU end point.

Crypto Template

Configures Crypto template for IP-Sec.


 

GTPU Commands

The following GTPU-related commands can be launched from the inventory by right-clicking a GTPU and choosing Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.)

 

Table 27-8 GTPU Commands

Command
Navigation
Description

Create GTPU Bind IP Address

Right-click the GTPU defined > Commands > Configuration

Use this command to create a bind IP address for GTPU.

Modify GTPU Bind IP Address

Select the GTPU node > right-click the IP address in the content pane > Commands > Configuration

Use this command to modify the Bind IP address for GTPU.

Delete GTPU Bind IP Address

Use this command to delete the Bind IP address for GTPU.

Delete GTPU

Right-click the GTPU defined > Commands > Configuration

Use this command to delete a GTPU group.

Modify GTPU

Use this command to modify a GTPU group.

Working with Access Point Names (APNs)

APN is the access point name that is configured in the GGSN configurations. The GGSN’s APN support offers the following benefits:

  • Extensive parameter configuration flexibility for the APN.
  • Extensive QoS support.
  • Virtual APNs to allow differentiated services within a single APN. The APN that is supplied by the mobile station is evaluated by the GGSN in conjunction with multiple configurable parameters. Then the GGSN selects an APN configuration based on the supplied APN and those configurable parameters.
  • Traffic policing that governs the subscriber traffic flow if it violates or exceeds configured peak or committed data rates. The traffic policing attributes represent a QoS data rate limit configuration for both uplink and downlink directions.

Up to 1024 APNs can be configured in the GGSN. An APN may be configured for any type of PDP context, i.e., PPP, IPv4, IPv6 or both IPv4 and IPv6.

Many parameters can be configured independently for each APN on the device. They are categorized as given below:

  • Accounting—Various parameters regarding accounting possibilities, such as, charging characteristics, accounting mode (RADIUS server-based accounting, GTPP-based accounting, and so on.)
  • Authentication—Various parameters regarding authentication, such as, protocols used, like, Challenge Handshake Authentication Protocol (CHAP), Password Authentication Protocol (PAP), or none, default username/password, server group to use, and limit for number of PDP contexts.
  • Enhanced Charging—Name of rulebase to use, which holds the enhanced charging configuration (for example, eG-CDR variations, charging rules, prepaid/postpaid options, etc.).
  • IP: Method for IP address allocation (e.g., local allocation by GGSN, Mobile IP, Dynamic Host Control Protocol (DHCP), DHCP relay, etc.). IP address ranges, with or without overlapping ranges across APNs.
  • Tunneling: PPP may be tunneled with L2TP. IPv4 may be tunneled with GRE, IP-in-IP or L2TP. Load-balancing across multiple tunnels. IPv6 is tunneled in IPv4. Additional tunneling techniques, such as, IPsec and VLAN tagging may be selected by the APN, but are configured in the GGSN independently from the APN.
  • QoS: IPv4 header ToS handling. Traffic rate limits for different 3GPP traffic classes. Mapping of R98 QoS attributes to work around particular handset defections. Dynamic QoS renegotiation (described elsewhere).

You can configure the APN parameters using the Vision client. You can view the configured parameters for an APN in the logical inventory. After an APN is determined by the GGSN, the subscriber may be authenticated/authorized with an AAA server. The GGSN allows the AAA server to return Vendor Specific Attributes (VSAs) that override any or all of the APN configuration. This allows different subscriber tier profiles to be configured in the AAA server, and passed to the GGSN during subscriber authentication/authorization.

The following topics explain how to work with APN in the Vision client:

Viewing APN Properties

The Vision client displays the APNs in an APN container under the Mobile node in the logical inventory. You can also view additional characteristics configured on the APN as explained in Viewing Additional Characteristics of an APN. The icon used for representing APNs in the logical inventory is explained in NE Logical Inventory Icons.

To view APN properties:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > APN Container > APN.

Table 27-9 describes the information that is available for the APN. The information that is displayed depends on the configuration of the APN.

 

Table 27-9 APN Properties in Logical Inventory

Field
Description

APN Name

The APN name.

Accounting Mode

The accounting protocol in use in the APN. Values are GTPP (GPRS Tunneling Protocol Prime), RADIUS (Remote Authentication Dial In User Service), or None.

Selection Mode

The selection mode in use in the APN. Selection mode indicates the origin of the requested APN and whether or not the Home Location Register (HLR) has verified the user subscription.

L3 to L2 Address Policy

The layer 2 to layer 3 IP address allocation or validation policy.

Allocation Type

The method by which the APN obtains IP addresses for PDP contexts.

IP Header Compression

IP packet header compression parameters for the APN.

New Call Policy

Specifies whether to accept or reject a new incoming call in case of duplicate session calls with a request for same IP address.

Step 3blank.gif To view additional details configured for the APN, use the following tabs:

    • Virtual APNs—A virtual APN is a non-physical entity that represents an access point that does not itself provide direct access to a real target network. A virtual APN can be used to consolidate access to multiple, physical target networks through a single access point.
    • QCI to DSCP Mapping—Shows the mapping between QoS Class Indices (QCI) to Differentiated Services Code Point (DSCP).
    • QCI & ARP DSCP Mapping—Shows the mapping between QCI and Allocation/Retention Priority (ARP) to DSCP.
    • QoS Downlink Traffic Policing—Shows the attributes that represent QoS data rate limit configuration for downlink direction within the APN profile.
    • QoS Uplink Traffic Policing—Shows the attributes that represent QoS data rate limit configuration for uplink direction within the APN profile.

 

Table 27-10 Additional Configuration Details for APN

Field
Description

Virtual APNs

Preference

Specifies the order in which the referenced APNs are compared by the system. Can be configured to any integer value from 1 (highest priority) to 1000 (lowest priority).

APN

Specifies the name of an alternative APN configured on the system that is to be used for PDP contexts with matching properties. Value can be from 1 to 62, alpha and/or numeric characters, and is not case-sensitive. It may also contain dots (.) and/or dashes (-).

Rule Definition

The virtual APN rule definition can be one of the following:

  • access-gw-address—Specifies the access gateway (SGSN/SGW/Others) address for the virtual APN. The IP address can be an IPv4 or IPv6 address in decimal notation. IPv6 also supports :: notation for the IP address.
  • bearer-access-service—Specifies the bearer access service name for the virtual APN.
  • service name—Specifies the service name. Service name is unique across all the contexts. Value is a string of size 1 to 63.
  • cc-profile—Specifies the APN for charging characteristics (CC) profile index. Value is an integer from 1 to 15.
  • Domain name—Specifies the subscriber’s domain name (realm). Domain name can be from 1 to 79 alpha and/or numeric characters.
  • MCC—Specifies the MCC portion of the PLMN identifier. Value is an integer between 100 to 999.
  • MNC—Specifies the MNC portion of the PLMN identifier. Value is an integer between 100 to 999.
  • msisdn-range—Specifies the APN for this MSISDN range. The starting and ending values of the range is a string of size 2 to 15 with values between 00 and 999999999999999.
  • Rat-Type—Specifies the rat-type option, which could be gan, geran, hspa, utran, or wlan.
  • Roaming mode—Specifies the roaming mode, which could be Home, Visiting, or Roaming.

QCI to DSCP Mapping

QoS class index

Denotes a set of transport characteristics used to differentiate various packet flows.

DSCP

Denotes a mechanism for classifying and managing network traffic and providing QoS.

QCI & ARP DSCP Mapping

QoS class index

Denotes a set of transport characteristics used to differentiate various packet flows.

Allocation retention priority

Indicates the priority of allocation and retention of the service data flow. This parameter allows prioritizing allocation of resources during bearer establishment and modification. During network traffic congestions, a lower ARP flow is dropped to free up the capacity.

DSCP

Denotes a mechanism for classifying and managing network traffic and providing QoS.

QoS Downlink Traffic Policing

QCI

A scalar that denotes a set of transport characteristics and used to infer nodes specific parameters that control packet forwarding treatment.

Peak Data Rate

The peak data rate allowed, in bytes, for the downlink direction and QoS traffic class.

Committed Data Rate

The committed data rate allowed, in bytes, for the downlink direction and QoS traffic class.

Negotiate Limit

Indicates whether negotiation limit is enabled or disabled for the downlink direction and Qos traffic class.

Rate Limit

Indicates whether the rate limit is enabled or disabled for the downlink direction and Qos traffic class.

Burst Size Auto Readjust

Indicates whether the auto readjustment of burst size is enabled or disabled. This parameter is used in dynamic burst size calculation, for traffic policing, at the time of PDP activation of modification.

Burst Size Auto Readjust Duration

The burst size readjustment duration in seconds. This parameter indicates the number of seconds that the dynamic burst size calculation will last for. This allows the traffic to be throttled at the negotiated rates.

Peak Burst Size (bytes)

The peak burst size allowed, in bytes, for the downlink direction and QoS class.

Guaranteed Burst Size (bytes)

The guaranteed burst size allowed, in bytes, for the downlink direction and QoS class.

Exceed Action

The action to be taken on packets that exceed the committed data rate, but do not violate the peak data rate. The action could be one of the following:

  • Drop
  • Lower IP Precedence
  • Transmit

Violate Action

The action to be taken on packets that exceed both committed and peak data rates. The action could be one of the following:

  • Drop
  • Lower IP Precedence
  • Shape
  • Transmit

QoS Uplink Traffic Policing

QCI

A scalar that denotes a set of transport characteristics and used to infer nodes specific parameters that control packet forwarding treatment.

Peak Data Rate

The peak data rate allowed, in bytes, for the uplink direction and QoS traffic class.

Committed Data Rate

The committed data rate allowed, in bytes, for the uplink direction and QoS traffic class.

Negotiate Limit

Indicates whether negotiation limit is enabled or disabled for the uplink direction and Qos traffic class.

Rate Limit

Indicates whether the rate limit is enabled or disabled for the uplink direction and Qos traffic class.

Burst Size Auto Readjust

Indicates whether the auto readjustment of burst size is enabled or disabled. This parameter is used in dynamic burst size calculation, for traffic policing, at the time PDP.

Burst Size Auto Readjust Duration

The burst size readjustment duration in seconds. This parameter indicates the number of seconds that the dynamic burst size calculation will last for. This allows the traffic to be throttled at the negotiated rates.

Peak Burst Size (bytes)

The peak burst size allowed, in bytes, for the uplink direction and QoS class.

Guaranteed Burst Size (bytes)

The guaranteed burst size allowed, in bytes, for the uplink direction and QoS class.

Exceed Action

The action to be taken on packets that exceed the committed data rate, but do not violate the peak data rate. The action could be one of the following:

  • Drop
  • Lower IP Precedence
  • Transmit

Violate Action

The action to be taken on packets that exceed both committed and peak data rates. The action could be one of the following:

  • Drop
  • Lower IP Precedence
  • Shape
  • Transmit


 

Viewing Additional Characteristics of an APN

To view additional characteristics of an APN:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > APN Container > APN.

Step 3blank.gif Expand the APN node. The following list of characteristics configured for the APN are displayed:

    • Charging Characteristics—Charging characteristics configured on the APN for different subscribers.
    • DHCP—Dynamic Host Control Protocol (DHCP) parameter configured, if the APN supports dynamic address assignment for PDP contexts.
    • GSM-QoS—Represents the negotiated QoS attribute reliability class based on the configuration provided for service data unit (SDU) error ratio and residual bit error rate (BER) attributes in the APN.
    • IP Parameters—Represents the APN parameters related to IP.
    • IPv6—Represents IPv6 configurations and related services for the APN.
    • Mediation Device—Represents the mediation device used by the APN for communication with the subscriber.
    • Mobile IP—Represents mobile IP configuration of the APN.
    • Net BIOS—Represents the NetBIOS server configuration used by the APN.
    • PDP Contexts Parameters—Represents the PDP contexts supported by the APN.
    • PPP Profile—Represents the PPP profile used by the APN.
    • RADIUS—Represents the APN parameters related to communication with the RADIUS server.
    • Timeout—Represents the timeout parameters of the APN.
    • Tunnel Parameters—Represents the parameters configured for tunneling between the GGSN and an external gateway for the APN.
    • DNS Configuration—Represents the Domain Name System (DNS) settings configured on the APN.

Step 4blank.gif Click each of one of these characteristics to view its properties on the right pane. See Table 27-11 for more details on the properties of each characteristics configured for the APN.

 

Table 27-11 APN Characteristics

Field
Description

Charging Characteristics

Home Bit Behavior

The behavior bit for charging a home subscriber.

Home Profile

The profile index for a home subscriber.

Roaming Bit Behavior

The behavior bit for charging a roaming subscriber.

Roaming Profile

The profile index for a roaming subscriber.

Visiting Bit Behavior

The behavior bit for charging a visiting subscriber.

Visiting Profile

The profile index for a visiting subscriber.

All Bit Behavior

The behavior bit for charging all subscribers. This value is used only if all subscribers are configured to use the same charging characteristics. This value is overridden by the behavior bit set for a subscriber type.

All Profile

The profile index for all subscribers.

Use GGSN

The type of the subscriber using the charging characteristics configured on the APN. Value could be Home, Roaming, Visitor, or None. None indicates that the subscriber is using the charging characteristics from the SGSN.

Use RADIUS Returned

Specifies whether the GGSN accepts charging characteristics returned from the RADIUS server for all subscribers for the APN. Value could be True or False.

DHCP

Lease Expiration Policy

The action taken when leases for IP addresses assigned to PDP contexts that are facilitated by the APN, are about to expire. For example, auto renew.

GSM-QoS

SDU Error Ratio Code

The SDU error ratio code based on which the negotiation of QoS attribute reliability class needs to be configured on the APN. Value is an integer between the range 1 and 7. Each code has an assigned value.

Residual BER Code

The residual bit error rate (BER) based on which the negotiation of QoS attribute reliability class needs to be configured on the APN. This value is specified if the SDU error ratio code is 1, 2, 3, or 7.

Residual BER code is an integer in the range 1 and 9. Each code has an assigned value.

IP Parameters

In Access Group

The name of the IPv4/IPv6 access group for the APN when configured for inbound traffic.

Out Access Group

The name of the IPv4/IPv6 access group for the APN when configured for outbound traffic.

Local Address

The static local IP address assigned to the APN.

Next Hop Gateway Address

The IP address of the next hop gateway for the APN. This parameter is available only if it is configured on the APN.

Is Discard Enabled

Specifies whether multicast discard is enabled or disabled. Value could be True or False.

IPv6

Inbound Access Group Name

The name of the IPv6 access group for the APN when configured for inbound traffic.

Outbound Access Group Name

The name of the IPv6 access group for the APN when configured for outbound traffic.

Router Advertisement Interval

The time interval (in milliseconds) the initial IPv6 router advertisement is sent to the mobile node. Value is an integer in the range 100 and 16,000. Smaller the advertisement interval greater is the chance of the router being discovered quickly.

Router Advertisement Number

The number of initial IPv6 router advertisements sent to the mobile node. Value is an integer in the range of 1 and 16.

Prefix Pool Name

The name of the IPv6 address prefix pool configured for the subscriber. You can configure upto a maximum of four pools per subscriber.

Egress Address Filtering

Specifies whether filtering of packets not meant for the mobile interface, is enabled or disabled.

Mediation Device

Mediation Accounting Enabled

Indicates whether mediation accounting is enabled or disabled.

No Early PDUs

Indicates whether protocol data units (PDUs) must be delayed or not until a response to the GGSN's accounting start request is received from the mediation device. If No Early PDUs is ‘true’, the chassis does not send any uplink or downlink data from or to a MS, until it receives a command from the mediation device.

No Interims

Indicates whether radius interim updates are sent to the mediation device or not for the APN for radius accounting.

Delay GTP Response

Indicates whether the GTP response must be delayed or not. If this value is ‘true’, the GTP response is delayed and is sent to the SGSN only if the AAA server is up. If the value is ‘false’, the subscriber will be connected to the SGSN even if the AAA server is down.

Mobile IP

Home Agent

The IP address of the home agent (HA) used by the current APN to facilitate subscriber mobile IP sessions.

Mobile Node Home Agent SPI

The mobile node Security Parameter Index (SPI) configured for the APN. Value is an integer between 256 and 4294967295.

Mobile Node Home Agent Hash Algorithm

The encryption algorithm used (if any) by the APN for security.

Mobile Node AAA Removal Indication

Specifies whether the system is configured to remove various information elements when relaying registration request (RRQ) messages to HA. Value could be Enabled or Disabled.

Net BIOS

Primary NBNS Address

Primary service address of the NetBIOS server.

Secondary NBNS Address

Secondary service address of the NetBIOS server.

PDP Contexts Parameters

Total Contexts

The total number of primary and secondary PDP contexts that can be supported by the APN. Value is an integer between 1 and 4,000,000.

PDP Type

The type of the PDP contexts supported by the APN.

Primary Contexts

The status of the primary contexts of the APN.

PPP Profile

Data Compression Protocols

The compression protocol used by the APN for compression of data packets.

Keep Alive

The frequency (in seconds) of sending the Link Control Protocol (LCP) keep alive messages. A value zero denotes that the keep alive messages are disabled completely.

Data Compression Mode

The compression mode used by the compression protocol which could be:

  • Normal—Packets are compressed using the packet history.
  • Stateless—Each packet is compressed individually.

MTU (bytes)

The maximum transmission unit (MTU) for packets accessing the APN.

Min. Compression Size (bytes)

The smallest packet to which compression may be applied.

RADIUS

RADIUS Group

The Authentication, Authorization, and Accounting (AAA) group name for the subscriber. If no group is set, the value is displayed as Default.

RADIUS Secondary Group

The secondary AAA group for the APN. If no group is set, the value is displayed as None.

Returned Framed IP Address Policy

The policy which indicates whether to accept or reject a call when the RADIUS server supplies 255.255.255.255 as the framed IP address and when the MS does not supply an IP address.

Timeout

Absolute

Absolute timeout of a session, in seconds, for the APN.

Idle

Maximum duration, in seconds, after which the system considers the session as dormant or idle and invokes the long duration timer action.

Long Duration

Maximum duration, in seconds, before the system automatically reports or terminates the session. This is the maximum duration before the specified timeout action is activated for the session.

Long Duration Inactivity

Maximum duration, in seconds, before the session is marked as dormant.

Emergency Inactivity

Timeout duration, in seconds, to check inactivity on the emergency session.

Idle Activity Downlink State

Indicates whether the system must ignore the downlink traffic to consider as activity for idle-timeout. Only uplink packets will be able to reset the idle-timeout.

MBMS Bearer Absolute

Maximum time a Multimedia Broadcast and Multicast Server (MBMS) bearer can exist in active or idle state.

MBMS Bearer Idle

Maximum time an MBMS bearer context can be idle.

MBMS UE Absolute

Session timeout value for the MBMS user equipment.

IPv6 Init Solicit Wait

IPv6 initial router solicit wait timeout.

Long Duration Action Type

The action taken on long duration sessions. For example, the system performs any of the following actions:

  • Detects a long duration session and sends an SNMP trap and CORBA notification.
  • Disconnects the session after sending an SNMP trap and CORBA notification.
  • Suppresses the SNMP trap and CORBA notification after detecting and disconnecting long duration session.

Tunnel Parameters

Address Policy

The address allocation / validation policy for all tunneled calls except Layer 2 Tunneling Protocol (L2TP) calls.

Peer Load Balancing

The algorithm that defines how the tunnel peers are selected by the APN when multiple peers are configured in the APN.

DNS Configuration

Primary DNS Address

The primary DNS server for the APN.

Secondary DNS Address

The secondary DNS server for the APN.


 

APN Commands

The following commands can be launched from the inventory by right-clicking an APN and choosing Commands > Configuration. You can preview a command before executing it, or schedule it to run at a later time. You may be prompted to enter your device access credentials while executing a command.

Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs. (You can also add support for new commands by downloading and installing Prime Network Device Packages (DPs); see the Cisco Prime Network 5.2 Administrator Guide.)

 

Table 27-12 APN Commands

Command
Navigation
Description

Create QoS to DSCP Mapping

Right-click the APN node > Commands > Configuration

Use this command to create the mapping between QoS and DSCP.

Create Virtual APN

Use this command to create a virtual APN.

Delete APN

Use this command to delete an APN profile.

Modify APN

Use this command to delete an APN profile.

Working with GPRS Tunneling Protocol Prime (GTPP)

GPRS Tunneling Protocol Prime (GTPP) is used for communicating accounting messages to CGs. Enhanced Charging Service (ECS) supports different accounting and charging interfaces for prepaid and postpaid charging and record generation. GTPP accounting in ECS allows the collection of counters for different types of data traffic including the data in a GGSN CDR (G-CDR) that is sent to the CGF.

GTPP performs the following functions:

  • Transfers CDRs between the Charging Data Function (CDF) and CGF.
  • Redirects CDRs to another CGF.
  • Advertises to peers about its CDR transfer capability; for example, after a period of service down time.
  • Prevents duplicate CDRs that might arise during redundancy operations. The CDR duplication prevention function is carried out by marking potentially duplicated CDR packets, and delegating the final duplicate deletion task to a CGF or the billing domain, instead of handling the possible duplicates solely by GTPP messaging.

Prime Network provides support on gathering the GTPP accounting setup details that are configured in the mobile gateway for transferring the different types of CDRs from charging agent to a GTPP server or accounting server.

GTPP is configured within the accounting context of an APN and is also used by GGSN, P-GW, and S-GW to transmit CDRs to CGF.

The following topics provide details on how to work with GTPP in the Vision client:

Viewing GTPP Properties

the Vision client displays the GTPPs in a GTPP container under the Mobile node in the logical inventory. The icon used for representing GTPPs in the logical inventory is explained in NE Logical Inventory Icons.

To view GTPP properties:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > GTPP Container.

The Vision client displays the list of GTPP groups configured under the container. You can view the individual GTPP group details from the table on the right pane or by choosing Logical Inventory > Context > Mobile > GTPP Container > GTPP Group.

Table 27-13 describes the details available for each GTPP group.

 

Table 27-13 GTPP Properties in Logical Inventory

Field
Description

Group Name

Name of the GTPP group.

CDR Storage Mode

Storage mode for CDRs, which could be Local or Remote.

CDR Timeout

Maximum amount of time the system waits for a response from the CGF before assuming the packet is lost.

CDR Max Retries

Number of times the system attempts to a CGF that is not responding.

Max CDR Size (bytes)

Maximum payload size of the GTPP packet.

Max CDR Wait Time

Maximum payload size of the GTPP packet. The payload includes the CDR and the GTPP header.

Max CDRs in Message

Maximum number of CDRs allowed in a single packet.

Recover Files Sequence Number

Indicates whether recovery of file sequence number is enabled or not. If enabled, everytime the machine is rebooted, the file sequence number continues from the last sequence number.

Data Request Start Sequence Number

The starting sequence number to be used in the GTPP data record transfer (DRT) record.

Start File Sequence Number

Starting value of the file sequence number.

Source Port Validation

Indicates whether port checking is enabled or disabled for node alive/echo/redirection requests from the CGF.

Dictionary

Dictionary supported by the GTPP group.

Suppress Zero Volume CDRs

Suppress the CDRs with zero byte data count under GTPP group.

Data Record Version Format

Specifies the data record version format.

Accounting Server

Group

GTPP group, in which the accounting server is configured.

Context Name

Name of the context, in which the CGF is configured.

Primary Accounting Server Address

IPv4 or IPv6 address of the CGF.

Port

UDP port over which the GGSN communicates with the CGF.

State

Status of the CGF, which could be Active or Inactive.

Priority

Relative priority of the CGF. This priority determines which CGF server to send the accounting data to.


 

Viewing Additional Characteristics of a GTPP

To view additional characteristics of a GTPP:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > GTPP Container > GTPP.

Step 3blank.gif Expand the GTPP node. The following list of characteristics configured for the GGSN are displayed:

Step 4blank.gif Click each of one of these characteristics to view its properties on the right pane. See Table 27-14 for more details on the properties of each characteristics configured for the GTPP.

Table 27-14 GTPP Characteristics

Field
Description
Accounting Server Failure Detection

Detect Dead Server Consecutive Failures

Number of failures that could occur before marking a CGF as dead (down).

Dead Server Suppress CDRs

Indicates whether suppression of CDRs is enabled or disabled when the GTPP server is detected as dead or unreachable.

Dead Time

Maximum duration, in seconds, before marking a CGF as dead on consecutive failures.

Echo Timeout

The amount of time that must elapse before the system attempts to communicate with a CGF that was previously unreachable.

Echo Max Retries

Number of times the system attempts to communicate with a GTPP backup storage server that is not responding.

Redirection Allowed

Indicates whether redirection of CDRs is allowed or not, when the primary CGF is unavailable.

Duplicate Hold Time Minutes

Number of minutes to hold on to CDRs that may be duplicates, when the primary CGF is down.

CDR Attributes Indicator

Indicators

Indicates whether the following CDR attributes are enabled or not:

  • PDP Type
  • PDP Address
  • Dynamic Flag
  • Diagnostics
  • Node ID
  • Charging Characteristic Selection Mode
  • Local Record Sequence Number
  • MSISDN
  • PLMN ID
  • PGW PLMN ID
  • IMEI
  • RAT
  • User Location Information
  • List of Service Data
  • Served MNAI
  • Start Time
  • Stop Time
  • PDN Connection ID
  • Served PDP PDN Address Extension
  • Duration
  • SGW IPv6 Address
  • PGW IPv6 Address
  • SNA IPv6 Address
  • QOS Max Length
  • Record Type (SaMOG)
  • APN AMBR Present
  • Sponsor ID
  • SGSN Change Present
  • Dynamic Address Flag Extension Present
  • TWAN User Location Information Present
  • User CSG Information Present
  • Served PDP PDN Address Prefix Length Present
  • IMSI Unauthenticated Flag Present

Indicators

  • Low Access Priority Indicator
  • Direct Tunnel Present
  • Furnish Charging Information Present
  • APN Selection Mode Present
  • PCO NAI Present
  • MS Timezone Present
CDR Triggers

Triggers

Indicates whether the following CDR triggers are enabled or not:

  • Volume Limit
  • Time Limit
  • Tariff Time Change
  • Serving Node Change Limit
  • Intra SGSN Group Change
  • Inter PLMN SGSN Change
  • EGCDR Max LOSDV Limit
  • QOS Change
  • RAT Change
  • On RAT Change Generate
  • MS Timezone Change
  • Direct Tunnel
  • Cell Update
  • PLMN ID Change
  • Dcca
  • Service Idle Out
  • ULI Change
  • APN AMBR Change
Charging Agent

IP Address

IP address of the charging agent.

Port

Port of the charging agent.

EGCDR Data Generation Configuration

Service Interval

The volume octet counts for the generation of the interim eG-CDRs to service data flow container in flow-based charging (FBC).

Service Idle Timeout

Time interval, in seconds, to close the eG-CDR, if the minimum time duration thresholds for service data flow containers are satisfied in FBC.

Delete Service Thresholds

Configured threshold in eG-CDR to be deleted in the service.

Include All LOSDVs

Indicates whether all content IDs are included in the final eG-CDR or not.

LOSDV Max Containers

Maximum number of List of Service Data Volume (LoSDV) containers in one eG-CDR.

LOTDV Max Containers

Maximum number of List of Service Data Volume (LoSDV) containers in one eG-CDR.

Closing Cause Unique

Indicates whether the same closing cause needs to be included for multiple final eG-CDRs or not.

Cause For Record Closing Normal Release

Indicates whether the cause for record closing normal release is enabled or disabled.

Local Storage

File Format

File format to store CDRs.

File Compression

Type of compression used on CDR files stored locally. None indicates that file compression is disabled.

File Rotation Time Interval

Time duration, in seconds, after which CDR file rotation happens.

File Rotation Volume Limit (MB)

Volume of CDR file, in MB, after which CDR file rotation happens.

File Rotation CDR Count

Number of CDRs to include in a CDR file after which CDR file rotation happens.

Force File Rotation by Time Interval

Indicates whether file rotation is forced or not. If this is enabled, the system is forced to do a file rotation at specified interval, even if there are no CDRs generated.

Purge Processed Files

Indicates whether processed files must be processed or not.

File Transfer Mode

Mode of file transfer for the GTPP service.

MBMS CDR Triggers

Interval

Specifies the normal time duration that must elapse before closing an accounting record provided that any or all of the following conditions are satisfied:

  • Down link traffic volume is reached within the time interval
  • Tariff time based trigger occurred within the time interval
  • Data volume (uplink and downlink) bucket trigger occurred within the time interval

Buckets

Total number of data buckets configured for MBMS CDR trigger service.

Storage Server

IP Address

IP address of the backup storage server.

Port

UDP port number over which the GGSN communicates with the backup storage server.

Timeout

Maximum amount of time, in seconds, the system waits for a response from the GTPP backup storage server before assuming the packet is lost.

Max Retries

Number of times the system attempts to communicate with a GTPP backup storage server that is not responding.


 

GTPP Commands

The following GTPP-related commands can be launched from the inventory by right-clicking a GTPP and choosing Commands > Configuration or Commands > Show. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-15 GTPP Commands

Command
Navigation
Description

Create CGF

Right-click the GTPP group > Commands > Configuration

The Charging Gateway Function (CGF) listens to GTP' messages sent from the GSNs on TCP/UDP port 3386. The core network sends charging information to the CGF, typically including PDP context activation times and the quantity of data which the end user has transferred. However, this communication which occurs within one network is less standardized and may, depending on the vendor and configuration options, use proprietary encoding or even an entirely proprietary system.

Use this command to create a new CGF.

Create Storage Server

The GTPP Storage Server (GSS) provides an external management solution for the bulk storage of Charging Data Records (CDRs) coming from a GPRS Support Node (GSN) in a GPRS/UMTS network.

Use this command to create a storage server.

Modify Storage Server

Right-click the GTPP group > Storage Server

Use this command to modify storage server configuration details.

Delete Storage Server

Use this command to delete a storage server.

Delete CGF

Right-click the GTPP group > Commands > Configuration

Use this command to delete a CGF.

Delete GTPP

Use this command to delete a GTPP.

Modify CGF

Use this command to modify CGF configuration details.

Modify GTPP

Use this command to modify GTPP configuration details.

Show CGF

Right-click the GTPP group > Properties. In the GTPP Group Container Properties window, right-click a GTPP Group name and then choose Commands > Show > Show CGF

Use this command to view and confirm CGF configuration details.

Working with the Evolved GPS Tunneling Protocol (eGTP)

Evolved GPRS Tunneling Protocol (EGTP) formulates the primary bearer plane protocol within an LTE/EPC architecture. It provides support for tunnel management including handover procedures within and across LTE networks.

This topic contains the following sections:

Viewing eGTP Properties

The Vision client displays the EGTPs in an EGTP container under the Mobile node in the logical inventory. The icon used for representing EGTPs in the logical inventory is explained in NE Logical Inventory Icons.

To view EGTP properties:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > EGTP Container.

The Vision client displays the list of EGTPs configured under the container. You can view the individual EGTP details from the table on the right pane or by choosing Logical Inventory > Context > Mobile > EGTP Container > EGTP.

Table 27-16 describes the details available for each EGTP.

 

Table 27-16 EGTP Properties in Logical Inventory

Field
Description

Service Name

Name of the EGTP service.

Status

Status of the EGTP service.

Message Validation Mode

Mode of message validation for the EGTP service.

Interface Type

Interface type for the EGTP service.

DBcmd When MBreq Pending

Indicates collision handling of DBcmd when MBreq is pending. When No is specified as a Default option, then MB req is aborted and handles DBcmd.

Restart Counter

Restart counter value for the EGTP service.

Max Remote Restart Counter Change

Specifies the counter change after which the P-GW will detect a peer restart. A peer restart is detected only if the absolute difference between the new and old restart counters is less than the value configured.

GTPC Retransmission Timeout

Control packet retransmission timeout for a EGTP service.

GTPC Max Request Retransmissions

Maximum number of request retransmissions for a EGTP service.

GTPC IP QoS DSCP Value

The IP QoS DSCP value for a EGTP service.

GTPC Echo

Indicates whether GTPC echo is configured for the EGTP service or not.

GTPC Echo Interval

GTPC echo interval for a EGTP service.

GTPC Echo Mode

GTPC echo mode, which could be Dynamic or Default.

GTPC Path Failure Detection Policy Echo Timeout

Shows that Path failure is detected when the retries of echo messages times out.

Associated GTPU Service Name

Displays an associated GTPU service for the selected EGTP service.

GTPC Session Uniqueness

Enabled or disabled.

When enabled, populates and sends origination timestamp and maximum wait time private extensions in CSReq towards PGW.

GTPC Path Failure Detection Policy Echo Restart Counter Change

Shows that Path failure is detected when the restart counter in echo request or response message changes.

GTPC Path Failure Detection Policy Echo Control Restart Counter Change

Shows that Path failure is detected when the restart counter in control request or response message changes.

GTPC Echo Retransmission Timeout

Displays the echo retransmission timeout for EGTP service in seconds. The ranges are from 1 to 20. Default value is 5.

GTPC Echo Max Retransmission

Displays maximum retries for GTP echo request. Must be followed by integer, ranging from 0 to 15.


 

eGTP Commands

The following eGTP commands can be launched from the inventory by right-clicking an EGTP and choosing Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-17 EGTP Commands

Command
Navigation
Description

Modify EGTP

Right-click the EGTP group > Commands > Configuration

Use this command to modify EGTP configuration details.

Delete EGTP

Use this command to delete the EGTP.

Monitoring the Serving GPRS Support Node (SGSN)

The Serving GPRS Support Node (SGSN) is a very important component of the GPRS network. It is responsible for handling the delivery of data from and to the mobile nodes within its geographical service area, such as packet routing and transfer, mobility management, and authentication of users.

Along with the Radio Access Network (RAN) and Gateway GPRS Support Node (GGSN), the SGSN:

  • Communicates with the Home Location Registers (HLR) via a Gr interface and with the mobile Visitor Location Registers (VLR) via a Gs interface to register a subscriber’s equipment or authenticate, retrieve and update the subscriber’s profile information.
  • Supports Gd interface to provide short message service (SMS) and other text-based network services to subscribers.
  • Activates and manages IPv4, IPv6 or point-to-point (PPP) type packet data protocol (PDP) contexts for a subscriber session.
  • Manages the data plane between the RAN and GGSN providing high speed data transfer with configurable GEA0-3 ciphering.
  • Provides mobility management, location management, and session management for the duration of call to ensure smooth handover.
  • Provides different types of charging data records (CDR) to attached accounting or billing storage mechanisms
  • Provides Communications Assistance for Law Enforcement Act (CALEA) support for lawful intercepts.

Viewing the SGSN Configuration Details

To view the SGSN configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > SGSN. The SGSN services configured in Prime Network are displayed in the content pane as shown in the following figure.

 

370039.tif

Step 3blank.gif Under the SGSN node, choose an SGSN service. The SGSN service details are displayed in the content pane.

Table 27-18 describes the SGSN service details.

 

Table 27-18 SGSN Service Details

Field
Description

Service Name

The unique name of the SGSN service.

note.gif

Noteblank.gif You can configure only one SGSN service for a chassis.


Status

The status of the SGSN service, which can be any of the following:

  • Unknown
  • Initiated
  • Running
  • Down
  • Started
  • Not Started

SGSN Number

The phone number that is associated with the SGSN service.

Core Network ID

The network code that identifies the core network to connect the SGSN service.

Associated SGTP Service

The name of the STGP service and its context associated to the SGSN service. This service is represented in the following format:

<SGTP Service Nameplate Service Context>

Associated MAP Service

The name of the Mobile Application Part (MAP) service and its context that is associated to the SGSN service. This service is represented in the following format:

<MAP Service Name>@<MAP Service Context>

note.gif

Noteblank.gif MAP is an SS7 protocol that provides an application layer for the various nodes in GSM and UMTS mobile core networks and GPRS core networks to communicate with each other in order to provide services to mobile phone users. It is an application-layer protocol used to access SGSN service.


Associated HSS Service

The name of the Home Subscriber Server (HSS) service and its context that is associated to the SGSN service. This service is represented in the following format:

<HSS Service Name>@<HSS Service Context>

Associated IuPS Service

The name of the IuPS service and its context that is associated to the SGSN service. This service is represented in the following format:

<IuPS Service Name>@<IuPS Service Context>

note.gif

Noteblank.gif The interface between the RNC and the Circuit Switched Core Network (CS-CN) is called Iu-CS and between the RNC and the Packet Switched Core Network is called Iu-PS


Associated Gs Service

The name of Gs service and its context that is associated to the SGSN service. This service is represented in the following format:

<Gs Service Name>@<Service Context>

Associated CAMEL Service

The name of the Customized Application for Mobile Network Enhanced Logic (CAMEL) service and its context. This service is represented in the following format:

<CAMEL Service Name>@<CAMEL Context>

Max Simultaneous PDP Contexts

The maximum number of simultaneous Packet Data Protocol (PDP) contexts per mobile station. This number can be any value between 2 and 11.

Offload T3312 Timeout

The amount of time (in seconds) for sending period RAUs to the mobile station. This time can be any value between 2 and 60.

Override LAC for LI

The Location Area Code (LAC) that is associated with the SGSN service at the time of record opening.

Override RAC for LI

The Routing Area Code (RAC) that is associated with the SGSN service at the time of record opening.

Dns Israu MCC-MNC-Encoding

The format of the MCC and MNC values in the DNS query sent during the Inter-SGSN RAU (ISRAU), which can be any one of the following:

  • decimal
  • hexadecimal

Accounting CDR Types

The type of accounting Call Detail Record (CDR) configured for the SGSN service, which can be any one of the following:

  • MCDR
  • SCDR
  • SMS MO_CDR
  • SMS MT_CDR
  • SMBMSCDR
  • LCS MT_CDR
  • no accounting cdr-types
  • Unknown

Multiple CDR types may be configured for a SGSN service. In such cases, the types are separated by a comma and displayed here.

Clear Subscription Data

Indicates whether the SGSN service will clear subscriber contexts and the subscription database for the attached subscribers whenever the clear subscribers all command is issued.

Detach Type IE

The instruction that is included in the Detach-Request message during the Admin-Disconnect procedure, which can be any one of the following:

  • Reattach-Required
  • Reattach-Not-Required
  • Unknown

Gf Timeout Action

The action to be taken by the SGSN service when a response is not received from the Equipment Identify Register (EIR) even though a valid EIR configuration exists under the MAP service and the route to the EIR is available. Any one of the following actions is applicable:

  • Continue
  • Reject

Gf Failure Action

The action to be taken by the SGSN service when the EIR is temporarily inaccessible even though a valid EIR configuration exists under the MAP service, which can be any one of the following:

  • Continue
  • Reject

Reporting Action Event Record

Indicates whether the SGSN service is allowed to enable GGM/SM event logging for 3G services.

Network Global MME ID Management DB

Indicates whether the SGSN service is associated to the Network Global MMEID Management Database, which in turn is configured on the LTE policy.

Tai Management DB

Indicates whether the SGSN service is associated to the Tai Management Database, which in turn is configured on the LTE policy.

LCS Service

The name of the LCS service associated with the SGSN service.

NRI Values tab

NRI Value

The MS assigned value of the Network Resource Identifier (NRI) to retrieve from the P-TSMI, which is used to identify a SGSN service in a pool.

note.gif

Noteblank.gif This value is unique across all pools.


Connecting

Indicates whether the SGSN service will offload subscribers by sending either a “Attach Request” or “RAU Request” message for the corresponding NRI value.

Activating

Indicates whether the SGSN service will offload subscribers by sending an “Activate Request” message for the corresponding NRI value.

Profiles tab

Profile No.

The type of billing, which can be any one of the following:

  • 1—Hot billing
  • 2—Flat billing
  • 4—Prepaid billing
  • 8—Normal billing
  • All other profiles from 0-15 are customized billing types.

Buckets

Denotes container changes in the Call Detail Record (CDR).

Down Link Octets

The downlink traffic volume of the bucket.

Up Link Octets

The uplink traffic volume of the bucket.

Total Octets

The total traffic volume of the bucket.

Intervals tab

Profile No.

The type of billing.

No. of SGSNs

The number of changes to the SGSN (inter-SGSN switchovers) resulting in a new Routing Area Identity (RAI) that can occur before closing an accounting record.

Interval

The amount of time (in seconds) that must elapse before closing an accounting record.

Down Link Octets

The downlink traffic volume reached within the time interval.

Up Link Octets

The uplink traffic volume reached within the time interval.

Total Octets

The total traffic volume reached within the time interval.

Tarrifs tab

Profile No.

The type of billing.

Time (1 - 6)

The time-of-day values at different times in a day, which is required to close the current statistics container.


 

SGSN Commands

The following SGSN commands can be launched from the logical inventory by right-clicking a SGSN service and choosing Context > Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-19 SGSN Commands

Command
Navigation
Description

Modify SGSN

Right-click the SGSN service > Commands > Configuration

Use this command to modify the SGSN service.

Delete SGSN

Use this command to delete the SGSN service.

Create Target NRI

Use this command to create Target NRI.

Show SGSN

Right-click the SGSN service > Commands > Show

Use this command to view details of the selected SGSN service.

Modify Profile

SGSN service > Profiles Tab > Right-click the profile > Commands > Configuration

Use this command to modify the profile details.

Modify Tariff

SGSN service > Tariffs Tab > Right-click the profile > Commands > Configuration

Use this command to modify the tariff details.

Modify Interval

SGSN service > Intervals Tab > Right-click the profile > Commands > Configuration

Use this command to modify the interval details.

Modify NRI Values

SGSN service > right-click the NRI Values > Commands > Configuration

Use this command to modify NRI value details.

Modify NRI Properties

SGSN service > right-click the NRI Properties > Commands > Configuration

Use this command to modify NRI property details.

Modify Target NRI

SGSN service > Target NRI Tab > right-click the Target NRI Table > Commands > Configuration

Use this command to modify Target NRI details.

Delete Target NRI

Right-click the SGSN service > Commands > Configuration

Use this command to delete Target NRI details.

Viewing SGSN Service Properties

You can also view the following configuration details for SGSN service:

  • GPRS Mobility Management—GPRS Mobility Management (GMM) is a GPRS signaling protocol that handles mobility issues such as roaming, authentication, and selection of encryption algorithms. GPRS Mobility Management, together with Session Management (GMM/SM) protocol support the mobility of user terminal so that the SGSN can know the location of a mobile station (MS) at any time and to activate, modify and deactivate the PDP sessions required by the MS for the user data transfer. See GPRS Mobility Management Properties.
  • NRI Properties—The Network Resource Identifier (NRI) identifies the specific CN node of the pool. The UE derives the NRI from TMSI, P-TMSI, IMSI or IMEI. See NRI Properties.
  • Session Management Properties—The SGSN service performs comprehensive session management, including context activation, modification, deactivation, and preservation. It also provides support for IPv4, IPv6, and PPP PDP context types. In addition, the SGSN's intelligent PDP context preservation feature facilitates efficient radio resource utilization. See Session Management Properties.

GPRS Mobility Management Properties

To view the GPRS Mobility Management details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > SGSN > GPRS Mobility Management. The GPRS mobility details are displayed in the content pane.

Table 27-20 describes the SGSN service details.

 

Table 27-20 GPRS Mobility Management Details

Field
Description

Max Identity Retries

The maximum number of retransmissions allowed for identity requests. In other words, it relates to the number of retransmissions allowed before failure of the request. This number can be any value between 1 and 10.

Max Page Retries

The maximum number of retransmissions allowed for page requests. In other words, it relates to the number of retransmissions allowed before failure of the request. This number can be any value between 1 and 5.

Max PTMSI Reloc Retries

The maximum number of retransmissions allowed for P-TMSI relocation procedure. In other words, it relates to the number of retransmissions allowed before failure of the P-TMSI relocation procedure. This number can be any value between 1 and 10.

Perform Identity After Auth

Indicates whether the SGSN service is allowed to perform an identity check to ascertain the IMSI after an authentication failure on a P-TMSI message.

TRAU Timeout

The amount of time (in seconds) that the SGSN service must wait to purge the mobile station's data.This timer is started by the SGSN service after completion of the inter-SGSN RAU.

T3302 Timeout

The amount of time (in minutes) the SGSN service must wait to attach the GPRS or RAU procedure on the mobile station node before retransmitting the message again. This time can be any value between 1 and 186.

T3312 Timeout

The amount of time (in minutes) the SGSN service must wait to initiate the RAU procedure on the network before retransmitting the message again. This time can be any value between 1 and 186.

T3313 Timeout

The amount of time (in seconds) the SGSN service must wait to initiate the GPRS on the network before retransmitting the message again. This time can be any value between 1 and 60.

T3322 Timeout

The amount of time (in seconds) the SGSN service must wait to detach the GPRS on the network before retransmitting the message again. This time can be any value between 1 and 20.

T3350 Timeout

The amount of time (in seconds) the SGSN service must wait to accept the GPRS attach request, RAU attach request, or reallocation request sent with the P-TSMI/TSMI on the network. This time can be any value between 1 and 20.

T3360 Timeout

The amount of time (in seconds) the SGSN service must wait to guard the authentication or cipher request on the network before retransmitting the message again. This time can be any value between 1 and 20.

T3370 Timeout

The amount of time (in seconds) the SGSN service must wait for the identity request before retransmitting the message again. This time can be any value between 1 and 20.

Mobile Reachable Timeout

The amount of time (in minutes) the SGSN service must wait to reach a mobile station on the network before retransmitting the message again. This time can be any value between 4 and 4400.

Implicit Detach Timeout

The amount of time (in seconds) the SGSN service must wait for the implicit detach procedure on the network before retransmitting the message again. This time can be any value between 1 and 3600.

Purge Timeout

The amount of time (in minutes) the SGSN service must wait to detach the mobility management context on the network before retransmitting the message again. This time can be any value between 1 and 20160.

Page Delta Timeout

The page delta timeout associated with the SGSN service.

 


 

GPRS Mobility Management Commands

The following GPRS mobility management commands can be launched from the logical inventory by clicking SGSN > Right-clicking on GPRS Mobility Management > Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-21 GPRS Mobility Management Commands

Command
Navigation
Description

Modify GPRS Mobility Management

SGSN > Right-click on GPRS Mobility Management > Commands > Configuration

Use this command to modify the GPRS mobility management details.

NRI Properties

To view the NRI Properties for an SGSN service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > SGSN > NRI Properties. The NRI properties are displayed in the content pane.

Table 27-22 describes the NRI Properties details.

 

Table 27-22 NRI Properties Details

Field
Description

NRI Length

The number of bits to be used in P-TMSI to define the NRI, which can be any number between 1 and 6. This length also determines the maximum size of the pool. If you do not configure a length for the NRI, then the default value of zero is considered to be the NRI’s length.

NRI Null Value

The value of the null NRI, which is unique across all pool areas. If the NRI null value is 0, it indicates that the keyword is not used. Any value between 1 and 63 is used to identify the SGSN service that is to be used for offloading procedure for SGSN pooling.

Non Broadcast MCC

The country code of the mobile, which is basically the first part of the PLMN ID. This code can be any value between 100 and 999.

Non Broadcast MNC

The network code portion of the PLMN ID. This code must be a 2 or 3 digit value between 1 and 999.

Non Broadcast LAC

The location area code associated with an RNC. This code must be any value between 1 and 65535.

Non Broadcast RAC

The remote area code associated with an RNC. This code can be any value between 1 and 255.


 

Session Management Properties

To view the Session Management properties for an SGSN service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > SGSN > Session Management Properties. The Session Management properties are displayed in the content pane.

Table 27-23 describes the Session Management Properties details.

 

Table 27-23 Session Management Properties Details

Field
Description

Max Activate Retries

The maximum number of retries to activate PDP context, which can be any value between 1 and 10.

Max Modify Retries

The maximum number of retries to modify the PDP context, which can be any value between 1 and 10.

Max Deactivate Retries

The maximum number of retries to deactivate PDP context, which can be any value between 1 and 10.

T3385 Timeout

The amount of time (in seconds) to wait for a network initiated activate request before it is retransmitted again. This time can be any value between 1 and 60.

T3386 Timeout

The amount of time (in seconds) to wait for a network initiated modify request before it is retransmitted again. This time can be any value between 1 and 60.

T3395 Timeout

The amount of time (in seconds) to wait for a network initiated deactivate request before it is retransmitted again. This time can be any value between 1 and 60.

Guard Timeout

The amount of time (in seconds) for retransmission of a GUARD request, which can be any value between 1 and 60.

ARP RP Profile

The status of the ARP packet (request or reply) associated with the SGSN service.


 

Session Management Commands

The following Session Management commands can be launched from the logical inventory by clicking SGSN > Right-clicking on Session Management > Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-24 Session Management Commands

Command
Navigation
Description

Modify Session Management

SGSN > Right-click on Session Management > Commands > Configuration

Use this command to modify the session management details.

Viewing SGSN-Global Properties

To view the SGSN-Global configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > SGSN Global. The SGSN-Global configurations for the device are listed.

note.gif

Noteblank.gif Prime Network supports NSA from StarOS 21.11 onwards.


The following figures and tables show SGSN Global parameters for SGSN Global configurations.

1. SGSN Global > SGSN Global Configuration

359126.tiff
Field
Description

Canonical Node Name

Name of the canonical node

TLLI-CB Audit Status

Specifies if the periodic TLLI-CB audit is enabled or disabled

BVC Unblock Trigger

Shows bvc-unblock trigger based on configuration

Perform UMTS AKA for USIM(R99+)

Shows UMTS AKA for USIM(R99+) in case of quintuplet available from HLR

Ignore RANAP excess Length

Shows action on handling of excess length of RANAP messages

Target-Offloading Algo

Shows the algorithm for target-based offloading

Common RA Paging

Specifies if paging across common Routing Area for 2G and 3G is enabled or disabled

IPMS Suppress

Specifies if suppressing of 2G-related IPMS events is enabled or disabled

SESSMGR IPC msg flush frequency

Shows the frequency of flush

SESSMGR IPC msg flush number

Shows the number of IPC messages to be aggregated

LINKMGR IPC msg flush frequency

Shows the frequency of flush

LINKMGR IPC msg flush number

Shows the number of IPC messages to be aggregated

GBMGR IPC msg flush frequency

Shows the frequency of flush

GBMGR IPC msg flush number

Shows the number of IPC messages to be aggregated

Dual Address PDP Enabled

Specifies if the support for dual address PDP is enabled or not

RAN Information Management (RIM)

Specifies if the support for RIM is enabled or disabled

Location Services (LCS)

Specifies if the Location Services are enabled or disabled on the interface

Multi Operator Core NW (MOCN)

Specifies if the support for MOCN for SGSN is enabled or disabled

Dual Connectivity Support with NR capability (DCNR)

Specifies if DCNR is enabled or disabled

Extended Coverage Enhanced GPRS (EC-EGPRS/EC-GSM)

Specifies if the support for EC-GSM (EC-EGPRS) feature is enabled or disabled

2. SGSN Global > SGSN Global Configuration > BSSGP Message Handlers

359127.tiff
Field
Description

MS Flowcontrol from Unknown MS Rx

Specifies the action to be taken for the reception of MS-FLOW-CONTROL message from Unknown MS. By default, SGSN sends BSSGP-STATUS response; Enables the SGSN to send BSSGP-STATUS response; Enables the SGSN to discard the received BSSGP message; Enables the SGSN to send ACK response.

Peer to Peer BVC Reset

Specifies the following:

  • Action to be taken for the reception of a BSSGP message with particular cause or reason.
  • Action to be taken for the reception of peer to Peer BVC reset. By default, subscribers continue with the current state. Moves the subscriber to standby state.

DL Unitdata Tx

Specifies the action to be taken for the reception of a BSSGP message with particular cause or reason.

Specifies if rfsp-id needs to be excluded in outgoing dl-unitdata.

By default, rfsp-id is sent in DL-Unitdata. Exclude RFSP Id in DL-Unitdata message.

3. SGSN Global > SGSN Global Configuration > BSSGP Timer Values configured for Network Service Entity

359128.tiff
Field
Description

BSSGP Timer-T2

Shows the BVC Reset procedure guard timer.

BSSGP Timer-Th

Shows the MS flow control parameter validity timeouts.

4. SGSN Global > SGSN Global Configuration > PDP Deactivation Rate per Session Manager

359129.tiff
Field
Description

Connected/Ready Mode Subscribers

Shows the message rate for PDP deactivation for Connected/Ready mode subscribers

Idle/Stand-By Mode Subscribers

Shows the message rate for PDP deactivation for Idle/Standby mode subscribers

5. SGSN Global > DSCP

359130.tiff
Field
Description

DSCP Template

Shows the name of the DSCP template

for control packets

Shows the DSCP value for the control packet class.

6. SGSN Global > DSCP Template Configuration > DSCP > for data packets

359131.tiff
Field
Description

conversational class

Specifies the conversational data packet class

streaming class

Specifies the streaming data packet class

background class

Specifies the background data packet class

interactive priority1 class

Specifies the interactive priority 1 data packet class

interactive priority2 class

Specifies the interactive priority 2 data packet class

interactive priority3 class

Specifies the interactive priority 3 data packet class

7. SGSN Global > EIR Profile Configuration > EIR Profile

359132.tiff
Field
Description

EIR profile

Name of the EIR profile

EIR profile state

State of the EIR profile

Include IMSI TCAP

Specifies if IMSI in TCAP for MAP-CHECK-IMEI operation is included or not

Include IMSI MAP

Specifies if IMSI in MAP for MAP-CHECK-IMEI operation is included or not

8. SGSN Global > SGSN Congestion Control > Congestion Action Profile > Congestion_Action_Profile

359133.tiff
Field
Description

Congestion Action Profile Name

Name of the congestion action profile

New Call Policy

Specifies the congestion control policy for new calls

Active Call Policy

Specifies the congestion control policy for active or existing calls

Routing Area Update

Specifies the congestion control policy for Routing Area Update messages

Service Request

Specifies the congestion control policy for Service Request messages

APN Based Congestion Control

Specifies APN Based congestion control policy

MM messages

Specifies the congestion control policy for for Mobility Management messages

SM messages

Specifies the congestion control policy for Session Management messages

9. SGSN Global >GMM Message Handlers

359134.tiff
Field
Description

Procedure

Specifies the action to be taken for the reception of a GMM message with particular cause or reason; Specifies the action to be taken for the reception of ATTACH request with TLLI already in use. By default, SGSN process the ATTACH request

Condition

Action

10. SGSN Global > OLD-TLLI configuration

359135.tiff
Field
Description

OLD-TLLI hold-time

Timer value to invalidate the old TLLI.

OLD-TLLI List to be invalidated

Specifies the OLD-TLLI list, which is mapped to a subscriber upon time expiry, to be invalidated.

11. SGSN Global > MAP Message Handlers

359136.tiff
Field
Description

Procedure

Specifies the following:

  • Action to be taken on the reception of a MAP message with a particular cause or reason.
  • Insert Subscriber Data (ISD) message type
  • Handling of CAMEL subscription information received as part of the ISD message
  • Action to be taken for the CAMEL subscriber (ISD message with CAMEL subscription) when no camel service associated. By default, it validates for the camel subscription. Ignores the validation of camel subscription if there is no camel service associated.

Condition

Action

12. SGSN Global > ARP-RP Profiles

359137.tiff
Field
Description

ARP 1 RP 4

Specifies the alloc/reten priority and radio priority

ARP 2 RP 4

ARP 3 RP 4

Monitoring the Iu PS Services

The Radio Network Controller (or RNC) is a governing element in the UMTS radio access network (UTRAN) and is responsible for controlling the Node Bs that are connected to it. This is the point where encryption is done before user data is sent to and from the mobile.

The RNC connects to the Circuit Switched Core Network through Media Gateway (MGW) and to the SGSN (Serving GPRS Support Node) in the Packet Switched Core Network. The interface between the RNC and the Circuit Switched Core Network (CS-CN) is called Iu-CS and between the RNC and the Packet Switched Core Network is called Iu-PS.

The Iu PS interface is very important in the UMTS network and it’s function include:

  • Radio Access Bearer (RAB) (wireless access bearing) establishment, maintenance and release process
  • Changing-over inside the system, changing-over between systems and Serving Radio Network Subsystem (SRNS) reorientation process
  • Community radio service process
  • Series of general process irrelevant with specific User Equipment (UE)
  • Specific signal management for users and separation process on protocol level for each UE
  • Transmission process of Network-attached storage (NAS) signal message between UE and CN
  • Location service requested from UTRAN to CN and transfer process of position information from UTRAN to CN and resources reserve mechanism

The Iu PS interface mainly analyzes the basic process of the application part of the wireless network, service process of mobility management, service process of conversation management, and statistical values of related Key Performance Indicators (KPI).

Figure 27-3 denotes the architecture of the Iu PS service.

Figure 27-3 Iu PS Service Architecture

361844.TIF

To view the Iu PS configuration:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > Iu PS. The list of Iu PS Services are displayed in the content pane.

Step 3blank.gif In the Iu PS section, double-click on an Iu PS service. The Iu PS service window is displayed.

Table 27-25 describes the Iu PS service properties.

Table 27-25 Iu PS Service Properties

Field
Description

Name

The Iu PS service name.

Status

The status of the Iu PS service, which can be any one of the following:

  • Initiated
  • Running
  • Down
  • Started
  • Not Started

PLMN ID

The Public Land Mobile Network (PLMN) ID associated with the Iu PS service, which is basically a combination of the Mobile Country Code (MCC) and the Mobile Network Code (MNC).

Network Sharing

Specifies whether network sharing is enabled or disabled.

DSCP Template

Specifies the configuration of the Differentiated Services Code Point (DSCP) for the Iu PS service.

Iu Connection Hold

Specifies whether the Iu connection hold is enabled or disabled.

By default, the Iu Connection is held only when requested by MS.

Iu Connection Hold Timer

The time required for the Iu connection hold.

Iu Release Complete Timer

The time interval (in seconds) for which the SGSN waits for Iu release to complete from RNC. The default value is 10 seconds.

Security Mode Complete Timer

The time interval (in seconds) for which the SGSN waits for security mode to complete from MS.

Follow-on for Service Request

Iu established as the result of a Service Request (signaling), the SGSN, by default, waits for the Iu Hold Timer to expire.

The service request can be enabled or disabled.

SGSN Initiated Reset

Specifies whether the SGSN RESET procedure initiation is enabled or disabled.

Reset Ack Timer

Specifies the time interval (in seconds) for which the SGSN waits for reset acknowledgment (RESET-ACK) from the RNC.

Reset Maximum Retransmissions

Specifies the maximum retries for the RESET message.

Reset Guard Timer

Specifies the time interval (in seconds) after which the SGSN sends reset acknowledgment (RESET-ACK) to the RNC.

Tin-Tc Timer

Specifies the Tin-Tc time interval (in seconds). SGSN decrements the traffic level of the RNC by one after Tin-Tc interval. The default value is 30 seconds.

Tig-Oc Timer

Specifies the Tig-Oc time interval (in seconds). SGSN ignores any overload messages for Tig-Oc interval after one overload message. The default value is 5 seconds.

RAB Assig Response Timer

The time required to complete the RAB assignment procedure.

SRNS Ctx Response Timer

The time required to wait for a response to the SRNS context request message.

Relocation Complete Timer

The total time required to wait for a response from the relocation request message.

Relocation Alloc Timer

The allocated time required to wait for a response for the relocation request message.

Consecutive sec-fail local messages

Specifies whether intra RAU, service request, or detach requests from local PTMSI is enabled or disabled.

Consecutive sec-fail Non-Local messages

Specifies whether attaches, inter-rat, inter-service RAU is enabled or disabled.

Consecutive sec-fail local messages count

Specifies the number of intra RAU, service request, or detach requests from local PTMSI.

Consecutive sec-fail Non-Local messages count

Specifies the number of attaches, inter-rat, and inter-service RAU.

Security failure during inter-sgsn-rau

Specifies the inter SGSN routing area update status.

Enabled or disabled.

MBMS Broadcast mode

Specifies the Multimedia Broadcast Service status.

Enabled or disabled.

MBMS Multicast mode

Specifies the Multimedia Multicast Service status.

Enabled or disabled.

Empty-CR Procedure

Specifies whether the empty CR procedure is rejected or continued.

Loss of Radio Coverage Detection Cause in Iu Release

Specifies the detection cause number, which will be included in the Iu Release message.The detection cause number identifies the reason for loss of radio coverage (LORC).

RAI validation in Attach

Specifies whether check is done as per 3GPP for MCC or MNC fields of earlier RAI IE in Attach or RAU.

Source-RNC as Target-RNC

Enables source RNC to be used as target RNS during intra-srns.

Network-sharing Failure-code

Configures the reject cause code to be included in network sharing Reject messages.

Check CS/PS Co-ordination

Enables or disables the SGSN service to perform a CS-PS coordination check.

Non-shared Support

Specifies if non-shared area access is Enabled or Disabled. This applies when network-sharing is enabled.

Use Old Location in SCDR and ULI

Displays old value of LAC/RAC/SAC for SCDRs and ULI information to GGSN during intra SRNS procedure.

Step 4blank.gif In the Iu PS section, double-click on a GTPU Header. The GTPU Header window is displayed.

Table 27-26 describes the GTPU header properties.

Table 27-26 GTPU Header Properties

Field
Description

GTP-U Bind Address

Binds Iu PS service GTPU endpoint to IP address.

GTP-U Echo

Specifies whether the GTPU echo is enabled or disabled. By default, it is disabled.

GTP-U Echo Interval

Specifies the echo interval (in seconds) for GTPU. Default is disabled.

GTP-U Max Retries

Specifies the maximum number of transmission retries for GTPU packets.

GTP-U Retransmission Timeout

Specifies the retransmission timeout of GTPU packets, in seconds, ranging from 1 to 20. The default value is 5 seconds.

GTP-U Sync Echo with Peer

Restarts path management when echo request from peer is received.

GTPU Address Blacklisting

Specifies if the GTPU bind address is enabled or disabled.

The GTPU bind address (loopback address) will not be used (is blacklisted) in RAB-Assignment requests after a RAB assignment request, with that GTP-U bind address, has been rejected by an RNC with the cause - Unspecified Error. This is a failure at the RNC's GTP-U IP interface.

GTPU Address Blacklist Timer

Specifies the time period that a GTP-U bind address (loopback address) will not be used (is blacklisted) in RAB-Assignment requests after a RAB assignment request, with that GTP-U bind address, has been rejected by an RNC with the cause.

Step 5blank.gif In the RNCs section, double-click on an RNC ID. The Radio Network Controller Properties window is displayed.

Table 27-27 describes the RNC properties.

Table 27-27 Radio Network Controller Properties

Field
Description

ID

The unique code of the RNC configuration, which can be any value between 0 and 65535.

Status

The status of the RNC configuration, which can be any one of the following:

  • Initiated
  • Running
  • Down
  • Started
  • Not Started

PLMN ID

The PLMN ID associated to the RNC configuration.

note.gif

Noteblank.gif All the RNCs associated with an Iu PS service will be assigned the same PLMN ID.


Location and Routing Area Codes

LAC

The Location Area Code applicable to the RNC.

note.gif

Noteblank.gif The area covered by the PLMN ID is divided into different location areas. Each location area is identified by a unique identifier called the Location Area Identity, which is internationally used for updating location of mobile subscribers.


RACs

The Routing Area Code applicable to the RNC, which is used to identify a routing area within a location area.

Step 6blank.gif In the RNCs section, choose RNC ID > General Characteristics. The RNC General Characteristics window is displayed.

Table 27-28 describes the RNC general characteristics.

Table 27-28 RNC General Characteristics

Field
Description

State

State of the RNC.

Up or Down.

ss7-point-code

The SS7 point code in dotted-decimal notation or decimal format.

RNC Description

The description provided for the RNC.

Non-search-ind IE in Paging

Include the non-searching-indication flag in the page-request message.

Direct Tunnel

Restricted or not restricted.

Direct Tunnel allows RNC to send data directly to GGSN and also from GGSN to the RNC.

Rab Modify Procedure

Specifies the type of modification procedure to be used to establish the radio access bearer (RAB) assignment.

Rab Asymmetry Indicator

Specifies the RAB asymmetry indicator set in RAB assignment request.

For example, Force Asymmetric Bidirectional for Symmetric Bidirectional.

Max IuConId per msg

The Iu-ConIds to be sent in reset resource.

Pooling for Iu-flex

Enabled or Disabled.

The Iu-flex, when enabled, creates a pool area. The pool area contains multiple MSC's or SGSN service areas. In the pool area, an UE roams freely without changing the serving core network node. The Iu-flex enables a RAN node to route the information to different CN nodes, and load balances among MSCs and SGSNs.

E-NodeB Direct Data Forwarding

Enabled or Disabled.

When enabled, determines the direct forwarding path in the source eNodeB and indicates to the source MME. If X2 connectivity is available between the source and target eNodeBs, a direct forwarding path is available.

Step 7blank.gif In the RNCs section, choose RNC ID > Overload Control Procedure Actions. The Overload Control Procedure Actions window is displayed.

Table 27-29 describes the Overload Control Procedure Actions.

Table 27-29 Overload Control Procedure Actions

Field
Description

Ptmsi reallocation

Specifies not to perform PTMSI reallocation when it can be skipped.

It is performed when the level reaches more than the configured traffic level.

Authentication challenge

Specifies not to perform authentication challenges when it can be skipped.

It is performed when the level reaches more than the configured traffic level.

SMS

Specifies not to send SMS-related signaling.

It is performed when the level reaches more than the configured traffic level.

Service Request (Data)

Specifies not to accept service request (data, for example, new RABs).

It is performed when the level reaches more than the configured traffic level.

Downlink Data Paging

Specifies to ignore downlink data when RABs are not available. No paging for data.

It is performed when the level reaches more than the configured traffic level.

Modify PDP Request

Specifies to reject new modify PDP context requests.

It is performed when the level reaches more than the configured traffic level.

Activate PDP Request

Specifies to reject new activate PDP context requests.

It is performed when the level reaches more than the configured traffic level.

Attach Request

Specifies to reject new attach requests.

It is performed when the level reaches more than the configured traffic level.

Srns

Specifies to reject new SMS requests (intra and inter).

It is performed when the level reaches more than the configured traffic level.

Step 8blank.gif In the RNCs section, choose RNC ID > RANAP Characteristics. The RANAP Characteristics window is displayed.

Table 27-29 describes the RANAP Characteristics.

Table 27-30 RANAP Characteristics

Field
Description

Allocation Or Retention Priority

The priority of allocation and retention of the service data flow. The ARP contains information about the priority level, the pre-emption capability and the pre-emption vulnerability.

The allocation or retention priority resolves conflicts of demands for network resources.

The IE is not included in message.

UE Aggregate Maximum Bit Rate

The aggregate bit rate that can be provided across all Non-GBR PDP contexts of a UE. This attribute enables sending of UE AMBR IE in RAB assignment or Relocation request RANAP messages.

The IE is not included in message.

Signalling-Indication IE: Rab Assignment Request

Core Network initiates a Radio Access Bearer (RAB) Assignment. The message specifies the Quality of Service parameters.

The IE is included in message.

Signalling-Indication IE: Relocation Request

Relocation request message includes the information received from the source RNC and necessary information for the change of bearer(s).

The IE is included in message.

Paging Request

A paging request on all paging channels in the GRA and an indication of which network element initiated the page: CN or GERAN is added to the paging request. Paging Area ID uniquely identifies the area, where the paging message shall be broadcasted.

The paging area ID is included in message.

EUTRAN Service Handover

Enables the inclusion of the E-UTRAN Service Handover Information Element in RANAP messages. This results in an elimination of potential service denial or disruption issues, and unnecessary signaling.

The IE is not included in message.

RFSP ID

The RFSP Index is mapped by the RNC or BSC to locally defined configuration in order to apply specific RRM strategies. The RFSP Index is UE specific and applies to all the Radio Bearers.

The IE is not included in message.

Extended MBR

Yes or No.

If the RAB ASSIGNMENT REQUEST message contains a request of a RAB configuration with Extended Maximum Bit Rate IE and/or Extended Guaranteed Bit Rate IE respectively, if supported Maximum Bit Rate IE and/or Supported Guaranteed Bit Rate IE are greater than 16 Mbps in RAB parameters IE, the CN should indicate that RAB QoS negotiation is allowed. 8640 kbps value, extended MBR IE is used to send the additional value.

Extended GBR

Yes or No.

If the RAB ASSIGNMENT REQUEST message contains a request of a RAB configuration with Extended Maximum Bit Rate IE and/or Extended Guaranteed Bit Rate IE respectively, if supported Maximum Bit Rate IE and/or Supported Guaranteed Bit Rate IE are greater than 16 Mbps in RAB parameters IE, the CN should indicate that RAB QoS negotiation is allowed. 8640 kbps value, extended MBR IE is used to send the additional value.

Step 9blank.gif In the RNCs section, choose RNC ID > RANAP Global CoreNetwork. The RANAP Global Core Network window is displayed.

Table 27-31 describes the RANAP global core network.

Table 27-31 RANAP Global Core Network Properties

Field
Description

Paging Request

Specifies to enable the CN to send a paging message to a particular UE.

The procedure without response is connectionless. When the UE is idle, paging is performed through a common paging channel; when the UE has already had a Radio Resource Control (RRC) connection, paging is performed via its dedicated RRC connection.

Relocation Request

Once resource allocation for relocating the target RNC fails, the target RNC sends a RELOCATION FAILURE message to the CN. Upon receipt of the message by the CN, the CN sends a RELOCATION PREP FAILURE message to the source RNC. The Iu connection for relocating the target RNC is released. The call continues to be held at the source side.

Reset Procedure

RANAP EPs are classified into: connection-oriented and connectionless. The former is supported by a UE specific signaling connection for transport; the latter is supported by a common signaling connection for transport..All other procedures use connection-oriented service to transport except that Reset and Reset Resource.

Reset-Resource Procedure

RANAP EPs are classified into: connection-oriented and connectionless. The former is supported by a UE specific signaling connection for transport; the latter is supported by a common signaling connection for transport. All other procedures use connection-oriented service to transport except that Reset and Reset Resource.

Step 10blank.gif In the RNCs section, choose RNC ID > RANAP Paging Cause IE. The RANAP Paging Cause IE window is displayed.

Table 27-32 describes the RANAP Paging Cause IE.

Table 27-32 RANAP Paging Cause IE Properties

Field
Description

GMM-Signalling

Sets paging cause due to GMM signaling. The default value is high priority, 5.

Terminating High Priority Signalling

SM-Signalling

Sets paging cause due to SM signaling. The default value is high priority, 5.

Terminating High Priority Signalling

SMS-Signalling

Sets paging cause due to SMS signaling. The default value is low priority, 4.

Terminating Low Priority Signalling

GS-Signalling

Sets paging cause due to VLR paging request. The default value is high priority, 5.

Terminating High Priority Signalling

Conversational Data

Sets paging cause due to conversational data. The default value is high priority, 5.

Terminating High Priority Signalling

Streaming Data

Sets paging cause due to due to streaming data. The default value high priority, 5.

Terminating High Priority Signalling

Interactive Data

Sets paging cause due to interactive data. The default value is interactive, 2.

Terminating Interactive Call

Background Data

Sets paging cause due to background data. The default value is background, 3.

Terminating Background Call

MME-Signalling

Sets paging cause from MME due to circuit switchfallback (CSFB).

Terminating High Priority Signalling

Step 11blank.gif In the RNCs section, choose RNC ID > RNC 3GPP. The RNC 3GPP window is displayed.

Table 27-33 describes the RNC 3GPP.

Table 27-33 RNC 3GPP Properties

Field
Description

3GPP Release Compliance

Specifies if 3GPP release compliance is adopted by the RNC.

There are two releases supported:

1) Pre-release-7—3GPP release 7 and earlier releases.

2) Release-7—3GPP release 7 and later releases.

Mbr-Up

Maximum bit rate is QoS specification attribute, which sets the maximum bit rate for up link. It can be equal or greater than the Guaranteed bit rate.

Mbr-Down

Maximum bit rate is QoS specification attribute, which sets the maximum bit rate for down link. It can be equal or greater than the Guaranteed bit rate.

Gbr-Up

Guaranteed bit rate is QoS specification attribute, which sets Guaranteed bit rate for up link. It can be equal or lesser than the Maximum bit rate.

Gbr-Down

Guaranteed bit rate is QoS specification attribute, which sets Guaranteed bit rate for down link. It can be equal or greater than the Maximum bit rate.


 

Viewing IU PS Associations

To view the associated Iu PS services for a SGSN:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > SGSN > SGSN service. The SGSN details are displayed in the content pane.

Step 3blank.gif In the content pane, click the Iu PS Associations tab.

Table 27-34 describes details relating to Iu Ps Associations for an SGSN.

 

Table 27-34 SGSN - Iu PS Association Details

Field
Description

Service Name

The name of the Iu PS service associated to the SGSN.

Context

The context of the Iu PS service.


 

IU PS Associations Commands

The following IU PS associations commands can be launched from the logical inventory by right-clicking a SGSN service and choosing Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-35 IU PS Associations Commands

Command
Navigation
Description

Associate IU PS

Right-click the SGSN service > Commands > Configuration

Use this command to associate an IU PS service.

Dissociate IU PS

Use this command to dissociate an IU PS service.

Working with Small Cell Technologies

With the increased demands on the network, service providers are investing in small cell solutions to help optimize and monetize consumer and business services on mobile devices across 3G and 4G networks.

Prime Network offers a portfolio of licensed small cells for home and office to support multiple deployment environments and technologies.

A Home Node B (HNB) is the 3GPP's term for a 3G femtocell. It is a small low-power cellular base station that is very useful for use at home or a small business. It uses a broadband network to connect to the service provider’s network.

note.gif

Noteblank.gif Femtocell is an important technology and service offering that enables new Home and Enterprise service capabilities for Mobile Operators and Converged Mobile Operators (xDSL/Cable/FFTH plus Wireless). The Femtocell network consists of a plug-n-play customer premise device generically called a Home NodeB (HNB) with limited range radio access in home or enterprise. The HNB will auto-configure itself with the network operators and the user can start making voice, data and multimedia calls.


The advantage of using HNB is superior coverage and capacity, especially while indoors. It also provides better voice quality and battery life.

Viewing the Home Node B Gateway Details

The Home Node B Gateway is the HNB network access concentrator that is used to connect the Home Node B (HNBs)/Femto Access Point (FAP) to access the UMTS network through HNB Access Network. It aggregates Home Node-B or Femto Access Points to a single network element and then integrates them into the mobile operators of voice, data and multimedia networks.

The HNB is connected to an existing residential broadband service and provides 3G radio coverage for 3G handsets.

Figure 27-4 depicts the topology of Home Node B Gateway.

Figure 27-4 Home Node B Gateway Topology

361846.TIF

Viewing the Home Node B Gateway Configuration

To view the Home Node B Gateway Configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > HNB GW. The HNB GW global configuration details are displayed in the content pane.

Table 27-36 describes the HNB GW Global Configuration details.

Table 27-36 HNB GW Global Configuration Details

Field
Description

NNSF Timer

The NAS (Non-Access Stratum) Node Selection Function (NNSF) timer of the HNB GW, which can be any one of the following values:

  • any value between 10 and 60
  • Disabled
note.gif

Noteblank.gif The NNSF timer is used to store the IMSI and the relevant Global-CN-ID. Whenever the MSC sends the paging request with IMSI, the HNB GW stores the Global-CN-ID of the node that issued the request and the timer is started. The HNB GW will store the mapping of the IMSI to the Global-CN-ID until the timer expires.


IMSI Purge Timeout

The purge timeout (in minutes) until which the IMSI White List received from the HMS/BAC during the HNB registration procedure must be maintained in the HNB GW. The field can display any one of the following values:

  • any value between 1 and 1440
  • Immediate
  • Disabled

This field defaults to 1440 (24 hours). The HNB GW waits for the specified time after all referenced HNBs have been de-registered before purging the records.

Alpha RTO

The Alpha Retransmission Timeout (RTO) for the SCTP association between HNB and HNB GW, which can be any value between 0 and 65535.

Beta RTO

The Beta Retransmission Timeout (RTO) for the SCTP association between HNB and HNB GW, which can be any value between 0 and 65535.

Max Incoming Streams

The maximum number of incoming SCTP streams allowed on the HNB GW for an associated HNB-SCTP association. This can be any value between 1 and 16 and defaults to 4.

Max Outgoing Streams

The maximum number of outgoing SCTP streams allowed on the HNB GW for an associated HNB-SCTP association. This can be any value between 1 and 16 and defaults to 4.

Max Re-Tx Association

The maximum number of times the HNB GW is allowed to reach its peer. This number can be any value between 0 and 255, and defaults to 10.

note.gif

Noteblank.gif If the number of retransmissions exceed the limit specified here, then the HNB GW considers the peer HNB unreachable and stops transmitting data. The SCTP association is automatically closed.


Max Re-Tx Init

The maximum number of times the HNB GW is allowed to retransmit INIT chunk after the T1-init timer expires. The HNB GW aborts the initialization process once the maximum number of attempts is reached. This can be any value between 0 and 255, and defaults to 5.

Max Re-Tx Path

The maximum number of times the HNB GW is allowed to access an address after the T3-rtx timer expires. This can be any value between 0 and 255, and defaults to 5.

note.gif

Noteblank.gif Every time the T3-rtx timer expires on an address or the Heartbeat sent to an address is not acknowledged, the error counter for that address increases. Once the error counter exceeds the value specified in this field, the destination address is declared inactive.


IU Connection ID Status

Indicates whether the Iu Connection ID status is enabled.

CSG Membership Check

Specifies whether CSG Member check is Enabled or disabled for Non CSG UE's or Non CSG HNB's.

IUPS HNB Session Collocation

Specifies whether the Iu PS interface session is enabled or disabled.

HNBGW Dev Asserts

Enables or disables HNB aggregation support for this HNB gateway service.

note.gif

Noteblank.gif Once set, any change in this configuration causes all HNBs in this HNBGW service to get disconnected.


Additional Emergency UEs per HNB

Specifies maximum number of additional emergencies allowed for UE's per HNB in percentage.

IUCS HNB Session Collocation

Specifies whether IuCS interface session is enabled or disabled.

Step 3blank.gif In the Logical Inventory window, choose Logical Inventory > context > Mobile > HNB GW. In the HNB GW node, choose the HNB GW service. The service details are displayed in the content pane.

Table 27-37 describes the HNB GW Service details.

Table 27-37 HNB GW Service Details

Field
Description

Service Name

Specifies the name of the service. The character length of the service name can range from 1 to 63.

CBS Service

The name of the Cell Broadcasting Service (CBS) that is configured to the HNB GW.

note.gif

Noteblank.gif CBS is used to reach millions of subscribers instantly with messages. It is very similar to the SMS technology with the added advantage of sending one message to millions of devices instantly. The message is broadcast to all phones connected to the network in the target area.


IPNE Service

The IP Network Enabler (IPNE) service, which defaults to Not Defined.

note.gif

Noteblank.gif An IPNE service is used to enable or disable IP based network transfer.


RTP Mux Port

The port number that is allocated to the Real Time Transport Multiplexing protocol.

RTP Mux

Indicates whether Real Time Transport Multiplexing is enabled for the service.

RTP Pool

The IP pool configured to allocate the RTP end point address to the session manager, which can be any value between 1 and 31.

Mismatch Operations

The mismatch handling operation for the HNB GW service.

Open HNB Support

Indicates whether the Open access mode support on the UMTS HNB GW is enabled.

note.gif

Noteblank.gif An open access mode provides its services to any subscriber in the femto network. An open access HNB can be deployed in public places to increase indoor coverage or off-load traffic from the macro cell.


Closed HNB Support

Indicates whether the Closed access mode support on the HNB GW is enabled.

Hybrid HNB Support

Indicates whether the Hybrid access mode support on the HNB GW is enabled.

note.gif

Noteblank.gif A hybrid access mode provides its services only to those subscribers who are members of the associated access control database.


Status

The status of the HNB GW service, which defaults to Not Defined.

New Call Policy

The new call policy for the security gateway associated to the HNB GW service.

GTP Service

The GPRS Tunneling Protocol (GTP) service associated to the HNB GW service.

Discard OUI

Indicates whether the leading character of the HNB Identification code must be discarded if it contains the Organizational Unique Identifier (OUI).

IURH based Femto-to-Femto handoff

Enables or disables HNB to HNB handoff over IURH for the associated HNB GW service.

IURH handoff guard timer

Guard time, in seconds, for handoff procedure. Default value is 15 seconds.

Override VSA

Enables or disables overriding of particular vendor-specific attributes.

Common Radio PLMN MNC

Specifies the common PLMN ID along with RNC ID.

Multi Operator Core Network (MOCN)

Shows the Common PLMN along with rnc-id. This enables MOCN.

Duplicate Cell-Id Check

Enables or disables the Duplicate-Cell-id validation for a HNBGW-service at HNBGW.

Common Radio PLMN RNC Id

Specifies the common PLMN ID along with RNC ID.

Config Transfer Inner IP Response

Enables or disables the inclusion of inner IP address in HNB configuration that transfer responses for the HNB GW service.

Common Radio PLMN MCC

Specifies the common PLMN ID along with RNC ID.

Common Radio Macro Coverage

Specifies whether to accept or reject registration when the macro coverage IE information is not available in HNB service.

HNB Macro LAI Entries

MCC

The mobile country code (MCC) portion of the PLMN.

MNC

The mobile network code (MNC) portion of the PLMN.

Location Area Code Start Range

The starting number in the range of LAC.

Location Area Code End Range

The ending number in the range of LAC.

You can also view the following configuration details for a HNB GW service:

  • Iu/Iuh—The user data is transferred from HNB to HNB GW through the Iuh interface. Iuh interface is used to carry user traffic and control information whereas the Iu interface is used to transfer CS data as well as PS over IP.
  • Paging—The Paging memory management scheme is used to store and retrieve data from a secondary storage.
  • SCTP—The Stream Control Transmission Protocol (SCTP) is a transport layer that ensures reliable in sequence transport of messages with congestion control like TCP. It also supports framing of individual message boundaries.
  • Security—The policies and configurations specific to security and associated to the HNB GW.
  • User Equipment—The user equipment must follow a standard registration procedure to connect to the HNB. This registration process also informs the HNB GW about the location of the HNB where the UE is connected.

Viewing the Iu and Iuh Configuration Details for a Home Node B Gateway Service

To view the Iu or Iuh Configuration details for a HNB GW service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > context > Mobile > HNB GW > hnb gw service > Iu or Iuh. The relevant configuration details are displayed in the content pane.

Table 27-38 describes the Iu/Iuh configuration details.

Table 27-38 Iu/Iuh Configuration Details

Field
Description

ScptAny

The Differentiated Services Code Point (DSCP) markings configured over the Iuh interface.

Protocol

The transfer protocol configured for the HNB GW service.

GTPU

The Differentiated Services Code Point (DSCP) configured over the Iu or Iuh interface with the GTPU protocol.

RTP

The DSCP configured over the Iu or Iuh interface with the RTP protocol.

RTCP

The DSCP configured over the Iu or Iuh interface with the RTCP protocol.

Any

The DSCP configured over the Iu or Iuh interface with any protocol.

Viewing the Paging Configuration for a Home Node B Gateway Service

To view the Paging details for a HNB GW service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > context > Mobile > HNB GW > hnb gw service > Paging. The Paging properties are displayed in the content pane.

Table 27-39 describes the Paging details.

Table 27-39 Paging Details

Field
Description

IMSI Life Timer

The International Mobile Subscriber Identity (IMSI) purge time for the HNB GW service, which can be any value between 1 and 12.

note.gif

Noteblank.gif The HNB GW maintains IMSI records for a specified period of time, which is usually measured from the time when the user equipment was last de-registered from the HBN GW.


Handle Unknown IMSI (CS)

Indicates whether the CS domain must process or ignore the paging request from the CN node for an IMSI that is not present in the IMSI DB.

Handle Unknown IMSI (PS)

Indicates whether the PS domain must process or ignore the paging request from the CN node for an IMSI that is not present in the IMSI DB.

Last HNB Timeout (CS)

The last known HNB Timeout for the CS domain, which can be any value between 1 and 30.

Last HNB Timeout (PS)

The last known HNB Timeout for the PS domain, which can be any value between 1 and 30.

Paging Grid Fanout Timeout (CS)

The time interval, in seconds, for configuration of grid-based fanout. It is an integer value ranging from 1 to 30. Default timeout value for Circuit Switching (CS) domain and Packet Switching (PS) domain is 5 seconds and 10 seconds, respectively.

Paging Area Fanout Timeout (PS)

The time interval, in seconds, for configuration of area-based fanout. It is an integer value ranging from 1 to 30. Default timeout value for CS domain and PS domain is 5 seconds and 10 seconds, respectively.

Viewing the Radio PLMN Configuration for a Home Node B Gateway Service

To view the Radio PLMN details for a HNB GW service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > context > Mobile > HNB GW > hnb gw service > Radio PLMN. The Paging properties are displayed in the content pane.

Table 27-40 describes the Radio PLMN details.

Table 27-40 Radio PLMN Details

Field
Description

Macro Coverage IE Absent Action

Specifies whether to accept or reject when the macro coverage IE information is not available in HNB.

RNC ID

The unique code used to identify the Radio Network Controller (RNC) connected to the PLMN.

MNC

The mobile network code (MNC) portion of the PLMN.

MCC

The mobile country code (MCC) portion of the PLMN.

HNB Macro LAI Entries

MCC

The mobile country code (MCC) portion of the PLMN.

MNC

The mobile network code (MNC) portion of the PLMN.

Location Area Code Start Range

The starting number in the range of LAC.

Location Area Code End Range

The ending number in the range of LAC.

Viewing the SCTP Configuration for a Home Node B Gateway Service

To view the SCTP Configuration details for a HNB GW service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > context > Mobile > HNB GW > hnb gw service > SCTP. The SCTP properties are displayed in the content pane.

Table 27-41 describes the SCTP details.

Table 27-41 SCTP Details

Field
Description

Checksum

The type of checksum used to increase data integrity of an SCTP packet, which can be any one of the following:

  • adler32
  • crc32

Connection Timeout

The SCTP association idle timeout (in seconds).

Cookie Life Time

The lifetime of the SCTP cookie (in milliseconds).

Heartbeat Timer

The timer (in milliseconds) of the SCTP heartbeat.

note.gif

Noteblank.gif The SCTP heartbeat is sent to a peer to determine reachability. If an acknowledgment is not received from the peer within the specified time, the peer is considered unreachable and further requests are not sent.


Max MTU Size

The maximum size (in bytes) of the Maximum Transmission Unit (MTU) for the SCTP streams allowed by the template, which can be any value between 508 and 65535.

Min MTU Size

The minimum size (in bytes) of the Maximum Transmission Unit (MTU) for the SCTP streams allowed by the template, which can be any value between 508 and 65535.

Start Max MTU

The starting size (in bytes) of the Maximum Transmission Unit (MTU) for the SCTP streams allowed by the template, which can be any value between 508 and 65535.

RTO Initial

The initial time (in milliseconds) for the SCTP Retransmission Timeouts (RTO) allowed by the template, which can be any value between 1 and 1200.

RTO Max

The maximum time (in milliseconds) for the SCTP Retransmission Timeouts (RTO) allowed by the template, which can be any value between 5 and 1200.

RTO Min

The minimum time (in milliseconds) for the SCTP Retransmission Timeouts (RTO) allowed by the template, which can be any value between 1 and 50.

Sack Frequency

The frequency of the SCTP Selective Acknowledgment (sack) allowed by the template, which can be any value between 1 and 5.

note.gif

Noteblank.gif Selective Acknowledgment is an extension of SCTP that allows you to acknowledge receipt of specific packets.


Sack Period

The period (in milliseconds) for SCTP selective acknowledgment allowed by the template, which can be any value between 0 and 500.

Binding Address

The binding address associated to the service.

Binding Port

The binding port associated to the service.

Viewing the Security Configuration for a Home Node B Gateway Service

To view the Security details for a HNB GW service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > context > Mobile > HNB GW > hnb gw service > Security. The Security properties are displayed in the content pane.

Table 27-42 describes the Security details.

Table 27-42 Security Configuration Details

Field
Description

Gateway IP Address

The IP Address of the security gateway used by the HNB GW service.

Gateway Context

The name of the context where the AAA server group is defined.

Crypto Template

The crypto template for the security gateway used by the HNB GW service.

IPSec Service

The Internet Protocol Security (IPSec) service used by the HNB GW service.

Newcall Policy

The newcall policy for security gateway in HNB GW service.

IPSec Connection Timeout

The ipsec tunnel idle timeout in hours. Default ipsec tunnel timeout is 4 hrs.

Viewing the User Equipment Configuration for a Home Node B Gateway Service

To view the User equipment details for a HNB GW service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > context > Mobile > HNB GW > hnb gw service > UE. The user equipment properties are displayed in the content pane.

Table 27-43 describes the User equipment details.

Table 27-43 User Equipment Details

Field
Description

Registration Timeout

The timeout interval (in seconds) while connecting the UE with the specified HNB, which can be any value between 60 and 1800.

Handover Status (CS)

Indicates whether the Circuit Switching (CS) handover mode is enabled for the HNB GW service.

Handover Status (PS)

Indicates whether the Packet Switching (PS) handover mode is enabled for the HNB GW service.

Max UEs

The maximum number of user equipment that can be configured for the HNB, which can be any value between 0 and 1000.

Max Unknown UEs

The maximum number of non-access controller user equipment that can be connected to the HNB, which can be any value between 0 and 1000.

Max. UEs Closed

The maximum number of user equipment that can be configured for the HNB in Closed access mode.

Max. UEs Hybrid

The maximum number of user equipment that can be configured for the HNB in Hybrid access mode.

HNB aggregation

Specifies if the HNB aggregation support for the HNB GW service is enabled or disabled.

Maximum number of UEs per HNB

Specifies the maximum number of UEs allowed per HNB, when HNB aggregation is enabled.

Data Path Optimization (CS)

Shows whether the data path optimization for CS domain is enabled or disabled.

Data Path Optimization (PS)

Shows whether the data path optimization for PS domain is enabled or disabled.

HNB Aggregation Handin

This field is available only when the HNB Aggregation is enabled.

Viewing the Home evolved Node B Gateway Details

The Home evolved Node B (HeNB) provides LTE radio coverage for LTE handsets within a home residential coverage area. A HeNBs incorporate the capabilities of a standard eNodeB.

The Home eNodeB Gateway works as a gateway for HeNBs to access the core networks. The HeNB- GW concentrates connections from a large amount of HeNBs through an interface and terminates the connection to existing Core Networks using the S11 Interface to S-Gateway.

In Prime Network, the following services are available for HeNB GW:

  • Access Services—The HeNB GW Access Service is configured to support the interface towards the HeNB(s). This includes the bind address to which the HeNB is connected and which is useful to establish the SCTP associations. If the S1-U relay functionality is enabled for the access service, then the ingress and egress GPRS Tunneling Protocol User Plane (GTPU) services will be associated to this service.
  • Network Services—The HeNB GW Network Service is configured to support the interface towards the Mobile Management Entity (MME). This includes the bind address from which HeNB GW will establish SCTP connections to the MME(s). This will support configuration of multiple logical eNodeBs.

To view the Home evolved Node B Gateway Configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > context > Mobile > HeNB GW. The HeNB GW configuration details are displayed that includes the HeNB GW Network Services and HeNB GW Access Services tabs. The HeNB GW Network Services tab lists the network services available for HeNB GW and the HeNB GW Access Services tab lists the access services available for HeNB GW.

Step 3blank.gif Under the HeNB GW node, choose the HeNB GW access service. The access service details are displayed in the content pane.

Table 27-44 describes the HeNB GW Access Services details.

Table 27-44 HeNB GW Access Service Details

Field
Description

Access Service Name

The name of the HeNB GW access service configured on the device.

Status

The status of the access service, which can be any one of the following:

  • Initiated
  • Started
  • Running
  • Not Started
  • Down

SCTP IP Address

The SCTP IP Address allocated by the access service to which the HeNB is binded.

SCTP Port

The SCTP port allocated by the access service.

MME Group

The unique code denoting the MME Group that is applicable to the access service.

MME Code

The unique MME Code that is applicable to the access service.

PLMN ID

The Public Land Mobile Network (PLMN) ID that is applicable to the access service.

Security GW Service Address

Designates security gateway address used for HeNBGW access service. Must be followed by IPv4 address, using dotted-decimal notation.

Security GW Context

The context name where crypto template is defined for this HeNBGW access service.

Crypto-Template

Crypto template for security gateway for the associated HeNBGW access service.

Service in IPSec

The name of the service in IPSec.

Associated SCTP Param Template

Parameters allowed by the template for SCTP associations. Refer Table 27-146 for SCTP Template properties.

S1U Relay Status

Indicates whether the S1U Relay is enabled or disabled on the HeNB GW.

X2GW Service

The X2 Gateway (X2GW) service associated with the HeNB access service.

X2GW Context

Context used for X2GW service.

Step 4blank.gif Under the selected HeNB GW access service, choose S1 U Relay Configuration. The relay configuration details are displayed in the content pane.

note.gif

Noteblank.gif This node is available only if the S1U Relay Status is enabled for an access service.


Table 27-45 describes the S1 U Relay Configuration details.

Table 27-45 S1 U Relay Configuration Details

Field
Description

GTPU Access Service

The GTPU Access Service available in the HeNB GW. Clicking this link will display the relevant service under the GTPU node.

GTPU Network Service

The GTPU network Service available in HeNB GW. Clicking this link will display the relevant service under the GTPU node.

Downlink QoS

The type of the Downlink DSCP QoS applicable to the S1U Relay on the HeNB GW. For example, be, af11, af12, af13, ef.

Uplink QoS

The type of Uplink DSCP QoS applicable to the S1U Relay on the HeNB GW. For example, af22, af23, af42, af43, ef.

Downlink QCI DSCP Mapping Table

Name of the QCI-DSCP mapping table to refer the HENBGW ACCESS service towards henb.

Uplink QCI DSCP Mapping Table

Name of the QCI-DSCP mapping table to refer the HENBGW ACCESS service towards sgw.

Step 5blank.gif In the Logical Inventory window, choose Logical Inventory > context > Mobile > HeNB GW. Under the HeNB GW node, choose the HeNB GW network service. The network service details, as shown in Table 27-46 , are displayed in the content pane.

Table 27-46 HeNB GW Network Service Details

Field
Description

Network Service Name

The name of the HeNB GW network service configured on the device.

Status

The status of the network service, which can be any one of the following:

  • Initiated
  • Started
  • Running
  • Not Started
  • Down

ANR Info Retrieval

Automatic Neighbor Relation (ANR) relieves the operator from the complexity of manually managing Neighbor Relations (NRs).This attribute enables the HeNBGW to intercept and respond to the ANR related SON messages with the information requested.

Public Warning System

Public warning system (PWS), which can be any one of the following: Enabled or Disabled.

Default Paging DRX

DRX, a discontinuous reception paging mechanism, decides the procedure that determines sending of messages. Can be v128, v256, v32 and v64.

Paging Rate Control

Maximum paging messages that can be handled by HeNBGW network service per second.

S1AP Max Retransmissions

S1 application protocol provides the signaling service between E-UTRAN and the evolved packet core (EPC), and supports location reporting. Configures the number of times node level S1AP message is retransmitted towards MME.

S1AP Retransmission Timeout

The Node Level S1AP message retransmission timeout in seconds, ranging from 1 to 600. Default is 60 seconds.

SCTP Param Template

Parameters allowed by the template for SCTP associations. Refer Table 27-146 for SCTP Template properties.

PWS Warning Request Timeout

The request timeout value in milliseconds for the PWS.

PWS Kill Request Timeout

The kill request timeout value in milliseconds for the PWS.

PWS Restart Indication Timeout

The restart indication timeout value in milliseconds for the PWS.

Cell Configuration

PLMN ID

The Public Land Mobile Network (PLMN) ID that is applicable to the network service.

Cell ID

The evolved Node B identification code that is applicable to the network service.

note.gif

Noteblank.gif The eNodeB ID allows the HeNB GW to present itself as one or more eNodeBs towards the MME. It is the hardware that is connected to the mobile phone network that communicates directly with the mobile handsets.


SCTP IP Address

The SCTP IP Address applicable to the network service, which represents the bind address to which the HeNB connects and establishes the SCTP associations.

SCTP Port

The SCTP Port applicable to the network service, which helps the HeNB to connect and establish SCTP connection.

TAI List DB

The Tracking Area Identifier (TAI) List applicable to the network service.

note.gif

Noteblank.gif Each eNode broadcasts a special tracking area code (TAC) that denotes the tracking area to which the eNode belongs to. The TAI is basically a combination of the PLMN ID and TAC ID.


MME Pool Name

The MME Pool Name applicable to the network service.

note.gif

Noteblank.gif The MME Pool Name contains a list of MMEs, which is the key control node for the LTE access network. It is responsible for idle mode user equipment, tracking and paging procedure including retransmissions.


eNodeB Type

Type of eNodeB, which can be one of the following: HOME or MACRO.

SCTP Primary IP Address

The SCTP primary IP address applicable to the network service.

SCTP Secondary IP Address

The SCTP secondary IP address applicable to the network service.

S1 MME IP QoS DSCP

The Quality of Service (QoS) Differentiated Service Code Point (DSCP) used over the S1 MME service.

Configuring Small Cell Technology

The following commands can be launched from the inventory by right-clicking the appropriate node and choosing Commands > Configuration. Your permissions determine whether you can run these commands. To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Command
Navigation
Input Required and Notes

Create HNB GW

Right-click on a context > Commands > Configuration > Small Cell

Use this command to create a new HNB Gateway service.

Modify HNB GW

context > Mobile > HNB GW > right-click on a HNB service > Commands > Configuration > Modify HNB GW

context > Mobile > HNB GW > right-click on a HNB service > Commands > Configuration > Delete HNB GW

Use this command to modify a HNB Gateway service.

note.gif

Noteblank.gif You can also delete the CBS service associated to the HNB GW by selecting the Delete CBS check box.


Delete HNB GW

Use this command to delete a HNB gateway service.

Show HNB GW

context > Mobile > HNB GW > right-click on a HNB GW Service > Commands > Show

Use this command to view details of the selected HNB gateway service.

Create PLMN Identifier

context > Mobile > HNB GW > right-click on a HNB service > Commands > Configuration

Use this command to create a new Public Land Mobile Network (PLMN) for the HNB service.

Modify PLMN Identifier

context > Mobile > HNB GW > select an HNB service > In the content pane, right-click on a PLMN entry > Commands > Configuration > Modify PLMN Identifier

context > Mobile > HNB GW > select an HNB service > In the content pane, right-click on a PLMN entry > Commands > Configuration > Delete PLMN Identifier

Use this command to modify PLMN entries for the selected HNB service.

 

 

 

Delete PLMN Identifier

Use this command to delete PLMN entries for the selected HNB service.

Modify Iuh

context > Mobile > HNB GW > Expand the node hnb gw service > right-click Iuh node > Commands > Configuration

Use this command to modify IuH interface details for the selected HNB service.

note.gif

Noteblank.gif You can delete the protocol for the selected IuH. To delete the protocol, you must specify the Protocol and Payload details.


Modify Iu

context > Mobile > HNB GW > expand the hnb gw service > right-click Iu node > Commands > Configuration

Use this command to modify Iu Interface details for the selected HNB service.

Modify Paging

context > Mobile > HNB GW > expand the hnb gw service > right-click Paging node > Commands > Configuration

Use this command to modify the paging configuration for a HNB GW service.

Modify SCTP

context > Mobile > HNB GW > expand the hnb gw service > right-click SCTP node > Commands > Configuration

Use this command to modify the Stream Control Transmission Protocol (SCTP) configuration.

Modify Security

context > Mobile > HNB GW > expand the hnb gw service > right-click Security node > Commands > Configuration

Use this command to modify security-specific policies and configurations for the selected HNB service.

Modify UE

context > Mobile > HNB GW > expand the hnb gw service > right-click UE node > Commands > Configuration

Use this command to modify the user equipment details for the selected HNB service.

Modify HNB Global

local > Mobile > right-click the HNB GW node > Commands > Configuration

Use this command to modify the HNB Global configuration details.

Show HNB Global

context > Commands > Show

Use this command to view the HNB Global configuration details.

Create HeNB Network

context > Commands > Configuration

Use this command to create a new HeNB network.

note.gif

Noteblank.gif You can configure only one HeNB network for a device.


Create Cell Configuration

context > Mobile > HeNB GW > right-click the HeNB service > Commands > Configuration

Use this command to create cell configuration details.

Modify Cell Configuration

context > Mobile > HeNB GW > networkService > In the content pane, right-click on the Cell Configuration entry > Commands > Configuration

Use this command to modify cell configuration details.

Delete Cell Configuration

Use this command to delete cell configuration details.

Delete HeNB Network

context > Mobile > HeNB GW > right-click on the HeNB service > Commands > Configuration

Use this command to delete an HeNB network.

Show HeNB Network

context > Mobile > HeNB GW > right-click on the network service > Commands > Show

Use this command to view HeNB network details.

Create HeNB Access

context > Commands > Configuration

Use this command to create HeNB access.

note.gif

Noteblank.gif You can configure only one HeNB access for a device.


Modify HeNB Access

context > Mobile > HeNB GW > right-click the HeNB access service > Commands > Configuration > Modify HeNB Access

context > Mobile > HeNB Access > right-click on a HeNB access service > Commands > Configuration > Delete HeNB Access

Use this command to modify HeNB access details.

Delete HeNB Access

Use this command to delete HeNB access details.

Show HeNB Access

context > Mobile > HeNB GW > right-click the access service > Commands > Show

Use this command to view the HeNB access details.

Modify S1U Relay Configuration

context > Mobile > HeNB GW > HeNB service > right-click on the S1U Relay Configuration node > Commands > Configuration

Use this command to modify the S1U Relay Configuration details.

Working with Wireless Security Gateway

The Wireless Security Gateway (WSG) is a highly scalable solution for tunneling femtocell, Unlicensed Mobile Access (UMA)/Generic Access Network (GAN), and 3G/4G macrocell voice and data traffic over fixed broadband networks back to the mobile operator’s core network. In a femtocell deployment, WSG uses IP Security (IPsec) to secure the connection between the mobile operator’s core network and the “Home Node B” (3G femtocell access point) located at the subscriber’s home. In this environment, WSG provides security for trusted hosts (femtocell access points) when they communicate across an external untrusted broadband network such as the Internet. WSG adheres to the latest Third Generation Partnership Project (3GPP) standards for secure remote access over untrusted networks.

In addition to femtocell deployments, WSG can also secure UMA/GAN traffic where the subscriber has a UMA-capable mobile handset that communicates via a Wi-Fi access point over an untrusted network and back to the mobile operator’s data center. It can also be deployed to secure 3G/4G base stations that are connected to the mobile operator’s network through a third party’s carrier Ethernet service.

WSG plays an important role in cost-effectively securing backhaul networks for mobile operators, helping to reduce backhaul costs, which represent a significant part of their operating expenses (OpEx).

To view the security gateway configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > SEC GW. The Sec GW details are displayed in the content pane.

Table 27-47 describes the Sec GW service details.

 

Table 27-47 Sec-GW Service Details

Field
Description

Sec GW Lookup tab

Priority

The priority value for the source and destination subnet size combination, which can be any value between 1 and 6.

Source Net Mask

The subnet size of the source net mask, which can be any value between 1 and 128.

Destination Net Mask

The subnet size of the destination net mask, which can be any value between 1 and 128.

Sec GW Service tab

Name

The name of the Wireless Security Gateway service.

Status

The status of the WSG service, which can be any one of the following:

  • Initial
  • Started

Bind

Indicates whether the WSG service is binded or not. A binded WSG service will have an associated IP Address and Crypto Template.

Max. Sessions

The maximum number of sessions that can be supported by the WSG service, which can be any value between 0 and 8000.

IP Address

The IP address of the WSG service.

UDP Port

The UDP port number of the WSG service.

MTU

The Maximum Transmission Unit (MTU) size before encryption, which can be any value between 576 and 2048.

Crypto Template

The name of the Crypto Template associated with the WSG service.

Deployment Mode

The mode of deployment for the WSG service, which can be any one of the following:

  • Remote Access—Remote access VPNs connect individual hosts to private networks. Every host must have the VPN client software so that when the host tries to send any traffic, the software encapsulates and encrypts the data before sending it through the VPN gateway at the edge of the target network.
  • Site to Site—Site to Site VPNs connect networks to each other. In this mode of deployment, the hosts do not have the VPN client software. TCP/IP traffic is sent and received through a VPN gateway, which is responsible for encapsulating and encrypting outbound traffic and sending it to a peer VPN gateway at the target site through a VPN tunnel.

Peer List

The peer list name for WSG service site-to-site mode.

Initiator Mode Duration

The duration WSG tries to initiate or retry a call when peer list is activated (default is 10 seconds).

Responder Mode Duration

The duration WSG waits for the peer to initiate a call when the peer list is activated.

Duplicate Session Detection

Enable duplicate session detection to allow only one IKESA per remote IKE-ID. Default: allow multiple IKESA per remote IKE-ID.

IPAllocation Type

The IP address from DHCP server.

DHCP Service Name

The DHCP service to be used when the allocation method is dhcp-proxy.

DHCP Context Name

The context in which the DHCP service is configured.

IP Access Group

The name of an access group.

DHCP IPv4

The IPv4 address of the DHCP server to be sent to the peer.

DHCP IPv6

The IPv6 address of the DHCP server to be sent to the peer.

Viewing the Connected Applications Configuration Details

Connected Applications (CA) provide the ability to host third party applications on or adjacent to Cisco networking infrastructure, and enable programmatic access to networking services in a controlled and consistent manner. Enabling CA will allow the ability to host applications on forge blade on an ASR9K platform. The WSG will be the first application to run on the forge blade, which will then interact with the ASR9K device through the CA.

To view the connected applications configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > SEC GW. The Vision client displays the connected applications details in the content pane.

Table 27-48 describes the connected applications details.

 

Table 27-48 Connected Applications Details

Field
Description

Session User ID

The ID of the user who has connected into the Connected Application session.

Session Name

The name of the Connected Applications session. The name is configured statically through the StarOS CLI before the session is established.

Session ID

The unique ID of the Connected Applications session. The ID is configured statically through the StarOS CLI before the session is established.

Session IP Address

The IP Address of the Connected Applications session. This address is configured statically through the StarOS CLI before the session is established.

Session Activation

Indicates whether the Connected Applications session is active.

note.gif

Noteblank.gif Two different connected applications clients must be able to connect to the same CA server so that one is considered active and the other standby.


RRI Mode

The Recursive Route Injection mode applicable to the Connected Applications session, which can be RAS, S2S, Both, and None.

CA Certificate Name

CA Certificate Name in the connected applications session.

HA Chassis Mode

The Chassis mode applicable to the Connected Applications session, which can be Inter, Intra, and Standalone.

HA Network Mode

The network mode for the Connected Applications session, which can be L2, L3, and NA.

SRP Status

The Service Redundancy Protocol status of the Connected Applications session, which can be any one of the following: UP, DOWN, ON, OFF, INIT, FAIL, REMOVED, ADMIN DOWN.

SRP State

The state of the connected applications session, which can be any one of the following: UP, DOWN, ON, OFF, INIT, FAIL, REMOVED, ADMIN DOWN.

The following nodes in Prime Network are also configured for WSG:

  • Crypto Template—A Crypto Template is a master file that is used to configure an IKEv2 IPSec policy. It includes most of the IPSec parameters and IKEv2 dynamic parameters for cryptographic and authentication algorithms. A security gateway service will not function without a configured crypto template and you can configure only one crypto template for a service.
  • Crypto Map—Crypto Maps define the tunnel policies that determine how IPSec is implemented for subscriber data packets. It selects data flows that need security processing and then defines policy for these flows and the crypto peer that traffic needs to go to. It is ultimately applied to an interface.
  • IKE SA— Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. The security associations define which protocols and algorithms should be applied to sensitive packets, and also specifies the keying material to be used by the two peers. If IKE is used to establish the security associations, the security associations will have lifetimes set so that they periodically expire and require renegotiation, thus providing an additional level of security.
  • Child IPSec SA—A Child-SA is created by IKE for use in Authentication Header (AH) or Encapsulating Security Payload (ESP) security. Two Child-SAs are created as a result of one exchange – Inbound and Outbound. A Child-SA is identified by a single four-byte SPI, Protocol and Gateway IP Address and is carried in each AH/ESP packet.
  • Transform Sets—Transform Sets define the negotiable algorithms for IKE SAs (Security Associations) and Child SAs to enable calls to connect to the ePDG. For more information, see Viewing the Transform Set Details.
  • CA-Certificates—Certificate or Certification Authority (CA) is an entity that issues digital certificates, which certifies the ownership of a public key by the named subject of the certificate. This allows others (that is, relying parties) to rely upon signatures or assertions made by the private key that corresponds to the public key that is certified. In this model of trust relationships, CA is a trusted third party that is trusted by both the subject (that is, owner) of the certificate and the party relying upon the certificate.

Viewing the Crypto Template Configuration Details

To view the crypto template configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Security Association > Crypto Template > Double click on any template name and check NATT attributes.

Table 27-49 NATT Attributes

Field
Description

NATT Include Header

Specifies that NATT includes header.

NATT

Indicates that the NAT-T initiation is enabled for all security association, which is derived from the crypto map.

NATT Send Keepalive Interval

Shows the NAT-T sending frequency for security gateway keepalive interval in seconds.

NATT Send Keepalive IdleInterval

Displays the waiting period in seconds. The displayed waiting period is before the security gateway starts sending NAT keepalive.

IKEv2 MTU Size IPv4

The MTU size of the IKEv2 payload for IPv4 tunnel.

IKEv2 MTU Size IPv6

The MTU size of the IKEv2 payload for IPv6 tunnel.

CERT Enc Type URL Allowed

Indicates that CERT enc type other than the default type is enabled or not.

Custom FQDN Allowed

Shows whether the custom FQDN is enabled or disabled for a SecGW service.

DNS Handling

Indicates the DNS handling behavior for a crypto template.

Choose > Context > Security Association > Crypto Template > Double-click on any Crypto Template > Payload Tab > Double Click on any entries and check remaining attributes here. The Vision client displays the details of Crypto Template in the content pane.

Table 27-50 describes the Crypto Template configuration details.

Table 27-50 Crypto Template Properties in Logical Inventory

Field
Description

Type

Indicates the version of the Internet Key Exchange protocol that is configured, which can be IKE v1 or IKE v2.

Status

The completion status of the template, which indicates whether the template is configured with the required properties to establish secure tunnel between local and remote peers. The status can be:

  • Incomplete–The template needs to be configured further before applying or associating to a security gateway service.
  • Complete–All properties/attributes are configured.

Access Control List

The status of the blacklist/whitelist subscribers attached to the crypto template, which can be enabled or disabled.

note.gif

Noteblank.gif The Blacklist or Whitelist is a list based on which the ISP allows traffic or denies services to a particular subscriber. Rules are configured on each list, and this list is then applied to the traffic.


Remote Secret List

The remote secret list applicable to the crypto template.

note.gif

Noteblank.gif The remote secret list contains a list of secret IP addresses. When an authorization request is received, peer ID is checked in this list


OCSP Status

Indicates whether the Online Certificate Status Protocol applicable to the crypto template is enabled or disabled.

note.gif

Noteblank.gif The OCSP is an Internet protocol that is used to obtain the revocation status of an x.509 digital certificate.


OCSP Nonce Status

Indicates whether the OCSP nonce applicable to the crypto template is enabled or disabled.

note.gif

Noteblank.gif An OCSP may contain a nonce request extension to improve security against replay attacks.


Self Certificate Validation

Indicates whether the self certificate validation for the crypto template is enabled or disabled.

note.gif

Noteblank.gif Self Certificate Validation indicates the certificate that is signed by the entity whose identity it certifies.


Dead Peer Detection

Indicates whether the Dead Peer Detection for the crypto template is enabled or disabled.

note.gif

Noteblank.gif The Dead Peer Detection method detects a dead Internet Key Exchange peer and reclaims the lost resource. This method uses IPSec traffic patterns to minimize the number of messages required to confirm the availability of a peer. It is also used to perform IKE peer failover.


Payload Identifier

The name of the payload, which can be any one of the following:

  • Phase-1—contains IPv4 Address and Key ID as the payload values.
  • Phase-2 SA—contains IPv4 Address and Subnet as the payload values.

IKE Mode

The Internet Key Exchange (IKE) mode for the crypto template, which can be any one of the following:

  • Main Mode–In this mode, the initiator sends a proposal to the responder. In the first exchange, the initiator proposes the encryption and authentication algorithms to be used and the responder chooses the appropriate proposal. In the second exchange, the Diffie-Hellman public keys and other data are exchanged. In the last and final exchange, the ISAKMP session is authenticated. Once the IKE SA is established, IPSec negotiation begins.
  • Aggressive Mode–In this mode, the initiator sends three packets that contain the IKE SA negotiation along with the data required by the security association. The responder chooses the proposal, key material, and ID and authenticates the session in the next packet. The initiator replies to this by authenticating the session. When compared to the Main Mode, negotiation is much quicker in this mode.

Perfect Forward Secrecy

The Perfect Forward Secrecy (PFS) value for the crypto template.

note.gif

Noteblank.gif To ensure that derived session keys are not compromised and to prevent a third party discovering a key value, IPSec uses PFS to create a new key value based on values supplied by both parties in the exchange.


Number of IPSec Transforms

The number of IPSec transforms applicable for the crypto template.

note.gif

Noteblank.gif An IPSec transform specifies a single IPSec security protocol (either AH or ESP) with its corresponding security algorithms and mode. For example, the AH protocol with HMAC with MD5 authentication algorithm in tunnel mode is used for authentication.


Local Gateway Address

The IP Address of the responder, which represents the local end of the security associations.

Remote Gateway Address

The IP address of the initiator, which represents the remote end of the security associations.

Payload Attributes

IPv4 PCSCF Payload Value

Defines the IPv4 PCSCF payload value.

IPv6 PCSCF Payload Value

Defines the IPv6 PCSCF payload value.

IMEI Payload Value

Defines the IMEI payload value.

IPv4 Fragment Type

The fragment type when User Payload is ipv4 type and DF bit is not set.

Maximum Child SA

The maximum number of IPsec child security associations, which is derived from a single IKEve IKE security association.

Ignore Rekeying Requests

Ignores rekeying requests for IPsec SA

Lifetime

The lifetime in seconds for IPsec Child Security Associations derived from a Crypto Template.

Lifetime (KB)

Shows the lifetime in kilo bytes for IPsec Child Security Associations derived from a Crypto Template.

TSI Start Address

The starting address for the IKEv2 initiator traffic selector payload.

TSI End Address

The ending address for the IKEv2 initiator traffic selector payload.

TSR Start/End Address

The starting or ending address for the IKEv2 responder traffic selector payload.


 

Viewing the Crypto Map Configuration Details

To view the crypto map configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Security Association > Crypto Map > Crypto Maps. The Vision client displays the map details in the content pane.

Table 27-51 describes the crypto map configuration details.

 

Table 27-51 Crypto Map Properties in Logical Inventory

Field
Description

Name

The unique name of the crypto map.

Status

The current status of the crypto map, which can be Complete or Incomplete.

Type

The type of the crypto map, which can be any one of the following:

  • IPSEC IKEv2 over IPv4
  • IPSEC IKEv2 over IPv6

OCSP Status

Indicates whether the OCSP request status is enabled for the crypto map.

Local Authentication

The local authentication method to be used by the crypto map, which can be Certificate, Pre-shared-key, or EAP_Profile.

Remote Authentication

The remote authentication method to be used by the crypto map, which can be Certificate, Pre-shared-key, or EAP_Profile.

OCSP Nonce Status

Indicates whether the OCSP Nonce Status is enabled for the crypto map.

Don’t Fragment

The Control Don’t Fragment number that is available in the IPSec outer header.

Remote Gateway

The IP Address of the remote gateway that is configured in the peer parameters.

Access Control List

The status of the blacklist/whitelist subscribers attached to the crypto template, which can be enabled or disabled.

note.gif

Noteblank.gif The Blacklist or Whitelist is a list based on which the ISP allows traffic or denies services to a particular subscriber. Rules are configured on each list, and this list is then applied to the traffic.


Crypto Map Payload tab

Name

The name of the crypto map payload.

IKESA Transform Sets tab

Id

The unique ID of the crypto map IKSEA transform set.

Encryption

The encryption algorithm and encryption key length for the IKEv2 IKE security association. This field defaults to AESCBC-128.

PRF

The PRF associated to the crypto map.

note.gif

Noteblank.gif The PRF is used to generate keying material for all cryptographic algorithms used in IKE SA and the child SAs. This PRF produces a string that an attacker cannot distinguish from random bit without the secret key.


HMAC

The Hash Message Authentication Code applicable for the crypto map. The HMAC is used to simultaneously verify both data integrity and the authentication of the message.

DH Group

The Diffie-Hellman group that is associated to the crypto map. This group is used to determine the length of the base prime numbers used during the key exchange in IKEv2. The cryptographic strength of any derived key partly depends on the DH group upon which the prime number is based.

Step 3blank.gif In the Crypto map Payload tab, right-click a Payload name and select Properties. The Crypto Map Payload Properties window is displayed.

Table 27-52 describes the crypto map configuration details.

 

Table 27-52 Crypto Map Payload Properties

Field
Description

IPSecSA Transform Sets tab

ID

The unique ID that identifies the crypto map IPSecSA transform set.

Protocol

The transport protocol used at the inbound site, which can be ESP or AH.

Encryption

The encryption algorithm and encryption key length for the IKEv2 IKE security association. This field defaults to AESCBC-128.

HMAC

The Hash Message Authentication Code applicable for the crypto map.

DH Group

The Diffie-Hellman group that is associated to the crypto map.

Viewing the IKE SA Configuration Details

To view the IKE SA configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Security Association > IKE IPSec SA. The Vision client displays a list of IKE Security Associations in the content pane.

Step 3blank.gif Right-click a IKE SA and choose Properties. The IKE IPSec Security Association – Properties window is displayed.

Table 27-53 describes the IKE SA configuration details.

 

Table 27-53 IKE SA Configuration Details

Field
Description

Remote IP Address

The IP address of the remote gateway.

Local IP Address

The IP address of the local gateway.

Remote WSG Port

Port number of the remote gateway.

Local WSG Port

Port number of the local gateway.

Crypto Map Name

The name of the Crypto Map facilitating the security association.

Authentication Status

The status of the IKE Security Association. This is defined based on the authentication of phase 1 and phase 2 of the SA establishment and can be any one of the following:

  • Authentication Completed–if authentication is successful for both phase 1 and phase 2.
  • Authentication Initialization–if authentication is successful for phase 1 but awaiting request from IKE peer for phase 2.

Redundancy Status

The redundancy status of the IKE security association, which can be any one of the following:

  • Original tunnel—Session recovery is successful.
  • Recovered tunnel—Session recovery is configured and the IPSec manager instance, on which the tunnel is created, is killed.

Role

The role of the entity that is establishing the security association, which can be any one of the following:

  • Initiator–The entity that initiated the security association.
  • Responder–The entity that is responding to the security association.

IPSec Manager

The IPSec manager of the IKE Security Association, which is created and associated to a tunnel.

Send Rekey Requests

Indicates whether the rekey request to be sent to the peer host is enabled.

note.gif

Noteblank.gif Rekey refers to the process of changing the encryption key of the ongoing communication, which helps to limit the amount of data encrypted using the same key.


Process Rekey Requests

Indicates whether the rekey request must be processed.

Soft Lifetime

The soft lifetime of the IKE security association. When this lifetime expires, a warning message is given to implement the setup for the SA. Setting up involves refreshing the encryption or authentication keys.

note.gif

Noteblank.gif The security gateway initiates the rekey request after the soft lifetime expires. This lifetime is calculated as 90 percent of the hard lifetime.


Hard Lifetime

The hard lifetime of the IKE security association. The current SA is deleted on expiration of the hard lifetime. The policies accessing the SA will exist, but they are not associated to an SA.

Dead Peer Detection

Indicates whether the dead peer detection feature is enabled for the security association.

note.gif

Noteblank.gif This feature is used to detect dead IKE peer. It also reclaims lost resources if the peer is found dead.


Initiator Cookie

The cookie of the entity that initiated the SA establishment, notification or deletion.

Responder Cookie

The cookie of the entity that is responding to the establishment, notification or deletion request.

Algorithms tab

DH Group

The Diffie-Hellman group for the IKE SA.

HMAC

The Hash Message Authentication Code applicable for the IKE SA.

Encryption

The encryption algorithm for the IKE security association, which is used to encrypt the data. Information is made into meaningless cipher text, and you need a key to transform this text back into the original form.

PRF

The PRF associated to the IKE SA.

Child-SA Parameters tab

Current Child-SA Instantiations

The number of instantiations for the child security association.

Total Child-SA Instantiations

The total number of times the child security association is instantiated.

Lifetime

The number of times the child security association is deleted due to lifetime expiration.

Terminations (Other)

The number of times the child security association is deleted due to reasons other than lifetime expiration.

NAT tab

Sent

Indicates whether the Network Address Translator (NAT) payload can be sent from a peer to NAT gateway.

Received

Indicates whether the NAT payload can be received by the NAT gateway from the peer.

Behind Local

Indicates whether the NAT is available for the local entity.

Behind Remote

Indicates whether the NAT is available for the remote entity.

Encapsulation in Use

Indicates whether encapsulation of payload is enabled for IKE SA.

IKEv2 Fragmentation

Indicates whether IKESA fragmentation or re-assembly support.

Child SAs tab

Id

The unique code of the child security association that is associated to the IKE SA.

SPI

The Security Parameter Index (SPI) that is added to the header while using IP Security for tunneling the traffic. This tag helps the kernel to distinguish between two traffic streams that use different encryption rules and algorithms.

Viewing the Child IPSec SA Configuration Details

To view the Child IPSec SA Configuration Details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Security Association > Child IPSec SAs. The Vision client displays a list of IPSec Security Associations in the content pane.

Step 3blank.gif Right-click an IPSec SA and choose Properties. The Child IPSec Security Association Properties window is displayed.

Table 27-54 describes the Child IPSec SA configuration details.

 

Table 27-54 Child IPSec SA Configuration Details

Field
Description

IP Address

The IP address of the local wireless security gateway service that is facilitating the security association.

Remote Peer Address

The IP address of the remote WSG service that is facilitating the security association.

Outbound SPI

The Security Parameter Index (SPI) of the outbound security association.

Inbound SPI

The SPI of the inbound security association.

SA Status

The status of the security association, which can be any one of the following:

  • Established
  • Not Established
  • No SAs

Redundancy Status

The redundancy status of the security association, which can be any one of the following:

  • Original Tunnel–No failure has occurred.
  • Recovered Session–A failure has occurred and a recovery session has been created.

Crypto Map Name

The name of the crypto map facilitating the security association. This name is derived from the crypto template that is applied to the transform set parameters.

Crypto Map Type

The type of crypto map facilitating the security association, which can be any one of the following:

Manual Tunnel, MIP Tunnel, L2TP Tunnel, Subscriber Tunnel, IKEv2 Simulator Tunnel, Dynamic Tunnel, IKEv1 Tunnel, IKEv2 Tunnel, IKEv2 IPv4 Tunnel, IKEv2 IPv6 Tunnel, IKEv2 Simulator Tunnel, IKEv2 Subscriber, IKEv2 IPv4, IKEv2 IPv6, CSCF Subscriber, IMS CSCF Template, IKEv2 Template, IKEv2 Simulator Template.

Allocated Address

The IP address allocated to the Network Access Identifiers (NAI) of the users.

ESN

Enable Extended Sequence Number (ESN) for IPSec (ESP/AH).

Network Address Identifier

The Network Address Identifier (NAI) applicable to the security association, which is used to identify the user as well as to assist in routing the authentication request.

IPSec Manager Instances

The number of IPSec managers facilitating the security association.

Rekeying

Indicates whether rekeying is applicable for the security association.

Rekey Count

The total number of times the tunnel has been rekeyed.

DH Group

The Diffie-Hellman group to which the security association belongs.

Inbound/Outbound tab

SPI

The SPI of the inbound/outbound security association.

Protocol

The transport protocol used at the inbound/outbound side, which can be any one of the following:

  • ESP – Encapsulating Security Payload
  • AH – Authentication Header
  • PCP – Payload Compression Payload

HMAC Algorithm

The keyed HMAC used for the inbound/outbound security association, which can be shal-96 or md5-96.

Encryption Algorithm

The encryption algorithm used for the inbound/outbound security association, which can be Null, des, 3des, aes-cbc-128, or aes-cbc-256.

Hard Lifetime

The hard lifetime of the security association, on the expiration of which the currently used security association will be deleted.

Soft Lifetime

The soft lifetime of the security association, on the expiration of which WSG initiates a rekey.

Anti Replay

Indicates whether the anti replay feature is enabled for the security association.

note.gif

Noteblank.gif Anti replay is a sub-protocol of IPSec that prevents hackers from injecting or making changes in packets that travel from a source to destination.


Anti Replay Window Size

The window size (in bits) of the anti-replay feature, which can be 32, 64, 128, 256, 384 and 512.

Traffic Selectors tab

Id

The unique ID assigned to the traffic selector.

note.gif

Noteblank.gif A packet arriving at an IPSec subsystem must be protected through the IPSec tunneling. This is accomplished through the traffic selector, which allows two endpoints to share their information from the SDPs.


Role

The role of the IKE security association, which can be Initiator or Responder.

Protocol ID

The protocol ID for the security association.

Port Range

The range of ports applicable for the security association.

IP Range

The range of IP addresses applicable for the security association.

Viewing the CA Certificate Configuration Details

To view the CA certificate configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Security Association > CA Certificates. The Vision client displays a list of CA Certificates in the content pane.

Step 3blank.gif Right-click the CA Certificate and choose Properties. The CA Certificate Properties window is displayed.

Table 27-55 describes the CA certificate configuration details.

 

Table 27-55 CA Certificate Configuration Details

Field
Description

Name

The name of the CA certificate.

Status

The status of the CA certificate, which can Valid or Invalid.

note.gif

Noteblank.gif A certificate can become invalid if there is an error during the download process, or if the file gets corrupted locally or remotely.


Version

The version of the CA certificate. This version indicates the functionality supported in each version.

Serial Number

The serial number of the CA certificate that is used to uniquely identify it.

Signature Algorithm

The algorithm used to sign the certificate issued with any public key algorithm supported by the CA. For example, ECC signing certificate can sign both ECC and RSA certificates as long as both these algorithms are supported by CA.

Issuer

The details of the CA certificate issues, such as the country, state, location, and organization.

Public Key Algorithm

The public key algorithm that is used to sign the digital signature supported by the CA.

Subject

The details of the owner of the CA certificate, such as the country, state, location, and organization.

Validity Start Time

The date and time from when the CA certificate is valid.

Validity End Time

The date and time up to which the CA certificate is valid.

Configuring Wireless Security Gateway

The following commands can be launched from the inventory by right-clicking AAA group and then choosing Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions for Vision Client NE-Related Operations). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

Command
Navigation
Input Required and Notes

Create Sec GW

Right-click a context > Commands > Configuration

Use this command to create a new security gateway.

Modify Sec GW

context > Sec GW > right-click a Sec GW service > Commands > Configuration

Use this command to modify a security gateway service.

Delete Sec GW

Use this command to delete a security gateway service.

Show Sec GW

context > Sec GW > right-click a Sec GW service > Commands > Show

Use this command to view details of the selected security gateway service.

Create Sec GW Lookup

Right-click the device > Commands > Configuration

Use this command to create a new security gateway Lookup.

Modify Sec GW Lookup

context > SEC GW > In the Sec GW Lookup tab in the content pane, right-click the Priority field > Commands > Configuration

Use this command to modify security gateway Lookup details.

Delete Sec GW Lookup

Use this command to delete security gateway Lookup.

Show SEC GW Lookup

Right-click the device > Commands > Show > Show SEC GW Lookup

-OR-

context > SEC GW > In the Sec GW Lookup tab in the content pane, right-click the Priority field > Commands > Show

Use this command to view security gateway lookup details.

Create Crypto Template

Right-click the context > Commands > Configuration

Use this command to create a new crypto template.

Modify Crypto Template

context > IP Security > Crypto Template > right-click a crypto template > Commands > Configuration

Use this command to modify details of the selected crypto template.

Delete Crypto Template

Use this command to delete a crypto template.

Show Crypto Template

context > IP Security > Crypto Template > right-click a crypto template > Commands > Show

Use this command to view crypto template details.

Add Payload

context > IP Security > Crypto Template > right-click a crypto template > Commands > Configuration

Use this command to add a payload.

Modify Payload

context > IP Security > Crypto Template > select a crypto template > In the Crypto Template Payloads tab in the content pane, right-click a Payload instance > Commands > Configuration

Use this command to modify payload details.

Delete Payload

Use this command to delete a payload.

Modify Crypto Template IKESA

context > IP Security > Crypto Template > right-click a crypto template > Commands > Configuration

Use this command to modify details of the selected Crypto Template IKESA.

Create CA Certificate

Right-click the device > Commands > Configuration

Use this command to create a new CA certificate.

Delete CA Certificate

context > IP Security > CA Certificate > right-click a certificate > Commands > Configuration

Use this command to delete the selected CA certificate.

Show CA Certificate

context > IP Security > CA Certificate > right-click a certificate > Commands > Show

Use this command to view the CA certificate details.

Show IKE SAs

context > IP Security > right-click IKE IPsec SA > Commands > Show

Use this command to view details of the selected IKE SA.

Create IKEv2 Transform Set

Right-click the context > Commands > Configuration

Use this command to create a new IKEv2 transform set.

Modify IKEv2 Transform Set

context > IP Security > Transform Set > IKEv2 > right-click a transform set > Commands Configuration

Use this command to modify the IKEv2 transform set details.

Delete IKEv2 Transform Set

Use this command to delete the selected IKEv2 transform set.

Show IKEv2 Transform Set

context > IP Security > Transform Set > IKEv2 > right-click a transform set > Commands > Show

Use this command to view the IKEv2 transform set.

Create IKEv2 IPSec Transform Set

Right-click the context > Commands > Configuration

Use this command to create a new IKEv2 IPSec transform set.

Modify IKEv2 IPSec Transform Set

context > IP Security > Transform Set > IKEv2 IPSec > right-click a transform set > Commands > Configuration

Use this command to modify the details of the selected IKEv2 IPSec transform set.

Delete IKEv2 IPSec Transform Set

Use this command to delete the selected IKEv2 IPSec transform set.

Show IKEv2 IPSec Transform Set

context > IP Security > Transform Set > IKEv2 IPSec > right-click a transform set > Commands > Show

Use this command to view details of the selected IKEv2 IPSec transform set.

Modify Connected Apps

Right-click the device > Commands > Configuration

Use this command to modify the connected application details.

Show Connected Apps

Right-click the device > Commands > Show > Show Connected Apps

Use this command to view the connected application details.

Create Crypto Map

Right-click the context > Commands > Configuration

Use this command to create a new crypto map.

Modify Crypto Map

context > IP Security > Crypto Map > right-click a crypto map > Commands > Configuration

Use this command to modify the crypto map details.

Delete Crypto Map

Use this command to delete the selected crypto map.

Show Crypto Map

context > IP Security > Crypto Map > right-click a crypto map > Commands > Show

Use this command to view details of the selected crypto map.

Create Crypto Map Payload

context > IP Security > Crypto Map > right-click a crypto map > Commands > Configuration

Use this command to create a new crypto map payload.

Modify Crypto Map Payload

context > IP Security > Crypto Map > select a crypto map > In the Crypto Map Payload tab in the content pane, right-click the Name > Commands > Configuration.

Use this command to modify details of the selected crypto map payload.

Delete Crypto Map Payload

Use this command to delete the crypto map payload.

Show IPSec SAs

context > IP Security > right-click IKE IPsec SA > Commands > Show

Use this command to view details of the selected IPSec SA.

LTE Networks

These topics describe how to use Prime Network to monitor LTE networks and technologies:

Overview of LTE Networks

Long Term Evolution (LTE) is the latest step in moving forward from the cellular 3G services, such as GSM to UMTS to HSPA to LTE or CDMA to LTE. LTE is based on standards developed by the Third Generation Partnership Project (3GPP). LTE may also be referred more formally as Evolved UMTS Terrestrial Radio Access Network (E-UTRAN). Following are the main objectives of an LTE network.

  • Increased downlink and uplink peak data rates
  • Scalable bandwidth
  • Improved spectral efficiency
  • All IP network

Figure 27-5 provides the topology of a basic LTE network.

Figure 27-5 Basic LTE Network Topology

 

320104.tif

Working with LTE Network Technologies

The E-UTRAN uses a simplified single node architecture consisting of the eNodeBs (E-UTRAN Node B). The eNB communicates with the Evolved Packet Core (EPC) using the S1 interface, specifically with the Mobility Management Entity (MME) and Serving Gateway (S-GW) using S1-U interface. The PDN Gateway (P-GW0 provides connectivity to the external packet data networks.

Following sections provide more details on these services and their support in Prime Network:

Monitoring System Architecture Evolution Networks (SAE-GW)

Systems Architecture Evolution (SAE) has a flat all-IP architecture with separation of control plane and user plane traffic. The main component of SAE architecture is the Evolved Packet Core (EPC), also known as SAE Core. The EPC serves as an equivalent to GPRS networks by using its subcomponents Mobility Management Entities (MMEs), Serving Gateway (S-GW), and PDN Gateway (P-GW).

Mobility Management Entity (MME)

MME is the key control node for a Long Term Evolution (LTE) access network. It is responsible for idle mode User Equipment (UE) tracking and paging procedure including retransmissions. It is involved in the bearer activation/deactivation process and is also responsible for choosing the S-GW for a UE at the initial attach and at time of intra-LTE handover involving Core Network (CN) node relocation. The MME also provides the control plane function for mobility between LTE and 2G/3G access networks with the S3 interface terminating at the MME from the SGSN.

Serving Gateway (S-GW)

The S-GW routes and forwards user data packets, while also acting as the mobility anchor for the user plane during inter-eNodeB handovers and as the anchor for mobility between LTE and other 3GPP technologies. For idle state UEs, the S-GW terminates the downlink data path and triggers paging when downlink data arrives for the UE. It manages and stores UE contexts, such as parameters of the IP bearer service, network internal routing information, and so on. It also performs replication of the user traffic in case of lawful interception. For more information, see Working with Serving Gateway (S-GW).

PDN Gateway (P-GW)

The P-GW provides connectivity from the UE to external packet data networks by being the point of exit and entry of traffic for the UE. A UE may have simultaneous connectivity with more than one P-GW for accessing multiple PDNs. The P-GW performs policy enforcement, packet filtering for each user, charging support, lawful interception, and packet screening. Another key role of the P-GW is to act as the anchor for mobility between 3GPP and non-3GPP technologies such as WiMAX and 3GPP2. For more information, see Working with PDN-Gateways (P-GW).

Running S-GW and P-GW services together as a SAE-GW provides the following benefits:

  • Higher capacity—For a UE with one PDN connection that is passing through standalone S-GW and P-GW services consumes 2 license units because both S-GW and P-GW services account for it separately. SAE-GW as a single node consumes only one license unit for the same, thus increasing the capacity.
  • Cohesive configuration—Configuration and management of SAE-GW as a node is simpler to follow and logical to explain.

See Viewing SAE-GW Properties for details on how to view SAE-GW properties in the Vision client.

Viewing SAE-GW Properties

The Vision client displays the SAE-GWs in a SAE-GW container under the Mobile node in the logical inventory. The icon used for representing SAE-GW in the logical inventory is explained in NE Logical Inventory Icons.

To view SAE-GW properties:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > SAE-GW Container.

The Vision client displays the list of SAE-GW services configured under the container. You can view the individual SAE-GW service details from the table on the right pane or by choosing Logical Inventory > Context > Mobile > SAE- GW Container > SAE-GW.

Table 27-56 describes the details available for each SAE-GW.

 

Table 27-56 SAE-GW Properties in Logical Inventory

Field
Description

Service Name

Name of the SAE-GW service.

Service ID

ID of the SAE-GW service.

Status

Status of the SAE-GW service.

P-GW Service

The P-GW service associated with the SAE-GW.

S-GW Service

The S-GW service associated with the SAE-GW.

New Call Policy

Specifies if the new call related behavior of SAE-GW service is enabled or disabled, when duplicate sessions with same IP address request is received.

GTPU Service

The GTPU service associated with the SAE-GW.

Sx Service

The Sx service associated with the SAE-GW.

CUPS Enabled

Specifies if CUPS is enabled or disabled.


 

SAE-GW Commands

The following SAE-GW commands can be launched from the inventory by right-clicking a SAE-GW and choosing Commands > Configuration. Your permissions determine whether you can run these commands (seePermissions Required to Perform Tasks Using the Prime Network Clients). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-57 SAE-GW Commands

Command
Navigation
Description

Create SAE GW

Logical Inventory > right-click the context > Commands > Configuration

Use this command to create SAE GW.

Delete SAE GW

Right-click the SAE GW > Commands > Configuration

Use this command to delete or modify the configuration details for a SAE GW.

Modify SAE GW

Working with PDN-Gateways (P-GW)

A PDN Gateway (P-GW) is the node that terminates the SGi interface towards the PDN. If a user equipment (UE) is accessing multiple PDNs, there may be more than one P-GW for that UE. The P-GW provides connectivity to the UE to external packet data networks by being the point of exit and entry of traffic for the UE. A UE may have simultaneous connectivity with more than one P-GW for accessing multiple PDNs.

The P-GW facilitates policy enforcement, packet filtering for each user, charging support, lawful interception, and packet screening. The features of P-GW include:

  • Integration of multiple core network functions in a single node
  • Multiple instances of P-GW can enable call localization and local breakout
  • High performance across all parameters like, signaling, throughput, density, and latency
  • Integrated in-line services
  • Support for enhanced content charging, content filtering with blacklisting, dynamic network-based traffic optimization, application detection and optimization, stateful firewall, NAT translation, and lawful intercept
  • High-availability helps to ensure subscriber satisfaction

The following topics explain how to work with P-GW in the Vision client:

Viewing P-GW Properties

The Vision client displays the P-GWs in a P-GW container under the Mobile node in the logical inventory. The icon used for representing P-GW in the logical inventory is explained in NE Logical Inventory Icons.

To view P-GW properties:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > P-GW Container.

The Vision client displays the list of P-GW services configured under the container. You can view the individual P-GW service details from the table on the right pane or by choosing Logical Inventory > Context > Mobile > P-GW Container > P-GW.

Figure 27-6 P-GW Properties

433935.tiff

Table 27-58 describes the details available for each P-GW.

 

Table 27-58 P-GW Properties in Logical Inventory

Field
Description

Service Name

Name of the P-GW service.

Service Status

Status of the P-GW service.

EGTP Service

Evolved GPRS Tunneling Protocol (EGTP) service associated with the P-GW. EGTP provides tunneling support for the P-GW.

GGSN Service

GGSN service associated with the P-GW.

LMA Service

Local Mobility Anchor (LMA) that facilitates proxy mobile IP on the P-GW.

QCI QoS Mapping Table Name

Table name of QoS class indices that enforce QoS parameters.

New Call Policy

Specifies if the new call related behavior of P-GW service is enabled or disabled, when duplicate sessions with same IP address request is received.

Session Delete Delay Timeout

Duration, in seconds, to retain a session before terminating it.

SAE-GW Service

Systems Architecture Evolution (SAE) gateway service associated with the P-GW.

Setup Timeout

The timeout (duration in seconds) for setting up the session. Ranges from 1 to 120. Default is 60 seconds.

GTPC Load Control Profile

Specifies the GTPC load control profile for the P-GW service.

GTPC Overload Control Profile

Specifies the GTPC overload control profile for the P-GW service.

GTPC Cause Code Mapping

Specifies the GTPC cause code mapping for the P-GW service.

PCSCF Restoration Solution

Specifies the mechanism to support PCSCF restoration, which can be one of the following: HSS-based (Private Extension) and HSS-based (Release12).

Throttling Override

Specifies throttling override.

Throttling Override Policy

Specifies the throttling override policy.

Message Timestamp Draft

Displays the message timestamp for the P-GW service.

Duplicate Subscriber Addr Request IPV6

Shows how duplicate sessions with same IPv6 address request are configured. The default configuration disables the support to accept duplicate v6 address request.

Internal Qos Application

Specifies whether the internal Qos application is enabled or disabled for P-GW service.

Event Reporting

Shows reporting of events.

Internal Qos Policy

Specifies the internal Qos policy for P-Gw service.

DNS Client Context Name

Displays the DNS client context name for P-Gw service.

Gx-Li Context

Displays Gx LI X3 interface context that is associated with the service.

Gx-Li Transport

Displays Gx LI X3 interface content delivery transport. Default transport is UDP.

Authorize

This command enables or disables subscriber session authorization through a Home Subscriber Server (HSS) over an S6b Diameter interface. This feature is required to support the interworking of GGSN with P-GW and HA.

S6b IPV6 Reporting

Enables ipv6 reporting through AAR towards s6b interface.

Fqdn Name

Designates PGW FQDN host and realm as a string between 1 and 255 alpha-numeric characters.

Subscriber Map Name

The subscriber map name associated with the P-GW service is available or not.

Session Delete Delay Timer

The session delete timeout.

Retain MDN

Shows the retained value of either MSISDN or MDN value retained, which is negotiated during the call setup for the lifetime of call.

P-CSCF Restoration Supported for Emergency PDNs

Enables P-CSCF restoration for emergency PDNs.

Re-Auth After s6b Triggered P-CSCF Restoration

Enables Re-Auth after S6b triggered P-CSCF restoration of WLAN. This is applicable only for S2a and S2b.

Note By default, Re-Auth is performed for P-CSCF restoration extension on S6b.

DCNR

Enables Dual Connectivity with the New Radio (DCNR) to support 5G Non-Standalone (NSA).

Step 3blank.gif If the P-GW is associated with PLMNs, you can view the details of the PLMNs on clicking the specified P-GW.

eGTP Characteristics

The Vision client displays the EGTP characteristics in an EGTP container under the Mobile node in the logical inventory. The icon used for representing EGTPs in the logical inventory is explained in NE Logical Inventory Icons.

To view EGTP characteristics:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > EGTP Characteristics.

Table 27-59 describes the EGTP Characteristics.

Table 27-59 EGTP Characteristics

Field
Description

Overcharging Properties

Overcharge protection is described as temporarily not charging during loss of radio coverage.

Drop Policy

The drop policy is enabled while over charging protection is enabled. There are two drop policies:

  • drop-all —Configures overcharge protection to drop all packets.
  • received transmit-all —Configures overcharge protection to send all received packets

SGW Restoration Handling

Configuration is related to SGW-restoration.

Session Hold Timer

Session time hold for SGW-restoration. It can be configured only when SGW-restoration is enabled.

Timeout

It specifies session hold timer in seconds when the SGW-restoration is enabled. Value range: 1 - 3600

Modify Bearer Cmd Negotiate QoS

It prefers PCRF Authorized QoS rather than Requested QoS in Modify-bearer-command procedure.

Bit Rate in Rounded Down Kbps

The rounded down Kbps value of Bit Rate is enabled or disabled on GTP interface.

Suppress Update Bearer Request

Enables the P-GW to suppress the Update Bearer Request (UBR) message UBR, if the bit rate is the same after the round-off.

EGTP Cause Code Handling

Enables eGTP Cause Code Handling when the P-GW receives a temporary failure response from peer (cause code 110).

Note All transactions that are moved to a pending queue due to temporary cause failure is re-attempted.

 

 


 

P-GW Commands

The following P-GW commands can be launched from the inventory by right-clicking a P-GW and choosing Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-60 P-GW Commands

Command
Navigation
Description

Create P-GW PLMN

Right-click the P-GW service > Commands > Configuration > Mobility

Use this command to create a PLMN for P-GW.

Delete P-GW

Use this command to delete a P-GW.

Modify P-GW

Use this command to modify the configuration details for a P-GW.

Enabling DCNR in P-GW Service

Follow these steps to enable DCNR to support 5G NSA:

note.gif

Noteblank.gif Prime Network supports NSA from StarOS 21.11 onwards.



Step 1blank.gif Install NSA license on the ASR 5500 device for which you want to enable 5G NSA:

20000 5G NSA feature Set 100k Sess VPCSW Active

Step 2blank.gif Once the license is enabled, the DCNR option is available in pgw-service configuration mode. Enable DCNR option from the device.

Step 3blank.gif The DCNR field is now visible in the Vision GUI. See P-GW Properties.

Working with Serving Gateway (S-GW)

In a Long Term Evolution (LTE) / Systems Architecture Evolution (SAE) network, a Serving Gateway (S-GW) acts as a demarcation point between the Radio Access Network (RAN) and core network, and manages user plane mobility. It serves as the mobility anchor when terminals move across areas served by different eNode-B elements in Evolved UMTS Terrestrial Radio Access Network (E-UTRAN), as well as across other 3GPP radio networks such as GSM EDGE Radio Access Network(GERAN) and UTRAN. S-GW buffers downlink packets and initiates network-triggered service request procedures. Other functions include lawful interception, packet routing and forwarding, transport level packet marking in the uplink and the downlink, accounting support for per user, and inter-operator charging. The S-GW routes and forwards user data packets, while also acting as the mobility anchor for the user plane during inter-eNode-B handovers and as the anchor for mobility between LTE and other 3GPP technologies.

For idle state user equipment (UE), the S-GW terminates the downlink data path and triggers paging when downlink data arrives for the UE. It manages and stores UE contexts, such as parameters of the IP bearer service, network internal routing information, and so on. It also performs replication of the user traffic in case of lawful interception.

The following topics provide details on how to work with S-GWs in the Vision client:

Viewing S-GW Properties

The Vision client displays the S-GWs in a S-GW container under the Mobile node in the logical inventory. The icon used for representing S-GW in the logical inventory is explained in NE Logical Inventory Icons.

To view S-GW properties:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > S-GW Container.

The Vision client displays the list of S-GW services configured under the container. You can view the individual S-GW service details from the table on the right pane or by choosing Logical Inventory > Context > Mobile > S-GW Container > S-GW.

Table 27-61 describes the details available for each S-GW.

 

Table 27-61 S-GW Properties in Logical Inventory

Field
Description

Service Name

Name of the S-GW service.

Service Status

Status of the S-GW service.

Accounting Context

Name of the context configured on the system that processes accounting for service requests handled by the S-GW service.

Accounting GTPP Group

Name of the accounting GTPP group associated with the S-GW service. This will hold the configured GTPP server group (for GTPP servers redundancy) on a S-GW service for CGF accounting functionality.

Accounting Mode

Accounting protocol, which could be GTPP or Radius-Diameter.

Egress Protocol

Egress protocol used for the S-GW service, which could be GTP, GTP-PMIP, or PMIP.

Ingress EGTP Service

Ingress EGTP service associated with the S-GW. EGTP provides tunneling support for the S-GW.

Egress Context

Context used for S-GW service egress.

Egress ETGP Service

Ingress EGTP service associated with the S-GW. EGTP provides tunneling support for the S-GW.

Egress Mag Service

Mobile Access Gateway (MAG) egress service through calls are routed to the S-GW.

IMS Authorization Service

IMS authorization service associated with the S-GW.

Accounting Policy

Accounting policy configured for the S-GW.

Accounting Stop Trigger

The trigger point for accounting stop CDR. Default is on session deletion request.

Peer Map

Configuration of the Network side peer map for the S-GW service.

Access Peer Map

Configuration of the Access side peer map for the S-GW service.

Temporary Failure Handling

Configuration related to handling temporary failure from peer.

EGTP NTSR

Configuration related to handling EGTP procedure and NTSR.

EGTP NTSR Timeout

Configures a timer to hold the session after path failure is detected at the MME

(for Network Triggered Service Restoration (NTSR)).

Timeout

Configuration related to the subscriber's time-to-live (TTL) settings.

Session Hold Timer

Configuration related to session hold for NTSR.

Include PGW Control FTEID

Controls the sending of the PGW Fully Qualified Tunnel Endpoint Identifier (FTEID) for relocation Create Session Response procedures with an S-GW change.

Page UE for PGW Initiated Procedures

Enable paging UE for PGW initiated procedures (CBR/UBR) when UE is Idle/during handoff and sends failure response to PGW with cause code 110 (Temporary Failure). Default behaviour is Disabled.

Idle Seconds Deemed

Specifies the time duration, in seconds, after which a session state is deemed to have changed from active to idle or idle to active, and a micro-checkpoint is then sent from the active to the standby chassis. time_in_seconds must be an integer from 10 to 1000.

Idle Checkpoint Periodicity

Specifies the micro-checkpoint Periodicity for idlesecs, in seconds. time_in_seconds must be an integer from 10 to 10000 seconds.

New Call Policy

Specifies if the new call related behavior of S-GW service is enabled or disabled, when duplicate sessions with same IP address request is received.

QCI QoS Mapping Table

Table name of QoS class indices that enforce QoS parameters.

SAE GW Service

Systems Architecture Evolution (SAE) gateway service associated with the S-GW.

Idle Timeout

The maximum duration a session can remain idle in seconds. Default value is 0.

Idle Timeout Micro Checkpoint Periodicity

Specifies the micro checkpoint periodicity for the S-GW service.

GTPC Load Control Profile

Specifies the GTPC load control profile for the S-GW service.

GTPC Overload Control Profile

Specifies the GTPC overload control profile for the S-GW service.

Internal Qos Policy

Specifies the internal Qos policy for the S-GNW service.

Internal Qos Application

Specifies the internal Qos application for the S-GNW service.

Event Reporting

Shows reporting of events.

Subscriber Map Name

Specifies subscriber map name associated with the S-GW service.

Step 3blank.gif Choose Logical Inventory > Context > Mobile > S-GW Container > S-GW > DDN Throttling Characteristics.

Table 27-62 describes the details of DDN throttling characteristics for each S-GW.

 

Table 27-62 DDN Throttling Characteristics for S-GW

Field
Description

Throttling

Specifies the status of the DDN throttling characteristics. The status can be Enabled or Disabled.

Feature Packet Drop Time

Specifies the feature packet drop time for the S-GW service.

Arp Watermark

Specifies the throttle ARP watermark. If the arp watermark is configured and if an MME/SGSN sends the throttling factor and delay in a DDN ACK message, all the DDNs, which have an ARP value greater than the configured value will be throttled by the throttle factor for the specified delay.

Increment Factor

Specifies the percentage by which the DDN throttling should be increased.

Rate Limit

Specifies the rate limit.

Time Factor

Specifies time duration during which the S-GW makes throttling decisions.

Stab Time in Hours

Specifies time period in hours over which the system is stabilized, throttling will be disabled.

Throttle Time In Hours

Specifies DDN throttling time in hours.

Success Action Retry Time

Specifies the success action retry time for the S-GW service.

ISR Sequential Paging Delay Time

Specifies the ISR sequential paging delay time for the S-GW service.

Throttle Factor

Specifies the DDN throttling factor.

Poll Interval

Specifies the polling interval in DDN throttling.

Stab Time In Seconds

Specifies the DDN throttling stabilization time in seconds.

Throttle Time In Seconds

Specifies the DDN throttling time in seconds.

Stab Time in Minutes

Specifies the DDN throttling stabilization time in minutes.

Throttle Time in Minutes

Specifies the DDN throttling time in minutes.

Step 4blank.gif If the S-GW is associated with PLMNs, you can view the PLMN entries on clicking the specified S-GW.


 

S-GW Commands

The following S-GW commands can be launched from the inventory by right-clicking an S-W and choosing Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-63 S-GW Commands

Command
Navigation
Description

Create S-GW PLMN

Right-click the S-GW service > Commands > Configuration

Use this command to create a PLMN for S-GW.

Delete S-GW

Use this command to delete a S-GW.

Modify S-GW

Use this command to modify the configuration details for a S-GW.

Viewing QoS Class Index to QoS (QCI-QoS) Mapping

The QoS Class Index (QCI) to QoS mapping configuration mode is used to map Indexes to enforceable QoS parameters. Mapping can occur between the RAN and the S-GW, the MME, and/or the P-GW in an LTE network or between the RAN and the harped Serving Gateway (HSGW) in an eHRPD network. This is a global configuration. These maps can be imported by P-gateway and S-gateway to enforce these parameters on upstream/downstream traffic.

The Vision client displays the QCI-QoS mapping information under the Mobile node in the logical inventory. See Figure 27-22.

note.gif

Noteblank.gif QCI-QoS mapping is applicable only for the ‘local’ context in the logical inventory.


To view QCI-QoS mapping:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

In the Logical Inventory window, choose Logical Inventory > local > Mobile > QCI-QoS Mapping.

the Vision client displays the list of QCI-QoS mapping records configured under the container. You can view the individual record from the table on the right pane or by choosing Logical Inventory > Context > Mobile > QCI-QoS Mapping > Mapping Name.

Table 27-64 describes the QCI-QoS mapping details.

 

Table 27-64 QCI-QoS Mapping

Field
Description

Mapping Name

Name of the QCI-QoS mapping record.

QCI-QoS Mapping Table

QCI Number

QCI number.

QCI Type

QCI type.

Uplink

DSCP marking to be used for encapsulation and UDP for uplink traffic

Downlink

DSCP marking to be used for encapsulation and UDP for downlink traffic

Max Packet Delay

Maximum packet delay, in milliseconds, that can be applied to the data.

Max Error Rate

Maximum error loss rate of non congestion related packet loss.

Delay Class

Packet delay.

Precedence Class

Indicates packet precedence.

Reliability Class

Indicates packet reliability.

Traffic Policing Interval

Traffic policing interval.


 

Viewing Layer 2 Tunnel Access Concentrator Configurations (LAC)

In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy. The entire L2TP packet, including payload and L2TP header, is sent within a User Datagram Protocol (UDP) datagram. It is common to carry Point-to-Point Protocol (PPP) sessions within an L2TP tunnel.

The two endpoints of an L2TP tunnel are called the LAC (L2TP Access Concentrator) and the LNS (L2TP Network Server). The LAC is the initiator of the tunnel while the LNS is the server, which waits for new tunnels. Once a tunnel is established, the network traffic between the peers is bidirectional.

LAC allows users and telecommuters to connect to their corporate intranets or extranets using L2TP. In other words, it forwards packets to and from the LNS and a remote system. It connects to the LNS using a local area network or wide area network and directs subscriber sessions into L2TP tunnels based on the domain of each session. Figure 27-7 denotes the LAC architecture.

Figure 27-7 LAC Architecture

 

320487.eps

The packets that are exchanged within an L2TP tunnel can be categorized as control packets and data packets.

To view the LAC configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > LAC. The list of LAC services configured in Prime Network is displayed in the content pane.

Step 3blank.gif From the LAC node, choose an LAC service. The LAC service details are displayed in the content pane as shown in Figure 27-8.

Figure 27-8 LAC Service Details

 

320483.tif

Table 27-65 displays the LAC configuration details.

Table 27-65 LAC Configuration Details

Field
Description

Service Name

The unique identification string for the LAC service.

Status

The status of the LAC service, which can be any one of the following:

  • Initiated
  • Running
  • Down
  • Started
  • Nonstarted
  • Unknown

Local IP Address

The local IP address bound with the LAC service.

Max Sessions

The maximum number of subscribers connected to this service at any time, which can be any value between 1 and 2500000. This field defaults to 2500000.

Max Tunnels

The maximum length (in bytes) of the tunnel challenge.

note.gif

Noteblank.gif The tunnel challenge is basically used to authenticate tunnels at the time of creation.


Max Sessions Per Tunnel

The maximum number of sessions that can be handled by a single tunnel at one point of time, which can be any value between 1 and 65535. This field defaults to 512.

Max Retransmissions

The maximum number of times a control message is retransmitted to a peer, before clearing the tunnel and its sessions.

Keep Alive Interval

The amount of time after which a keep alive message is sent.

Control Receive Window

The number of control messages the remote peer LNS can send before an acknowledgement is received.

Max Tunnel Challenge Length

The maximum length (in bytes) of the tunnel challenge.

First Retransmission Timeout

The initial timeout before retransmitting a control message.

note.gif

Noteblank.gif Each tunnel maintains a queue of control messages that must be transmitted to its peer. If an acknowledgement is not received after the specified period, then the control message is retransmitted.


Max Retransmission Timeout

The maximum amount of time between two retransmitted messages.

Load Balancing

The type of load balancing to select LNS for the LAC service, which can be any one of the following:

  • Balanced
  • Prioritized
  • Random

Tunnel Selection Key

The selection key to create tunnels between the L2TP service and the LNS server, based on the value of the \u2015Tunnel-Server-Auth-ID\u2016 attribute received from the AAA server.

New Call Policy

The new call policy for busy-out conditions, which can be any one of the following:

  • None
  • Accept
  • Reject

Data Sequence Numbers

Indicates whether data sequence numbering for sessions that use the current LAC service is enabled. This option is enabled by default.

Tunnel Authentication

Indicates whether tunnel authentication is enabled.

note.gif

Noteblank.gif If this option is enabled, a configured shared secret is used to ensure that the LAC service is communicating with an authorized peer LNS. The shared secret is configured by the command in the LAC service configuration mode, the command in the subscriber configuration mode, or the Tunnel-Password attribute in the subscribers RADIUS profile.


Proxy LCP Authentication

Indicates whether the option to send proxy LCP authentication parameters to the LNS is enabled.

Attribute Hiding

Indicates whether certain attributes in control messages sent from the LAC to the LNS is hidden.

note.gif

Noteblank.gif The LAC hides these attributes only if the tunnel authentication option is enabled between the LAC and LNS.


Framed IP Address Snoop

Indicates whether the LAC can detect IPCP packets exchanged between the mobile node and the LNS and extract the framed-I-address assigned to the mobile node.

note.gif

Noteblank.gif The address that is extracted is reported in the accounting start/stop messages and will be displayed for each subscriber session.


Allow AAA Assigned Host Name

Indicates whether the Tunnel-Client-Auth ID assigned by AAA is used as the Host name AVP in the L2TP tunnel setup message.

note.gif

Noteblank.gif If the tunnel parameters are not received from the RADIUS server, then the parameters configured in APN are considered for LNS peer selection. When the parameters in APN are considered, the local-hostname configured with the APN command for the LNS peer is used as the LAC Host name.


Allow APN in Called Number

Indicates whether the APN name in Called number AVP is sent as part of the Incoming-Call Request (ICRQ) message sent to the LNS. If this keyword is not configured, then the Called number AVP will not be included in the ICRQ message sent to the LNS>

Single UDP Port Mode

Indicates whether the standard L2TP port 1701 is used as a source port for all L2TP control and data packets that originate from the LAC node.

Peer LNS Address

Peer LNS Address

The IP address of the peer LNS for the current LAC service, which is usually in standard IPv4 dotted decimal notation.

Preference

The priority of the peer LNS, which can be any number between 1 and 128. This priority is used when multiple peer LNS are configured.

Crypto Map

The name of crypto map that is configured for the selected context.

Description

The description of the specified peer LNS.


 

Monitoring the HRPD Serving Gateway (HSGW)

The HRPD Serving Gateway (HSGW) is a component in the evolved High Rate Packet Data (eHRPD) mobile network. It is an evolution option for CDMA operators that helps ensure converged mobility and management between HRPD and LTE networks.

The HSGW terminates the eHRPD access network interface from the Evolved Access Network (eAN) or Evolved Packet Core Function (ePCF) and routes UE-originated or terminated packet data traffic. It provides interworking with the eAN/ePCF and the PDN Gateway (P-GW) within the Evolved Packet Core (EPC) or LTE/SAE core network.

HSGW performs the following functions:

  • Mobility anchoring for inter-eAN handoffs
  • Transport level packet marking in the uplink and the downlink. For example, setting the DiffServ Code Point, based on the QCI of the associated EPS bearer
  • Uplink and downlink charging per UE, PDN, and QCI
  • Downlink bearer binding based on policy information
  • Uplink bearer binding verification with packet dropping of UL traffic that does not comply with established uplink policy
  • MAG functions for S2a mobility (i.e., Network-based mobility based on PMIPv6)
  • Support for IPv4 and IPv6 address assignment
  • EAP Authenticator function
  • Policy enforcement functions defined for the Gxa interface
  • Robust Header Compression (RoHC)
  • Support for VSNCP and VSNP with UE
  • Support for packet-based or HDLC-like framing on auxiliary connections
  • IPv6 SLACC, generating RAs responding to RSs

An HSGW also establishes, maintains and terminates link layer sessions to UEs. The HSGW functionality provides interworking of the UE with the 3GPP EPS architecture and protocols. This includes support for mobility, policy control and charging (PCC), access authentication, and roaming. The HSGW also manages inter-HSGW handoffs.

The topology of the HSGW network is shown in the following figure:

Figure 27-9 HSGW Topology

 

320491.eps

Basic Features of HSGW

The basic features supported by HSGW can be categorized as follows:

  • Authentication
  • IP Address Allocation
  • Quality of Service
  • AAA, Policy and Charging

The Authentication features supported by HSGW are:

  • EAP over PPP
  • UE and HSGW negotiates EAP as the authentication protocol during LCP
  • HSGW is the EAP authenticator
  • EAP-AKA’ (trusted non-3GPP access procedure) as specified in TS 33.402
  • EAP is performed between UE and 3GPP AAA over PPP/STa

The IP Address Allocation features supported by HSGW are:

  • Support for IPv4 and IPv6 addressing
  • Types of PDNs - IPv4, IPv6 or IPv4v6
  • IPv6 addressing

blank.gif Interface Identifier assigned during initial attach and used by UE to generate it’s link local address

blank.gif HSGW sends the assigned /64 bit prefix in RA to the UE

blank.gif Configure the 128-bits IPv6 address using IPv6 SLAAC (RFC 4862)

blank.gif Optional IPv6 parameter configuration via stateless DHCPv6(Not supported)

  • IPv4 address

blank.gif IPv4 address allocation during attach

blank.gif Deferred address allocation using DHCPv4(Not supported)

blank.gif Option IPv4 parameter configuration via stateless DHCPv4(Not supported)

The Quality of Service features supported by HSGW include:

  • HRPD Profile ID to QCI Mapping
  • DSCP Marking
  • UE Initiated Dedicated Bearer Resource Establishment
  • QCI to DSCP Mapping

The AAA, Policy and Charging features supported by HSGW include:

  • EAP Authentication (STa)
  • Rf Diameter Accounting
  • AAA Server Groups
  • Dynamic Policy and Charging: Gxa Reference Interface
  • Intelligent Traffic Control

Viewing the HSGW Configuration

To view the HSGW configuration:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > HSGW. The list of HSGW services configured in Prime Network are displayed in the content pane.

Step 3blank.gif From the HSGW node, choose a HSGW service. The HSGW service details are displayed in the content pane as shown in Figure 27-10.

Figure 27-10 HSGW Service Details

 

404631.tif

Table 27-66 displays the HSGW service details.

 

Table 27-66 HSGW Service details

Field
Description

Name

The name of the HSGW service.

Status

The status of the service, which can be any one of the following:

  • Started
  • Not Started

This field defaults to Not Started.

Bind Address

The IPv4 address to which the service is bound to. This field defaults to Null if binding is not done.

Local IP Port

The User Datagram Protocol (UDG) port for the R-P interface of the IP socket.

Maximum Subscribers

The maximum number of subscriber sessions that the service can support.

MAG Service

The Mobile Access Gateway (MAG) service associated with the HSGW service. Clicking this link will take you to the relevant MAG service under the MAG node.

DNS PGW Context

The location of the Domain Name System (DNS) client, which is used to identify the Fully Qualified Domain Name (FQDN) for the peer P-GW.

Registration Lifetime

The registration lifetime that is configured for all the subscribers.

Setup Timeout

The maximum amount of time (in seconds) allowed for session setup.

Context Retention Timeout

The maximum number of time (in seconds) that the UE session context is maintained by the HSGW service before it is torn down.

note.gif

Noteblank.gif The UE session context includes the Link Control Protocol (LCP), authentication and the A10 session context for a given UE.


Maximum Retransmission

The maximum number of times the HSGW service will try to communicate with the eAN or PCF before it declares it as unreachable.

Network Initiated QoS

Indicates whether the Network Initiated QoS feature is supported by the HSGW service.

Retransmission Timeout

Configures the maximum allowable time for the HSGW service to wait for a response from the eAN/PCF before it attempts to communicate with the eAN/PCF again (if the system is configured to retry the PCF), or marks the eAN/PCF as unreachable.

QOS Update Policy Mismatch

Sets QOS update parameters for policy mismatches or wait timeouts.

Unknown CVSE Policy

Configures unknown; CVSE Policy value

PCF Monitor Config

Enables the monitoring of all the PCFs that have sessions associated with it.

Reg Discard on Bad Extension

Configures Discard on Bad Extension option

Reg Ack Deny Terminate Session

Configures Acknowledgement Deny Terminate Session option

Access Flow Traffic Validation

If access-flow traffic-validation is enabled for the service and the subscriber, then the flows are checked against the filter rules. If the packets does not match the filter rules, and N violations occur in K seconds, the rp connection is downgraded to best-effort flow, if it is already not a best-effort flow.

QOS Update Wait Timeout

Sets QOS update parameters for policy mismatches or wait timeouts.

UE Initiated QOS

Configures the HSGW behavior for UE initiated QOS requests.

Context Retention Timer

Configures the maximum number of consecutive seconds that a UE session context (which includes the LCP, authentication and A10 session context for a given UE) is maintained by the HSGW before it is torn down.

Reg Update Wait Timeout

Configures Update Wait Timeout option

Reg Discard on GRE Key Change

Configures Discard on GRE key change option

Unauthorized Flow QoS Timeout

The amount of time (in seconds) the service must wait before a QoS update is triggered to downgrade an unauthorized flow.

SPI tab

SPI Number

The unique Security Parameter Index (SPI) number, which indicates a security context between the services.

Remote Address

The IP address of the source service, which can be an IPv4 dotted decimal notation or IPv6 colon separated notation.

Zone ID

The PCF zone id that must be configured for the HSGW service.

Netmask

The subnet mask of the service.

Hash Algorithm

The hash algorithm used between the source and destination services.

Time Stamp Tolerance

The difference (tolerance) in timestamps that is acceptable. If the actual difference in the timestamps exceeds this difference, then the session is rejected.

Replay Protection

The replay-protection scheme that must be implemented by the service.

Description

The description of the SPI.

PLMN tab

PLMN ID

The unique id of the Public Land Mobile Network (PLMN), which is used to determine if a mobile station is visiting, roaming, or belongs to the network.

Primary

Indicates whether the PLMN Id must be used as the default and primary ID.

Overload Policies tab

IP Address

The IP address of an alternate PDSN, which is in the IPv4 dotted decimal notation.

Weight

The weightage of the IP address, which determines the order in which the IP address is used in case of multiple IP addresses.

 


 

You can also view the following configuration details for a HSGW service:

  • A10/A11 Properties—The A10/A11 interface (also known as R-P interface for RAN-to-PDSN) supports the A10 protocol for user data transport between the PCF and PDSN, and the A11 protocol for the associated signaling. A11 signaling messages are also used for passing accounting related and other information from the PCF to the PDSN. The A10/A11 interfaces support mobility between PCFs under the same PDSN. See Viewing the A10/A11 Configuration Details.
  • GRE Parameters—Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol internetwork. See Viewing the GRE Parameters.
  • IP Source Violation—IP source violations occur when the PDSN receives packets from a subscriber where the source address is not the same as the address given to the subscriber, and hence get discarded. See Viewing the IP Source Violation Details.

Viewing the ROHC Properties Details

To view the ROHC Properties details for a HSGW service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > HSGW > ROHC Properties. The details are displayed in the content pane.

Table 27-68 displays the ROHC properties details.

Table 27-67 ROHC Properties Details

Field
Description

ROHC IP Header Compression

Indicates whether the Robust Header Compression (ROHC) is enabled for headers in the IP packets that are being sent by or sent to the PDSN. By default, this option is disabled.

Max Received Reconstructed Unit

Specifies the size of the largest reconstructed reception unit that the decompressor is expected to reassemble from segments. The size includes the CRC. If maximum received reconstructed unit (MRRU) is negotiated to be 0, no segment headers are allowed on the channel.

Profile ID(s)

Specifies the header compression profiles to use. A header compression profile is a specification of how to compress the headers of a specific kind of packet stream over a specific kind of link. At least one profile must be specified

Max Cid

Specifies the highest context ID number to be used by the compressor as an integer from 0 through 15 when small packet size is selected, and 0 through 31 when large packet size is selected. Default: 15

Cid Mode

This mode allows you to configure options that apply during ROHC compression for the service.

Viewing the A10/A11 Configuration Details

To view the A10/A11 configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory >Context >Mobile >HSGW >HSGW service >A10/A11 Properties. The configuration details are displayed in the content pane.

Table 27-68 displays the A10/A11 configuration details.

 

Table 27-68 A10 A11 Configuration Details

Field
Description

Overload Policy

The method used by the HSGW service to handle overload conditions, which can be any one of the following:

  • Reject
  • Redirect

New Call Policy

The new call policy configured for the HSGW service, which can be any one of the following:

  • None
  • Reject
  • Accept

This field defaults to None.

Data Available Indicator Enabled

Indicates whether the data available indicator in A10/A11 registration reply messages is enabled.

Data Over Signalling

Indicates whether the data over signaling marking feature for A10 packets is enabled.

Airlink Bad Sequence

The behavior for airlink related parameters configured for the HSGW service, which can be any one of the following:

  • Accept
  • Deny

Airlink Bad Sequence Deny Code

The reason for denying airlink bad sequence, which can be any one of the following:

  • Unsupported vendor ID
  • Poorly formed request

Handoff With No Connection Setup

Indicates whether the HSGW service must accept or deny handoff R-P sessions that do not have an Airlink Connection setup record in the A11 registration request.

RSVP Retransmission Timeout

The maximum amount of time (in seconds) in which RP control packets must be retransmitted.

RSVP Maximum Retransmission Count

The maximum number of times the RP control packets can be retransmitted.

Maximum MSID Length

The maximum length of the MSID configured for the A10 A11 service. This length can be any value between 10 and 15, and defaults to 15.

Minimum MSID Length

The minimum length of the MSID configured for the A10 A11 service. This length can be any value between 10 and 15, and defaults to 10.

 

Viewing the GRE Parameters

To view the GRE Parameters for the HSGW service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory >Context >Mobile >HSGW >HSGW service >GRE Parameters. The relevant details are displayed in the content pane.

Table 27-69 displays the GRE parameter details.

 

Table 27-69 GRE Parameter Details

Field
Description

Checksum

Indicates whether insertion of GRE checksum in outgoing GRE data packets is enabled.

Checksum Verify

Indicates whether verification of GRE checksum in incoming GRE packets is enabled.

Reorder Timeout

The maximum amount of time (in milliseconds) to wait before reordered out-of-sequence GRE packets are processed.

Sequence Mode

The method to handle incoming out-of-sequence GRE packets, which can be any one of the following:

  • Reorder
  • None

Sequence Numbers

Indicates whether the option to insert or remove GRE sequence numbers in GRE packets is enabled.

Flow Control

Indicates whether flow control is supported by the selected HSGW service. By default, this option is disabled.

Flow Control Timeout

The amount of time (in milliseconds) to wait for an Transmitter On (XON) indicator from the RAN. This time can be any value between 1 and 1000000, and defaults to 10000 milliseconds.

Flow Control Action

The action that must be taken when the timeout limit is reached, which can be any one of the following:

  • disconnect-session
  • resume-session.

Protocol Type

The tunnel type for the GRE routing. This field defaults to Any.

Is 3GPP Extension Header QoS Marking

Indicates whether the 3GG Extension Header QoS Marking is enabled for the selected HSGW feature.

note.gif

Noteblank.gif If this feature is enabled and the PCF negotiation feature is enabled in A11 RRQ, then the HSGW will include QoS optional data attribute in the GRE 3GPP2 Extension Header.


MTU

The maximum transmission unit (MTU) for packets accessing the APN.

IP Header DSCP

The Differential Service Code Point (DSCP) value in the IP header that marks the GRE IP Header encapsulation. This can be any value between 0x0F and 0X3F, and defaults to 0X0F.

IP Header DSCP Packet Type

Indicates whether the IP Header DSCP Value packet type is specified for the packets, which can be any one of the following:

  • all-control-packets—Indicates that DSCP marking for GRE IP header encapsulation will be applied for all control packets for the session.
  • setup-packets-only—Indicates that DSCP marking for GRE IP header encapsulation will be applied only for session setup packets.

GRE Segmentation

Indicates whether segmentation of GRE packets is enabled. By default, this option is disabled.

 


 

Viewing the IP Source Violation Details

To view the IP source Violation configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory >Context >Mobile >HSGW >HSGW service >IP Source Violation. The configuration details are displayed in the content pane.

Table 27-70 displays the IP Source Violation configuration details.

 

Table 27-70 IP Source Violation Configuration Details

Field
Description

Renegotiation Limit

The number of source violations that are allowed within a specified detection period, after which a PPP renegotiation is forced.

Drop Limit

The number of source violations that are allowed within a specified detection period, after which a call disconnect is forced.

Clear On Valid PDU

Indicates whether the service must reset the renegotiation limit and drop limit counters if a properly addressed packet is received.

Period

The amount of time (in seconds) for the source violation detection period. Once this value is reached, the drop limit and renegotiation limit counters are decremented.

Configuration Commands for HSGW

The following HSGW commands can be launched from the logical inventory by choosing the Context > Commands > Configuration or Context > Commands > Show. Your permissions determine whether you can run these commands. To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

Table 27-71 HSGW Configuration Commands

Command
Navigation
Description

Create HSGW

Right-click context > Commands > Configuration > Mobility

Use this command to create a new HSGW service.

Modify HSGW

Delete HSGW

Expand HSGW node > Right-click HSGW service > Commands > Configuration

Use this command to modify/delete the configuration details of an HSGW service.

Show HSGW

Expand HSGW node > Righ t-click HSGW service > Commands > Show

Use this command to view and confirm the configuration details of an HSGW service.

Create SPI

Expand HSGW node > right-click HSGW service > Commands > Configuration

Use this command to create a new Security Parameter Index (SPI) for the HSGW service.

Modify SPI

Delete SPI

Expand HSGW node > HSGW service > In content pane, click SPI tab > Right-click on SPI No. field > Commands > Configuration

Use this command to modify/delete the SPI configuration details for the HSGW service.

Create PLMN entries

Expand HSGW node > Right-click HSGW service > Commands > Configuration

Use this command to create a new Public Land Mobile Network (PLMN) for the HSGW service.

Modify PLMN entries

Delete PLMN entries

Expand HSGW node > HSGW service > In content pane, clic k PLMN tab > Right-click on PLMN ID field > Commands > Configuration

Use this command to modify/delete the PLMN configuration details for the HSGW service.

Create Overload Policy

Expand HSGW node > right-click HSGW service > Commands > Configuration

Use this command to create a new overload policy for the HSGW service.

Modify Overload Policy

Delete Overload Policy

Expand HSGW node > HSGW service > In content pane, click Overload Policies tab > Right-click on IP address field > Commands > Configuration

Use this command to modify/delete the overload policy details for the HSGW service.

Modify A10 A11 Interface

Expand HSGW node > HSGW service > Right-click A10/A11 Properties > Commands > Configuration

Use this command to modify the A10/A11 configuration details for the HSGW service.

Modify GRE

Expand HSGW node > HSGW service > Right-click GRE > Commands > Configuration

Use this command to modify the GRE configuration details for the HSGW service.

Modify IP Source Violation

Expand HSGW node > HSGW service > Right-click IP Source Violation > Commands > Configuration

Use this command to modify the IP source violation details for the HSGW service.


 

Viewing the MAG Configuration for HSGW

A Mobile Access Gateway (MAG) performs mobility-related signaling on behalf of the mobile nodes (MN) attached to its access links. MAG is the access router for the MN; that is, the MAG is the first-hop router in the localized mobility management infrastructure

A MAG performs the following functions:

  • Obtains an IP address from a Local Mobility Anchor (LMA) and assigns it to an MN
  • Retains the IP address of an MN when the MN roams across MAGs
  • Tunnels traffic from an MN to LMA

To view the MAG configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > MAG > MAG service. The configuration details are displayed in the content pane.

Table 27-72 displays the configuration details for a MAG service.

 

Table 27-72 MAG Service Configuration Details

Field
Description

Name

The unique name of the MAG service.

Status

The status of the MAG service, which can be any one of the following:

  • Started
  • Not Started

This field defaults to Not Started.

Bind Address

The IP address to which the MAG service is bound to.

Maximum Subscribers

The maximum number of subscribers supported by the service.

PMIP Maximum Retransmission

The maximum number of times the MAG service will communicate with the LMA, before it is declared unreachable.

Registration Lifetime

The registration lifetime configured for all the subscribers who have subscribed to this service.

PMIP Retransmission Timeout

The maximum amount of time (in milliseconds) the MAG service must wait for a response from the LMA.

PMIP Renewal Time

Indicates the percentage of the registration lifetime when the registration renewal is sent to the LMA for subscribers using this service.

PMIP Retransmission Policy

The retransmission policy for PMIP control messages, which can be any one of the following:

  • Normal
  • Exponential backoff

New Call Policy

The method for handling new calls, which can be any one of the following:

  • Accept
  • Reject

This field defaults to None.

PMIPv6 Tunnel Encapsulation

The encapsulation type used for PMIPv6 tunnel data between the MAG and the LMA.

Information Set

The mobility options to be used in Proxy Binding Update (PBU) messages, for those messages sent between MAG and LMA.

Mobility Option Type

The mobility option type used in the mobility messages.

Signalling Packets IP Header DSCP

The Differential Services Code Point (DSCP) value in the IP Header of the signalling packets.

Local IPv4 Address

The IPv4 address of the MAG service.

Local IP Port

The binding port for the MAG service.

PBU Option

The mobility / BSID option to be included in Proxy Binding Update (PBU) messages, for those messages sent between MAG and PGW.

Mobility Header Checksum Type

The checksum type used to calculate the outbound mobility messages from MAG to LMA or inbound mobility messages from LMA to MAG, which can be any one of the following:

  • RFC3775
  • RFC6275

This field defaults to RFC3775.

Heartbeat Support

Indicates the option to enable the heartbeat support.

Heartbeat Interval

The time interval in seconds to configure the heartbeat support. Ranges from 30 to 3600. Default value is 60 seconds.

Heartbeat Retransmission Timeout

The timeout in seconds for heartbeat retransmission.Ranges from 1 to 20. Default value is 3 seconds.

Heartbeat Max Retransmissions

The maximum limit for heartbeat retransmission. Ranges from 0 to 50. Default value is 3.


 

Viewing the Profile-QCI Mapping Details

You can view the configured mapping entries between a Rendezvous Point (RP) QoS Profile and the LTE QoS Class Index (QCI).

A QCI is a scalar that is used as a reference to access node-specific parameters that control bearer level packet forwarding treatment (e.g. scheduling weights, admission thresholds, queue management thresholds, link layer protocol configuration, etc.), and that have been pre-configured by the operator owning the access node.

To view the Profile-QCI mapping entries:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > Profile > Profile-QCI Mapping > Profile-QCI Mapping. The mapping details are displayed in the content pane.

Table 27-73 displays the Profile-QCI Mapping details.

 

Table 27-73 Profile-QCI Mapping Details

Field
Description

Profile Name

The name of the Profile-QCI Mapping profile that is associated with the HSGW.

Profile-QCI Mapping Table

QCI ID

The QCI ID to which the profile is mapped.

Profile ID

The profile ID to which the QCI ID is mapped.

Uplink GBR

The Guaranteed Bit Rate (GBR) for the uplink data flow, which can be any value between 0 and 4294967295.

Downlink GBR

The GBR for the downlink data flow, which can be any value between 0 and 4294967295.

Uplink MBR

The Maximum Bit Rate (MBR) for the uplink data flow, which can be any value between 0 and 4294967295.

Downlink MBR

The MBR for the downlink data flow, which can be any value between 0 and 4294967295.

Priority Level

The priority level of the profile for the QCI, which can be any value between 1 and 15.

Preemption Capability

The preemption capability of the profile.


 

Configuration Commands for MAG

The following MAG commands can be launched from the logical inventory by choosing the Context > Commands > Configuration or Context > Commands > Show. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

Table 27-74 MAG Configuration Commands

Command
Navigation
Description

Create MAG

Right-click context > Commands > Configuration > Mobility

Use this command to create a new Mobile Access Gateway (MAG) service for the selected context.

Modify MAG

Delete MAG

Expand MAG Node > Right-click MAG service > Commands > Configuration

Use this command to modify the MAG configuration details/delete the MAG profile for the selected context.

Show MAG

Expand MAG Node > Right-click MAG service > Commands > Show

Use this command to view and confirm the configuration details for the selected MAG service.

Create Profile QCI-Mapping

Right-click on context > Commands > Configuration > Mobility > Create Profile QCI-Mapping

Use this command to create a QCI profile.

Delete Profile QCI Mapping

Expand Profile node > and then Profile-QCI Mapping node > Right-click the local context > Commands > Configuration > Delete Profile QCI Mapping

Use this command to delete QCI profile.

Create Profile

Expand Profile node > and then Profile-QCI Mapping node > Right-click the local context > Commands > Configuration > Create Profile

Use this command to create an entry for the QCI mapping profile.

Modify Profile

Delete Profile

Expand Profile node > profile > Right-click on profile entry > Commands > Configuration

Use these commands to modify/delete the entry for the QCI mapping profile.


 

Monitoring Home Agent (HA)

A Home Agent (HA) stores information about the mobile nodes whose permanent home address is in the home agent’s network. When a node wants to communicate with the mobile node, it sends packets to the permanent address. Because the home address logically belongs to the network associated with the HA, normal IP routing mechanisms forward these packets to the home agent.

When a mobile node moves out of the home network, the HA still manages to deliver the packets to the mobile node. This is done by interacting with the Foreign Agent (FA) that the mobile node is communicating with using the Mobile IP (MIP) Standard. Such transactions are performed through the use of virtual private networks that create MIP tunnels between the HA and FA. The following figure displays the configuration between the FA and HA network deployment.

Figure 27-11 Home Agent Topology

 

320490.eps

When functioning as a HA, the system can either be located within the carrier’s 3G network or in an external enterprise or ISP network. The FA terminates the mobile subscriber’s PPP session, and then routes data to and from the appropriate HA on behalf of the subscriber.

In accordance with Request for Comments (RFC) 2002, the FA is responsible for mobile node registration with, and tunneling of data traffic from/to the subscriber’s home network. The HA is also responsible for tunneling traffic, but it maintains subscriber location information separately in the Mobility Binding Records (MBR).

Viewing the Home Agent Configuration

To view the Home Agent configuration:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > Home Agent. The list of home agent services configured in Prime Network are displayed in the content pane.

Step 3blank.gif From the Home Agent node, choose a home agent service. The home agent service details are displayed in the content pane as shown in Figure 27-12.

Figure 27-12 Home Agent Service Details

 

404628.tif

Table 27-75 displays the Home Agent service details.

 

Table 27-75 Home Agent Service Details

Field
Description

Service Name

The name of the home agent service.

Status

The status of the home agent service, which can be any one of the following:

    • Down
    • Running
    • Initiated
    • Unknown

This field defaults to Down.

Default Subscriber

The name of the subscriber template that is applied to the subscribers.

Local IP Port

The User Datagram Protocol (UDP) port for the R-P interface of the IP socket. This IP port can be any value between 1 and 65535 and defaults to 699.

Bind Address

The IP address to which the service is bound to. This can be any address in the IPV4/IPv6 range.

MIP NAT Traversal

Indicates whether the acceptance of UDP tunnels for NAT traversal is enabled.

Max. Subscribers

The maximum subscriber sessions that could be supported.

Force UDP Tunnel

Indicates whether HA would accept requests when Network Address Translation (NAT) is not detected but the Force bit is set in the Registration Request (RRQ) with the UDP Tunnel Request.

Simultaneous Bindings

The maximum number of care of addresses that can be simultaneously bound for the same user identified by Network Access Identifier (NAI) and Home address.

Destination Context

The name of the context to assign to the subscriber, after authentication.

A11 Signalling Packets IP Header DSCP

The Differential Services Code Point (DSCP) value in the IP header.

Registration Life Time

The registration lifetime configured for all the subscribers to the service.

GRE Encapsulation Without Key

Indicates whether Generic Routing Encapsulation (GRE) without encapsulation key is used during Mobile IP sessions with FA.

Idle Time Out

The method the HA service uses to determine the time to reset a session idle timer, which can be any one of the following:

  • Aggressive
  • Handoff
  • Normal

SPI List

The Security Parameter Index (SPI) between the HA service and the FA.

Optimize Tunnel Reassembly

Indicates whether the option to optimize tunnel reassembly is enabled.

Wi-Max 3GPP

Indicates whether the Worldwide Interoperability for Microwave Access (Wi-Max)-3GPP option is enabled for the Home agent service.

Private Address without Reverse Tunnel

This allows calls with private addresses and there is no reverse tunneling.

Per Domain Statistics Collection

This enables/disables per-domain statistics collection.

Max Sessions

Configures the maximum number of subscribers that can use this service. Default is 800000.

IPNE Service

Configures associated IPNE Service.

Bind

Binds Home Agent service to IP address of interface.

Radius Accounting Dropped Pkts

Indicates that the RADIUS accounting related configuration is enabled or disabled for dropped packets. By default this feature is disabled.

Setup Time Out

The maximum time (in seconds) allowed for session setup.

Reverse Tunnel

Indicates whether the reverse tunnel feature is enabled for the home agent feature.

note.gif

Noteblank.gif A reverse tunnel is a tunnel that starts at the care-of address of the mobile node and terminates at the home agent. A mobile node can request a reverse tunnel between the foreign agent and the home agent when the mobile node registers.


Min. Life Time

The minimum registration life time for a mobile IP session.

GRE Encapsulation With Key

Indicates whether GRE is used during mobile IP sessions with an FA.

FA HA SPIs / MN HA SPIs tab

SPI Number

The number to indicate the security context between services.

Remote Address

The IP address of the source service.

Hash Algorithm

The hash algorithm used between the source and destination services.

Time Stamp Tolerance

The acceptable allowable difference in time stamps. If this difference is exceeded, then the session is rejected.

Replay Protection

The replay protection scheme that should be implemented by the service.

Permit Any Hash Algorithm

Indicates whether verification of MN-HA authenticator using other hash algorithms is allowed, on failure of the configured hash algorithm.

note.gif

Noteblank.gif This field is available only in the MN HA SPIs tab.


Description

The description of the SPI.

IPSEC Crypto Maps

Map Name

The name of the crypto map that is configured in the same context that defines the IPSec tunnel properties.

Peer FA Address

The IP address of the Peer FA to which the IPSEC SA will be established.

Skey Expiry

The expiry information of the secret key.

 


 

Viewing the AAA Configuration for Home Agent Service

In order to support Packet Data Serving Node (PDSN), FA, and HA functionality, the system must be configured with at least one source context and at least two destination contexts as shown in the following figure.

The source context will facilitate the PDSN service(s), and the R-P interfaces. The AAA context will be configured to provide foreign/home AAA functionality for subscriber sessions and facilitate the AAA interfaces.

To view the AAA configuration:


Step 1blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > Home Agent > Home agent service > AAA. The AAA configuration details are displayed in the content pane.

Table 27-76 displays the AAA configuration for a home agent service.

 

Table 27-76 AAA Configuration for Home Agent Service

Field
Description

AAA Context

The AAA context for the home agent service. Click this link to view the relevant AAA context.

AAA Accounting

Indicates whether the Home Agent can send AAA accounting information for subscriber sessions.

AAA Accounting Group

The AAA Accounting group for the Home agent service.

AAA Distributed MIP Keys

Indicates the usage of AAA distributed MIP keys for authenticating RRQ for WiMax HA calls.

DMU Refresh Key

Indicates whether the Home Agent is allowed to retrieve the MN-HA key again from the AAA during the call and use this freshly retrieved key value to recheck authentication.

IMSI Authentication

Indicates whether MN-AAA or MN-FAC extensions are present in the RRQ.

MN HA Authentication Type

Indicates whether the HA service looks for an MN-HA authentication in the RRQ.

MN AAA Authentication Type

The method used to send authentication request to AAA for each re-registration attempt.

note.gif

Noteblank.gif The initial registration request and de-registrations are handled normally.


PMIP Authentication

Indicates whether the HA service looks for an PMIP authentication in the RRQ.

Stale Key Disconnect

Indicates whether the call must be disconnected immediately on failure of MN-HA authentication.

Skew Lifetime

The IKE pre-shared key\u2018s time skew.

Viewing the GRE Configuration for Home Agent Service

To view the GRE configuration:


Step 1blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > Home Agent > Home agent service > GRE. The GRE configuration details are displayed in the content pane.

Table 27-77 displays the GRE configuration for a home agent service.

 

Table 27-77 GRE Configuration for Home Agent Service

Field
Description

Checksum

Indicates whether insertion of GRE checksum in outgoing GRE data packets is enabled.

Checksum Verify

Indicates whether verification of GRE checksum in incoming GRE packets is enabled.

Reorder Timeout

The maximum amount of time (in milliseconds) to wait before reordered out-of-sequence GRE packets are processed.

Sequence Mode

The method to handle incoming out-of-sequence GRE packets, which can be any one of the following:

  • Reorder
  • None

Sequence Numbers

Indicates whether the option to insert or remove GRE sequence numbers in GRE packets is enabled.

Viewing the Policy Configuration for Home Agent Service

To view the Policy configuration:


Step 1blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > Home Agent > Home agent service > Policy. The Policy configuration details are displayed in the content pane.

Table 27-78 displays the Policy configuration for a home agent service.

 

Table 27-78 Policy Configuration for Home Agent Service

Field
Description

BC Response Code

The response code for a binding cache (BC) query result in response to a network failure or error.

NW-Reachability Policy

The action to be taken on detection of an upstream network-reachability failure.

Over Load Policy

The overload policy within the HA service.

New Call Policy

The new call policy within the HA service.

Null Username Policy

Configures Null Username Policy to HA service

Over Load Redirect / NW-Reachability Redirect

IP Address

The IP address associated with the policy.

Weight

The weightage of the IP address associated with the policy.

Viewing the Registration Revocation Details for a Home Agent Service

To view the Registration revocation configuration details:


Step 1blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > Home Agent > Home agent service > Registration Revocation. The configuration details are displayed in the content pane.

Table 27-79 displays the Registration Revocation configuration for a home agent service.

 

Table 27-79 Registration Revocation configuration for Home Agent Service

Field
Description

Registration Revocation State

Indicates whether the Registration Revocation Status is enabled.

Revocation IBit

Indicates whether the Revocation Ibit feature is enabled.

Send NAI Extension

Indicates whether the option to send NAI extension in the revocation message is enabled.

Handoff Old FA

Indicates whether the option to send a revocation message from the HA to the FA is enabled.

note.gif

Noteblank.gif The revocation message is sent from the HA to the FA when an inter-access gateway or FA handoff of the MIP session occurs.


Idle Timeout

Indicates whether the HA must send a revocation message to the FA when the session times out.

Revocation Max Retries

The number of times the revocation message can be retransmitted.

Revocation Timeout

The maximum amount of time (in seconds) to wait for the receipt of an acknowledgement from the FA before the revocation message is transmitted again.


 

Monitoring the Foreign Agent (FA)

A Foreign Agent (FA) is basically a router on a mobile node’s visited network that provides routing services to the mobile node. The FA acts as a mediator between the mobile node and it’s home agent (HA). When the mobile node moves out of its home network, the FA registers the mobile node with a Care of Address (CoA). It also facilitates routing information to the mobile node’s home agent, which contains the permanent address of the node.

When a node tries to communicate with a mobile node that is roaming, it sends packets to the permanent address. The HA interacts with the FA and delivers the packets to the mobile node using the COA.

Figure 27-13 depicts the function of a foreign agent in a network and the different components that it interacts with.

Figure 27-13 Foreign Agent Architecture

 

320489.eps

Viewing the Foreign Agent Configuration Details

To view the Foreign Agent configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > FA. The list of Foreign agents configured in Prime Network are displayed in the content pane.

Step 3blank.gif From the FA node, choose a FA service. The FA service details are displayed in the content pane as shown in Figure 27-14.

Figure 27-14 Foreign Agent Service Details

 

320480.tif

Table 27-80 displays the Foreign Agent configuration details.

 

 

Table 27-80 FA Configuration Details

Field
Description

Service Name

The unique name to identify the FA service.

Status

The status of the FA service, which can be any one of the following:

  • Down
  • Running
  • Initiated
  • Unknown

This field defaults to Down.

Bind Address

The IPv4 address to which the service is bound.

Local IP Port

The UDP port for the R-P Interface of the IP socket. This port can be any value between 1 and 65535, and defaults to 434.

Max. Subscribers

The maximum subscriber sessions that is supported by the service. This can be any value between 0 and 2500000, and defaults to 2500000.

Default Subscriber

The name of the subscriber template that is applicable to the subscribers using this domain alias.

A11 Signalling Packets IP Header DSCP

The Differential Service Code Point (DSCP) value in the IP header. This value can range between 0x0 and 0x3F, and defaults to 0x0F.

note.gif

Noteblank.gif The Differentiated Services (DS) field of a packet contains 6 bits that represents the DSCP value. Out of these 6 bits, five of them represent the DSCP. Hence, you can assign upto 32 DSCPs for various priorities.


Registration Life Time

The amount of time (in seconds) that an A10 connection can exist before its registration expires. This time can be any value between 1 and 65534, and defaults to 1800 seconds.

New Call Policy

The call policy for one or all the services, which can be any one of the following:

  • Reject
  • None

This field defaults to None.

Challenge Window

The number of challenges that can be handled by the FA.

Dynamic MIP Key Update

The status of the Dynamic Mobile IP Key update feature. This option is disabled by default.

Ignore Stale Challenge

The status of the Ignore Stale Challenge in MIP RRQ. This option is disabled by default.

Ignore MIP Key Data

The status of the Ignore MIP Key data. This option is disabled by default.

Allow Private Address Without Reverse Tunnel

Indicates whether the mobile node can use reverse tunnel for a private address. This option is disabled by default.

Registration Timeout

The amount of time (in seconds) for the registration reply timeout.

Idle Timeout Mode

The idle timeout method, which can be any one of the following:

  • Normal
  • Aggressive

Reverse Tunnel

Indicates whether reverse tunneling is applicable for client mobile IP sessions. This option is enabled by default.

Limit Registration Time

Indicates whether MIP registration lifetime is shorter than session idle, absolute, and long-duration timeouts. By default, this option is enabled.

Maximum Challenge Length

The maximum length of the FA challenge.

Optimize Tunnel Reassembly

Indicates whether tunnel reassembly is optimized for fragmented large packets passed between HA and FA. By default, this option is disabled.

MN-AAA Removal Indication

Indicates whether the FA can remove MN-FAC and MN-AAA extensions from RRQs. By default, this option is disabled.

Max Sessions

The maximum number of subscriber sessions allowed.

Standalone FA Service

Shows the standalone FA service status. If the status is enabled then, the system performs only as a standalone FA.


 

You can also view the following configuration details for a Foreign Agent service:

  • Advertisement—Foreign agents advertise their presence on their attached links by periodically multicasting or broadcasting messages called agent advertisements. Mobile nodes listen to these advertisements and determine if they are connected to their home link or foreign link. Rather than waiting for agent advertisements, an MN can also send an agent solicitation. This solicitation forces any agents on the link to immediately send an agent advertisement.
  • Authentication—Authentication verifies users before they are allowed access to the network and network services.
  • GRE—Generic routing encapsulation (GRE) is a tunneling protocol used by Mobile IP. The GRE tunnel interface creates a virtual point-to-point link between two routers at remote points over an IP internetwork. If the GRE for Cisco Mobile Networks feature is enabled, the mobile router will request GRE encapsulation in the registration request only if the FA advertises that it is capable of GRE encapsulation (the G bit is set in the advertisement). If the registration request is successful, packets will be tunneled using GRE encapsulation. If the GRE for Cisco Mobile Networks feature is enabled and the mobile router is using collocated care-of address (CCoA), the mobile router will attempt to register with the HA using GRE encapsulation. If the registration request is successful, packets will be tunneled using GRE encapsulation.
  • HA Configurations—Once the mobile node roams to a new network, it must register with the home agent as being away from home. Its registration is sent by way of the Foreign Agent (FA), the router providing service on the foreign network. A security association between the home agent (HA) and the foreign agent (FA) is mandatory.
  • Proxy Mobile IP—Proxy Mobile IP supports Mobile IP for wireless nodes without requiring specialized software for those devices. The wireless access point acts as a proxy on behalf of wireless clients that are not aware of the fact that they have roamed onto a different Layer 3 network. The access point handles the IRDP communications to the foreign agent and handles registrations to the home agent.
  • Registration Revocation—Registration Revocation is a method by which a mobility agent (one that provides Mobile IP services to a mobile node) can notify the other mobility agent of the termination of a registration due to administrative reasons or MIP handoff. When a mobile changes its point of attachment (FA), or needs to terminate the session administratively, the HA sends a registration revocation message to the old FA. The old FA tears down the session and sends a registration revocation acknowledgement message to the HA. Additionally, if the PDSN/FA needs to terminate the session administratively, the FA sends a registration revocation message to the HA. The HA deletes the binding for the mobile, and sends a registration revocation acknowledgement to FA.

Viewing the Advertisement Configuration Details

To view the Advertisement configuration details for a foreign agent:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > FA > FA service > Advertisement. The details are displayed in the content pane.

Table 27-81 displays the Advertisement configuration details.

 

Table 27-81 Advertisement Configuration Details

Field
Description

Advertisement Delay

The time delay (in milliseconds) for the first advertisement for a WiMax call. This time can be any value between 10 and 5000, and defaults to 1000.

Advertisement Interval

The advertisement interval time (in milliseconds). This time can be any value between 100 and 1800000, and defaults to 5000 milliseconds.

Advertisement Life Time

The maximum registration life time (in seconds) of the advertisement. This time can be any value between 1 and 65535, and defaults to 600 seconds.

Number of Advertisements Sent

The number of initial agent advertisements sent. This number can be any value between 1 and 65535, and defaults to 5.

Prefix Length Extension

Indicates whether the service address of the FA must be included in the Router Address field of the agent advertisement. If this field is set to Yes, then a prefix-length extension is appended to the router address field. By default, this option is set to No.


 

Viewing the Authentication Configuration Details

To view the Authentication configuration details for a foreign agent:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > FA > FA service > Authentication. The details are displayed in the content pane.

Table 27-82 displays the Authentication configuration details.

 

Table 27-82 Authentication Configuration Details

Field
Description

MN AAA Authentication Policy

The MN AAA Authentication policy, which can be any one of the following:

  • Ignore-after-handoff
  • Init-reg
  • Init-reg-except-handoff
  • Always
  • Renew-reg-noauth
  • Renew-and-dereg-noauth

This field defaults to Always.

MN HA Authentication Policy

The policy to authenticate Mobile Node HA in the RRP, which can be any one of the following:

  • Always
  • Allow-noauth

This field defaults to Allow-noauth.

AAA Distributed MIP Keys Override

Indicates whether the AAA distributed MIP Keys Override option is enabled. In other words, if this feature is enabled, then the authentication parameters for the FA service will override the dynamic keys from AAA with static keys.

note.gif

Noteblank.gif This feature supports those MIP registrations with an HA that does not support dynamic keys.


MN AAA Optimized Retries

Indicates whether the authentication request must be sent to the AA for each re-registration.


 

Viewing the GRE Configuration Details

To view the Generic Routing Encapsulation (GRE) configuration details for a foreign agent:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > FA > A service > GRE. The details are displayed in the content pane.

Table 27-83 displays the GRE configuration details.

 

Table 27-83 GRE Configuration Details

Field
Description

Checksum

Indicates whether the Checksum feature is enabled in outgoing GRE packets. By default, this option is disabled.

GRE Encapsulation

Indicates whether GRE is used when establishing a Mobile IP session.

If this option is enabled, the FA requests HA to use GRE when establishing a MIP session. If this option is disabled, the FA will not set the GRE bit in agent advertisements to the mobile node.

Checksum Verify

Indicates whether the checksum field must be verified in the incoming GRE packets. By default, this option is disabled.

Reorder Timeout

The maximum time (in milliseconds) to wait before processing the GRE packets that are out of sequence. This time can be any value between 0 and 5000, and defaults to 100 milliseconds.

Sequence Mode

The mode used to handle the incoming out-of-sequence packets, which can be any one of the following:

  • Reorder
  • None

This field defaults to None.

Sequence Numbers

Indicates whether GRE sequence numbers must be inserted into the data that is about to be transmitted over the A10 interface. This option is disabled by default.


 

Viewing the HA Configuration Details

To view the HA configuration details for a foreign agent:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > FA > FA service > HA. The details are displayed in the content pane.

Table 27-84 displays the HA configuration details.

 

Table 27-84 HA Configuration Details

Field
Description

HA Monitoring

The HA monitoring status of the FA. This option is disabled by default.

AAA-HA Override

Indicates whether AAA HA can override Mobile Node during call establishment for HA assignment.

Dynamic HAFailover

Indicates whether failover during call establishment for Home Agent assignment is allowed.

HA Monitor Interval

The time interval (in seconds) to send HA monitoring requests. This time can be any value between 1 and 36000, and defaults to 30 seconds.

HA Monitor Maximum Inactivity Time

The maximum amount of time (in seconds) when there is no MIP traffic between FA and HA, which triggers the HA monitoring feature. This time can be any value between 30 and 600, and defaults to 60 seconds.

HA Monitor Retry Count

The number of times HA monitoring requests are sent before deciding that the HA is not reachable. This count can be any value between 0 and 10, and defaults to 5.

FA SPI List Name

The name of the SPI list linked with the FA service and configured for the selected context. Clicking on this link will take you to the relevant list under the SPI node.

IKE

Peer HA Address

The IP address of the peer home agent.

Crypto Map Name

The IKE crypto map for the peer home agent.

SPI

SPI Number

The unique SPI number that indicates a security context between the services. This number can be any value between 256 and 4294967295.

Remote Address

The IP address of the source service, which is expressed either in the IPv4 dotted decimal notation or IPv6 colon separated notation.

Hash Algorithm

The hash algorithm used between the source and destination services.

Time Stamp Tolerance

The acceptable time difference (in seconds) in timestamps, which can be any value between 0 and 65535.

note.gif

Noteblank.gif If the actual timestamp difference exceeds the value here, then the session is rejected. If this value is 0, then the timestamp tolerance checking is disabled at the receiving end.


Replay Protection

The replay protection scheme that is implemented by the service.

Description

The description of the SPI.

Net Mask

The net mask for the IP address of the SPI. This field defaults to 255.255.255.255.

HA Monitor

Indicates whether HA monitoring is enabled.


 

Viewing the Proxy Mobile IP Configuration Details

To view the Proxy Mobile IP configuration details for a foreign agent:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > FA > FA service > Proxy Mobile IP. The details are displayed in the content pane.

Table 27-85 displays the Proxy Mobile IP configuration details.

 

Table 27-85 Proxy Mobile IP Configuration Details

Field
Description

Proxy MIP

Indicates the status of the Proxy Mobile IP.

Encapsulation Type

The data encapsulation type to be used in PMIP call for specific FA services, which can be any one of the following:

  • IPIP
  • GRE

This field defaults to IPIP.

HA Failover

The failover status of the FA. This option is disabled by default.

HA Failover Max Attempts

The maximum number of times for HA Failover. This can be any value between 1 and 10, and defaults to 4.

HA Failover Timeout

The timeout (in seconds) for the HA failover. This time can be any value between 1 and 50, and defaults to 2.

HA Failover Attempts Before Switching

The number of times HA Failover was attempted, before switching over to an alternate HA. This can be any value between 1 and 5, and defaults to 2.

HA Failover Reply Code Trigger

The action to be taken on receipt of the configured reject code.

Max Retransmissions

The maximum number of times the FA is allowed to retransmit Proxy Mobile IP registration requests to the HA. This number can be any value between 1 and 4294967295, and defaults to 5.

Retransmission Timeout

The retransmission timeout (in seconds) for Proxy Mobile IP messages on event of failover. This time can be any value between 1 and 100, and defaults to 3.

Renew Time

The percentage of lifetime at which point the renewal is sent. This percent can be between 0 and 100, and defaults to 75.


 

Viewing the Registration Revocation Configuration Details

To view the Registration Revocation configuration details for a foreign agent:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > FA > FA service > Registration Revocation. The details are displayed in the content pane.

Table 27-86 displays the Registration Revocation configuration details.

 

Table 27-86 Registration Revocation Configuration Details

Field
Description

Registration Revocation State

Indicates the status of the registration revocation. If this feature is enabled, then the FA can send a revocation message to the HA when revocation is negotiated with the HA and MIP binding is terminated. This feature is disabled by default.

Revocation IBit

The status of the Ibit on the registration revocation. If this feature is enabled, the FA can negotiate the Ibit via PRQ/RRP messages and process the Ibit revocation messages. This feature is disabled by default.

Internal Failure

Indicates whether a revocation message must be sent to the HA for those sessions that are affected by internal task failure.

Revocation Maximum Retries

The maximum number times a revocation message must be retransmitted before failure. This value can be any value between 0 and 10, and defaults to 3.

Revocation Timeout

The time period (in seconds) to wait for an acknowledgement from the HA before the revocation message is retransmitted. This time can be any value between 1 and 10, and defaults to 3.


 

Configuration Commands for Foreign Agent

To enable Mobile IP services on your network, you must determine which home agents will facilitate the tunneling for selected IP address, and where these devices or router will be allowed to roam. The areas, or subnets, into which the hosts are allowed to roam determine where foreign agent services need to be set up.

Use the following commands to manage foreign agents. These commands can be launched from the logical inventory by choosing the Context > Commands > Configuration or Context > Commands > Show. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-87 Foreign Agent Configuration Commands

Command
Navigation
Description

Create FA

Right-click the context > Commands > Configuration > Mobility

Use this command to create a new foreign agent service for the selected context.

Modify FA

Delete FA

Expand FA node > Right-click FA service > Commands > Configuration

Use these commands to modify/delete an existing foreign agent service configured for the selected context.

Show FA

Expand FA node > Right-click FA service > Commands > Show

Use this command to view and confirm the foreign agent configuration details.

Create SPI

Expand FA node > Right-click FA service > Commands > Configuration

Use this command to configure Security Parameter Index (SPI) for a foreign agent service.

Modify SPI

Delete SPI

Expand FA node > Expand FA service node > HA Configuration > Right-click on SPI Number in content pane > Commands > Configuration

Use these commands to modify and delete an existing SPI configured for a foreign agent service.

Create IKE

Expand FA node > Right-click FA service > Commands > Configuration

Use this command to configure Internet Key Exchange (IKE) for a foreign agent service. If foreign agent reverse tunneling creates a tunnel that transverses a firewall, any mobile node that knows the addresses of the tunnel endpoints can insert packets into the tunnel from anywhere in the network. It is recommended to configure Internet Key Exchange (IKE) or IP Security (IPSec) to prevent this.

Modify IKE

Delete IKE

Expand FA node > Expand FA service node > HA Configuration > right-click on IKE Number in content pane > Commands > Configuration

Use these commands to modify and delete an existing IKE configured for a foreign agent service.

Modify Advertisement

Expand FA node > FA service > right-click Advertisement > Commands > Configuration

Use this command to modify the advertisement configuration settings specified for a foreign agent.

Modify Authentication

Expand FA node > FA service > right-click Authentication > Commands > Configuration

Use this command to modify the authentication configuration settings specified for a foreign agent.

Modify GRE

Expand FA node > FA service > right-click GRE > Commands > Configuration

Use this command to modify the Generic Routing Encapsulation (GRE) configuration settings specified for a foreign agent.

Modify HA Configuration

Expand FA node > FA service > right-click HA Configuration > Commands > Configuration

Use this command to modify the Home Agent configuration settings specified for a foreign agent.

Modify Proxy Mobile IP

Expand FA node > FA service > right-click Proxy Mobile IP > Commands > Configuration

Use this command to modify the Proxy Mobile IP configuration settings specified for a foreign agent.

Modify Registration Revocation

Expand FA node > FA service > right-click Registration Revocation > Commands > Configuration

Use this command to modify the Registration revocation configuration settings specified for a foreign agent.

Monitoring Evolved Packet Data Gateway (ePDG)

In today’s market, there are multiple access networks for mobile technologies. For example, the following access networks are available for 3rd Generation Partnership Project (3GPP) network:

  • General Packet Radio Service (GPRS). See GPRS/UMTS Networks.
  • Global System for Mobile communication (GSM)
  • Universal Mobile Telecommunication System (UMTS). See GPRS/UMTS Networks.

The following access network are available for Non-3GPP network:

  • Worldwide Interoperability for Microwave Access (WiMAX)
  • CDMA2000
  • Wireless local area network (WLAN)
  • Fixed networks

The Non-3GPP networks can be categorized into two—Trusted and Untrusted. While the trusted non-3GPP networks can interact directly with the Evolved Packet Core (EPC), the untrusted networks are required to pass through a security gateway to gain access to the EPC. This security gateway is called the Evolved Packet Data Gateway or ePDG.

When a user transmits data to the EPC using an untrusted non-3GPP network access, the ePDG must act as a termination node of IPSec tunnels established with the user equipment and secure the data being sent. Figure 27-15 shows the ePDG architecture.

Figure 27-15 ePDG Architecture

 

320496.eps

IP Security (IPSec)

Internet Protocol Security or IPSec is a protocol suite that interacts with one another to provide secure private communications across IP networks. These protocols allow the system to establish and maintain secure tunnels with peer security gateways. In accordance with the following standards, IPSec provides a mechanism for establishing secure channels from mobile subscribers to pre-defined end points (such as enterprise or home networks):

  • RFC 2401, Security Architecture for the Internet Protocol
  • RFC 2402, IP Authentication Header (AH)
  • RFC 2406, IP Encapsulating Security Payload (ESP)
  • RFC 2409, The Internet Key Exchange (IKE)
  • RFC-3193, Securing L2TP using IPSEC, November 2001

IPSec can be implemented for the following applications:

  • PDN Access: Subscriber IP traffic is routed over an IPSec tunnel from the system to a secure gateway on the packet data network (PDN) as determined by access control list (ACL) criteria.
  • Mobile IP: Mobile IP control signals and subscriber data is encapsulated in IPSec tunnels that are established between foreign agents (FAs) and home agents (HAs) over the Pi interfaces.

IKEv2 and IPSec Encryption

ePDG supports Internet Key Exchange Version 2 (IKEv2) and IP Security Encapsulating Security Payload (IPSec ESP) encryption over IPv4 transport. The IKEv2 and IPSec encryption takes care of network domain security for all IP packet switched networks. It uses cryptographic techniques to ensure ensures confidentiality, integrity, authentication, and anti-replay protection.

ePDG Security

In Prime Network, the following security services are available for ePDG:

  • Crypto template—Used to define the IKEv2 and IPSec policies. In other words, it includes IKEv2 and IPSec parameters for keepalive, lifetime, NAT-T and cryptographic and authentication algorithms.
  • EAP Profile—Defines the EAP authentication method and associated parameters.
  • Transform Set—Define the negotiable algorithms for IKE SAs (Security Associations) and Child SAs to enable calls to connect to the ePDG.

Viewing the Crypto Template Service Details

To view the Crypto template details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Security Association > Crypto Template. The list of crypto templates are displayed in the content pane.

Step 3blank.gif In the Crypto Template node, choose the crypto template. The template details are displayed in the content pane. Figure 27-16 displays the crypto template details.

Figure 27-16 Crypto Template Details

 

320479.tif

Table 27-88 displays the Crypto template details.

 

Table 27-88 Crypto Template Details

Field
Description

Template Name

The unique name of the template.

Control Don’t Fragment

The Don’t Fragment (DF) bit in the IPSec tunnel data packet, which is encapsulated in the IPSec headers at both ends. The values for this field are:

  • clear-bit—Clear DF Bit
  • copy-bit—Copy DF bit from inner header
  • set-bit—Set DF Bit

This field defaults to copy-bit.

Cookie Challenge-Detect DOS Attack

The cookie challenge parameters for the crypto template, which is used to prevent malicious Denial of Service (DOS) attacks against the server.

note.gif

Noteblank.gif This feature prevents DOS attacks by sending a challenge cookie. If the response from the sender does not incorporate the expected cookie data, the packets are dropped.


Notify Payload - Half Open Session Start

The initial count of the number of half-open sessions per IPSec manager. Transmission of information will start only when the number of half-open sessions currently open exceed the starting count.

note.gif

Noteblank.gif A session is considered half open if a Packet Data Interworking Function (PDIF) has responded to an IKEv2 INIT request with an IKEv2 INIT response, but no further messages were received on the particular IKE SA.


Notify Payload - Half Open Session End

The maximum count of half open sessions per IPSec manager. Transmission of information will stop when the number of half-open sessions currently open is less than this count.

Authentication Local

The local gateway key used for authentication.

Authentication Remote

The remote gateway key used for authentication.

Keepalive Interval

The period of time (in seconds) that must elapse before the next keepalive request is sent.

Keepalive Retries

The period of time (in seconds) that must elapse before the keepalive request is resent.

Keepalive Timeout

The keepalive time (in terms of seconds) for dead peer detection.

Maxchild SA Count

The maximum number of child SA per IKEv2 policy, which can be any value between 1 and 4.

Maxchild SA Overload Action

The action to be taken when the specified soft limit for the maximum number of SA is reached, which can be any one of the following:

Ignore—The IKEv2 stack ignores the specified soft limit for the SA and allows new SA to be created.

Terminate—The IKEv2 stack does not allow new child SA to be created when the specified soft limit is reached.

NAI CustomIDr

The unique user specified identification number to be used in the crypto template for Network Access Identifier (NAI).

Crypto Template Payloads

Payload Instance

The payload instance configured for the crypto template.

Payload Name

The unique name of the crypto template payload.

Ignore Rekeying Requests

Indicates whether IKESA rekeying requests must be ignored.

IP Address Allocation

The IP Address Allocation scheme configured for the crypto template payload.

Lifetime

The lifetime (in seconds) for the IPSec Child Security Associations derived from the crypto template.

Lifetime (KB)

The lifetime (in kilo bytes) for the IPSec Child Security Associations derived from the crypto template.

Crypto Template IKESA

IKESA Instance

The IKESA instance configured for the crypto template.

Allow Empty IKESA

Indicates whether empty IKESA is allowed. By default, empty IKESA is not allowed.

Certificate Sign

The certificate sign to be used. This field defaults to pkcs1.5.

Ignore Notify Protocol ID

Indicates whether the IKEv2 Exchange Notify Payload Protocol-ID values must be ignored for strict RFCA 4306 compliance.

Ignore Rekeying Requests

Indicates whether IKESA rekeying requests must be ignored.

Keepalive User Activity

Indicates whether the user inactivity timer must be reset when keepalive messages are received from the peer.

Max Retransmission Count

The maximum number of retransmissions of an IKEv2 IKE exchange request that is allowed if a corresponding IKEv2 IKE exchange response is not received.

Policy Congestion Rejection Notify Status

Indicates whether an error notification message must be sent in response to an IKE_SA INIT exchange, when IKESA sessions cannot be established anymore.

Policy Error Notification

Indicates whether an error notification message must be sent for invalid IKEv2 exchange message ID and syntax.

Rekey

Indicates whether IKESA rekeying must occur before the configured lifetime expires (which is approximately at 90% of the lifetime interval). By default, rekeying is not allowed.

Retransmission Timeout

The time period (in milliseconds) that must elapse before a retransmission of an IKEv2 IKE exchange request is sent when a corresponding response is not received.

Setup Timer

The number of seconds before a IKEv2 security association, which is not fully established, is terminated.

Mobike

Indicates that Mobike attribute is enabled for IKESA.

RFC Notification

Shows that RFC 5996 notifications is sent or received.

Ignore Notify Protocol ID

Indicates that IKEv2 Informational Exchange Notify Payload protocol ID is ignored for strict RFC 4306 compliance.

Notify Payload Error Message Attributes

Notify UE

Displays the value for UE related errors.

Network Transient Minor

Displays the value for minor transient network errors.

Network Transient Major

Displays the value for major transient network errors.

Network Permanent

Displays the value for permanent network errors.

OCSP Attributes

OCSP Responder Address

Displays the OCSP responder IPv4 address.

OCSP Responder Port

Displays the OCSP responder IPv4 port.

OCSP HTTP Version

Shows a http version 1.0 or 1.1 that is used for OCSP responder.

 


 

Viewing the EAP Profile Details

To view the EAP Profile details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Security Association > EAP Profile. The list of profiles are displayed in the content pane.

Step 3blank.gif In the EAP Profile node, choose the profile. The profile details are displayed in the content pane.

Table 27-89 displays the EAP Profile details.

 

Table 27-89 EAP Profile Details

Field
Description

Name

The unique name of the EAP Profile.

Mode

The operative mode of the EAP profile, which can be any one of the following:

  • Authenticator Pass Through—Indicates that the EAP Authentication Requests must be passed to an external EAP Server.
  • Authenticator Terminate—Indicates that the EAP must act as an EAP Authentication Server.

Authentication Method

The EAP Authentication method to be used for the profile, which can be any one of the following:

  • If the Mode is Authenticator Pass Through:

blank.gif eap-aka

blank.gif eap-gtc

blank.gif eap-md5

blank.gif eap-sim

blank.gif eap-tls

  • If the Mode is Authenticator Terminate:

blank.gif eap-gtc

blank.gif eap-md5


 

Viewing the Transform Set Details

To view the Transform Set details for IKEv2 IPSec/IKEv2:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Security Association > Transform Set > IKEv2 IPSec Transform Set or IKEv2 Transform set. The list of profiles are displayed in the content pane.

Step 3blank.gif In the IKEv2 IPSec Transform Set or IKEv2 Transform set node, choose the transform set. The relevant details are displayed in the content pane.

Table 27-90 displays the IKEv2 IPSec Transform set or IKEv2 Transform set details.

 

Table 27-90 IKEv2 IPSec Transform Set/IKEv2 Transform set Details

Field
Description

Name

The name of the transform set.

DH Group

The Diffie-Hellman (DH) group for the transform set, which can be any one of the following:

  • 1—Configure Diffie-Hellman Group 1:768-bit MODP Group
  • 14—Configure Diffie-Hellman Group 14:2048-bit MODP Group
  • 2—Configure Diffie-Hellman Group 2:1024-bit MODP Group
  • 5—Configure Diffie-Hellman Group 5:1536-bit MODP Group

This field defaults to 2—Configure Diffie-Hellman Group 2:1024-bit MODP Group.

note.gif

Noteblank.gif The DH group is used to determine the length of the base Prime numbers used during the key exchange process in IKEv2. The cryptographic strength of any key derived, depends in part, on the strength of the DH group upon which the prime numbers are based.


Cipher

The appropriate encryption algorithm and encryption key length for the IKEv2 IKE security association, which can be any one of the following:

  • 3des-cbc
  • aes-cbc-128
  • aes-cbc-256
  • des-cbc
  • Null

This field defaults to AESCBC-128.

HMAC

The Hash Message Authentication Code (HMAC) for the IKEv2 IPSec transform set, which can be any one of the following:

  • aes-xcbc-96
  • md5-96
  • sha1-96
  • sha2-256-128
  • sha2-384-192
  • sha2-512-256

This field defaults to sha1-96.

note.gif

Noteblank.gif HMAC is a type of message authentication code calculated using a cryptographic hash function in combination with a secret key to verify both data integrity and message authenticity. A hash takes a message of any size and transforms it into a message of fixed size (the authenticator value), which is truncated and transmitted.


Mode

The encapsulation mode for the transform set, which can be any one of the following:

  • transport
  • tunnel

ESN

Enable Extended Sequence Number (ESN) for IPSec (ESP/AH).

PRF

The Pseudo-random Function (PRF) for the transform set, which can be any one of the following:

  • aes-xcbc-128
  • md5
  • sha1
  • sha2-256
  • sha2-384
  • sha2-512

This field defaults to SHA1. This field is applicable only for IKEv2 transform sets.

note.gif

Noteblank.gif This function is used to generate keying material for all cryptographic algorithms. It produces a string of bits that cannot be distinguished from random bit strings without the secret key.


Life Time

The time period for which the secret keys used for various aspects of a configuration is valid (before it times out). This field is applicable only for IKEv2 transform sets.


 

Viewing the ePDG Configuration Details

To view the ePDG configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > EPDG. The list of EPDG services configured in Prime Network are displayed in the content pane.

Step 3blank.gif From the EPDG node, choose an EPDG service. The EPDG service details are displayed in the content pane.

Table 27-91 displays the EPDG service details.

 

Table 27-91 EPDG Service Details

Field
Description

Service Name

The unique name of the ePDG service.

Status

The status of the ePDG service, which can be any one of the following:

  • Initiated
  • Running
  • Down
  • Started
  • Nonstarted

IP Address

The IPV4 address of the ePDG service.

UDP Port

The User Datagram Protocol (UDP) port of the ePDG service.

Crypto Template

The name of the IKEv2 crypto template to be used by the ePDG service. This template is used to define the cryptographic policy for the ePDG service.

Max Sessions

The maximum number of sessions allowed for the ePDG service.

PLMN ID

The unique identification code of the Public Land Mobile Network (PLMN) for the ePDG service. This id is made up of the Mobile Country Code (MCC) and the Mobile Network Code (MNC).

MAG Service Context

The name of the context where the Mobile Access Gateway (MAG) services are configured. If a MAG service is not configured for the ePDG service, then one of the MAG services defined in the context is selected.

MAG Service

The name of the MAG service that handles the mobile IPv6 sessions.

Setup Timeout

The maximum time (in seconds) allowed for the session setup.

DNS PGWClient Context

The name of the context where the Domain Name System (DNS) client is configured for the Packet Data Network Gateway (PWG) selection.

DNS PGW Selection

The criteria to select a PGW service from the DNS. This criteria is based on the topology and/or weight from the DNS.

FQDN

The Fully Qualified Domain Name (FQDN), which is used for longest suffix match during dynamic allocation.

PGW Selection Agent Info Error Action

The action to be taken when the expected MIP6 agent information is not received from Authentication, Authorization, and Accounting (AAA) or Hosting Solution Software (HSS).

User Name MAC Address Stripping

Indicates whether the MAC address in the username obtained from the user equipment must be stripped.

User Name MAC Address Validation

Indicates whether the MAC address in the username obtained from the user equipment must be validated.

User Name MAC Address Validation Failure Action

Indicates the action that must be taken on failure of the validation of the MAC address in the user name obtained from the user equipment.

New Call Policy

Indicates the busy-out policy that must be followed to reject the incoming calls from individual users.

PGW Selection Mechanism

The ePDG service should be configured indicating preferred method of PGW selection, whether local configuration or DNS/AAA server based PGW selection. Local Configuration based PGW selection as fallback mechanism is default configuration behavior.

QCI QOS Mapping

It indicates the associated QCI QOS Mapping Table.

MAC Address Delimiter

Configures MAC Address Delimiter for username.

Subscriber Map

Configures subscriber map association to get PGW address locally.

IP Fragment Chain Timeout

This command configures Internet Protocol (IP) parameters. This option configures ip fragment chain settings during TFT handling. This is the time to hold an ip fragment chain. Secs is an integer value between 1 and 10. The default value is 5.

Max Out of Order Fragment

This is the number of fragments to buffer per fragment chain for out-of-order reception before receiving first fragment (for L4 packet filtering). Fragments are an integer value between 0 and 300.

Bind

Binds the service to an ip and associated max-subscribers.

Custom SWm-SWu Error Mapping

Customized mapping of SWm errors with SWu Notify Error Type.

Custom S2b SWu Error Mapping

Allows duplicate precedence in a TFT for a S2b ePDG session.

Data Buffering

Allows downlink packets to be buffered, while session is in the connecting state. By default it is enabled.

PDN Type

Specifies the PDN type of IPv6 parameters for the ePDG service.

GTPC Load Control Profile

Associates the GTPC load control profile for ePDG.

GTPC Overload Control Profile

Associates the GTPC overload control profile for ePDG.

Idle Timeout

The subscriber's time-to-live (TTL) settings for the EPDG service.

Ebi End Value

Indicates end value for ebi range. The end value can range greater than or equal to the start value.

Reporting Action event Record

Shows reporting of events.

Micro Checkpoint Periodicity

The micro checkpoint periodicity for a subscriber.

Micro Checkpoint Deemed Idle

The micro checkpoint duration when UE is deemed idle for a subscriber.

Ebi Start Value

Indicates Start value of ebi range for bearer-id allocation (applicable only for GTPv2-S2b).

Viewing EPDG S2b Service Interface Properties

To view the ePDG S2b configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > EPDG. The list of EPDG services configured in Prime Network are displayed in the content pane.

Step 3blank.gif From the EPDG node, choose S2b Service Interface. The EPDG S2b Service Interface details are displayed in the content pane.

 

 

Table 27-92 displays the EPDG S2b Service Interface details.

Table 27-92 EPDG S2b Service Interface Details

Field
Description

Vendor Specific DNS Server Request

Configures the vendor-specific-attributes values on PMIP based S2b interface. Configures the DNS Server Address to be present in PCO/APCO IE. Default setting is to use the APCO IE.

Duplicate Precedence in TFT

Allows duplicate precedence in a TFT for an S2b ePDG session.

Vendor Specific PCSCF Server Request

The vendor-specific-attributes values on PMIP based S2b interface. Configures the PCSCF Server Address to be present in APCO/PrivateExtn IE. Default setting is to use PrivateExtension IE.

Configuration Commands for ePDG

The following ePDG commands can be launched from the logical inventory by choosing the Context > Commands > Configuration or Context > Commands > Show. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-93 ePDG Configuration Commands

Command
Navigation
Description

Create ePDG Service

Right-click context > Commands > Configuration > Mobility > Create ePDG

Use this command to create a new ePDG service.

Modify ePDG Service

Expand EPDG Node > right-click EPDG service > Commands > Configuration

Use this command to modify the configuration details for an ePDG service.

Delete ePDG Service

Expand EPDG Node > right-click EPDG service > Commands > Configuration

Use this command to delete an ePDG service.

Show ePDG Service

Expand EPDG Node > right-click EPDG service > Commands > Show

Use this command to view and confirm the configuration details of an ePDG Service.

Monitoring Packet Data Serving Node (PDSN)

Packet Data Serving Node, or PDSN, is a component of the Code Division Multiple Access (CDMA) 2000 mobile network. It acts as a connection point between the Radio Access Network (RAN) and IP Network. PDSN also manages PPP sessions between the mobile provider’s core IP network and the mobile node.

In other words, it provides access to the Internet, intranets, and applications servers for mobile stations that utilize a CDMA2000 RAN. Acting as an access gateway, PDSN provides simple IP and mobile IP access, foreign agent support, and packet transport for virtual private networking. It acts as a client for Authentication, Authorization, and Accounting (AAA) servers and provides mobile stations with a gateway to the IP network.

PDSN Configurations

The following paragraphs list the different configurations for PDSN:

  • Simple IP—In this protocol, the mobile user is assigned an IP address dynamically. The user can use this IP address within a defined geographical area, which is lost when the user moves out of the area. If the user moves out of the designated area, they must register with the service provider again to obtain a new IP address. Figure 27-17 depicts the working of this protocol.

Figure 27-17 Simple IP configuration for PDSN

 

320495.eps
  • Mobile IP—In this protocol, the mobile user is assigned a static or dynamic IP address, which is basically the “home address” assigned by the user’s Home Agent (HA). Even if the user moves out of the home network, the IP address does not change or is not lost. This enables the user to use applications that require seamless mobility such as transferring files. How does this work? The Mobile IP protocol provides a network-layer solution that allows mobile nodes to receive IP packets from their home network even when they are connected to a visitor network. The PDSN in the visitor’s network performs as a Foreign Agent (FA), which assigns a Care-of-Address (CoA) to the mobile node and establishes a virtual session with the mobile node’s HA. IP packets are encapsulated into IP tunnels and transported between the FA, HA and mobile node. Figure 27-18 depicts the working of this protocol.

Figure 27-18 Mobile IP Configuration for PDSN

 

320492.eps
  • Proxy Mobile IP—This protocol provides a mobility solution for subscribers whose mobile nodes do not support the Mobile IP protocol. On behalf of the mobile node, PDSN proxies the Mobile IP tunnel with the HA. In turn, the service provider or the home agent assigns an IP address to the subscriber. This IP address does not change or is not lost even if the user moves out of the home network.

Viewing the PDSN Configuration Details

To view the PDSN configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > PDSN. The list of PDSN services configured in Prime Network are displayed in the content pane.

Step 3blank.gif From the PDSN node, choose a PDSN service. The PDSN service details are displayed in the content pane as shown in Figure 27-19.

Figure 27-19 PDSN Service Details

 

320485.tif

Table 27-94 displays the PDSN service details.

 

Table 27-94 PDSN Service Details

Field
Description

Service Name

The unique name of the PDSN service.

Status

The status of the PDSN service, which can be any one of the following:

  • Initiated
  • Running
  • Down
  • Started
  • Nonstarted
  • Unknown

Bind Address

The IP address to which the service is bound. This can be a IPv4 or IPv6 address.

note.gif

Noteblank.gif Multiple IP addresses belonging to the same IP interface can be bound to different PDSN services, but one address can be bound to only one service.


Local IP Port

The User Datagram Protocol (UDP) port for the R-P interface of the IP socket. This IP port can be any value between 1 and 65535 and defaults to 699.

Mobile IP

The IP address of the Foreign agent that is configured for the PDSN service.

Simple IP

Indicates whether the Simple IP configuration is available for the PDSN service, which can be any one of the following:

  • Allowed
  • Not Allowed (default value)

Max Subscribers

The maximum number of subscribers that the PDSN service can support.

Registration Life Time

The registration lifetime configured for all the subscribers to the service.

Max Retransmissions

Maximum retries for transmitting RP control packets. This count can be any value between 1 and 1000000 and defaults to 5.

A11 Signalling Packets IP Header DSCP

The Differential Services Code Point (DSCP) value in the IP header.

NAI Construction Domain

The Network Access Identifier for the PDSN service. This field is made up of the Mobile Station Identifier (MSID) of the subscriber, a separator character and a domain name.

note.gif

Noteblank.gif The domain name used here can be either the name supplied as part of the subscriber’s name or the domain alias.


Airlink Bad Sequence Number

The action to be taken when the PDSN receives an airlink record with a bad sequence number, which can be any one of the following:

  • Accept (default value)
  • Reject
note.gif

Noteblank.gif At the time of the R-PA10 connection setup, an airlink record is assigned a unique sequence number.


Airlink Bad Sequence Number Deny Code

The reason for rejecting the airlink record with a bad sequence number, which can be any one of the following:

  • Poorly Formed Request
  • Unsupported Vendor ID

AAA 3GPP2 Service Option

The service options for which AAA 3GPP2 authentication is applicable.

Service Option Entries

Service Option Number

The service option numbers applicable for the PDSN service.

note.gif

Noteblank.gif Each service option relates to a standard data service. Hence, these numbers determine the data services that are supported by the PDSN service.


You can also view the following configuration details for a PDSN service:

  • GRE
  • IP Source Violation
  • MSID
  • PCF
  • Policy
  • PPP
  • QoS
  • Registrations
  • Timers and Restrictions

Viewing the GRE Configuration Details

To view the Generic Routing Encapsulation (GRE) configuration details for a PDSN service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > PDSN > PDSN service > GRE. The GRE details are displayed in the content pane.

Table 27-95 displays the GRE configuration details.

 

Table 27-95 GRE Configuration Details

Field
Description

Checksum

Indicates whether the Checksum field is applicable for outgoing GRE packets.By default, this option is disabled.

Checksum Verify

Indicates whether the verification of the Checksum field is enabled for incoming GRE packets.

Reorder Time Out

The maximum time (in milliseconds) for processing the GRE packets that are coming out of order. This time can be any value between 0 and 5000, and defaults to 100 milliseconds.

Sequence Mode

The mode in which incoming out-of-sequence GRE packets are handled, which can be any one of the following:

  • Reorder
  • None

This field defaults to None.

Sequence Numbers

Indicates whether GRE sequence numbers are inserted in data that is about to be transmitted over the A10 interface. By default, this option is disabled.

Flow Control

Indicates whether flow control is supported by the selected PDSN service. If this option is enabled, PDSN sends flow control enabled Normal Vendor Specific Extensions (NSVE) in A11 RRPs. By default, this option is disabled.

Flow Control Time Out

The amount of time (in milliseconds) to wait for an Transmitter On (XON) indicator from the RAN. This time can be any value between 1 and 1000000, and defaults to 1000 milliseconds.

Flow Control Action

The action that must be taken when the timeout limit is reached, which can be any one of the following:

  • disconnect-session
  • resume-session.

Protocol Type

The tunnel type for the GRE routing. This field defaults to Any.

Is 3GPP Ext Header QoS Marking

Indicates whether the 3GPP Extension Header QoS Marking is enabled for the selected PDSN feature.

note.gif

Noteblank.gif If this feature is enabled and the PCF negotiation feature is enabled in A11 RRQ, then the PDSN will include QoS optional data attribute in the GRE 3GPP2 Extension Header.


IP Header DSCP Value

The Differential Service Code Point (DSCP) value in the IP header that marks the GRE IP Header encapsulation. This can be any value between 0x0F and 0X3F, and defaults to 0X0F.

IP Header DSCP Value Packet Type

Indicates whether the IP Header DSCP Value packet type is specified for the packets. By default, this option is disabled.

GRE Segmentation

Indicates whether segmentation of GRE packets is enabled. By default, this option is disabled.

Viewing the IP Source Violation Details

A Source violation occurs when a mobile device sources packets to the PDSN with a IP address that is different from the one specified during setup. Using this feature, the packets that need not be sent over the network are dropped when it tries to pass through PDSN.

To view the IP Source Violation configuration details for a PDSN service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > PDSN > PDSN service > IP Source Violation. The details are displayed in the content pane.

Table 27-96 displays the IP Source Violation configuration details.

 

Table 27-96 IP Source Violation Configuration Details

Field
Description

Clear on Valid Packet

Indicates whether the service to reset the negotiation and drop limit counters upon receipt of properly addressed packet is enabled. By default, this feature is disabled.

Drop Limit

The maximum number of IP source violations within the detection period, before the call is dropped. This number can be any value between 0 and 1000000, and defaults to 10.

Period

The detection period (in seconds) for the IP source violation. This field can be any value between 1 and 1000000, and defaults to 120.

Renegotiation Limit

The maximum number of IP source violations within the detection period before renegotiating PPP for the call. This field can be any value between 1 and 1000000, and defaults to 5.


 

Viewing the MSID Configuration Details

To view the Mobile Station ID (MSID) configuration details for a PDSN service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > PDSN > PDSN service > MSID. The details are displayed in the content pane.

Table 27-97 displays the MSID configuration details.

 

Table 27-97 MSID Configuration Details

Field
Description

MSID Length Max

The maximum length of the MSID configured for the PDSN service. This length can be any value between 10 and 15, and defaults to 15.

MSID Length Min

The minimum length of the MSID configured for the PDSN service. This length can be any value between 10 and 15, and defaults to 10.

MSID Authentication

Indicates whether the MSID authentication feature is enabled.

MSID Length Check

Indicates whether MSID length is enabled for the PDSN service. By default, this option is disabled.

note.gif

Noteblank.gif This configuration is required to reject the A11-RRQs with illegal International Mobile Station Identification (IMSI).


Viewing the PCF Configuration Details

To view the Packet Control Function (PCF) configuration details for a PDSN service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > PDSN > PDSN service > PCF. The details are displayed in the content pane.

Table 27-98 displays the PCF configuration details.

 

Table 27-98 PCF Configuration Details

Field
Description

PCF Monitor Num Retries

The maximum number of retries before deciding that the PCF service is down.

PCF Session ID Change Restart PPP

Indicates whether the PPP must be restarted if there is a change in the session ID of an existing session.

New Call Conflict Terminate Old Session

Indicates whether the session with a PCF must be terminated when a new call request for an existing session is received from another PCF.

PDSN Security Entries

SPI Number

The unique Security Parameters Index number that indicates a security context between the services.

Remote Address

The IP address of the source service.

Netmask

The subnet mask of the source service.

Zone ID

The ID of the zone to which the IP address belongs to.

Hash Algorithm

The hash algorithm used to encrypt the data.

Time Stamp Tolerance

The acceptable difference (in seconds) in the timestamps.

note.gif

Noteblank.gif If the actual difference exceeds the difference specified here, then the session is rejected. If this difference is 0, the timestamp tolerance checking is disabled at the receiving end.


Replay Protection

The replay protection schemes that is implemented by the service.

Description

The description of the security profile.


 

Viewing the Policy Configuration Details

To view the Policy configuration details for a PDSN service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > PDSN > PDSN service > Policy. The details are displayed in the content pane.

Table 27-99 displays the Policy configuration details.

 

Table 27-99 Policy Configuration Details

Field
Description

Unknown CVSE Policy

Indicates whether the unknown Critical Vendor Specific Extension (CVSE) policy is enforced.

RRQ MEI From Current PCF

Indicates whether PPP must be restarted after getting MEI in RRQ.

New Call Policy

The call policy for one or all the services, which can be any one of the following:

  • Accept
  • Reject
  • Redirect
  • Reject on MSID
  • Redirect on MSID
  • None

This field defaults to None.

Overload Policy

The action to be taken by the PDSN service in case of an overload condition.

Overload Policy Reject Code

The reject code for the overload policy.

Service Option Policy

The policy followed by PDSN for configuring services.

Reject MSID

The Mobile Station Identifier (MSID) for which new calls are rejected.

note.gif

Noteblank.gif If the New Call Policy field is set to Reject MSID, then this field will display the relevant MSID.


Viewing the PPP Configuration Details

To view the Point-to-Point Protocol details for a PDSN service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > PDSN > PDSN service > PPP. The details are displayed in the content pane.

Table 27-100 displays the PPP configuration details.

 

Table 27-100 PPP Configuration Details

Field
Description

Context Name

The destination context where the Layer 2 Tunneling protocol Access Concentrator (LAC) service is configured.

note.gif

Noteblank.gif This context is the same as the PPP tunneling context.


Tunnel Type

The type of the PPP tunnel established between the PDSN and the PFC, which can be any one of the following values:

  • L2TP
  • None

This field defaults to None.

Fragment State

Indicates whether the PPP fragmentation is enabled. By default, this is option is disabled.

Alt PPP

Indicates whether the Alternate Point-to-Point (PPP) protocol sessions are enabled for the PDSN service. By default, this option is disabled.

Allow No Authentication

Indicates whether subscribers can gain network access even if they have not been authenticated.

Authentication

The authentication mode and priority when multiple modes are selected, which can be any one of the following:

  • chap—Uses the Challenge Handshake Authentication Protocol (CHAP) for authentication. Must be followed by a priority value, which can be any value between 0 and 1000 with a lower number indicating higher preference. This protocol is enabled by default and commands the highest priority.
  • mschap—Uses the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) for authentication. Must be followed by a priority value, which can be any value between 0 and 1000 with a lower number indicating higher preference. This protocol is disabled by default.
  • pap—Uses Password Authentication Protocol (PAP) for authentication. Must be followed by a priority value, which can be any value between 0 and 1000 with a lower number indicating higher preference. This protocol seconds CHAP in terms of priority. This protocol is enabled by default.

Viewing the QoS Configuration Details

To view the Quality of Service configuration details for a PDSN service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile PDSN > PDSN service > QoS. The details are displayed in the content pane.

Table 27-101 displays the QoS configuration details.

 

Table 27-101 QoS Configuration Details

Field
Description

Policy Mismatch

Indicates whether the PDSN must raise a Traffic FLow Template (TFT) violation if there is a policy mismatch of QoS.

Qos Wait

Indicates whether parameters related to QoS are enabled.

note.gif

Noteblank.gif While configuring parameters for QoS, the minimum and maximum waiting time for transmission are also specified. Also, the action to be performed when the minimum time elapses is also specified.


Associate

The unique identification number of the associated QoS Profile that is configured for the selected context.

QoS Profile tab

ID

The unique code of the QoS profile.

Description

The description of the QoS profile.

Uplink Bandwidth

The uplink bandwidth (in kbps) of your profile.

Downlink Bandwidth

The downlink bandwidth (in kbps) of your profile.

Latency

The latency (in milliseconds) of the profile.

Drop Rate

The maximum drop rate percent of the packet.

QoS Class

The type of QoS class associated with the profile.


 

Viewing the Registration Details

To view the Registration details for a PDSN service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > PDSN > PDSN service > Registrations. The details are displayed in the content pane.

Table 27-102 displays the Registration details.

 

Table 27-102 Registration Details

Field
Description

Accept Session Disconnect In Progress

Indicates whether A11 registration request messages must be accepted from the PCF when a session disconnection is in progress.

Ask Deny Terminate Session on Error

Indicates whether A11 sessions must be terminated when a registration acknowledgement is received from PCF with an error status.

Max Deny Reply Limit

Maximum number of retries for an erroneous registration request message from PCF, before PDSN terminates the session.

Deny Mismatched COA Address

Indicates whether RP Requests must be denied, when the Care of Address field does not match the source address of the requests.

Deny New Call Connection Setup Record Absent

Indicates whether new calls that do not have airlink connection setup record in the RRQ must be denied.

Deny New Call Connection Setup Record Absent Deny Code

The reason for denying new calls that do not have airlink connection setup record in RRQ.

Deny New Call Connection Reverse Tunnel Unavailable

Indicates whether new calls whose GRE key is the same as that of another user must be denied.

Deny Session Already Active

Indicates whether renew requests that have Airlink Start record for already active R-P sessions must be denied.

Deny Session Already Closed

Indicates whether renew and de registration requests for closed R-P sessions must be denied.

Deny Session Already Dormant

Indicates whether renew requests that have Airlink Start record for already dormant R-P sessions must be renewed.

Deny Terminate Session On Error

Indicates whether termination of session on receipt of erroneous registration request message must be denied.

Deny Use Zero GRE Key

Indicates whether the GRE key must be initialized to 0 when denying a new R-P session.

Discard Bad Extension

Indicates whether A11 registration request messages containing bad extensions must be discarded.

Discard GRE Key Change

Indicates whether A11 registration request messages for an existing A11 session that contain a different GRE key must be discarded.

Update Wait Timeout

The time taken (in seconds) by A11 RRQ for QoS changes.


 

Viewing the Timers and Restrictions Details

To view the Timers and Restrictions details for a PDSN service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > PDSN > PDSN service > Timers and Restrictions. The details are displayed in the content pane.

 

Table 27-103 Timers and Restrictions Details

Field
Description

Inter PDSN Handoff

Indicates whether the Inter-PDSN handoff feature off is enabled. Inter-PDSN handoff relates to the handoff between two PCFs with connectivity to different PDSNs.

note.gif

Noteblank.gif Inter-PDSN handoff can be of two types: Fast Handoff and Dormant Handoff. Fast Handoff uses a GRE tunnel between two PDSNs to transport user data for a single service instance. Dormant Handoff occurs when a mobile station with a dormant packet session determines that it has crossed a packet zone boundary.


Inter PDSN Handover Use CANIDPANID

Indicates whether usage of Current Access Network ID (CANID) or Previous Access Network ID (PAN) is supported during an Inter-PDSN handover.

Data Available Indicator

Indicates whether data transfer is available.

PMA Capability Indicator

The Proxy Mobile Agent capability (PMA) indicator, which determines whether PMIP is supported by Prime Network.

note.gif

Noteblank.gif PDSN sends the capability indicator through RADIUS to the AAA server as an access-request packet to indicate to the AAA server that PDSN supports PMIP. If the capability indicator attribute is missing, then PMIP is not supported by PDSN.


Direct LTE Indicator

Indicates whether PDSN can send Direct LTE indicator in the Access Request.

Data Over Signalling

Indicates whether data transfer over a10 signalling channel instead of bearer or subscriber channels from PCF or PDSN is allowed. By default, this feature is not allowed.

Dormant Transition

Indicates whether dormant transition of the RP link during the initial setup of the subscriber session is allowed. If this option is disabled, then the subscriber session will be disconnected if the RP link becomes dormant during the initial setup.

ROHC IP Header Compression

Indicates whether the Robust Header Compression (ROHC) is enabled for headers in the IP packets that are being sent by or sent to the PDSN. By default, this option is disabled.

Always On Indication

Indicates whether the Always On feature is enabled for a subscriber.

note.gif

Noteblank.gif When the idle-time out limit runs out for a subscriber, the IP/PPP session remains connected as long as the subscriber is reachable. By default, this feature is disabled.


Setup TimeOut

The maximum time (in seconds) allowed for a session to be setup between PCF and PDSN. This time can be any value between 1 and 1000000, and defaults to 60 seconds.

Retransmission TimeOut

The timeout period (in seconds) for retransmission of RP control packets. This time can be any value between 1 and 1000000 and defaults to 3 seconds.

Pdsn Type0 Tft

Indicates whether Traffic Flow Template (TFT) of the PDSN is changed from type 0 TFT to type 1 TFT.

Tft Validation TimeOut

The TFT validation timeout (in seconds) for QoS changes. This time can be any value between 1 and 100000, and defaults to 0.

Access Flow Traffic Violations

The number of violations that are permitted in the access flow traffic.

Access Flow Traffic Violations Interval

The time interval between two subsequent access flow traffic violations.

Cid Mode

This mode allows you to configure options that are applied during ROHC compression for the service. This sets the RoHC packet size Large or Small.

Max Cid

Configures the highest context ID number to be used by the compressor as an integer from 0 and 15 when small packet size is selected, and 0 and 31 when large packet size is selected. Default is 15.

Max Received Reconstructed Unit

Configures the size of the largest reconstructed reception unit that the decompressor is expected to reassemble from segments. The size includes the CRC. If maximum received reconstructed unit (MRRU) is negotiated to be 0, no segment headers are allowed on the channel.

Radius Accounting Dropped Packets

Indicates whether radius accounting dropped packets are enabled or not for a PDSN service.

Profile ID(s)

Configures the header compression profiles to use. A header compression profile is a specification of how to compress the headers of a specific kind of packet stream over a specific kind of link. At least one profile must be specified.

Radius Accounting Dropped Packets

Indicates if radius accounting for dropped packets is enabled.


 

Configuration Commands for PDSN

The following PDSN commands can be launched from the logical inventory by choosing the Context > Commands > Configuration or Context > Commands > Show. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-104 PDSN Configuration Commands

Command
Navigation
Description

Create PDSN

Right-click the context > Commands > Configuration > Mobility

Use this command to create a new PDSN service for the selected context.

Modify PDSN

Delete PDSN

Expand PDSN node > Ri ght-click PDSN service > Commands > Configuration

Use these commands to modify/delete an existing PDSN service configured for the selected context.

Show PDSN

Expand PDSN node > Ri ght-click PDSN service > Commands > Show

Use this command to view and confirm the PDSN service configuration details.

Modify GRE

Expand PDSN node > PDSN service > right-click GRE > Commands > Configuration

Use this command to modify the Generic Routing Encapsulation (GRE) configuration settings for a specified PDSN service.

Modify IP Source Violation

Expand PDSN node > PDSN service > Right-click IP Source Violation > Commands > Configuration

Use this command to modify the IP Source Violation configuration details for the specified PDSN service.

Modify MSID

Expand PDSN node > PDSN service > Right-click MSID > Commands > Configuration

Use this command to modify the mobile station ID (MSID) configuration details for the specified PDSN service.

Modify PCF Parameters

Expand PDSN node > PDSN service > Right-click PCF > Commands > Configuration

Use this command to modify the Packet Control Function (PCF) configuration details for the specified PDSN service.

Create PCF Security Entry

Expand PDSN node > Right-click PDSN service > Commands > Configuration

Use this command to create a new PCF security entry.

Modify PCF Security Entry

Delete PCF Security Entry

Expand PDSN node > PDSN service > PCF > Und er Security Profiles tab n the content pane, right-click SPI Number > Commands > Configuration

Use these commands to modify/delete the PCF security entry details.

Modify Policy

Expand PDSN node > PDSN service > Right-click Policy > Commands > Configuration

Use this command to modify the policy configuration details for the PDSN service.

Modify PPP

Expand PDSN node > PDSN service > Right-click PPP > Commands > Configuration

Use this command to modify the Point-to-Point Protocol configuration details for the selected PDSN service.

Modify Registrations

Expand PDSN node > PDSN service > Right-click Registrations > Commands > Configuration

Use this command to modify the registration details for the selected PDSN service.

Modify Timers and Registrations

Expand PDSN node > PDSN service > Right-click Timers and Registrations > Commands > Configuration

Use this command to modify the timers and registration details for the selected PDSN service.

Viewing the Local Mobility Anchor Configuration (LMA)

Proxy Mobile IPv6 (or PMIPv6, or PMIP) is a network-based mobility management protocol for building a common access technology independent of mobile core networks, accommodating various access technologies such as WiMAX, 3GPP, 3GPP2 and WLAN based access architectures.

The PMIPv6 provides network-based IP Mobility management to a mobile node, without requiring the participation of the MN in any IP mobility-related signaling. The mobility entities in the network track the movements of the MN, initiate the mobility signaling, and set up the required routing state.

The major functional entities of PMIPv6 are Mobile Access Gateways (MAGs), Local Mobility Anchors (LMAs), and Mobile Nodes (MNs).

The Local Mobility Anchor (LMA) is the home agent for a mobile node in a Proxy Mobile IPv6 (PMIPv6) domain. It is the topological anchor point for mobile node home network prefixes and manages the binding state of an mobile node. An LMA has the functional capabilities of a home agent as defined in the Mobile IPv6 base specification (RFC 3775) along with the capabilities required for supporting the PMIPv6 protocol.

To view the LMA configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > LMA. The list of LMA services configured in Prime Network is displayed in the content pane.

Step 3blank.gif From the LMA node, choose an LMA service. The LMA service details are displayed in the content pane.

Figure 27-20 LMA Service Details

 

320484.tif

Table 27-105 displays the LMA service details.

 

Table 27-105 LMA Service Details

Field
Description

Service Name

The unique service name of the LMA.

Status

The status of the LMA service, which can be any one of the following:

  • Down
  • Running
  • Initiated
  • Unknown.
  • Not Started

This field defaults to Down.

Local IPv6 Address

The IP address of the interface serving as S2a (that is connected to HSGW) or S5/S8 (that is connected to S-GW) interface.

Local IPv4 Address

The IP address of the interface connected to HA/P-GW.

Local IP Port

The User Datagram Protocol (UDP) port for the LMA service.

Max Subscribers

The maximum number of subscribers that the LMA service can support. This number can be any value between 0 and 12000000 based on the below listed platforms and card types:

blank.gif SSI SMALL card on QvPC-SI platform—range is 0 to 120000.

blank.gif SSI MEDIUM card on QvPC-SI platform—range is 0 to 280000.

blank.gif SSI FORGE card on QvPC-SI platform—range is 0 to 240000.

blank.gif SSI LARGE card on QvPC-SI platform—range is 0 to 640000.

blank.gif ASR5000 PSC, ASR5000 PPC card on ASR5k platform—range is 0 to 4000000.

blank.gif SCALE MEDIUM on QvPC-DI platform—range is 0 to 4000000.

blank.gif ASR5000 PSC2, ASR5000 PSC3 on ASR5k platform—range is 0 to 4500000.

blank.gif ASR5500 DPC on ASR5500 platform—range is 0 to 4500000.

blank.gif ASR5500 DPC2 on ASR5500 platform— range is 0 to 12000000.

blank.gif SCALE LARGE on QvPC -DI platform— range is 0 to 12000000.

Default Subscriber Name

The name of the subscriber template to be used for subscribers who are using this domain alias.

Mobility Option Type Value

The mobility option type used in mobility messages, which can be any one of the following:

  • Custom 1
  • Custom 2
  • Custom 3
  • Standard

Refresh Advice Option

Indicates whether refresh advice option must be included in the Binding Acknowledgment sent by the LMA service. By default, this option is disabled.

Refresh Interval

The percent of granted lifetime to be used in the Refresh Interval Mobility option pertaining to the Binding Acknowledgment sent by the LMA service. This percentage can be any value between 1 and 99 and defaults to 75.

Setup Timeout

The maximum time (in seconds) allowed for the session to setup. This field defaults to 60.

Lifetime

The registration lifetime (in seconds) of the mobile IPv6 session. This number can be any value between 1 and 262140.

Bind Revocation

Indicates whether the binding revocation support is available for the LMA service. By default, this option is disabled.

Bind Revocation Max Retries

The maximum number of retries for the binding revocation, which can be any value between 1 and 10. This field defaults to 3.

Bind Revocation Timeout

The time interval (in milliseconds) of the retransmission of the binding revocation, which can be any value between 500 and 10000. This field defaults to 3000.

Sequence Number Validation

Indicates whether the sequence number of the MIPv6 control packet received by the LMA service must be validated. This option is enabled by default.

Signaling Packet IP Header DSCP

The Differentiated Services Code Point (DSCP) marking that is applicable to the IP header that is carrying outgoing signalling packets.

Simultaneous Binding

The maximum number of Care of addresses that can be bound for the same user as identified by their Network Access Identifier (NAI) and home address. This can be any value ranging from 1 to 3. This field defaults to 1.

Standalone Mode

Indicates whether the LMA service can be started in the standalone mode. This option is disabled by default.

Timestamp Option Validation

Indicates whether the Timestamp option in the Binding Acknowledgment must be validated. This option is disabled by default.

Timestamp Tolerance

The time (in seconds) to validate Timestamp reply protection, which can be any value between 0 and 65535. This field defaults to 7 seconds.

AAA Accounting

Indicates whether the AAA Accounting information for subscriber sessions must be sent. This option is enabled by default.

New Call Policy

Indicates whether the new call policy must be accepted or rejected. By default, this field is set to None.

Heartbeat support

Indicates whether the heartbeat support associated with the LMA Service is enabled or disabled.

Heartbeat Interval

Indicates heartbeat interval. Default value is 60 seconds.

Heartbeat Retransmission Timeout

Indicates heartbeat retransmission timeout. Default value is 3 seconds.

Heartbeat Max Retransmissions

Indicates maximum heartbeat retransmissions. Default value is 3 seconds.

Alternate CoA

Configuration to allow alternate Care-of-address for data traffic through alternate-care-of-address mobility options in PBU.

Timestamp Replay Protection

Designates timestamp replay protection scheme as per RFC 4285.

View Additional Mobility Options for MPN Service on the LMA Platform

Prime Network 5.2 supports PMIPv6/LMA inventory and faults, as well as performance statistics. Additional mobility options that are needed for supporting the MPN service is supported on the ASR9K platform. You can discover active PMIPv6/LMA function on ASR9K, view LMA service information in logical inventory and the associated VPN, tunnels and so on. For example, you can view service attributes such as terminating IP address, maximum sessions, and thresholds in logical inventory. SNMP traps and Syslog that are associated with the function of the service emphasis on any service-impacting events.

note.gif

Noteblank.gif Make sure to configure the LMA Service in ASR9K Device after modeling the VNE in PN.


To view additional mobility options, follow the procedural steps:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Mobile > LMA. The list of LMA services configured in Prime Network is displayed in the content pan.

Step 3blank.gif Click the Peers tab to view the following details specified in the Table 27-106 .

 

Table 27-106 Peers Entry Details for LMA Service

Field
Description

Peer MAGs

Shows MAG within LMA.

Auth option

Shows authentication option between PMIPV6 entities.

Encap type

Shows encapsulation option between PMIPV6 entities.

Step 4blank.gif To view the networks entries for LMA service, click the Networks tab. Table 27-107 displays the network details.

 

Table 27-107 Network Details for LMA Service

Field
Description

Network

Shows the network name for the selected LMA service.

IPv4 Pool prefix

Shows IPV4 pool configurations for the mobile network.

IPv6 Pool prefix

Shows IPV6 pool configurations for the mobile network.

No of Mobile Nwks Pools

Shows the count for mobile network pools that are configured.

Step 5blank.gif To view the bindings entries for LMA service, click the Bindings tab. Table 27-108 displays the binding details.

 

Table 27-108 Bindings Details for the LMA Service

Field
Description

State

Shows the Binding state.

NAI

Shows the network access identifier.

HOA

Shows the redistribute home address.

Prefix

Shows the redistribute HOA host prefix routes.

HNP

Shows the home network prefix.

IPV4 Mobile Network Prefixes

Shows the IPV4 mobile network prefixes.

IPV6 Mobile Network Prefixes

Shows the IPV6 mobile network prefixes.

LLID

Shows the Link layer identifier.

ID

Shows the MAG identifier.

COA

Shows CoA address.

Lifetime

Shows lifetime interval of the binding.

Tunnel

Shows outgoing interface.

Step 6blank.gif To view the heartbeat entries for peers, click the Peer Heartbeats tab. Table 27-109 displays the heartbeat entries for peers.

 

Table 27-109 Heartbeat Details for Peers

Field
Description

VRF

Shows the VRF of a customer.

Peer

Shows the customer specific LMA IPv4 or IPv6 addresses.

Time Interval

Specifies the interval between two heartbeat messages in seconds.

Retries

In the absence of reply from the peer, specify the number of retries.

Timeout

Specifies the time-out value to wait for a response from the peer after which the request is declared as timed out.

Step 7blank.gif To view the heartbeat path details, click the Heartbeat Path Information tab. Table 27-110 displays the heartbeat path details.

 

Table 27-110 Heartbeat Path Details

Field
Description

State

Shows the heartbeat state.

VRF

Shows the VRF of a customer.

Source Address

Shows the source address of the heartbeat for the peer.

Destination Address

Shows the destination address of the heartbeat for the peer.

Source Port

Shows the source port of the heartbeat for the peer.

Destination Port

Shows the destination port of the heartbeat for the peer.

Monitoring the SaMOG Gateway Configuration

The SaMOG (S2a Mobility Over GTP) Gateway runs on a Cisco ASR 5000 chassis with the StarOS operating system as shown in Figure 27-21.

Figure 27-21 SaMOG Gateway Topology

364038.eps

The SaMOG Gateway enhances the network services in the following ways:

  • Provides seamless mobility between the 3GPP EPC network and WLANs for EPS (Evolved Packet System) services via the GTPv2-based S2a interface.
  • Functions as a 3GPP Trusted WLAN Access Gateway (TWAG) as the Convergence Gateway (CGW) service. The CGW service terminates the S2a interface to the P-GW and acts as the default router for the WLAN UEs on its access link, and as a DHCP server for the UE. When the TWAN provides access to EPC for an UE, it forwards packets between the UE-TWAG point-to-point link and the S2a tunnel for that UE. The association in the TWAN between UE-TWAG point-to-point link and S2a tunnel is based on the UE MAC address.
  • Functions as a 3GPP Trusted WLAN AAA Proxy (TWAP) as the Multi Radio Management Entity (MRME) service. The MRME service terminates the STa interface to the 3GPP AAA server and relays the AAA information between the WLAN IP access network and the AAA server, or AAA proxy in the case of roaming. It establishes the binding of UE subscription data (including IMSI) with UE MAC address on the WLAN Access Network. The function provides the TWAG with UE subscription data during initial attach or at UE subscription data modification.

The services supported on the SaMOG gateway are:

  • SaMOG service
  • CGW service
  • MRME service

SaMOG Service

The SaMOG Gateway acts as the termination point of the WLAN access network. The SaMOG service enables the WLAN UEs in the trusted non-3GPP IP access network to connect to the EPC network via Wireless LAN Controllers (WLCs). During configuration, the SaMOG service gets associated with two services: the Convergence Gateway (CGW) service and the Multi Radio Mobility Entity (MRME) service. These collocated services combine to enable the SaMOG Gateway functionality.

CGW Service

The Convergence Gateway (CGW) service functions as a 3GPP Trusted WLAN Access Gateway (TWAG), terminating the S2a interface to the P-GW and acts as the default router for the WLAN UEs on its access link.

The CGW service has the following key features and functions:

  • Functions as a Local Mobility Anchor (LMA) towards the WLCs, which functions as a Mobile Access Gateway (MAG) with Proxy MIP capabilities per RFC 5213 and 3GPP TS 29.275 V11.5.
  • Enables the S2a interface towards the P-GW for session establishment per 3GPP TS 29.274 V11.5.
  • Routing of packets between the P-GW and the WLAN UEs via the Wireless LAN Controllers (WLCs).
  • Support for PDN type IPv4.
  • Interacts with the MRME service to provide user profile information to establish the GTP-variant S2a interface towards the P-GW per 3GPP TS 29.274.
  • Provides a Generic Routing Encapsulation (GRE) data path towards the WLCs per RFCs 1701 and 1702 for tunneling of data towards the WLCs. Also follows RFC 5845 for exchanging GRE keys with WLC-based PMIP signaling.
  • Receives and sends GTPU data packets towards the P-GW per 3GPP TS 29.281 V11.5.

MRME Service

The Multi Radio Mobility Entity (MRME) service functions as a 3GPP Trusted WLAN AAA Proxy (TWAP), terminating the STa interface to the 3GPP AAA server. The service relays the AAA information between the WLAN IP access network and the AAA server, or AAA proxy in the case of roaming.

The MRME service has the following key features and functions:

  • Relays the AAA information between the Wireless LAN Controllers (WLCs) and the 3GPP AAA server.
  • Supports EAP-over-RADIUS between the SaMOG Gateway and the WLCs to authenticate the WLAN UEs per RFC 3579.
  • Supports the Diameter-based STa interface between the 3GPP AAA server/proxy and the SaMOG Gateway per 3GPP TS 29.273 V11.
  • Supports the exchange of EAP messages over the STa interface per RFC 4072.
  • Functions as a RADIUS accounting proxy for WLC-initiated accounting messages.
  • Supports RADIUS Dynamic Authorization Extensions per RFC 3576 to handle HSS/AAA-initiated detach and Diameter re-authorization procedures.
  • Supports authentication between the WLAN UEs and the 3GPP AAA server using EAP-AKA, EAP-AKA', and EAP-SIM.
  • Supports static and dynamic P-GW selection after the authentication procedures.
  • Supports PDN type IPv4.
  • Maintains a username database to reuse existing resources when the CGW service receives PMIPv6 procedures initiated by the WLCs.
  • Interacts with the CGW service to provide user profile information to establish the GTP-variant S2a interface towards the P-GW per 3GPP TS 29.274.

Viewing the SaMOG Configuration Details

To view the SaMOG configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > context > Mobile > SaMOG. The SaMOG configuration details are displayed in the content pane.

Table 27-111 describes the SaMOG configuration details.

 

Table 27-111 SaMOG Configuration Details

Field
Description

Name

The name of the SaMOG service configured on the device.

Status

The status of the service, which can be any one of the following:

  • Initiated
  • Started
  • Running
  • Not Started
  • Down

CGW Service

The name of the CGW service configured on the device.

DHCP Service

The name of the service configured for DHCP interface support in SaMOG service.

DHCPv6 Service

The name of the service configured for DHCPv6 interface support in SaMOG service.

MRME Service

The name of the MRME service configured on the device.

Subscriber Map

The subscriber map name associated with the SaMOG service.

Max Sessions

The maximum number of sessions the SaMOG service can support.

Setup Timeout

The maximum amount of time (in seconds) allowed for session setup. Default is 60 seconds.

Absolute Timeout

The maximum duration of the session before the system automatically terminates the session. Default is 0.

Idle Timeout

The maximum duration a session can remain idle before the system automatically terminates the session. Default is 0.

Serving PLMN MCC

The mobile country code portion of the Serving PLMN.

Serving PLMN MNC

The mobile network code portion of the Serving PLMN.

New Call Policy

The new call policy that the SaMOG service can support. When a new call policy is enabled, the policy redirects or rejects new calls in anticipation of the chassis reload that completes the upgrade process.

 


 

SaMOG Configuration Commands

The following SaMOG commands can be launched from the logical inventory by choosing the Context > Commands > Configuration > Small Cell or Context > Commands > Show. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

Table 27-112 SaMOG Configuration Commands

Command
Navigation
Description

Modify SaMOG

Delete SaMOG

Expand SaMOG node > Right-click SaMOG service > Commands > Configuration

Use this command to modify/delete the configuration details of a SaMOG service.

Show SaMOG

Expand SaMOG node > Righ t-click SaMOG service > Commands > Show

Use this command to view and confirm the configuration details of a SaMOG service.

Viewing the CGW Service Configuration Details

To view the CGW service configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > context > Mobile > CGW Service. The CGW Service configuration details are displayed in the content pane.

Table 27-113 describes the CGW service configuration details.

 

Table 27-113 CGW Service Configuration Details

Field
Description

Name

The name of the service configured on the device.

Status

The status of the service, which can be any one of the following:

  • Initiated
  • Started
  • Running
  • Not Started
  • Down

IPv4 Bind Address (IP Address)

The Bind IP address for Local Mobility Anchor (LMA) driver. Designates address of the LMA service.

IPv6 Bind Address (IP Address)

The Bind IP address for the LMA driver. Designates address of the LMA service.

Egress EGTP Service

The associated (Evolved GPRS Tunneling Protocol) EGTP Service.

PGW Service

The name of the context in which the PGW service is configured.

GGSN Service

The name of the context in which the GGSN service is configured.

SGTP Service

The associated (SGSN GPRS Tunneling Protocol) SGTP Service.

Subscriber Map

The subscriber map name associated with the CGW service.

qci-qos-mapping

The associated QoS Class Index (QCI) QOS Mapping Table.

Registration Lifetime

The mobile IPV6 session registration lifetime ranging from 1 to 262140. Default is 600 seconds.

Binding Revocation

Shows whether binding revocation support for a specific CGW service is Enabled or Disabled.

Bind-Revocation Max-Retries

The maximum number of retransmissions of bind revocation.

Bind Revocation Timeout

The retransmission timeout for bind revocation.

Session Delete Delay Timer

Configures CGW to retain the session on receiving a termination request till configured delay time for session continuity in case of break-before-make scenario. Timer is Disabled by default.

Session Delete Delay Timeout

Configures CGW to retain the session until the configured time when the timer is enabled. Default timeout when enabled is 10000 milliseconds.

Timestamp Option Validation

The validation of timestamp option in binding update messages. By default timestamp is I10:I31.

Timestamp Replay Protection

The timestamp replay protection scheme as per RFC 4285.

Timestamp Tolerance

The acceptable difference in timing (between timestamps) before rejecting packet. Ranges from 0 to 65535. Default is 7 seconds.

MAG Service

The MAG service associated with the CGW service.

GGSN Service

The GGSN service associated with the CGW service.

GRE Sequence Numbers

Indicates whether the option to insert or remove GRE sequence numbers in GRE packets is enabled.

GGSN Context

The GGSN context associated with the CGW service.

Egress EGTP Service Context

The associated EGTP service context for CGW service.

CGW Configuration Commands

The following CGW commands can be launched from the logical inventory by choosing the Context > Commands > Configuration or Context > Commands > Show. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

Table 27-114 CGW Commands

Command
Navigation
Description

Modify CGW

Delete CGW

Expand CGW node > Right-click CGW service > Commands > Configuration

Use this command to modify/delete the configuration details of a CGW service.

Show CGW

Expand CGW node > Righ t-click CGW service > Commands > Show

Use this command to view and confirm the configuration details of a CGW service.

Viewing the MRME Service Configuration Details

To view the MRME service configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > context > Mobile > MRME Service. The MRME Service configuration details are displayed in the content pane.

Table 27-115 describes the MRME service configuration details.

Table 27-115 MRME Service Configuration Details

Field
Description

Name

The name of the service configured on the device.

Status

The status of the service, which can be any one of the following:

  • Initiated
  • Started
  • Running
  • Not Started
  • Down

IPv4 Bind Address (IP Address)

The designated address of the MRME service in the RADIUS server mode. Must be followed by IPv4 address, using dotted-decimal notation.

Authentication Port

The authentication port number.

Accounting Port

The accounting port number.

Disconnection Delay Time

The maximum time allowed to retain the session on receiving an accounting stop and session continuity further on receiving an accounting start for roaming scenarios. Default is 10 seconds.

Disconnection Wait Time

The maximum time allowed to wait for accounting stop before clearing the call and after sending disconnect message to WLC. Default is 30 seconds.

DNS-PGW Context

The name of the context where the Domain Name System (DNS) client is configured for the Packet Data Network Gateway (PGW) selection.

DNS PGW Selection

The PGW DNS selection criteria.

FQDN

The designated MRME Fully Qualified Domain Name (FQDN), which is used for longest suffix match during dynamic allocation.

Associated SaMOG service

The associated SaMOG service.

Sta Attribute ANID

The STa interface attribute. Format for Access Network ID (ANID). This attribute contains the access network identifier used for key derivation at the Home Subscriber Server (HSS).

MRME operation mode

The MRME operation mode.

Sta Attribute Calling Station Id

The STa interface attribute that carries the Layer-2 address of the UE in the format of calling station identifier.

Preferred PGW Selection Mechanism

Indicates that the local PGW selection as the preferred mechanism. This is applicable for initial attach.

Note By default, DNS based selection is displayed.

PGW-ID Selection Fallback

Allows you to PGW- selection Fallback when AAA provided PGW-ID selection fails.

ANID for AAR (Non-EAP Session)

Allows you to include ANID in AAR message for non-eap session.

AAA Send Framed-MTU Size

The size of Framed MTU Attribute Value Pairs to be sent in authentication request.

Bind IPv6 Address

Specifies the IPv6 address of the MRME service in the RADIUS server mode.

MRME Configuration Commands

The following MRME commands can be launched from the logical inventory by choosing the Context > Commands > Configuration or Context > Commands > Show. (see Permissions Required to Perform Tasks Using the Prime Network Clients). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

Table 27-116 MRME Configuration Commands

Command
Navigation
Description

Modify MRME

Delete MRME

Expand MRME node > Right-click MRME service > Commands > Configuration

Use this command to modify/delete the configuration details of a MRME service.

Show MRME

Expand MRME node > Righ t-click MRME service > Commands > Show

Use this command to view and confirm the configuration details of a MRME service.

Scheduling 3GPP Inventory Retrieval Requests

The 3GPP Inventory Management Web Services for Prime Network Integration Layer (PN-IL) retrieves the physical and logical inventory data from the Prime Network managed devices. For details on supported network elements, see Cisco Prime Network 5.2 Supported Cisco VNEs. For more details on the 3GPP inventory management and the web services, refer to the Cisco Prime OSS Integration Guide, 2.0.

Prime Network allows you to schedule a web service operations for Prime Network Integration Layer to run immediately or at a later point in time. Using Prime Network - Web Service Scheduler option, you can do the following:

  • Select the inventory request type based on which the inventory data will be retrieved from either all the supported devices or from the specified devices under Prime Network.
  • Schedule the 3GPP inventory management web service operations to initiate the inventory request and executes it according to the specified schedule.

To schedule web services:


Step 1blank.gif In the Vision client, Events client, or Administration client, choose Tools > Web Service Scheduler.

Step 2blank.gif In the Web Service Scheduler window, select General tab and select the inventory request type.

Table 27-117 describes the details of the Web Service Scheduler - General tab.

 

Table 27-117 General Tab in Web Service Scheduler

Field
Description

Operation

Select from the following inventory request:

  • getAllInventory - This inventory request is used to retrieve Inventory data for all supported devices under Prime Network. One notification will be issued by Prime Network Integration Layer upon completion of file creation for all supported network elements
  • getManagedElement - This inventory request is used to retrieve the inventory data for a specific managed element. One notification will be sent by the Prime Network Integration Layer for the specific managed element.

Note For information on how to subscribe to a notification, see the Cisco Prime OSS Integration Guide, 2.0.

Note The API getManagedElement reports the network functions of the mobility devices.

Managed Element

This options appears only if the inventory request type selected is of getManagedElement type. This option allows you to select a specific managed element, i.e, ASR5000, Security GW, or ASR5500 for which inventory data will be retrieved.

Step 3blank.gif Click Execute to initiate the inventory request and check the output files as specified in the Response message.

Step 4blank.gif Click the Scheduling tab to schedule the web services to run later or click on Run Now option to run web services immediately.

Step 5blank.gif To schedule the web services for a later date/time:

a.blank.gif Select the Schedule Job radio button. The scheduling options Once and Recurring are enabled.

b.blank.gif To execute the webservice operation once, select the Once radio button and specify the date and time.

c.blank.gif To schedule the web services operation execution on a recurring basis, select the Recurring radio button and specify the following:

blank.gif The date and time range for the recurrence.

blank.gif How often you want to initiate the inventory request within that time range - every X minutes, daily, weekly, or monthly.

Step 6blank.gif Specify comments, if required and click Schedule. Prime Network initiates the inventory request and executes it according to your scheduling specifications. Go to the Scheduled Jobs page (Tools > Scheduled Jobs), to check that your inventory request job has been created. You can use the Scheduled Jobs page to monitor the job status and to reschedule a job if necessary. You can also clone a scheduled job and edit the criteria, if required.

MTOSI Inventory Support for Small Cell Integration using Network Function APIs

To retrieve a specific network function supported by the device, the APIs used are

  • getNetworkFunctionNamesByType
  • getNetworkFunction

getNetworkFunctionNamesByType

This API is used to return all the network functions names for a particular network function type like mobility function supported by the device.

Following are the supported mobility network function service types,

  • GGSN Services
  • SGSN Services
  • MME Services
  • HeNB Gateway Services

blank.gif HeNB Gateway Access services

blank.gif HeNB Gateway Network Services

  • HNB Services
  • Sec Gateway Services

getNetworkFunction

This API is used to return details of mobility network function supported by getNetworkFunctionNamesByType API.

note.gif

Noteblank.gif Any addition, deletion, or change in the attributes supported by PNIL for the H(e)NB GW,MME,PGW, GSN, or Security GW services should be informed to the client subscribed for MTOSI notifications.


Viewing Operator Policies, APN Remaps, and APN Profiles

Operator policy provides mechanisms to fine tune the behavior of subsets of subscribers above and beyond the behaviors described in the user profile. It can also be used to control the behavior of visiting subscribers in roaming scenarios, enforcing roaming agreements, and providing a measure of local protection against foreign subscribers.

An operator policy associates APNs, APN profiles, an APN remap table, and a call-control profile to ranges of International Mobile Subscriber Identities (IMSIs). These profiles and tables are created and defined within their own configuration modes to generate sets of rules and instructions that can be reused and assigned to multiple policies. In this manner, an operator policy manages the application of rules governing the services, facilities, and privileges available to subscribers. These policies can override standard behaviors and provide mechanisms for an operator to get around the limitations of other infrastructure elements, such as DNS servers and HSSs.

note.gif

Noteblank.gif Operator policies and APN profiles are applicable only for the ‘local’ context in the logical inventory.


The following topics explain how to view operator policies, APN remaps, and APN profiles in the Vision client:

Viewing Operator Policies

Operator policies provide an operator with a range of control to manage the services, facilities, and privileges available to subscribers. By configuring the various components of an operator policy, the operator fine tunes any desired restrictions or limitations needed to control call handling and this can be done for a group of callers within a defined IMSI range or per subscriber.

Besides enhancing operator control through configuration, the operator policy feature minimizes configuration by drastically reducing the number of configuration 5.2 needed. Operator policy maximizes configurations by breaking them into the following reusable components that can be shared across IMSI ranges or subscribers:

  • Call-control profiles
  • IMEI profiles (SGSN only)
  • APN profiles
  • APN remap tables
  • Operator policies
  • IMSI ranges

To view operator policies in logical inventory:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > Policy > Operator Policies

The Vision client displays the list of operator policies configured under the container. You can view the individual policy details from the table on the right pane or by choosing Logical Inventory > local > Mobile > Policy > Operator Policies > Policy.

Table 27-118 describes the details available for each operator policy.

If an operator policy is configured with IMEI ranges and APN entries, the details are displayed in the respective tabs IMEI Ranges and APN Entries on the content pane.

Table 27-118 Operator Policies in Logical Inventory

Field
Description

Name

Name of the operator policy.

Description

Description of the operator policy.

Call Control Profile Name

Name of the call control profile associated with the operator policy.

Call Control Validity

Indicates whether the call control profile name associated with the operator policy is valid or is not created yet (invalid).

APN Remap Table Name

Name of the APN remap table associated with the operator policy.

APN Remap Table Validity

Indicates whether the APN remap table name associated with the operator policy is valid or is not created yet (invalid).

Default APN Profile Name

Name of the default APN profile associated with the operator policy.

Default APN Profile Validity

Indicates whether the default APN profile name associated with the operator policy is valid or is not created yet (invalid).

IMEI Ranges

Start Range

The starting number in the range of IMEI profiles.

To Range

The ending number in the range of IMEI profiles.

Software Version

Software version to fine tune the IMEI definition.

Profile Name

Name of the IMEI profile associated with the IMEI range. Displays ‘None’, if no profile is associated with the range.

Validity

Validity of the IMEI profile.

APN Entries

NI

APN network identifier.

NI APN Profile

Name of the APN profile associated with the network identifier. An APN profile groups a set of APN-specific parameters that may be applicable to one or more APNs. When a subscriber requests an APN that has been identified in a selected operator policy, the parameter values configured in the associated APN profile are applied.

NI APN Profile Validity

Indicates whether the NI APN profile associated with the operator policy is valid or is not created yet (invalid).

OI

APN operator identifier.

OI APN Profile

Name of the APN profile associated with the operator identifier. An APN profile groups a set of APN-specific parameters that may be applicable to one or more APNs. When a subscriber requests an APN that has been identified in a selected operator policy, the parameter values configured in the associated APN profile are applied.

OI APN Profile

Indicates whether the OI APN profile associated with the operator policy is valid or is not created yet (invalid).


 

Viewing APN Remaps

An APN remap tables allow an operator to override an APN specified by a user, or the APN selected during the normal APN selection procedure, as specified by 3GPP TS 23.060. This level of control enables operators to deal with situations such as:

  • An APN is provided in the activation request that does not match with any of the subscribed APNs; either a different APN was entered or the APN could have been misspelled. In such situations, the SGSN rejects the activation request. It is possible to correct the APN, creating a valid name so that the activation request is not rejected.
  • In some cases, an operator might want to force certain devices or users to use a specific APN. For example, a set of mobile users may need to be directed to a specific APN. In such situations, the operator needs to override the selected APN.

An APN remap table group is a set of APN-handling configurations that may be applicable to one or more subscribers. When a subscriber requests an APN that has been identified in a selected operator policy, the parameter values configured in the associated APN remap table are applied. For example, an APN remap table allows configuration of the following:

  • APN aliasing—Maps incoming APN to a different APN, based on partial string match (MME and SGSN) or matching charging characteristic (SGSN only).
  • Wildcard APN—Allows APN to be provided by the SGSN, when wildcard subscription is present and the user has not requested an APN.
  • Default APN—Allows a configured default APN to be used, when the requested APN cannot be used.

APN remap tables are configured with commands in the APN Remap Table configuration mode. A single APN remap table can be associated with multiple operator policies, but an operator policy can only be associated with a single APN remap table.

To view APN remap properties in logical inventory:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > Profile > APN Remaps

The Vision client displays the list of APN remaps configured under the container. You can view the individual APN remap details from the table on the right pane or by choosing Logical Inventory > local > Mobile > Profile > APN Remaps > APN Remap.

Table 27-119 describes the details available for each APN remap.

If an APN remap is configured with charging characteristics and NI and OI entries, the details are displayed in the respective tabs Charging Characteristics, Network And Operator Identifier Entries, and Default APN Entries on the content pane.

 

Table 27-119 APN Remap Properties in Logical Inventory

Field
Description

Name

Name of the APN remap.

Description

Description of the APN remap.

APN When No APN Requested

APN network identifier that will be used when no APN is requested.

Wildcard APN for IPv4

Wildcard APN included in the subscriber record, with PDP type as IPv4 context.

Wildcard APN for IPv6

Wildcard APN included in the subscriber record, with PDP type as IPv6 context.

Wildcard APN for IPv4v6

Wildcard APN included in the subscriber record, with PDP type as both IPv4 and IPv6 contexts.

Wildcard APN for PPP

Wildcard APN included in the subscriber record, with PDP type as PPP context.

Charging Characteristics

Profile Index

Profile index in charging characteristics.

Behavior Bit Value

Behavior bit in charging characteristics.

APN For Overriding

Name of the APN profile that the charging characteristic attributes must be applied to, to generate CDRs.

Network And Operator Identifier Entries

Requested NI

The old network identifier that is being mapped for replacement.

Mapped to NI

The new network identifier.

NI Wildcard Replace String

When a wildcard character is included in the old APN network identifier, this parameter identifies the information to replace the wildcard in the new APN network identifier.

Requested OI

The old operator identifier that is being mapped for replacement.

Mapped to OI

The new operator identifier.

OI MNC Replace String

When a wildcard character is included in the MNC portion of the old APN operator identifier, this parameter identifies the information to replace the wildcard in the new APN operator identifier.

OI MCC Replace String

When a wildcard character is included in the MCC portion of the old APN operator identifier, this parameter identifies the information to replace the wildcard in the new APN operator identifier.

Default APN Entries

Default APN

Name of the default APN.

Require Subscription

Indicates whether the configured default APN can be used or not, if there is no APN in the request.

Use Default APN When No APN Is Required

Indicates whether the configured default APN can be used or not, if DNS query fails.

Use Default APN When DNS Query Fails

A fallback APN to be used when the configured default APN is not present in the subscription, so that activation does not fail.

Fallback APN To Use

Indicates whether APN from the first subscription record must be used, when the configured default APN is not available.

Fallback APN In First Subscription

Indicates whether APN from the subscription record must be used, if it is the only record available and the normal APN selection fails.

Use APN From Single Subscription Record

Indicates whether APN from the subscription record must be used, if it is the only record available and the normal APN selection fails.

note.gif

Noteblank.gif If a default APN is configured for the remap, click the Default APN tab to view the APN details. In the APN remap table you can configure four default APNs.



 

Viewing APN Profiles

APN Profile defines a set of parameters controlling the SGSN or MME behavior, when a specific APN is received or no APN is received in a request. An APN profile is a key element in the Operator Policy feature. An APN profile is not used or valid unless it is associated with an APN and this association is specified in an operator policy.

Essentially, an APN profile is a template which groups a set of APN-specific commands that may be applicable to one or more APNs. When a subscriber requests an APN that has been identified in a selected operator policy, then the set of commands in the associated APN profile will be applied. The same APN profile can be associated with multiple APNs and multiple operator policies.

An APN profile groups a set of APN-specific parameters that may be applicable to one or more APNs. When a subscriber requests an APN that has been identified in a selected operator policy, the parameter values configured in the associated APN profile are applied. For example:

  • Enable or disable a direct tunnel (DT) per APN (SGSN).
  • Define charging characters for calls associated with a specific APN.
  • Identify a specific GGSN to be used for calls associated with a specific APN (SGSN).
  • Define various quality of service (QoS) parameters to be applied to calls associated with a specific APN.
  • Restrict or allow PDP context activation on the basis of access type for calls associated with a specific APN.

A single APN profile can be associated with multiple operator policies.

To view APN profile properties in logical inventory:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > Profile > APN Profiles.

The Vision client displays the list of APN profiles configured under the container. You can view the individual APN profile details from the table on the right pane or by choosing Logical Inventory > local > Mobile > Profile > APN Profiles > APN Profile.

Table 27-120 describes the details available for each APN remap.

If additional properties are configured for the APN profile, you can click the respective tabs on the content pane to view the details:

blank.gif Gateway Entries

blank.gif RANAP ARP Entries

blank.gif QoS Class Entries

blank.gif Uplink Traffic Policing Entries/Downlink Traffic Policing Entries

Table 27-120 APN Profile Properties in Logical Inventory

Field
Description

Name

Name of the APN profile.

Description

Description of the APN profile.

QoS Service Capping Prefer Type

Operational preferences for QoS parameters, specifically QoS bit rates. Value could be one of the following:

  • both-hlr-and-local—Instructs the SGSN to use the locally configured QoS or HLR subscription.
  • hlr-subscription—Instructs the SGSN to use QoS bit rate from HLR configuration and use the same for session establishment.
  • local—Instructs the SGSN to use the locally configured QoS bit rate and use the same for session establishment.

Address Resolution Mode

Address resolution mode of the APN profile, which could be one of the following:

  • fallback-for-dns—Uses DNS query for address resolution.
  • local—Uses locally configured address.

CC Preferred Source

Charging characteristic settings to be used for S-CDRs, which could be one of the following:

  • hlr-value-for-scdrs—Instructs the system to use charging characteristic settings received from the HLR for S-CDRs.
  • local-value-for-scdrs—Instructs the profile preference to use only locally configured/stored charging characteristic settings for S-CDRs.

CC Local SCDR Behavior Bit

Value of the behavior bit for the charging characteristics for S-CDRs.

CC Local SCDR Behavior Profile Index

Value of the profile index for the charging characteristics for S-CDRs.

GGSN Algorithm Applicable

Selection algorithm for GGSNs. This parameter allows the operator to configure multiple GGSN pools by assigning the GGSN to a secondary pool of GGSNs.

IP Source Validation

Configures settings related to IP source violation detection with one of the following criteria:

  • deactivate—Deactivates the PDP context with one of the following conditions:

blank.gif Deactivates all PDP contexts of the MS/UE. Default is to deactivate errant PDP contexts.

blank.gif Excludes packets having an invalid source IP address from the statistics used in the accounting records.

blank.gif Deactivates all associated PDP contexts (primary/secondary). Default is to deactivate errant PDP contexts.

blank.gif Configures maximum number of allowed IP source violations before the session is deactivated.

  • discard—Discards errant packets and excludes packets having an invalid source IP address from the statistics used in the accounting records.
  • ignore—Ignores checking of packets for MS/UE IP source violation.

IP Source Validation Tolerance Limit

Maximum number of allowed IP source violations before the session is deactivated.

Direct Tunnel

Permission for direct tunnel establishment by GGSNs, which could be not-permitted-by-ggsn or remove.

Private Extension LORC IE to GGSN

Indicates whether GTPC private extension is enabled or not for the over charging protection feature of the GGSN.

Private Extension LORC IE to SGSN

Indicates whether GTPC private extension is enabled or not for the over charging protection feature of the SGSN.

Idle Mode Access Control List IPV4

Group of IPv4 Access Control Lists (ACLs) that define rules to apply to downlink data destined for UEs in an idle mode.

Idle Mode Access Control List IPV6

Group of IPv6 ACLs that define rules to apply to downlink data destined for UEs in an idle mode.

DNS Query with MSISDN Start Offset Position

The position of the first digit in the MSISDN to start an offset and create a new APN DNS query string that is intended to assist roaming subscribers to use the local GGSN.

DNS Query with MSISDN End Offset Position

The position of the last digit in the MSISDN to be part of the offset.

DNS Query with LAC or RAC

Indicates whether geographical information must be appended to the APN string that is sent to the DNS query or not. This information is used during the DNS query process to select the geographically closest GGSN.

DNS Query with RNC ID

Indicates whether the SGSN must include the ID of the calling RNC in the APN DNS query string or not.

DNS Query with Charging Characteristics

Indicates whether charging characteristic configuration is enabled for the APN profile or not.

DNS Query Charging Characteristics ID Format

Format of the charging characteristic information to be included.

Gateway Entries

Gateway Entry

Gateway entry configured for the APN profile.

IP Address

IPv4 or IPv6 addresses of the gateway configured.

Priority

Priority of the gateway to consider during address selection.

Weight

Weightage or importance assigned to the gateway for load balancing.

Pool

Gateway pool assigned.

Gateway Type

Type of gateway configured, which could be GGSN or P-GW.

RANAP ARP Entries

Traffic Class

Traffic class of the Radio Access Network Application Part (RANAP) configuration.

Subscription Priority

Subscription priority of the traffic class; the lowest number denoting the highest priority.

Priority Level

Priority level for the subscription priority.

Preemption Capability

Preemption capability value of the traffic class.

Preemption Vulnerability

Preemption vulnerability value of the traffic class.

Queuing Allowed

Indicates whether queuing is allowed for the traffic class or not.

QoS Class Entries

Class Name

Traffing class of the QoS configuration.

Service Delivery Unit Delivery Order

Indicates whether bearer should provide in-sequence delivery of service data units (SDUs) or not.

Delivery of Erroneous Service Delivery Units

Indicates whether SDUs detected as erroneous should be delivered or discarded.

Max Bit Rate Uplink

Maximum bit rate, in kbps, allowed for uplink between MS and the core network.

Max Bit Rate Downlink

Maximum bit rate, in kbps, allowed for downlink between MS and the core network.

Allocation Retention Priority

Relative importance compared to other Radio Access Bearers (RABs) for allocation and retention of the RAB.

Traffic Handling Priority

Relative importance for traffic handling when compared to other RABs.

SDU Max Size

Maximum allowed SDU size, in bytes.

SDU Error Ratio

Fraction of SDUs lost or detected as erroneous.

Guaranteed Bit Rate Uplink

Uplink bit rate, in kbps, that is assured for a given RAB between MS and the core network.

Guaranteed Bit Rate Downlink

Downlink bit rate, in kbps, that is assured for a given RAB between MS and the core network.

Minimum Transfer Delay

Minimum transfer delay, in milliseconds.

Residual BER

Undetected bit error ratio (BER) in the delivered SDUs.

MBR Map Down

Attribute that maps or converts the received HLR maximum bit rate (MBR) (from value) to a locally configured downlink MBR value (to value).

MBR Map Up

Attribute that maps or converts the received HLR MBR (from value) to a locally configured uplink MBR value (to value).

Uplink Traffic Policing Entries/Downlink Traffic Policing Entries

Traffic Class

Traffic class of the QoS configuration.

Burst Size Auto Readjust

Indicates whether the auto readjustment of burst size is enabled or disabled. This parameter is used in dynamic burst size calculation, for traffic policing, at the time of PDP activation or modification.

Burst Size Auto Readjust Duration

The burst size readjustment duration in seconds. This parameter indicates the number of seconds that the dynamic burst size calculation will last for. This allows the traffic to be throttled at the negotiated rates.

Peak Burst Size (bytes)

The peak burst size allowed, in bytes, for the uplink/downlink direction and QoS class.

Guaranteed Burst Size (bytes)

The guaranteed burst size allowed, in bytes, for the uplink/downlink direction and QoS class.

Exceed Action

The action to be taken on packets that exceed the committed data rate, but do not violate the peak data rate. The action could be one of the following:

  • Drop
  • Lower IP Precedence
  • Transmit

Violate Action

The action to be taken on packets that exceed both committed and peak data rates. The action could be one of the following:

  • Drop
  • Lower IP Precedence
  • Shape
  • Transmit


 

Viewing Additional Characteristics of an APN Profile

To view additional characteristics of an APN profile:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > Profile > APN Profiles > APN Profile.

Step 3blank.gif Expand the APN Profile node. The following list of characteristics configured for the APN profile are displayed:

blank.gif PDP Inactivity Actions—Attributes related to PDP data inactivity. Once a data communication is in progress there are cases where this data communication can be inactive after some time, for example, when the user has locked the phone after browsing the internet or when the battery suddenly drains out. In such a case, the SGSN can take a configured action based on this inactivity. The inactivity timeout and the actions that can be taken based on certain conditions are modeled in this configuration.

blank.gif QoS to DSCP Mapping (Downlink) / Qos to DSCP Mapping (Uplink)—Mapping of QoS parameters to DSCP. Configuration of the local values for the traffic class (TC) parameters for QoS configured for the APN.

blank.gif PDP Restrictions (UMTS) / PDP Restrictions (GPRS)—Activation restrictions on PDP.

Step 4blank.gif Click each of one of these characteristics to view its properties on the right pane. See Table 27-121 for more details on the properties of each characteristics configured for the APN profile.

Table 27-121 APN Profile Additional Characteristics

Field
Description

PDP Inactivity Actions

PDP Inactivity Idle Timeout

Timeout duration for PDP inactivity. PDP context is deactivated, if it is inactive for the given duration.

PDP Inactivity Idle Timeout Action

Action to be taken when the PDP data communication is inactive for the timeout duration.

PDP Inactivity Idle Timeout Action Condition

Condition when the GPRS detach procedure should be executed on the PDP context, when the timeout is reached or exceeded.

PDP IPV4 IPV6 Override

PDP type to use, per APN, if dual PDP type addressing is not supported by the network.

QoS to DSCP Mapping (Downlink) / Qos to DSCP Mapping (Uplink)

Conversational

Real time conversational traffic class of service, which is reserved for voice traffic.

Streaming

Streaming traffic class of service, which handes one-way, real-time data transmission, such as streaming video or audio.

Interactive Threshold Priority 1/2/3

Interactive traffic class of service with threshold priorities 1, 2, and 3.

Background

Background traffic class of service. This best-effort class manages traffic that is handled as a background function, such as e-mail, where time to delivery is not a key factor.

Interactive TP1 Alloc P1/P2/P3

Interactive traffic class of service, with threshold priority 1 and allocation priorities 1, 2, and 3.

Interactive TP2 Alloc P1/P2/P3

Interactive traffic class of service, with threshold priority 2 and allocation priorities 1, 2, and 3.

Interactive TP3 Alloc P1/P2/P3

Interactive traffic class of service, with threshold priority 3 and allocation priorities 1, 2, and 3.

PDP Restrictions (UMTS) / PDP Restrictions (GPRS)

QoS Class Background

Indicates whether background traffic class of service is enabled or not.

QoS Class Interactive

Indicates whether interactive traffic class of service is enabled or not.

QoS Class Streaming

Indicates whether streaming traffic class of service is enabled or not.

QoS Class Conversational

Indicates whether conversational traffic class of service is enabled or not.


 

Working with Active Charging Service

Enhanced Charging Service (ECS), also known as Active Charging Service (ACS), is an in-line service, which is integrated within the platform and provides mobile operators the ability to offer tiered, detailed, and itemized billing to subscribers. Data packets flow through the ECS subsystem and relevant actions are performed based on the configured rules. Charging records (xCDRs) will be generated and forwarded to ESS or billing systems for prepaid and post paid billing.

The major components and functions of an ECS solution are given below.

Content Service Steering

Content Service Steering (CSS) enables directing selective subscriber traffic into the ECS subsystem. CSS uses Access Control Lists (ACLs) to redirect selective subscriber traffic flows. ACLs control the flow of packets into and out of the system. ACLs consist of rules (ACL rules) or filters that control the action taken on packets matching the filter criteria.

ACLs are configurable on a per-context basis and apply to a subscriber through either a subscriber profile (for PDSN) or an APN profile (for GGSN) in the destination context.

Protocol Analyzer

Protocol analyzer stack is responsible for analyzing the individual protocol fields during packet inspection. The analyzer supports the following types of packet inspection:

  • Shallow Packet Inspection—Inspection of the Layer 3 (IP header) and Layer 4 (for example, UDP or TCP header) information.
  • Deep Packet Inspection—Inspection of Layer 7 and above information. This functionality includes:

blank.gif Detection of Uniform Resource Identifier (URI) information at level 7 (example, HTTP)

blank.gif Identification of true destination in the case of terminating proxies, where shallow packet inspection only reveals the destination IP address/port number of a terminating proxy

Rule Definitions

Rule definitions (ruledefs) are user-defined expressions, based on protocol fields and protocol states, which define what actions to take when specific field values are true.

Most important rule definitions are related to Routing and Charging as explained below:

  • Routing Ruledefs—Routing ruledefs are used to route packets to content analyzers. Routing ruledefs determine which content analyzer to route the packet to, when the protocol fields and/or protocol states in ruledef expression are true.
  • Charging Ruledefs—Charging ruledefs are used to specify what action to take based on the analysis done by the content analyzers. Actions can include redirection, charge value, and billing record emission.

Rule Base

A rule base is a collection of rule definitions and their associated billing policy. The rule base determines the action to be taken when a rule is matched. Rule bases can also be used to apply the same rule definitions for several subscribers, which eliminate the need to have unique rule definition for each subscriber. We can set priority, default bandwidth policy, type of billing for subscriber sessions, for a rule definition or group of rule definitions in the rule base.

Content Filtering

ACS also offers a content filtering mechanism. Content filtering is an in-line service available for 3GPP and 3GPP2 networks to filter HTTP and WAP requests from mobile subscribers, based on the URLs in the requests. Content filtering uses the DPI feature of ECS to discern HTTP and WAP requests. This enables operators to filter and control the content that an individual subscriber can access, so that subscribers are inadvertently not exposed to universally unacceptable content and/or content inappropriate as per the subscribers’ preferences.

The content filtering service offers the following solutions:

  • URL Blacklisting—With this solution, all HTTP/WAP URLs in subscriber requests are matched against a database of blacklisted URLs. If there is a match, the flow is discarded, redirected, or terminated as configured. If there is no match, subscribers view the content as they would normally.
  • Category-based Content Filtering

blank.gif Category-based Static Content Filtering—In this method, all HTTP/WAP URLs in subscriber requests are matched against a static URL categorization database. Action is taken based on a URL’s category, and the action configured for that category in the subscriber’s content filtering policy. Possible actions include permitting, blocking, redirecting, and inserting content.

blank.gif Category-based Static-and-Dynamic Content Filtering—In this method, each URL first undergoes static rating. If the URL cannot be rated by the static database or if the URL static rating categorizes a URL as either Dynamic or Unknown, the requested content is sent for dynamic rating; wherein the requested content is analyzed and categorized. Action is taken based on the category determined by dynamic rating, and the action configured for that category in the subscriber’s content filtering policy. Possible actions include permitting, blocking, redirecting, and inserting content.

note.gif

Noteblank.gif ACS is applicable only for the ‘local’ context in the logical inventory.


The following topics explain how to work with ACS in the Vision client:

Viewing Active Charging Services

You can view the active charging services in logical inventory as shown in Figure 27-22.

Figure 27-22 Mobile Technology Setup Nodes

 

320090.tif

Additionally, you can also perform the following for each ACS:

To view ACS details in logical inventory:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > Active Charging Services.

The Vision client displays the list of active charging services configured under the container. You can view the individual ACS details from the table on the right pane or by choosing Logical Inventory > local > Mobile > Active Charging Services > ACS.

Table 27-122 describes the details available for each ACS.

 

Table 27-122 Active Charging Services in Logical Inventory

Field
Description

Service Name

Name of the active charging service.

TCP Flow Idle Timeout

Maximum duration, in seconds, a TCP flow can remain idle.

UDP Flow Idle Timeout

Maximum duration, in seconds, a UDP flow can remain idle.

ICMP Flow Idle Timeout

Maximum duration, in seconds, an Internet Control Message Protocol (ICMP) flow can remain idle.

ALG Media Idle Timeout

Maximum duration, in seconds, an application level gateway (ALG) media flow can remain idle.

TCP Flow Mapping Idle Timeout

The time for which the TCP flow mapping timer holds the resources.

UDP Flow Mapping Idle Timeout

The time for which the UDP flow mapping timer holds the resources.

Deep Packet Inspection

Indicates whether configuration of DPI is enabled or disabled in the mobile video gateway.

Passive Mode

Indicates whether the ACS is in or out of passive mode operation.

CDR Flow Control

Indicates whether flow control is enabled or disabled between the ACS Manager (ACSMGR) and Charging Data Record Module (CDRMOD).

CDR Flow Control Unsent Queue Size

Flow control unsent queue size at ACSMGR level.

Unsent Queue High Watermark

Highest flow control unsent queue size at ACSMGR level.

Unsent Queue Low Watermark

Lowest flow control unsent queue size at ACSMGR level.

Content Filtering

Indicates whether content filtering is enabled or disabled for the ACS.

Dynamic Content Filtering

Indicates whether dynamic content filtering is enabled or disabled for the ACS.

URL Blacklisting

Indicates whether URL blacklisting is enabled or disabled for the ACS.

URL Blacklisting Match Method

Method to look up the URLs in the URL blacklisting database.

Content Filtering Match Method

Method to look up the URLs in the category-based content filtering database.

Interpretation of Charging Rulebase Name

Charging rulebase configured for the ACS.

Selected Charging Rulebase Name for AVP

Charging rulebase name for attribute value pair (AVP) configured for the ACS.


 

Viewing Content Filtering Categories

To view content filtering categories in logical inventory:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > Active Charging Services > ACS > Content Filtering Categories.

The Vision client displays the list of content filtering categories configured under the container. You can view the individual content filtering category details from the table on the right pane or by choosing Logical Inventory > local > Mobile > Active Charging Services > ACS > Content Filtering Categories > Content Filtering Category.

Table 27-123 describes the details available for each content filtering category.

 

Table 27-123 Content Filtering Categories in Logical Inventory

Field
Description

Policy ID

ID of the content filtering policy.

Failure Action

Action to take for the content filtering analysis result.

EDR File

The EDR file name.

Content Category

Name of the content filtering category.

Content Insert

Content string to insert in place of the message returned from prohibited or restricted site or content server.

Content Priority

Precedence of the category in the content filtering policy.

Content Failure Action

Action to take for the indicated result of the content filtering analysis, which could be one of the following:

  • allow
  • content-insert
  • discard
  • redirect URL
  • terminate flow
  • www-reply-code-and-terminate-flow

Content Redirect

Content string to redirect the subscriber to a specified URL.

Content Reply Code

Reply code to terminate flow.

EDR File Format

Predefined EDR file format.


 

Viewing Credit Control Properties

In a prepaid environment, the subscribers pay for a service prior to using it. While the subscriber is using the service, credit is deducted from subscriber’s account until it is exhausted or the call ends. In prepaid charging, ECS performs the metering function. Credits are deducted in real time from an account balance or quota. A fixed quota is reserved from the account balance and given to the system by a prepaid rating and charging server, which interfaces with an external billing system platform. The system deducts volume from the quota according to the traffic analysis rules. When the subscriber’s quota gets to the threshold level specified by the prepaid rating and charging server, system sends a new access request message to the server and server updates the subscriber's quota. The charging server is also updated at the end of the call.

ECS supports the following credit control applications for prepaid charging:

  • RADIUS Credit Control Application—RADIUS is used as the interface between ECS and the prepaid charging server.
  • Diameter Credit Control Application—The Diameter Credit Control Application (DCCA) is used to implement real-time credit control for a variety of services, such as networks access, messaging services, and download services.

To view credit control properties in logical inventory:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > Active Charging Services > ACS > Credit Control.

The Vision client displays the list of credit control groups configured under the container. You can view the individual credit control group details from the table on the right pane or by choosing Logical Inventory > local > Mobile > Active Charging Services > ACS > Credit Control > Credit Control Group.

You can also view the following details by clicking the respective node under the credit control group:

Table 27-124 describes the details available for each credit control group.

 

Table 27-124 Credit Control Properties in Logical Inventory

Field
Description

Group

Name of the credit control group for the subscriber.

Mode

Prepaid charging application mode, which could be Diameter or Radius.

APN Name to be Included

Type of APN name sent in the credit control application (CCA) message.

Trigger Type

Condition based on which credit reauthorization is triggered from the server.

Diameter MSCC Final Unit Action Terminate

Indicates whether to terminate a PDP session immediately when the Final-Unit-Action (FUA) in a particular multi service credit control (MSCC) is set as Terminate and the quota is exhausted for that service, or to terminate the session after all MSCCs (categories) have used their available quota.

Diameter Peer Select table

Peer

Primary hostname.

Realm

Realm for the primary host.

Secondary Peer

Secondary hostname.

Secondary Realm

Realm for the secondary host.

IMSI Range Mode

Mode of peer selection based on IMSI prefix or suffix.

IMSI Start Value

Starting value of the IMSI range for peer selection.

IMSI End Value

Ending value of the IMSI range for peer selection.

Diameter

End Point Name

Name of the diameter endpoint.

End Point Realm

Realm of the diameter endpoint.

Pending Timeout

Maximum time to wait for response from a diameter peer.

Session Failover

Indicates whether diameter session failover is enabled or not.

Dictionary

Diameter credit control dictionary for the ACS.

Failure Handling

Initial Request

Failure handling behavior, if failure takes place during initial session establishment. Value could be continue, retry-and-terminate, and terminate.

Update Request

Failure handling behavior, if failure takes place during update request. Value could be continue, retry-and-terminate, and terminate.

Terminate Request

Failure handling behavior, if failure takes place during terminate request. Value could be continue, retry-and-terminate, and terminate.

Pending Traffic Treatment

Trigger

Indicates whether to allow or drop a trigger while waiting for the credit information from the server. Value could be pass or drop.

Forced Reauth

Indicates whether to allow or drop reauthorization while waiting for the credit information from the server. Value could be pass or drop.

NoQuota

Indicates whether to allow or drop traffic, if there is no quota present. Value could be pass, drop, or buffer.

Quota Exhausted

Indicates whether to allow or drop traffic, if quota is exhausted. Value could be pass, drop, or buffer.

Validity Expired

Indicates whether to allow or drop traffic, if quota validity is expired. Value could be pass or drop.

Quota

Request Trigger

Action taken on the packet that triggers the credit control application to request quota. Value could be exclude-packet-causing-trigger or include-packet-causing-trigger.

Holding Time

Duration for which ECS can hold the quota before returning to the credit control server.

Validity Time

Lifetime for which subscriber quota retrieved from the billing server is valid.

Time Threshold

Time threshold limit for subscriber quota in the prepaid credit control service.

Units Threshold

Unit threshold limit for subscriber quota in the prepaid credit control service.

Volume Threshold

Volume threshold limit for subscriber quota in the prepaid credit control service.

Server Unreachable Failure Handling

Initial Request

Failure handling behavior if server is unreachable during initial session establishment. Value could be continue or terminate.

Update Request

Failure handling behavior if server is unreachable during update request. Value could be continue or terminate.


 

Viewing Charging Action Properties

Charging Action is an action taken on the incoming data packets once the data packets are treated by the routing and charging rule components. User can configure independent actions such as allow, forward, and block traffic, and bind these actions with other routing and charging rule components.

To view charging action properties in logical inventory:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > Active Charging Services > ACS > Charging Action.

The Vision client displays the list of charging actions configured under the container as shown. You can view the individual charging action details from the table on the right pane or by choosing Logical Inventory > local > Mobile > Active Charging Services > ACS > Charging Action > Charging Action.

You can also view the following details by clicking the respective node under the Charging Action node:

Table 27-125 describes the details available for each charging action record.

Table 27-125 Charging Action Properties in Logical Inventory

Field
Description

Name

Name of the charging action.

Content ID

Content ID to use in the generated billing records as well the AVP used by the credit control application.

Service ID

Configured service ID used to associate the charging action in rule definitions configuration.

Charging EDR Name

Name of the EDR format for the billing action in the ACS.

EGCDRs

Indicates whether eG-CDRs must be generated when the subscriber session ends or an interim trigger condition occurs.

Rf

Indicates whether Rf accounting is enabled or not.

UDRs

Indicates whether UDRs must be generated based on the UDR format declared in the rule base.

Flow Idle Timeout

Maximum duration a flow can remain idle after which the system automatically terminates the flow.

Limit for Flow Type State

Indicates whether the limit for flow type is configured or not.

Limit for Flow Type Value

Maximum number of flows of a particular type.

Limit for Flow Type Action

Action to be taken, if the number of flows exceeds the maximum limit.

IP Type of Service

IP Type of Service (ToS) octets used in the charging action.

Retransmission Count

Indicates whether to count the number of packet retransmissions when the charging action is applied on the incoming data packets.

Content Filtering

Indicates whether content filtering must be applied on the incoming packets or not.

Credit Control

Indicates whether to apply credit control or not.

Credit Rating Group

Coupon ID used in prepaid charging as rating group.

Charge Volume

Method used for charge volume calculation based on the protocol and packet.

Next Hop Forwarding Address

Next hop forwarding address for a charging action.

VLAN ID

VLAN ID configured for the subscriber

Flow Mapping Idle Timeout

Maximum duration, in seconds, a flow can remain idle after which the system automatically terminates the flow.

Allocation Retention Priority

Priority Level

Priority value that indicates whether to accept or reject a request for establishment or modification of a bearer in a limited resource condition.

Priority Vulnerability Indicator

Defines whether an active bearer can be preempted by a preemption-capable high priority bearer.

Priority Capability Indicator

Defines whether the bearer request can preempt the resources from the Low Priority Pre-empatable Active Bearers.

Bandwidth

Bandwidth ID

The bandwidth policy ID for the ACS.

Uplink

Indicates whether uplink flow limit is configured for the subscriber or not.

Downlink

Indicates whether downlink flow limit is configured for the subscriber or not.

Charging Action Bandwidth Direction

Direction

Direction of the packet flow: Uplink or Downlink

Peak Data Rate

Peak data rate configured for the uplink or downlink packet flow.

Peak Burst Size

Peak burst size allowed for the uplink or downlink packets.

Committed Data Rate

Committed data rate for the uplink or downlink packet flow.

Committed Burst Size

Committed burst size allowed for the uplink or downlink packets.

Exceed Action

Action to take on packets that exceed committed data rate but do not violate the peak data rate.

Violate Action

Action to take on packets that exceed both committed and peak data rates.

Bandwidth Limiting ID

Identifier for bandwidth limiting.

Flow Action

Redirect URL

Indicates whether packets matched to the rule definition must be redirected to a specified URL or not.

Clear Quota Retry Timer

Indicates whether to reset the CCA quota retry timer for a specific subscriber upon redirection of data packets.

Conditional Redirect

Indicates whether packets matching to a configured user agent must be conditionally redirected to a specified URL.

Discard

Discards packets associated with the charging action.

Random Drop

Indicates whether to degrade voice quality and specify the time interval in seconds at which the voice packets will be dropped.

Readdress

Redirects unknown gateway traffic based on the destination IP address of the packets to known or trusted gateways.

Terminate Flow

Indicates whether to terminate the flow by terminating the TCP connection gracefully between the subscriber and external server.

Terminate Session

Indicates whether to terminate the session.

QoS

Traffic Class

QoS traffic class for the charging action, which could be background, conversational, interactive, or streaming.

Class Identifier

The QCI value.

Video

Bit Rate

Bits per second, at which the TCP video flow must be paced during video pacing.

CAE Readdressing

Indicates whether Content Adaptation Engine (CAE) readdressing is enabled, allowing video traffic to be fetched from the CAEs in the CAE group.

Transrating

Indicates whether transrating is enabled or not. Transrating is a mobile video feature that reduces the encoded bit rates by adjusting video encoding.

Target Rate Reduction

Percentage of the input bit rate of a video flow.

Billing Action

EDR

Name of the EDR format for the billing action in the ACS.

EGCDR

Indicates whether eG-CDRs must be generated when the subscriber session ends or an interim trigger condition occurs.

Rf

Indicates whether Rf accounting is enabled or not.

UDRs

Indicates whether UDRs must be generated based on the UDR format declared in the rule base.

Radius Accounting Record

Indicates whether radius accounting is enabled or not.


 

Viewing Rule Definitions

Rule definitions are user-defined expressions, based on protocol fields and protocol states, which define what actions to take when specific field values are true. Each rule definition configuration consists of multiple expressions applicable to any of the fields or states supported by the respective analyzers.

Rule definitions are of the following types:

  • Routing—Used to route packets to content analyzers. Routing rule definitions determine which content analyzer to route the packet to when the protocol fields and/or protocol states in the rule definition expression are true. Up to 256 rule definitions can be configured for routing.
  • Charging—Used to specify what action to take based on the analysis done by the content analyzers. Actions can include redirection, charge value, and billing record emission. Up to 2048 charging rule definitions can be configured in the system.
  • Post-processing—Used for post-processing purposes. Enables processing of packets even if the rule matching for them has been disabled.
  • TPO—Used for Traffic Performance Optimization (TPO) in-line service match-rule and match advertisement features.

To view rule definitions in logical inventory:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > Active Charging Services > ACS > Rule Definitions.

The Vision client displays the list of rule definitions configured under the container. You can view the individual rule definition details from the table on the right pane or by choosing Logical Inventory > local > Mobile > Active Charging Services > ACS > Rule Definitions > Rule Definition.

Table 27-126 describes the details available for each rule definition.

 

Table 27-126 Rule Definition Group Properties in Logical Inventory

Field
Description

Name

Name of the rule definition group.

Application Type

Purpose of the rule definition, which could be charging, routing, post-processing, or Traffic Performance Optimization (TPO).

Copy Packet To Log

Indicates whether to copy every packet that matches the rule to a log file.

Tethered Flow Check

Indicates whether tethered flow check if enabled or not. Tethering detection flow check feature enables detection of subscriber data traffic flow originating from PC devices tethered to mobile smart phones, and also provides effective reporting to enable service providers take business decisions on how to manage such usage and to bill subscribers accordingly.

Multiline OR

Indicates whether to apply the OR operator to all 5.2 in a rule definition. This allows a single rule definition to specify multiple URL expressions.

Protocol Configuration

Protocol

The protocol that this rule definition is applied on.

Fields

Particular protocol field, which is applied on the data packets for inspection. Value could be, host, payload, or domain.

Operator

Logical operator that indicates how to logically match the value in the field analyzed based on the data type.

Value

Value of a particular protocol in a rule definition which has to be applied on the incoming data packets for inspection.


 

Viewing Rule Definition Groups

A rule definition group enables grouping the rule definitions into categories. A rule definition group may contain optimizable rule definitions. Whether a group is optimized or not is decided on whether all the rule definitions in the group can be optimized. When a new rule definition is added, it is checked if it is included in any rule definition group and whether it needs to be optimized or not.

To view rule definition groups in logical inventory:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > Active Charging Services > ACS > Group of Rule Definitions.

The Vision client displays the list of rule definition groups configured under the container. You can view the individual rule definition group details from the table on the right pane or by choosing Logical Inventory > local > Mobile > Active Charging Services > ACS > Group of Rule Definitions > Rule Definition Group.

Table 27-127 describes the details available for each rule definition group.

 

Table 27-127 Rule Definition Group Properties in Logical Inventory

Field
Description

Name

Name of the rule definition group.

Application Type

Purpose of the rule definition group, which could be charging, routing, content filtering, post-processing, or Traffic Performance Optimization (TPO).

Dynamic Command Content Filtering Policy ID

Content filtering policy ID to add or remove dynamic commands from the rule definition group.


 

Rule Definition Group Commands

The following RuleDef commands can be launched from the inventory by right-clicking a rule definition group and choosing Commands > Configuration or Commands > Show. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-128 Rule Definition Group Commands

Command Type
Command
Inputs Required and Notes

Configuration

Delete Group of RuleDefs

Delete the rule definition group.

Show

Show Group of RuleDefs

Display the group of rule definitions.

Viewing Rule Base for the Charging Action

A rule base is a collection of rule definitions and their associated billing policy. The rule base determines the action to be taken when a rule is matched. A maximum of 512 rule bases can be specified in the ECS service. It is possible to define a rule definition with different actions.

Rule bases can also be used to apply the same rule definitions for several subscribers, which eliminate the need to have unique rule definition for each subscriber. We can set priority, default bandwidth policy, type of billing for subscriber sessions, for a rule definition/ group of rule definitions in the rule base. Additionally we can configure content based billing and firewall/NAT constituent to rule base.

To view a rule base in logical inventory:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > Active Charging Services > ACS > Rulebase Container.

The Vision client displays the list of rule bases configured under the container. You can view the individual rule base details from the table on the right pane or by choosing Logical Inventory > local > Mobile > Active Charging Services > ACS > Rulebase Container > Rule Base. Table 27-129 describes the details available for each rule base record.

Table 27-129 Rule Base Properties in Logical Inventory

Field
Description

Rulebase Name

Name of the rule base.

Flow Any Error Charging Action

Charging action to be used for packets dropped due to any error conditions after data session is created.

Limit for Total Flows

Maximum number of simultaneous uplink and downlink packet flows.

Limit for TCP Flows

Maximum number simultaneous TCP packet flows per subscriber or APN allowed for a rulebase.

Limit for Non TCP Flows

Maximum number simultaneous non-TCP packet flows per subscriber or APN allowed for a rulebase.

Charging Rule Optimization

Internal optimization level to use, for improved performance, when evaluating each instance of the action.

QoS Renegotiation Timeout

Timeout value after which QoS renegotiation is performed.

RTP Dynamic Routing

Indicates whether the Real Time Streaming Protocol (RTSP) and SDP analyzers are enabled to detect the start/stop of RTP (a Transport Protocol for Real-Time Applications) and RTP Control Protocol (RCP) flows.

Ignore Port Number In Application Header

Indicates whether to consider or ignore the port number embedded in the application.

Delayed Charging

Indicates how to charge for the control traffic associated with an application.

XHeader Certificate Name

Name of the encryption certificate to be used for x-header encryption.

XHeader Reencryption Period

Indicates how often to regenerate the encryption key for x-header encryption.

Default Bandwidth Policy

Name of the default bandwidth policy per subscriber.

P2P Dynamic Routing

Indicates whether P2P analyzer is enabled to detect the P2P applications flow configured in ACS.

Fair Usage Waiver Percentage

Waiver percent on top of the average available memory credits per session for the Fair Usage feature of active charging.

URL Blacklisting Action

Configured URL blacklisting action to take when the URL matches ones of the blacklisted URLs.

URL Blacklisting Content ID

Specific content ID for which URL blacklisting is enabled in the rulebase.

Charging Action Priorities tab

Charging rule definitions and their priorities in the rulebase.

Routing Action Priorities tab

Routing actions and their priorities in the rulebase.

Post Processing Action Priorities

Post-processing actions and their priorities in the rulebase.


 

Viewing Bandwidth Policies

Bandwidth policies are helpful in applying rate limit to potentially bandwidth intensive and service disruptive applications. Using this policy, the operator can police and prioritize subscribers’ traffic to ensure that no single or group of subscribers’ traffic negatively impacts another subscribers’ traffic. Each policy will be identified by a unique ID, which will be associated to a particular group. Bandwidth policies are used to control the direction (uplink/downlink) of bandwidth, peak data rate, and peak burst size, and the actions that need to be taken on violation, if the bandwidth exceeds the burst size and data rate.

To view bandwidth policy in logical inventory:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > Active Charging Services > ACS > Bandwidth Policy Container.

The Vision client displays the list of bandwidth policies configured under the container. You can view the individual bandwidth policy details from the table on the right pane or by choosing Logical Inventory > local > Mobile > Active Charging Services > ACS > Bandwidth Policy Container > Bandwidth Policy.

Table 27-130 describes the details available for each bandwidth policy.

 

Table 27-130 Bandwidth Policy Properties in Logical Inventory

Field
Description

Name

Name of the bandwidth policy configured.

Total Bandwidth ID Configured

Total number of bandwidth IDs configured.

Total Group Limit Configured

Total number of bandwidth group limits configured.

Flow Limit for Bandwidth ID and Group ID Associations and Group ID tables

Holds all bandwidth IDs and group IDs of the bandwidth policy.


 

Viewing Fair Usage Properties

To view fair usage properties configured for the ACS:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > local > Mobile > Active Charging Services > ACS > Fair Usage.

The Vision client displays the details on the content pane.

Table 27-131 describes the fair usage properties.

 

Table 27-131 Fair Usage Properties in Logical Inventory

Field
Description

CPU Threshold Percent

Percentage of system CPU resources that the dynamic inline transrating feature is allowed to use.

Threshold Percent

Percentage of system resources that the dynamic inline transrating feature is allowed to use.

Deactivate Margin Percent

Fair usage deactivate margin, below which monitor action is disabled.


 

ACS Commands

The following ACS commands can be launched from the inventory by right-clicking an ACS and choosing Commands > Configuration or Commands > Show. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-132 Active Charging Services Configuration Commands

Command
Navigation
Description

Create Ruledef

Expand Active Charging Services node > Right-click ACS service > Commands > Configuration

Rule definitions (Ruledefs) are user-defined expressions, based on protocol fields and/or protocol-states, which define what actions to take when specific field values are true.

Use this command to create a new rule definition for the selected ACS service.

Create group of Ruledefs

Expand Active Charging Services node > Right-click ACS service > Commands > Configuration

Group-of-Ruledefs enable grouping ruledefs into categories. When a group-of-ruledefs is configured in a rulebase, if any of the ruledefs within the group matches, the specified charging-action is performed, any more action instances are not.

Use this command to create a new group of rule definitions for the selected ACS service.

Create Rulebase

Expand Active Charging Services node > Right-click ACS service > Commands > Configuration

A rulebase is a collection of ruledefs and their associated billing policy. The rulebase determines the action to be taken when a rule is matched.

Use this command to create a new rule base for the selected ACS service.

Modify Active Charging Service

Delete Active Charging Service

Expand Active Charging Services node > Right-click ACS service > Commands > Configuration

Use these commands to modify/delete an Active Charging service created for the selected context.

Create Access Ruledef

Delete Access Ruledef

Expand Active Charging Services node > Right-click ACS service > Commands > Configuration > Access Ruledef

Use these commands to create/delete an access rule definition for the selected ACS service.

Show Access Ruledef

Expand Active Charging Services node > Right-click ACS service > Commands > Show

Use this command to view and confirm the access rule definitions configured for the service.

Create Host Pool

Modify Host Pool

Delete Host Pool

Expand Active Charging Services node > Right-click ACS service > Commands > Configuration > Host Pool

Host pools allow operators to group a set of host or IP addresses that share similar characteristics together. Access rule definitions (ruledefs) can be configured with host pools. Up to ten sets of IP addresses can be configured in each host pool.

Use these commands to create/modify/delete a host pool for the selected ACS service.

Create Charging Action

Expand Active Charging Services node > Right-click ACS service > Commands > Configuration

Charging Action is an action taken on the incoming data packets once the data packets are treated by the routing and charging rule components. You can configure independent actions such as allow, forward, and block traffic, and bind these actions with other routing and charging rule components.

Use this command to configure a charging action for a service.

Modify charging Action

Delete Charging Action

Expand Active Charging Services node > ACS service > Charging Actions > Right-click an charging action > Commands > Configuration

Use these commands to modify/delete a charging action for a service.

Show Charging Action

Expand Active Charging Services node > Right-click ACS service > Commands > Show

Use this command to view and confirm the charging action configuration details.

Mobile Technologies Commands: Summary

The following table provides a summary of the commands you can use to configure and view mobile technologies under a particular context in the Vision client. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-133 Mobile Technologies Configuration Commands

Command
Navigation
Description

Add DNS

Right-click the context > Commands > Configuration > Others > Add DNS

Creates Domain Name System (DNS).

Remove DNS

Right-click the context > Commands > Configuration > Others > Remove DNS

Removes a Domain Name System (DNS).

Add NTP

Right-click the context > Commands > Configuration > Others > Add NTP

Creates a Network Time Protocol (NTP).

Add SNMP

Right-click the context > Commands > Configuration > Others > Add SNMP

Creates a Simple Network Management Protocol (SNMP).

Configure BFD

Right-click the context > Commands > Configuration > Others > Configure BFD

Creates Bidirectional Forwarding Detection (BFD) protocol.

Create AAA Group

 

Right-click the Context > Commands > Configuration > Mobility > Create AAA Group

AAA refers to Authentication, Authorization, and Accounting, which is a security architecture for distributed systems that determines the access given to users for specific services and the amount of resources they have used.

Use this command to create a new AAA group.

Create APN

Right-click the Context > Commands > Configuration > Mobility > Create APN

APN is the access point name that is configured in the GGSN configurations.

Use this command to create a new APN service.

Create Access List

Right-click the Context > Commands > Configuration > Mobility > Create Access List

Creates access lists.

Create Active Charging Service

Right-click the Context > Commands > Configuration > Mobility > Create Active Charging Service

Enhanced Charging Service (ECS), also known as Active Charging Service (ACS), is an in-line service, which is integrated within the platform and provides mobile operators the ability to offer tiered, detailed, and itemized billing to subscribers.

Use this command to create a new ACS service.

Create EGTP

Right-click the Context > Commands > Configuration > Mobility > Create EGTP

Evolved GPRS Tunneling Protocol (EGTP) formulates the primary bearer plane protocol within an LTE / EPC architecture. It provides support for tunnel management including handover procedures within and across LTE networks.

Use this command to create an EGTP service.

Create FA

Right-click the Context > Commands > Configuration > Mobility > Create FA

Use this command to create FA.

Create GGSN

Right-click the Context > Commands > Configuration > Mobility > Create GGSN

Gateway GPRS Support Node (GGSM) is the gateway between the GPRS wireless data network and other external packet data networks such as radio networks, IP networks, or private networks. GGSN provides network access to external hosts wishing to communicate with mobile subscribers (MS).

Use this command to create a GGSN service.

Create MME

Right-click the Context > Commands > Configuration > Mobility > Create MME

Mobility Management Entity (MME) is the key control-node for an LTE access network, which works in conjunction with NodeB(eNodeB), Serving Gateway, or the LTE/SAW core network. It is responsible for initiating paging and authentication of mobile devices.

Use this command to create a GGSN service.

Create SGSN

Right-click the Context > Commands > Configuration > Mobility > Create SGSN

The Serving GPRS Support Node (SGSN) handles the delivery of data from and to the mobile nodes within its geographical service area, such as packet routing and transfer, mobility management, and authentication of users.

Use this command to create a SGSN service.

Create GTPP

Right-click the Context > Commands > Configuration > Mobility > Create GTPP

GPRS Tunneling Protocol Prime (GTPP) is used for communicating accounting messages to CGs.

Use this command to create a GTPP service.

Create IP Pool

Right-click the Context > Commands > Configuration > Mobility > Create IP Pool

An IP pool is a sequential range of IP addresses within a certain network.

Use this command to create an IP Pool.

Create GTPU

Right-click the Context > Commands > Configuration > Mobility > Create GTPU

GTPU carries user data within the GPRS core network and between the radio access network and the core network. The user data transported can be packets in any of IPv4, IPv6, or PPP formats.

Use this command to create a GTPU service.

Create HSGW

Right-click the Context > Commands > Configuration > Mobility > Create HSGW

Use this command to create a new HSGW service.

Create MAG

Right-click the Context > Commands > Configuration > Mobility > Create MAG

Use this command to create a new Mobile Access Gateway (MAG) service for the selected context.

Create P-GW

Right-click the Context > Commands > Configuration > Mobility > Create P-GW

PDN Gateway (P-GW) is the node that terminates the SGi interface towards the PDN. If a UE is accessing multiple PDNs, there may be more than one P-GW for that UE.

Use this command to create a P-GW.

Create QCI-QOS Mapping

Right-click the Context > Commands > Configuration > Mobility > Create QCI-QOS Mapping

The QoS Class Index (QCI) to QoS mapping configuration mode is used to map QCIs to enforceable QoS parameters.

Use this command to create a QCI-QOS Mapping.

Create S-GW

Right-click the Context > Commands > Configuration > Mobility > Create S-GW

A Serving Gateway (S-GW) acts as a demarcation point between the Radio Access Network (RAN) and core network, and manages user plane mobility.

Use this command to create a S-GW.

Create PDSN

Right-click the Context > Commands > Configuration > Mobility > Create PDSN

Use this command to create a new PDSN service for the selected context.

Create Profile-QCI Mapping

Right-click the Context > Commands > Configuration > Mobility > Create Profile-QCI Mapping

Use this command to create Profile-QCI Mapping

Create SAE GW

Right-click the Context > Commands > Configuration > Mobility > Create SAE GW

Use this command to create SAE GW.

Create SGSN

Right-click the Context > Commands > Configuration > Mobility > Create SGSN

Use this command to create an SGSN.

Create VRF

Right-click the Context > Commands > Configuration > Others > Create VRF

Use this command to create VRF.

Virtual routing and forwarding (VRF) is a technology included in IP (Internet Protocol) network routers that allows multiple instances of a routing table to exist in a router and work simultaneously.

Create EPDG

Right-click the Context > Commands > Configuration > Mobility > Create EPDG

Use this command to create a new EPDG service

Create IUPS

Right-click the Context > Commands > Configuration > Mobility > Create IUPS

Use this command to create a new IU PS service.

Delete Context

Right-click the Context > Commands > Configuration > Others > Delete Context

Use this command to delete a context

Create CGW

Right-click the Context > Commands > Configuration > Small Cell > Create CGW

Use this command to create CGW

Create HNB GW

Right-click the Context > Commands > Configuration > Small Cell > Create HNB GW

Use this command to create a new HNB Gateway service.

Create HeNB Access

Right-click the Context > Commands > Configuration > Small Cell > Create HeNB Access

Use this command to create HeNB access.

note.gif

Noteblank.gif You can configure only one HeNB access for a device.


Create HeNB Network

Right-click the Context > Commands > Configuration > Small Cell > Create HeNB Network

Use this command to create a new HeNB network.

note.gif

Noteblank.gif You can configure only one HeNB network for a device.


Create MRME

Right-click the Context > Commands > Configuration > Small Cell > Create MRME

Use this command to create MRME

Create Crypto Map

Right-click the Context > Commands > Configuration > SEC GW > Create Crypto Map

Use this command to create Crypto Map.

Create Crypto Template

Right-click the Context > Commands > Configuration > SEC GW > Create Crypto Template

Use this command to create Crypto template.

Create IKEv2 Transform Set

Right-click the Context > Commands > Configuration > SEC GW > Create IKEv2 Transform Set

Use this command to create a new IKEv2 transform set.

Create IPSec Transform Set

Right-click the Context > Commands > Configuration > SEC GW > Create IPSec Transform Set

Use this command to create an IPSec Transform Set.

Create SEC GW

Right-click the Context > Commands > Configuration > SEC GW > Create SEC GW

Use this command to create a new security gateway.

Create SaMOG

Right-click the Context > Commands > Configuration > Small Cell > Create SaMOG

Use this command to create SaMOG

Delete Context

Right-click the Context > Commands > Configuration > Others > Delete Context

Use this command to delete a context under the Logical Inventory node.

Modify License

Right-click the ASR5k device > Commands > Configuration > Modify License

Use this command to modify the license information.

Create DHCP

Right-click the Context > Commands > DHCPv4 > Configuration > Create DHCP

—Or—

Right-click the Context > Commands > DHCPv6 > Configuration > Create DHCPv6

DHCP is used to automate host configuration by assigning IP addresses, delegating prefixes (in IPv6), and providing extensive configuration information to network computers.

Use this command to create a DHCP service.

Delete DHCP

Right-click the Context > Commands > DHCPv4 > Configuration > Delete DHCP

—Or—

Right-click the Context > Commands > DHCPv6 > Configuration > Delete DHCPv6

Use this command to delete a DHCP service.

Modify DHCP

Right-click the Context > Commands > DHCPv4 > Configuration > Modify DHCP

—Or—

Right-click the Context > Commands > DHCPv6 > Configuration > Modify DHCPv6

Use this command to modify the configuration details of a DHCP service.

Create HA SPI List

Right-click the Context > Commands > Configuration > Mobility > HA SPI List > Create HA SPI List

Use this command to create the Security Parameter Index (SPI) between the HA service and the FA.

Delete HA SPI List

Right-click the Context > Commands > Configuration > Mobility > HA SPI List > Delete HA SPI List

Use this command to delete the HA SPI List.

Modify HA SPI List

Right-click the Context > Commands > Configuration > Mobility > HA SPI List > Modify HA SPI List

Use this command to modify the HA SPI List configuration details.

Create HA

Right-click the Context > Commands > Configuration > Mobility > Create HA

Use this command to create a new Home Agent service.

Delete HA

Expand the node Mobile > HA > right-click the HA Service > Commands > Configuration > Delete HA

Use this command to delete a HA Service.

Modify HA

Expand the node Mobile > HA > right-click the HA service > Commands > Configuration > Modify HA

Use this command to modify the configuration details of a HA service.

Create Network Requested PDP Context

Right-click the Context > Commands > Configuration > Others > PDP Context > Create Network Requested PDP Context

Packet Data Protocol (PDP) context is the connection or link between a mobile device and a network server that allows them to communicate with each other. A PDP context lasts only for the duration of a specific connection.

Use this command to create a network requested PDP context.

Delete Network Requested PDP Context

Right-click the Context > Commands > Configuration > Others > PDP Context > Delete Network Requested PDP Context

Use this command to delete a network requested PDP context.

Create Proxy DNS

Right-click the Context > Commands > Configuration > Others > Proxy DNS

The proxy DNS listens for incoming DNS requests on the local interface and resolves remote hosts using an external PHP script, through http proxy requests.

Use this command to create a proxy DNS.

Delete Proxy DNS

Right-click the Context > Commands > Configuration > Others > Proxy DNS

Use this command to delete a proxy DNS.

Modify Proxy DNS

Right-click the Context > Commands > Configuration > Others > Proxy DNS

Use this command to modify the proxy DNS configuration details.

Create Route Access List

Right-click the Context > Commands > Configuration > Mobility > Route Map and Route Access List > Create Route Access List

Access lists are a set of rules, organized in a rule table and are used to filter and identify traffic.

Use this command to create a new access list.

Create Route Map

Right-click the Context > Commands > Configuration > Mobility > Route Map and Route Access List > Create Route Map

Route maps are similar to access lists; they both have criteria for matching the details of certain packets and an action of permitting or denying those packets. Unlike access lists, though, route maps can add to each "match" criterion a "set" criterion that actually changes the packet in a specified manner, or changes route information in a specified manner.

Use this command to create a route map.

Delete Route Access List

Right-click the Context > Commands > Configuration > Mobility > Route Map and Route Access List > Delete Route Access List

Use this command to delete a route access list.

Delete Route Map

Right-click the Context > Commands > Configuration > Mobility > Route Map and Route Access List > Delete Route Map

Use this command to delete a route map.

Modify Route Access List

Right-click the Context > Commands > Configuration > Mobility > Route Map and Route Access List > Modify Route Access List

Use this command to modify a route access list.

Modify Route Map

Right-click the Context > Commands > Configuration > Mobility > Route Map and Route Access List > Modify Route Map

Use this command to modify a route map.

Create Subscribers

Right-click the Context > Commands > Configuration > Mobility > Subscriber > Create Subscriber

Use this command to create a new subscriber.

Delete Subscriber

Right-click the Context > Commands > Configuration > Mobility > Subscriber > Delete Subscriber

Use this command to delete a subscriber.

Modify Subscriber

Right-click the Context > Commands > Configuration > Mobility > Subscriber > Modify Subscriber

Use this command to modify subscriber details.

Show APN

Right-click the Context > Commands > Show > Show APN

Use this command to view and confirm the APN configuration details.

Show DHCP

Right-click the Context > Commands > DHCPv4 > Show > Show DHCP

Right-click the Context > Commands > DHCPv6 > Show > Show DHCPv6

Use this command to view and confirm the DHCP configuration details.

Show EGTP

Context > Mobile > EGTP > right-click the ETP service Commands > Show > Show EGTP

Use this command to view and confirm the EGTP configuration details.

Show HA SPI List

Right-click the Context > Commands > Show > Show HA SPI List

Use this command to view and confirm the HA SPI List details.

Show HA

Context > Mobile > HA > right-click the HA service > Commands > Show > Show HA

Use this command to view and confirm the home agent service details.

Show IP Pool

Right-click the Context > Commands > Show > Show IP Pool

Use this command to view and confirm the IP Pool configuration details.

Show License

Right-click the Device > Commands > Show > Show License

Use this command to view and confirm the License details.

Show Route Access List

Right-click the Context > Commands > Show > Show Route Access List

Use this command to view and confirm the Access list details.

Show Route Map

Right-click the Context > Commands > Show > Show Route Map

Use this command to view and confirm the Route Map details.

Show Subscriber

Right-click the Context > Commands > Show > Show Subscriber

Use this command to view and confirm the Subscriber details.

Create Policy Accounting

Right-click the context > Commands > Configuration > Others > Policy Accounting

Use this command to create a new accounting policy.

Modify Policy Accounting

Right-click the context > Commands > Configuration > Others > Policy Accounting

Use this command to modify an accounting policy.

Delete Policy Accounting

Right-click the context > Commands > Configuration > Others > Policy Accounting

Use this command to delete an accounting policy.

 

Monitoring the Mobility Management Entity

Mobility Management Entity (MME) is the key control-node for an LTE access network, which works in conjunction with NodeB(eNodeB), Serving Gateway, or the LTE/SAW core network. It is responsible for initiating paging and authentication of mobile devices. It keeps location information at the Tracking Area Level for each user and chooses the right gateway during the initial registration process.

The MME uses the SSI-MME interface to connect to an eNode and uses the S11interface to connect to a S-GW. In case there is an increase in the signaling load in the network, you can group multiple MMEs in a pool to meet this load. It is also the termination point in the network for ciphering/integrity protection for NAS signaling.

MME supports lawful interception of signaling and provides the control plane function for mobility between LTE and 2G/3G access networks with the S3 interface terminating at the MME from the SGSN. It also terminates the S6a interface towards the home HSS for roaming UEs.

Figure 27-23 depicts the topology of the LTE network along with MME:

Figure 27-23 MME Topology

 

370036.tif

The different features of the MME are listed below:

  • Involved in bearer activation/deactivation
  • Provides P-GW selection to the subscriber to connect to PDN
  • Tracks the UE for idle mode and paging procedures, including transmissions
  • Chooses the S-GW for a UE during initial attach and also at the time of intra-LTE handover involving Core Network node relocation
  • Authenticates the user (by interacting with the HSS)
  • Works as a termination point for Non-Access Stratum (NAS) signaling
  • Generates and allocates temporary identities to the UEs
  • Checks whether the UE is authorized to camp on the service provider’s Public Land Mobile Network (PLMN)
  • Enforces UE roaming restrictions
  • Handles security key management
  • Communicates with other MMEs in the same or different PLMN

There are many different MME interfaces, which are listed below:

  • S1-MME Interface—The interface used by MME to communicate with eNodeBs on the same PLMN. This interface is the reference point for the control plane protocol between eNodeB and MME, this interface uses the S1 Application Protocol (SI-AP) instead of the Stream Control Transmission Protocol (SCTP) as the transport layer protocol for guaranteed delivery of signaling messages between MME and eNodeB. It serves as a path for establishing and maintaining subscriber UE contexts and supports IPv4, IPv6, IPSec, and multi-homing.
  • S3 Interface—The interface used by MME to communicate with S4-SGSNs on the same PLMN for interworking between GPRS/UMTS and LTE network technologies. This interface serves as a signaling path for establishing and maintaining subscriber UE contexts. The MME communicates with SGSNs on the PLMN using the GPRS Tunneling Protocol (GTP). The signaling or control aspect of this protocol is referred to as the GTP Control Plane (GTPC) while the encapsulated user data traffic is referred to as the GTP User Plane (GTPU). One or more S3 interfaces can be configured per system context.
  • S6a Interface—The interface used by MME to communicate with Home Subscriber Server (HSS) on PLMN using the diameter protocol. This interface is responsible for transfer of subscription and authenticating or authorizing user access and UE context.
  • S10 Interface—The interface used by the MME to communicate with another MME on the same or a different PLMN using the GTPv2 protocol. This interface is also used for MME relocation and MME-to-MME information transfer or handoff.
  • S11 Interface—The interface used by the MME to communicate with Serving Gateways (S-GW) for transfer of information, using the GTPv2 protocol.
  • S13 Interface—The interface used by the MME to communicate with the Equipment Identity Register (EIR).
  • SGs Interface—The interface used to connect the databases in the VLR and MME to support circuit switch fallback scenarios.
  • Sv Interface—The interface used by the MME to connect to the Mobile Switching Center to support exchange of messages during a handover procedure for the Single Radio Voice Call Continuity (SRVCC) feature.
  • Gn Interface—The interface used to facilitate user mobility between 2G and 3G 3GPP networks. This interface is used for intra-PLMN handovers.
  • SLg Interface—The interface used by MME to communicate with the Gateway Mobile Location Center (GMLC) using the diameter protocol. This interface is used for the Location Services (LCS), which enables the system to determine and report location information of the connected UEs.

Viewing the MME Configuration Details

To view the MME configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > MME. The list of MME services configured in Prime Network is displayed in the content pane.

Step 3blank.gif From the MME node, choose an MME service. The MME service details are displayed in the content pane as shown in Figure 27-24.

Figure 27-24 MME Configuration Details

 

433936.tiff

Table 27-134 displays the MME service details.

 

Table 27-134 MME Service Details

Field
Description

Service Name

The unique name of the MME service.

Status

The status of the MME service, which can be any one of the following:

  • Unknown
  • Initiated
  • Running
  • Down
  • Started
  • Not Started

MME Group ID

The unique ID of the group to which the MME service belongs to.

MME Code

The unique code for the MME service.

EGTP Service

The name of the EGTP peer service associated with the MME service, which is pre-configured for the selected context.

HSS Peer Service

The name of the HSS peer service associated with the MME service, which is pre-configured for the selected context.

SGTPC Service

The name of the SGTPC peer service associated with the MME service, which is pre-configured for the selected context.

SGS Service

The name of the SGS peer service associated with the MME service, which is pre-configured for the selected context.

Peer MME DNS Context

The DNS client service that is used to query and select a peer MME. The peer MME is then associated with the MME service to be used for inter-MME handovers.

Peer SGSN DNS Context

The DNS client service that is used to query and select a peer SGSN. The peer SGSN is then associated with the MME service to be used for inter-RAT handovers.

PGW DNS Context

The DNS client that is used to query and select a P-GW to be associated with the MME service.

SGW DNS Context

The DNS client that is used to query and select a S-GW to be associated with the MME service.

LTE Emergency Profile

The LTE emergency profile for the MME service. This profile helps the MME service to create an emergency session for a subscriber who is not part of the network. A maximum of four such profiles can be created.

Subscriber Map

The unique name of the subscriber map that is pre-configured for the MME service.

SGW Pool

The Serving Gateway (SGW) Pool that is communicating with the MME service. This pool is configured by associating the Tracking Area Identity (TAI) Management Database to the MME service.

MSC IP Address

The IP address of the Mobile Switching Center (MSC) that is linked to the MME service.

MSC Port

The unique MSC port for the MME service.

New Call Policy

Indicates whether the new call policy feature is enabled. The new call policy is executed when duplicate sessions with the same IP address request is received.

Location Reporting

Indicates whether the UE location reporting feature is enabled for the MME service.

Max PDNs Per Subscriber

The maximum number of PDNs that can be accessed by a subscriber simultaneously using the MME service.

Max Bearer Per Subscriber

The maximum number of EPS bearers that can be used by a subscriber simultaneously to access the MME service.

Max Paging Attempt

The maximum number of times a subscriber can attempt to create network requested service, after failure at the first attempt.

NAS Max Retransmission

The maximum number of times NAS messages can be retransmitted for the MME service.

Relative Capacity

The relative capacity variable that is sent to the eNodeB to select an MME in order to load balance the pool.

Call Setup Timeout

The timeout duration (in seconds) for setting up MME calls in the MME service.

UE DB Purge Timeout

The amount of time (in minutes) after which the User Equipment is attached to the MME service and reuses the previously established security parameters.

note.gif

Noteblank.gif The UE database is maintained by the MME as a cache of the EPS context for each UE. This cache is maintained in each session manager where the UE was attached first.


eNodeB Cache Timeout

The timeout duration (in minutes) for the eNodeB Cache. This field defaults to 10.

MME Offloading

Indicates whether the MME offloading feature is enabled.

note.gif

Noteblank.gif You must configure the load balancing parameters beforehand. For example, if you want to remove all existing subscribers from the MME and route new entrants to the pool area, then you must specify the weight as zero.


Global MMEID MgmtDB

The global MME ID management database for the MME service.

GTPv2 Piggy Bagging

Indicates whether the GTPv2 piggy backing feature is enabled.

note.gif

Noteblank.gif The MME service sends a piggy backing flag to a P-GW to determine if the dedicated bearer creation is piggy backed onto the message.


DCNR

Enables Dual Connectivity with New Radio (DCNR) to support 5G Non-Standalone (NSA).

NRI tab

PLMN Id

The PLMN ID of the MME service.

note.gif

Noteblank.gif This code contains the Mobile Country Code (MCC) and Mobile Network Code (MNC). You can configure a maximum of 16 PLMN IDs for an MME service.


Length (bits)

The number of bits in the Packet domain Temporary Mobile Subscriber Identity (P-TMSI) to be used as the Network Resource Identifier (NRI).

PGW Address tab

IP Address

The IP address of the PDN Gateway (P-GW).

note.gif

Noteblank.gif The P-GW address is used to configure P-GW discovery and it uses TP/P-MIP protocol for S5 and S8 interface and other parameters with MME service.


S5 S8 Protocol

The P-MIP protocol type to be used for S5 and S8 interfaces. By default, the GTP protocol is used for these interfaces.

Weight

The weightage assigned to a P-GW address, which indicates the address that must be used as the preferred P-GW. This weight can be any value between 1 and 100 and the address with the lowest values indicates the least preferred address.

Peer MME GUMMEI tab

MME ID

The unique MME ID of the peer MME.

PLMN ID

The PLMN ID of the peer MME service.

Group ID

The unique ID of the group to which the peer MME services belongs to.

IP Address

The IPv4 address of the peer MME.

Peer MME TAI tab

MME ID

The unique MME ID of the peer MME.

PLMN ID

The PLMN ID of the peer MME service.

TAC

The Tracking Area Code (TAC) of the peer MME service.

IP Address

The IPv4 address of the peer MME.

Peer SGSN RAI tab

PLMN ID

The PLMN ID of the peer MME service.

NRI

The Network Resource Identifier (NRI) code used to identify Peer SGSN for support of 3G to 4G handover capability.

RAC

The Routing Area Code (RAC) of the peer SGSN service.

LAC

The Location Area Code (LAC) of the peer SGSN service.

IP Address

The IPv4 address of the peer SGSN service.

Gn Interface

Indicates whether the peer SGSN service is allowed to communicate over the Gn Interface.

Gp Interface

Indicates whether the peer SGSN service is allowed to communicate over the Gp Interface.

S16 Interface

Indicates whether the peer SGSN service is allowed to communicate over the S16 Interface.

S3 Interface

Indicates whether the peer SGSN service is allowed to communicate over the S3 Interface.

Peer SGSN RNC

PLMN ID

The PLMN ID of the peer MME service.

RNC

The Radio Network Controller (RNC) of the peer SGSN service.

IP Address

The IPv4 to IPv6 address of the peer SGSN service.

Gn Interface

Indicates whether the peer SGSN service is allowed to communicate over the Gn Interface.

Gp Interface

Indicates whether the peer SGSN service is allowed to communicate over the Gp Interface.

S16 Interface

Indicates whether the peer SGSN service is allowed to communicate over the S16 Interface.

S3 Interface

Indicates whether the peer SGSN service is allowed to communicate over the S3 Interface.

Network Sharing PLMN(s)

PLMN ID

The PLMN identifier, which consists of the Mobile Country Code (MCC) and the Mobile Network Code (MNC).

Group ID

The identifier for the group to which an MME belong to. Id must be an integer value from 0 through 65535.

MME Code

The unique code for an MME service. Code must be an integer value from 0 through 255.

H-SFN Start

Specifies the Extended Discontinuous Reception H-SFN start time. When EDRX is enabled for a UE, the UE is reachable for paging in specific Paging Hyperframes (PH), which is a specific set of H-SFN values.

Note The PH computation is a formula that is a function of the EDRX cycle, and a UE specific identifier. This value can be computed at all UEs and MMEs without need for signaling.

ISDA Location Validity Time

Displays a timer value with which the location information of the UE is sent immediately through the IDA message.

Reject Attach With Non-3PP Char APN

Specifies that sessions requesting APN containing non-3GPP characters is for rejection.

Reject PDN Connect With Non-3PP Char APN

Specifies that policy applies to additional PDN connectivity procedure, and sessions requesting APN containing non-3GPP characters is for rejection.

IMEI Check

Enables the MME to send additional Mobile Identity check Requests (MICR) towards the EIR over the S13 interface. Choose at least one triggering UE procedure.

SGW Blacklist Params

The MME blacklists un-accessible or un-responsive SGWs for a configured time.

Note SGW Blacklisting is supported for both Static and Dynamic IP addresses.


 

MME Configuration Commands

The following MME configuration commands can be launched from the logical inventory by right-clicking a MME service and choosing Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-135 MME Configuration Commands

Command
Navigation
Description

Create NRI

Right-click the MME service > Commands > Configuration

Use this command to create NRI.

Create PGW Address

Use this command to create PGW Address.

Create Peer MME GUMMEI

Use this command to create Peer MME GUMMEI.

Modify MME

Use this command to modify a MME service.

Delete MME

Use this command to delete a MME service.

Create Peer SGSN RAI

Right-click the MME service > Commands > Configuration

Use this command to create Peer SGSN RAI.

Create Peer SGSN RNC

Use this command to create Peer SGSN RNC.

Create Peer MME TAI

Use this command to create Peer MME TAI

Show MME

Use this command to view MME service details.

Modify NRI

MME service > NRI Tab > Right-click the NRI Table > Commands > Configuration

Use this command to modify the NRI details.

Delete NRI

Use this command to delete the NRI details.

Modify PGW Address

MME service > PGW Address Tab > Right-click the PGW Address Table > Commands > Configuration

Use this command to modify the PGW Address details.

Delete PGW Address

Use this command to delete the PGW Address details.

Modify Peer MME GUMMEI

MME service > Peer MME GUMMEI Tab > Right-click the Peer MME GUMMEI Table > Commands > Configuration

Use this command to modify the Peer MME GUMMEI details.

Delete Peer MME GUMMEI

Use this command to delete the Peer MME GUMMEI details.

Modify Peer SGSN RAI

MME service > Peer SGSN RAI Tab > Right-click the Peer SGSN RAI Table > Commands > Configuration

Use this command to modify the Peer SGSN RAI details.

Delete Peer SGSN RAI

Use this command to delete the Peer SGSN RAI details.

Modify Peer SGSN RNC

MME service > Peer SGSN RNC Tab > Right-click the Peer SGSN RNC Table > Commands > Configuration

Use this command to modify the Peer SGSN RNC details.

Delete Peer SGSN RNC

Use this command to delete the Peer SGSN RNC details.

Modify Peer MME TAI

MME service > Peer MME TAI Tab > Right-click the Peer MME TAI Table > Commands > Configuration

Use this command to modify the Peer MME TAI details.

Delete Peer MME TAI

Use this command to delete the Peer MME TAI details.

You can also view the following configurations for a MME service:

  • EMM Timeouts—EPS Mobility Management (EMM) is used to support the mobility of a user equipment. For example, it informs the network of the UEs current location and provides user identity confidentiality. Apart from these services, it also provides connection management services to the session management sublayer and defines timer parameters such as timeout durations for retransmission of NAS messages.
  • ESM Timeouts—EPS Session Management (ESM) is used to provide subscriber session management for bearer context activation, deactivation, modification and update procedures.
  • LTE Security Procedures—The LTE integrity and encryption algorithms used for security procedures for the MME service, which are enabled by default.
  • Policy—The session management policies for LTE subscribers of the MME service.
  • S1 Interface—Transfer of signaling messages between the MME service and the eNodeB. S1 MME uses the S1 Application Protocol (S1-AP) over the Steam Control Transmission Protocol (SCTP). This interface also serves as a path for establishing and maintaining subscriber EPS bearer context.

Viewing the EMM Configuration Details

To view the EMM configuration details for a MME service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > MME > MME service > EMM. The EMM configuration details are displayed in the content pane.

Table 27-136 displays the EMM configuration details.

 

Table 27-136 EMM Configuration Details

Field
Description

Implicit Detach Timeouts

The timeout duration (in seconds) after which the subscriber will be detached from the network in case there is no activity. This time can be any value between 1 and 12000, and defaults to 5640.

Mobile Reachable Timeout

The timeout duration (in seconds) after which the attempt to reach the network is discarded and the reattempt procedure starts. This time can be any value between 1 and 12000, and defaults to 5640.

T3412 Timeout

The timeout duration (in seconds) for the T3412 timer, which is used for periodic tracking area update (P-TAU). This time can be any value between 1 and 11160, and defaults to 5400. When this timer expires, the periodic tracking area update procedure starts and the timer is reset for the next start.

T3413 Timeout

The timeout duration (in seconds) for the T3413 timer, which starts when the MME service initiates the EPS paging procedure and requests the lower layer to start paging. When the UE responds to the procedure, then the timer stops the paging procedure. This time can be any value between 1 and 20, and defaults to 10.

T3422 Timeout

The timeout duration (in seconds) for the T3422 timer, which starts when the MME initiates the detach procedure (by sending a Detach Request message) to the UE. On receipt of a Detach Accept message from the UE, the timer stops. This time can be any value between 1 and 20, and defaults to 10.

T3423 Timeout

The timeout duration (in seconds) for the T3423 timer, which starts when the UE is in the EMM-Deregistered state or enters the EMM-Connected mode. This timer stops when the UE gets back to the EMM-Registered state. This time can be any value between 1 and 11160, and defaults to 5400.

T3450 Timeout

The timeout duration (in seconds) for the T3450 timer, which starts when the MME initiates the Globally Unique Temporary Identifier (GUTI) reallocation procedure by sending the GUTI-Reallocation Command message to the UE. The timer stops when the GUTI-Reallocation Complete message is received. This time can be any value between 1 and 20, and defaults to 6.

T3460 Timeout

The timeout duration (in seconds) for the T3460 timer, which starts when the network initiates the authentication procedure by sending the Authentication Request to the UE. The timer stops on receipt of a Authentication Response message from the UE. This time can be any value between 1 and 20, and defaults to 6.

T3470 Timeout

The timeout duration (in seconds) for the T3470 timer, which starts when the network initiates the identification procedure by sending an Identity Request message to the UE. This timer stops on receipt of a Identity Response message from the UE. This time can be any value between 1 and 20, and defaults to 6.


 

EMM Timeouts Commands

The following EMM Timeout commands can be launched from the logical inventory by right-clicking EMM timeouts of a MME service and choosing Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-137 EMM Timeouts Commands

Command
Navigation
Description

Modify EMM Timeouts

MME service > Right-click the EMM Timeouts > Commands > Configuration

Use this command to modify EMM Timeout details.

Viewing the ESM Configuration Details

To view the ESM configuration details for a MME service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > MME > MME service > ESM. The ESM configuration details are displayed in the content pane.

Table 27-138 displays the ESM configuration details.

 

Table 27-138 ESM Configuration Details

Field
Description

T3485 Timeout

The timeout duration (in seconds) for the T3485 timer, which is used to activate the default EPS Bearer context. The timer starts when the MME sends the Activate Default EPS Bearer Context Request message to the UE. The timer stops when it receives the either the Activate Default EPS Bearer Context Accept or Activate Default EPS Bearer Context Reject message. This time can be any value between 1 and 60, and defaults to 6.

T3486 Timeout

The timeout duration (in seconds) for the T3485 timer, which is used to modify the default EPS Bearer context. The timer starts when the MME sends the Modify EPS Bearer Context Request message to the UE. The timer stops when it receives the either the Modify EPS Bearer Context Accept or Modify EPS Bearer Context Reject message. This time can be any value between 1 and 60, and defaults to 6.

T3489 Timeout

The timeout duration (in seconds) for the T3489 timer, which is used to deactivate the default EPS Bearer context. The timer starts when the MME sends the ESM Information Request message to the UE. The timer stops when it receives the ESM Information Response message. This time can be any value between 1 and 60, and defaults to 4.

T3495 Timeout

The timeout duration (in seconds) for the T3495 timer, which is used to deactivate the default EPS Bearer context. The timer starts when the MME sends the Deactivate EPS Bearer Context Request message to the UE. The timer stops when it receives the either the Deactivate EPS Bearer Context Accept or Deactivate EPS Bearer Context Reject message. This time can be any value between 1 and 60, and defaults to 6.


 

ESM Timeouts Commands

The following ESM Timeout commands can be launched from the logical inventory by right-clicking ESM timeouts of a MME service and choosing Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-139 ESM Timeouts Commands

Command
Navigation
Description

Modify ESM Timeouts

MME service > Right-click the ESM Timeouts > Commands > Configuration

Use this command to modify ESM Timeout details.

Viewing the LTE Security Procedure Configuration Details

To view the LTE security procedure configuration details for a MME service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > MME > MME service > LTE Security Procedure. The configuration details are displayed in the content pane.

Table 27-140 displays the LTE security procedure configuration details.

 

Table 27-140 LTE Security Procedure Configuration Details

Field
Description

Encryption Algorithm Priority 1

The encryption algorithm that must be treated as the first priority for security procedures on the MME service, which can be any one of the following values:

  • 128-eea0—Null Ciphering Algorithm
  • 128-eea1—SNOW 3G synchronous stream ciphering algorithm
  • 128-eea2—Advance Encryption Standard (AES) ciphering algorithm

Encryption Algorithm Priority 2

The encryption algorithm that must be treated as the second priority for security procedures on the MME service, which can be any one of the following values:

  • 128-eea0—Null Ciphering Algorithm
  • 128-eea1—SNOW 3G synchronous stream ciphering algorithm
  • 128-eea2—Advance Encryption Standard (AES) ciphering algorithm

Encryption Algorithm Priority 3

The encryption algorithm that must be treated as the third priority for security procedures on the MME service, which can be any one of the following values:

  • 128-eea0—Null Ciphering Algorithm
  • 128-eea1—SNOW 3G synchronous stream ciphering algorithm
  • 128-eea2—Advance Encryption Standard (AES) ciphering algorithm

Integrity Algorithm Priority 1

The integrity algorithm that must be treated as the first priority for security procedures on the MME service, which can be any one of the following values:

  • 128-eia1—SNOW 3G synchronous stream ciphering algorithm
  • 128-eia2—Advance Encryption Standard

Integrity Algorithm Priority 2

The integrity algorithm that must be treated as the second priority for security procedures on the MME service, which can be any one of the following values:

  • 128-eia1—SNOW 3G synchronous stream ciphering algorithm
  • 128-eia2—Advance Encryption Standard


 

LTE Security Procedures Commands

The following LTE Security Procedures commands can be launched from the logical inventory by right-clicking LTE Security Procedures of a MME service and choosing Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-141 ESM Timeouts Commands

Command
Navigation
Description

Modify LTE Security Procedures

MME service > Right-click the LTE Security Procedures > Commands > Configuration

Use this command to modify LTE Security Procedures.

Viewing the MME Policy Configuration Details

To view the policy configuration details for a MME service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > MME > MME service > Policy > Attach. The policy configuration details are displayed in the content pane.

Table 27-142 displays the Policy configuration details.

 

Table 27-142 Policy Configuration Details

Field
Description

IMEI Query type

The type of IMEI query use for attaching the user equipment and tracking area update procedure, which can be any one of the following:

  • imei (International Mobile Equipment Identity)
  • imei-sv (International Mobile Equipment Identity-Software Version)

Set UE Time

Indicates whether the MME service must set the time in the UE during the attach or tracking area update procedure.

Deny Grey Listed

Indicates whether the MME service must deny the grey listed equipment. In other words, it specifies whether the identification of the UE must be performed by the Equipment Identity Register (EIR) over the S13 interface.

Deny Unknown

Indicates whether the MME service must deny service to an unknown equipment.

Verify Emergency

Indicates whether the MME service must verify the equipment for emergency calls.

Allow On ECA Timeout

Indicates whether the MME service must allow service of equipments that timeout on the ECA.

Initial Context Setup Failure Tau

Indicates policy, which applies to Tracking Area Update procedure when initial context setup failure is received.

Initial Context Setup Failure Service Request

Indicates policy that applies to a service request procedure.

Policy NAS-NON-DELIVERY

Shows that handling for NAS-NON-DELIVERY message is Enabled.

Policy NAS-NOS-DELIVERY Modify Procedure Timer

Shows the timer value in seconds for the modify procedure.

MSC Echo Parameters

Displays EGTPC echo parameters for MSC Fallback. The msc-echo-params configuration overrides any echo parameter that is configured in the egtp-service configuration for the corresponding SV service.

IPNE Service

Associates an IPNE service with a MME service.

CSG Change Notification

Enables or disables the Closed Subscriber Group (CSG) Information reporting (notification) mechanism on the MME. When enabled, the MME includes the CSG Information Reporting Action IE with the appropriate Action field for subscribers.

ISR Capability

Enables or disables the Idle-mode Signaling Reduction (ISR) feature on the MME service.

Location Service

Associates a location service with a specified MME service. Only one location service should be associated with an MME Service.

Trap S1 Path Establishment

Specifies that the SNMP trap for the S1 path establishment is to be enabled or disabled.

EIR Query Type

Indicates whether querying of EIR is enabled or disabled.


 

MME Policy Configuration Commands

The following MME policy configuration commands can be launched from the logical inventory by right-clicking a MME policy and choosing Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-143 MME Policy Configuration Commands

Command
Navigation
Description

Modify Policy

Logical Inventory > Context > Mobile > MME > MME service > Right-click the Policy > Commands > Configuration

Use this command to modify the MME policy.

Modify Attach

Logical Inventory > Context > Mobile > MME > MME service > Policy > Right-click the Attach > Commands > Configuration

Use this command to modify the MME Attach details.

Modify TAU

Logical Inventory > Context > Mobile > MME > MME service > Policy > Right-click the TAU > Commands > Configuration

Use this command to modify the MME TAU details.

Viewing the S1 Interface Configuration Details

To view the S1 Interface configuration details for a MME service:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > MME > MME service > S1 Interface. The interface configuration details are displayed in the content pane.

Table 27-144 displays the S1 Interface configuration details.

 

Table 27-144 S1 Interface Configuration Details

Field
Description

Primary IP Address

The IP address (IPv4 or IPv6) of the interface configured as an S1-MME interface.

Secondary IP Address

The optional IP address (IPv4 or IPv6) of the interface configured as an S1-MME interface.

SCTP Port

The source SCTP port used for binding the SCTP socket to communicate with the eNodeB. This port can be any value between 1 and 65535, and defaults to 699.

Max Subscribers

The maximum number of subscribers that can access the MME service on the interface. This number can be any value between 0 and 4,000,000.

QoS DSCP

The Quality of Service (QoS) Differentiated Service Code Point (DSCP) used when sending data packets (of a particular 3GPP QoS class) over the S1-MME interface. This can be any one of the following values:

  • af11
  • af12
  • af13
  • af21
  • af22
  • af23
  • af31
  • af32
  • af33
  • af41
  • af42
  • af43
  • be
  • ef

Crypto Template

The name of the crypto template that is used when implementing IP Security on the S1-MME interface.

S1 Interface Connected Trap

Indicates whether the SNMP trap for the S1 interface connection equipment is enabled.


 

S1 MME Interface Commands

The following S1 MME interface commands can be launched from the logical inventory by right-clicking an S1 MME interface and choosing Commands > Configuration. Your permissions determine whether you can run these commands (see Permissions Required to Perform Tasks Using the Prime Network Clients ). To find out if a device supports these commands, see the Cisco Prime Network 5.2 Supported Cisco VNEs.

 

Table 27-145 S1 MME Interface Commands

Command
Navigation
Description

Modify S1 MME

Logical Inventory > Context > Mobile > MME > MME service > Right-click the S1 Interface > Commands > Configuration

Use this command to modify a S1 MME interface.

Enabling DCNR in MME Service

Follow these steps to enable DCNR to support 5G NSA:

note.gif

Noteblank.gif Prime Network supports NSA from StarOS 21.11 onwards.



Step 1blank.gif Install NSA license on the ASR 5500 device for which you want to enable 5G NSA:

20000 5G NSA feature Set 100k Sess VPCSW Active

Step 2blank.gif Once the license is enabled, the DCNR option is available in mme-service configuration mode. Enable DCNR option from the device.

Step 3blank.gif The DCNR field is now visible in the Vision GUI. See MME Configuration Details

Viewing the Stream Control Transmission Protocol

The Stream Control Transmission Protocol (SCTP) is a message oriented, reliable transport protocol with direct support for multi-homing that runs on top of Internet Protocol (IPv4/IPv6). Like TCP, SCTP provides reliable, connection-oriented data delivery with congestion control, path MTU discovery and message fragmentation.

Its role is similar to the roles of popular protocols such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). It provides some of the same service features of both: it is message-oriented like UDP and ensures reliable, in-sequence transport of messages with congestion control like TCP.

SCTP offers the following services to the users:

  • Acknowledged error-free non-duplicated transfer of user data
  • Data fragmentation to conform to discovered path MTU size
  • Sequenced delivery of user messages within multiple streams, with an option for order-of-arrival delivery of individual user messages
  • Optional bundling of multiple user messages into a single SCTP packet
  • Network-level fault tolerance through supporting of multi-homing at either or both ends of an association

The SCTP application submits data to be transmitted in messages to the SCTP transport layer. The messages and control information is separated and placed in chunks (data and control chunks), each identified by a chunk header. A message can be fragmented over a number of data chunks, but each data chunk contains data from only one user message. SCTP bundles the chunks into SCTP packets, which are then submitted to the Internet Protocol. The SCTP packet consists of a packet header, SCTP control chuck (if required) and SCTP data chunks (if available).

The primary distinguishing features of this new protocol are:

  • multi-homing—The ability of an association to support multiple IP addresses or interfaces at a given endpoint. Currently, SCTP does not do load-sharing, but with the multi-homing facility, SCTP has greater potential to survive a session in case of network failures. Using more than one address allows re-routing of packets in event of failure and also provides an alternate path for retransmissions. Endpoints can exchange lists of addresses during initiation of the association. One address is designated as the primary address to receive data. A single port number is used across the entire address list at an endpoint for a specific session. Heartbeat chunks are used to monitor availability of alternate paths with thresholds set to determine failure of alternate and primary paths.
note.gif

Noteblank.gif An “association here refers to the connection between two endpoints in this context.


  • multi-streaming—Each stream represents a sequence of messages within a single association. These messages may be long or short, which include flags for control of segmentation and reassembly. Stream Identifiers and Stream Sequence numbers are included in the data packet to allow sequencing of messages on a per-stream basis. This ensures that unnecessary head-of-line blocking between independent streams of messages is avoided in case of loss in one stream.

SCTP also provides a mechanism for designating order-of-arrival delivery as opposed to ordered delivery. The design of SCTP includes appropriate congestion avoidance behavior and resistance to flooding and masquerade attacks.

For devices such as the Cisco ASR 5000 series, SCTP carries signaling traffic that flows through IPSec tunnel over LTE S1-MME interface.

To view the SCTP configuration details:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Profile > SCTP Template. A list of SCTP templates is displayed in the content pane.

Step 3blank.gif In the Logical Inventory window, select a template from the SCTP Template node. The SCTP template details are displayed in the content pane as shown in Figure 27-25.

Figure 27-25 SCTP Template Details

 

370038.tif

Table 27-146 describes the SCTP Template details.

Table 27-146 SCTP Template Details

Field
Description

Template Name

The unique name of the SCTP template.

note.gif

Noteblank.gif Each template can be configured with different values and associated to different services such as the MME service, diameter endpoint and so on.


RTO Alpha

The Retransmission Timeout (RTO) alpha (smoothing factor) value that is used to calculate Smooth Round Trip Time (SRTT) and the Round Trip Time Variation (RTTVAR) for new Round Trip Time (RTT) measurements.

note.gif

Noteblank.gif RTO refers to the amount of time to wait before transmitting a package from the retransmission queue to the neighbor. SRTT refers to the amount of time (in milliseconds) it takes for a packet to be sent to the neighbor and for the local router to receive an acknowledgment for the packet.


RTO Beta

The Retransmission Timeout (RTO) beta (delay variance factor) value that is used to calculate Smooth Round Trip Time (SRTT) and the Round Trip Time Variation (RTTVAR) for new Round Trip Time (RTT) measurements.

Checksum

The type of checksum that is used to increase data integrity of the SCTP packets, which can be any one of the following:

  • adler32—the Adler-32 checksum algorithm is used
  • crc32—the 32 bit cyclic redundancy check algorithm is used.

Cookie Lifetime

The lifetime (in milliseconds) of the SCTP cookie.

Max Association Retransmission

The maximum number of retransmissions allowed by this template for the SCTP associations.

Max Incoming Streams

The maximum number of incoming SCTP streams.

Max Init Retransmissions

The maximum number of SCTP initiation retransmissions.

Max MTU Size

The maximum size (in bytes) of the Maximum Transmission Unit (MTU) for SCTP streams.

Min MTU Size

The minimum size (in bytes) of the MTU for SCTP streams.

Start Max MTU

The starting size (in bytes) of the MTU for SCTP streams.

Max Outgoing Streams

The maximum number of outgoing SCTP streams.

Max Retransmissions Path

The maximum number of retransmissions of the SCTP paths.

RTO Initial

The initial time (in milliseconds) for retransmission of SCTP packets.

RTO Max

The maximum time (in milliseconds) for retransmission of SCTP packets.

RTO Min

The minimum time (in milliseconds) for transmission of SCTP packets.

SACK Frequency

The frequency of the Selective Acknowledgment (SACK) of the SCTP packets.

SACK Period

The period (in milliseconds) of selective acknowledgment of the SCTP packets.

Heart Beat Status

Indicates whether the option to send traffic over an alternate path, in case of a path failure, is enabled.

note.gif

Noteblank.gif The Heartbeat message is sent to a peer endpoint to probe the reachability of a particular destination transport address defined in the present association. If the address is not reachable, the traffic is sent over an alternate address. If this option is enabled, then the failover recovery is not even known to the user.


Heart Beat Timer

The amount of time (in seconds) to wait before a peer is considered unreachable. When a Heartbeat request is sent and if an acknowledgment is not received before this timer, then subsequent heartbeat requests are not sent and the peer is considered unreachable.

Bundle Status

Indicates whether the data chunks must be bundled into packets before submitting to the IP. If this option is disabled, then the packets are sent without bundling.

Bundle Timeout

The amount of time (in seconds) after which the chunks of SCTP packets are bundled and committed for transmission.

Alternate Accept Flag

Indicates whether the alternate accept flag that denotes additional lifetime for the association, is enabled.


 

Monitoring Control and User Plane Separation (CUPS)

Long Term Evolution (LTE) is a wireless broadband technology designed to support roaming Internet access through mobile phones and handheld devices. Because LTE offers significant improvements over older mobile communication standards, this sometimes referred as a 4G (fourth generation) technology along with WiMax. With its architecture based on Internet Protocol (IP) unlike many other cellular Internet protocols, Long Term Evolution supports browsing Web sites, VoIP and other IP-based services.

The Evolved Packet Core (EPC) network is evolving and moving towards Control User Plane Separation (CUPS) based architecture where User-Plane and Control-Plane are separate node for P-GW, S-GW, and TDF products. The User Plane and Control Plane combined together provide functionality of a node for other elements in the EPC network. When the control plane and user plane is available as separate nodes it allows numerous advantages. For example it supports different scaling for Control-Plane and User-Plane, supports more capacity on each session level in User-Plane and so on.

Cisco enhanced the operation of the EPC through the separation of Control and User Plane functions in accordance with 3GPP Standard architectural enhancements. As part of CUPS, Packet Gateway application is split into independent components; Control Plane and User plane. Cisco CUPS solution advantages the SAEGW, which is an optimized combination of S-GW and P-GW. The SAEGW-C is the Cisco UPC CUPS Control Plane (CP) and SAEGW-U is the Cisco UPC CUPS User Plane (UP).

Cisco CUPS solution is designed in such a way that CUPS CP SAEGW-C and CUPS UP SAEGW-U are independent VNFs/products in itself and can be independently scaled up and down. SAEGW-C can control multiple User Planes irrespective of where they are located and what platform they are hosted on. SAEGW-U can be collocated with SAEGW-C in the same data center or could be located remotely in a different data center.

Prime Network 5.2 supports CUPS from star-OS 21.8 onwards. The control plane and user plane nodes are separately deployed in the architecture. You can view two services namely SX-service and User plane-service on the ASR 5500, SI and PI devices. Also, you can identify if a node is a control-plane or a user-plane node based on SX services.

note.gif

Noteblank.gif Separate feature license is required to use CUPS feature. To check if CUPS is enabled on your device, see “SAE-GW Properties in Logical Inventory”.


CUPS Architecture

429233.tif

Cisco UPC CUPS solution uses SAEGW, which is an optimized and combined S-GW+P-GW. SAEGW-C is the CUPS Control Plane (CP) and SAEGW-U is the CUPS User Plane (UP). SAEGW-C and SAEGW-U can anchor any combination of following type of sessions:

  • Pure S-GW— When a UE is using S-GW part of SAEGW and a PDN connection, which is terminating at an external P-GW and not part of SAEGW.
  • Pure P-GW— When a UE is using an external S-GW, which is not part of SAEGW and a PDN connection is terminating within P-GW part of SAEGW.
  • Combined S-GW + P-GW — When a UE is using both S-GW and P-GW, which is part of same SAEGW service.

You can deploy Cisco CUPS SAEGW-C and SAEGW-U either as:

  • P-GW only
  • S-GW only
  • SAEGW

You can deploy Cisco USP CUPS in the following ways:

  • Co-Located CUPS
  • Hybrid-CUPS
  • Remote CUPS

CUPS Services

The following two CUPS services are supported on ASR5000 devices.

1.blank.gif Sx-Service

2.blank.gif User-Plane-Service

Sx-Services

The Sx Service provides an interface mentioned as the following reference points:

  • Sxa: Reference point between SGW-C and SGW-U.
  • Sxb: Reference point between PGW-C and PGW-U.
  • Sxc: Reference point between Traffic Detection Function-C (TDF-C) and TDF-U.
  • Sxab: Reference point between SAEGW-C and SAEGW-U

The Sx service is agnostic of the interface it supports. A single Sx service instance is capable of running on Sxa, Sxb, and Sxb interfaces. The Sx service runs in two different modes:

  • Sx-Control Plane instance
  • Sx-User Plane instance

The Sx service is associated with the SAEGW service at the Control-Plane and User-Plane service at the

User-Plane. There is one-to-one mapping of the Sx service with the Control-Plane and Data Plane.

User Plane services

Some important points that describe User plane service are:

  • User plane can be programmed from Control plane.
  • Single User plane service can serve both SGW-U and P-GW-U type sessions.
  • Two or more separate User plane services can be defined for each node type, SGW-U and PGW-U, respectively.
  • User plane service is associated with Sx service for the Control Plane interface, and GTP-U service for receiving GTP-U packets. Currently, each User Plane Service is associated with only single Sx service to interface with Control Plane.
  • User plane service can be associated with four GTP-U services.
  • Multiple peers of Control Plane services use single User Plane service

Sx-Services

Sx services can be configured on each context except the local context on the StarOS.

Viewing Sx-Control Plane Services

The Vision client displays the Sx Control plane container under the Mobile node in the logical inventory. The icon used for representing Sx Control plane in the logical inventory is explained in NE Logical Inventory Icons.

To view Sx Control plane properties:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory. For example, Double-click an SI device.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > Sx Control Plane Container > Sx Control Plane.

The Vision client displays the list of Sx Control plane services configured under the container.

Table 27-147 describes the properties available for Sx Control plane.

 

Table 27-147 Sx-Control Plane Properties

Field
Description

Service Name

Name of the Sx control plane service.

Service ID

ID of the Sx control plane service.

Status

Status of the Sx control plance service.

Instance Type

Displays the instance type of the Sx-service.

Bind IPV4address

Shows the ipv4 address of the Sx-service to be sent to the peer.

Bind IPV6address

Shows the ipv6 address of the Sx-service to be sent to the peer.

Recovery Timestamp

Shows the recovery timestamp

SXAB

 

Retransmission Timeout

Displays the configured retransmission timeout of SXA in milli-seconds.

Maximum Request Retransmissions

Displays the configured the maximum number of request retransmission of SXA.

HB Interval

Shows the heart beat interval in milli-seconds.

HB Retransmission Timeout

Shows the heart beat re-transmission timeout in milli-seconds.

HB Max Retransmission

Shows the Maximum number of request retransmission of Sx service heartbeat.

Control msg Recovery timestamp Counter Changes

Displays Control message recovery time stamp control changes to true or false

Heartbeat req or resp Recovery timestamp Change

Displays either heartbeat request or response recovery time stamp changes to true or false.

Heartbeat Timeout

Displays heart beat Time out to true or false.

Configuring, Monitoring, and Troubleshooting Sx Services

You can use the following commands to configure, monitor, and troubleshoot Sx services. The devices that support these commands are listed in the Addendum: Additional VNE Support for Cisco Prime Network 5.2. Whether you can run these commands depends on your permissions. See Vision Client Permissions.

 

Table 27-148 Sx-Interface Commands

Command
Navigation
Description

Show sx-service all

Logical Inventory > Mobile > Sx Control Plane /Data Plane> sx-servuce all

Displays the Sx- control plane services along with attributes listed in Table 27-147 .

Show sx-service name

Logical Inventory > Mobile > Sx Control Plane / Data Plane > < sx-service name>

The output of this command displays the properties for the specified sx-service.

bind { ipv4-address ipv4_address | ipv6-address ipv6_address }

Logical Inventory > Mobile > Sx Control Plane / Data Plane > < sx-service name>

Binds the specified Sx service to an IP address.

sxa { max-retransmissions number | retransmissions-timeout-ms number}

Logical Inventory > Mobile > Sx Control Plane / Data Plane > < sx-service name>

Modifies the Sxa parameters for the S-GW.

max-retransmissions: Configures the maximum retries for Sx control packets on the S-GW. Enter an integer. The valid values range from 0 to 15. The default value is 4.

retransmissions-timeout-ms: Configures the retransmission timeout for Sx control packets (on the S-GW), in milliseconds. Enter a value in multiples of 100. The valid values range from 1000 to 20000. The default value is 5000.

By default, this command is disabled.

sxab { max-retransmissions number | retransmissions-timeout-ms number}

Logical Inventory > Mobile > Sx Control Plane / Data Plane > < sx-service name>

Modifies the Sxab parameters for the S-GW and P-GW.

max-retransmissions: Configures the maximum retries for Sx control packets on the S-GW and P-GW. Enter an integer. The valid values range from 0 to 15. The default value is 4.

retransmissions-timeout-ms: Configures the retransmission timeout for Sx control packets (on the S-GW), in milliseconds. Enter a value in multiples of 100. The valid values range from 1000 to 20000. The default value is 5000.

By default, this command is disabled.

sxb { max-retransmissions number | retransmissions-timeout-ms number}

Logical Inventory > Mobile > Sx Control Plane / Data Plane > < sx-service name>

Modifies the Sxb parameters for the P-GW.

max-retransmissions: Configures the maximum retries for Sx control packets on the P-GW. Enter an integer. The valid values range from 0 to 15. The default value is 4.

retransmissions-timeout-ms: Configures the retransmission timeout for Sx control packets (on the S-GW), in milliseconds. Enter a value in multiples of 100. The valid values range from 1000 to 20000. The default value is 5000.

By default, this command is disabled.

Show saegw-service all

Logical Inventory > Mobile > SAE-GW > saegw-service al l

The saegw-service displays details of the sx-services associated with an SAEGW service.

Show saegw-service name

Logical Inventory > Mobile > SAE-GW > <service name>

The output of this command displays the field for the specified saegw-service name.

associate sx-service name

Logical Inventory > Mobile > SAE-GW > <service name>

Associates an SAEGW service to an existing Sx service within this context

associate sx-service name

Logical Inventory > Mobile > User Plane > < sx-service name>

Associate User-Plane service to an existing Sx service within this context.

associate gtpu-service gtpu_service_name up-tunnel

Logical Inventory > Mobile > SAE-GW > <service name>

Associates an existing GTP-U service to an existing Control Plane function under SAEGW Service Configuration Mode.

associate gtpu-service gtpu_service_name cp-tunnel

Logical Inventory > Mobile > User Plane > < sx-service name>

Associates an existing GTP-U service to an existing User Plane function under User Plane Configuration Mode.

Show saegw-service statistics

 

 

Show sx-service statistics all

 

The output of this command is visible only in CLI. You can view the new fields and statistics in support of the Sx service.

User-Plane Services

The following minimum and critical parameters must be configured to start the User Plane service:

  • One Sx-Service.
  • Three GTP-U Services of interface type P-GW ingress, S-GW-ingress, and S-GW-egress.
  • Removal or change of any critical parameters from User Plane service results in the User Plane service getting stopped.
  • The services that are associated with the User Plane service should be in running mode. Else, stopping any associated service triggers stopping of the User Plane service.

Viewing User-Plane Services

To view Sx User plane properties:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > Sx User plane Container > Sx User plane.

The Vision client displays the list of Sx User plane services configured under the container.

Table 27-149 describes the details available for each user-plane service.

 

Table 27-149 Sx User Plane Properties in Logical Inventory

Field
Description

Service Name

Name of the Sx User plane service.

Service ID

ID of the Sx user plane service.

Status

Status of the Sx user plane service.

PGW Ingress GTPU Service

Displays the PGW ingress GTPU service of the ASR5K device.

SGW Ingress GTPU Service

Displays the SGW ingress GTPU service of the ASR5K device.

SGW Egress GTPU Service

Displays the SW Egress GTPU service of the ASR5K device.

Control Plane Tunnel GTPU Service

The associated control plane tunnel GTPU service.

Sx Service

Displays its associated Sx service.

Control Plane Group

The group to which the control plane is associated.

Configuring, Monitoring, and Troubleshooting Sx User-Plane Services

You can use the following CLI commands to configure, monitor, and troubleshoot Sx User plane services in CUPS. The devices that support these commands are listed in the Addendum: Additional VNE Support for Cisco Prime Network 5.2. Whether you can run these commands depends on your permissions. See Vision Client Permissions :

 

Table 27-150 User-Plane Services Commands

Command
Navigation
Description

Show user-plane service all

Logical Inventory > Mobile > User Plane Services

Displays the user-plane services along with attributes listed in Table 27-149 .

Show user-plane-service name

Logical Inventory > Mobile > User Plane Services >< service name >

The output of this command displays the fields for the specified user-plane-service name.

associate gtpu-service gtpu_service_name { pgw-ingress | sgw-ingress | sgw-egress }

Logical Inventory > Mobile > User Plane Services >< service name >

Associates the GTPU service with the User Plane service.

associate sx-service service_name

Logical Inventory > Mobile > User Plane Services >< service name >

Associates an Sx service with User Plane service. This is a mandatory parameter.

Show service all

 

Displays the user-plane services. The output of this command includes the fields shown in

Show saegw-service all

Logical Inventory > Mobile > SAE-GW > saegw-service al l

The saegw-service displays details of the sx-services associated with an SAEGW service.

Show saegw-service name

Logical Inventory > Mobile > SAE-GW > <service name>

The output of this command displays the field for the specified saegw-service name.

Show user-plane-service statistics all

 

The output of this command is visible only in CLI. You can view the new fields and statistics in support of the user-plane service.

Global SX Peers

Global SX Peers shows all the peer nodes of SX Service.

Viewing Global SX Peers

To view Global SX Peer:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory. For example, Double-click an SI device.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > SX Peers.

The Vision client displays the list of SX Peers.

359124.tiff

Table 27-151 describes the attributes available for SX Peers.

 

Table 27-151 SX Peers Attributes

Field
Description

SX Peer Nodes

Displays the peer node information (device name, SX Service name, and IP address).

Context Name

Displays the corresponding context of sx peer.

Step 3blank.gif Clicking on an SX Peer Node navigates to the respective SX Peer Node as shown below:

359125.tiff

SX Peers neighborship between Control Plane and User Plane services

The Vision client allows you to view neighborship information between the Control Plane and User Plane services.

note.gif

Noteblank.gif This feature is supported from StarOS 21.9 onwards.


Viewing peer node properties in Control Plane

To view SX Peer Nodes properties:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory. For example, Double-click an SI device.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > Sx Control Plane Container > Control_Plane_Service.

The Vision client displays the list of Sx Peer nodes and their properties.

Table 27-152 describes the properties available for Sx Peer Nodes.

 

Table 27-152 Control Plane Sx Peer Node Properties

Field
Description

Node Type

Type of the peer node (Control Plane/User Plane).

Peer Mode

Mode of the peer node (Active/Standby).

Association State

Association state of the peer node (Idle/Initiated/Associated/Releasing).

Configuration State

Configuration state of the peer node (Configured/Not Configured).

IP Pool

Shows if the IP Pool is enabled/disabled for the peer node.

Service ID

ID of the associated Sx Service.

Group Name

Group Name of the SX Service.

Peer Node

IP address of the peer node.

Peer ID

ID of the peer node.

Recovery Timestamp

Shows the recovery timestamp.

Restart Count

Shows the Restart Count of Sx peer device.

Current Sessions

Shows the Current Sessions count of sx peer device.

Max Sessions

Shows the Max Session count of sx peer device.

Peer State

State of the peer node.

 

Viewing peer node properties in User Plane

To view SX Peer Nodes properties:


Step 1blank.gif Right-click the required device in the Vision client and choose Inventory. For example, Double-click an SI device.

Step 2blank.gif In the Logical Inventory window, choose Logical Inventory > Context > Mobile > Sx User Plane Container > User_Plane_Service.

The Vision client displays the list of Sx Peer nodes and their properties.

Table 27-153 describes the properties available for Sx Peer Nodes.

 

Table 27-153 User Plane Sx Peer Node Properties

Field
Description

Node Type

Type of the peer node (Control Plane/User Plane).

Peer Mode

Mode of the peer node (Active/Standby).

Association State

Association state of the peer node (Idle/Initiated/Associated/Releasing).

Configuration State

Configuration state of the peer node (Configured/Not Configured).

IP Pool

Shows if the IP Pool is enabled/disabled for the peer node.

Service ID

ID of the associated Sx Service.

Group Name

Group Name of the SX Service.

Peer Node

IP address of the peer node.

Peer ID

ID of the peer node.

Recovery Timestamp

Shows the recovery timestamp.

Restart Count

Shows the Restart Count of Sx peer device.

Current Sessions

Shows the Current Sessions count of sx peer device.

Max Sessions

Shows the Max Session count of sx peer device

Peer State

State of the peer node.

Monitoring peer nodes

You can use the following CLI command to monitor the Sx peers in CUPS. The devices that support this command are listed in the Addendum: Additional VNE Support for Cisco Prime Network 5.2. Whether you can run these commands depends on your permissions. See Vision Client Permissions :

 

Table 27-154 Sx Peers Commands

Command
Navigation
Description

Show sx peers

 

Displays the attributes listed in Table 27-152 and Table 27-153 for all the Sx peers.