Routing Behind the
Mobile Station on an APN
The routing behind the
Mobile Station(MS) feature enables the routing of packets to IPv4 addresses
that do not belong to the PDN Session (the MS), but exist behind it. The
network address of the destination can be different than the Mobile Station
address.
This chapter includes the following topics:
Feature
Description
The Framed-Route
attribute provides routing information to be configured for the user on the
network access server (NAS). The Framed-Route information is returned to the
RADIUS server in the Access-Accept message. Framed-Route can work at a context
level or VRF level. VRFs can be on per enterprise and each can have its own set
of framed-routes. In such configuration, framed routes will be installed in
VRF's dedicated for respective enterprise. Association of Framed-Route with VRF
will be done based on subscriber IP pool.
Mobile Router
enables a router to create a PDN Session which the GGSN authorizes using RADIUS
server. The RADIUS server authenticates this router and includes a Framed-Route
attribute in the access-accept response packet. Framed-Route attribute also
specifies the subnet routing information to be installed in the GGSN for the
"mobile router." If the GGSN receives a packet with a destination address
matching the Framed-Route, the packet is forwarded to the mobile router through
the associated PDN session.
How It Works
Routing Behind the
Mobile Station on an APN
The following rules
apply:
- AAA interface of GGSN/P-GW supports
receiving "Framed Route AVP" in Radius Access-Accept Message from the Radius
Server.
- AAA interface of GGSN/P-GW supports
maximum 16 "Framed Route AVP" in Radius Access-Accept Message
- GGSN/P-GW does
not accept framed route with destination address as 0.0.0.0 and/or netmask as
0.0.0.0.
- GGSN/P-GW does
not accept framed route where gateway address in the route is not matching with
the address that would be assigned to Mobile station.
- GGSN/P-GW ignores
duplicate framed routes.
- GGSN/P-GW
supports controlling enabling/disabling of this feature through CLI in APN
Configuration.
- GGSN/P-GW
supports controlling number of framed-routes to be installed through this
feature.
- GGSN/P-GW
supports controlling number of hosts (addresses) supported behind the mobile
station per route.
- The routing
behind an MS is supported only for IPv4 PDP contexts.
- Packets routed
behind the MS share the same 3GPP QoS settings of the MS.
Configuring Routing
Behind the Mobile Station
The routing behind
the MS feature enables the routing of packets to IPv4 addresses that do not
belong to the PDN Session (the MS), but exist behind it. The network address of
the destination can be different than the MS address.
Before enabling
routing behind the MS, the following requirements must be met:
-
The MS must use
RADIUS for authentication and authorization.
-
The Framed-Route
(attribute 22) as defined in Internet Engineering Task Force (IETF) standard
RFC 2865, must be configured in the profile of a user and contain at least one
route, and up to 16 routes for each MS that is to use the routing behind the MS
feature.
When configured,
the Framed-Route attribute is automatically downloaded to the GGSN during the
RADIUS authentication and authorization phase of the PDN Session creation. If
routing behind the MS has not been enabled using the network-behind-mobile
command in access-point configuration mode, the GGSN ignores the Framed-Route
attribute.
When the MS
session is no longer active, the routes are deleted.
- Static routes are
not configured. The configuration of the routing behind the mobile station
feature (Framed Route, attribute 22) and static routes at the same time is not
supported.
Configuration
Overview
To enable routing
behind a Mobile Station perform the following steps:
Creating an APN
Profile
Use the following
example to create an APN profile on the P-GW/SAEGW/S-GW:
config
context context_name
apn apn_name
end
Notes:
- The apn name must be an alphanumeric
string from 1 to 64 characters in length.
- Once you have created an APN profile,
you will enter the Access Point Profile Configuration Mode.
Enabling Routing
Behind the Mobile Station
To enable routing
behind an MS, use the following steps command in access-point configuration
mode:
config
network-behind-mobile { max-addresses-behind-mobile max_addrs | max-subnets max_subnets }
{ default | no } network-behind-mobile
end
Notes:
- default
Enables the
default settings for this function. It enables NBMS with max-subnets as 10 and
max-addresses-behind-mobile as 16,777,214 default values.
- no
Disables the
network behind mobile station functionality on the APN.
- max-addresses-behind-mobile
max_addrs
Configures the
maximum number of addresses that are allowed in a single Network/subnet Behind
MS.
- max-subnets
max_subnets
Specifies the
maximum number of subnets that can be enabled for a call in the APN.
max_subnets must be an integer from1 through 16.
Default: 10
Verifying the
Routing Behind the Mobile Station
To verify the
routing behind the mobile station configuration, use the following show
commands.
-
Router show ip route vrf vpn_am2
"*" indicates the Best or Used route. S indicates Stale.
Destination Nexthop Protocol Prec Cost Interface
*17.18.19.20/32 10.7.104.2 bgp 20 0 bgp_neighbour (nhlfe-ix:3)
*17.18.19.21/32 0.0.0.0 connected 0 0 vpn_am2lb1
*40.40.41.0/24 0.0.0.0 connected 0 0
*41.40.41.0/24 0.0.0.0 connected 0 0
*42.40.41.0/24 0.0.0.0 connected 0 0
*43.40.41.0/24 0.0.0.0 connected 0 0
*44.40.41.0/24 0.0.0.0 connected 0 0
*45.40.41.0/24 0.0.0.0 connected 0 0
*46.40.41.0/24 0.0.0.0 connected 0 0
*47.40.41.0/24 0.0.0.0 connected 0 0
*48.40.41.0/24 0.0.0.0 connected 0 0
*49.40.41.0/24 0.0.0.0 connected 0 0
*106.106.0.0/16 0.0.0.0 connected 0 0 pool pool_test_3
Total route count : 13
Unique route count: 13
Connected: 12 BGP: 1
-
show subscribers pgw-only full all
Username: starent
Subscriber Type : Visitor
Status : Online/Active
State : Connected
Connect Time : Mon Oct 12 12:23:52 2015
Auto Delete : No
Idle time : 00h00m50s
MS TimeZone : n/a Daylight Saving Time: n/a
Access Type: gtp-pdn-type-ipv4 Network Type: IP
Access Tech: eUTRAN pgw-service-name: PGW21
Callid: 0db5d3a3 IMSI: 123456789012345
Protocol Username: starent MSISDN: 9326737733
Interface Type: S5S8GTP Low Access Priority: N/A
Emergency Bearer Type: N/A
IMS-media Bearer: No
S6b Auth Status: N/A
Access Peer Profile: default
Acct-session-id (C1): 141414650F55554B
ThreeGPP2-correlation-id (C2): 17767C4D / 6SKDhW-2
Card/Cpu: 12/0 Sessmgr Instance: 47
Bearer Type: Default Bearer-Id: 5
Bearer State: Active
IP allocation type: local pool
IPv6 allocation type: N/A
IP address: 106.106.0.5
Framed Routes: Framed Routes Source: RADIUS
40.40.41.0 255.255.255.0 106.106.0.5
41.40.41.0 255.255.255.0 106.106.0.5
43.40.41.0 255.255.255.0 106.106.0.5
44.40.41.0 255.255.255.0 106.106.0.5
45.40.41.0 255.255.255.0 106.106.0.5
46.40.41.0 255.255.255.0 106.106.0.5
47.40.41.0 255.255.255.0 106.106.0.5
48.40.41.0 255.255.255.0 106.106.0.5
49.40.41.0 255.255.255.0 106.106.0.5
42.40.41.0 255.255.255.0 106.106.0.5
ULI:
TAI-ID:
MCC: 214 MNC: 365
TAC: 0x6789
ECGI-ID:
MCC: 214 MNC: 365
ECI: 0x1234567
Accounting mode: None APN Selection Mode: Sent by MS
MEI: 1122334455667788 Serving Nw: MCC=123, MNC=765
charging id: 257250635 charging chars: normal
Source context: EPC2 Destination context: ISP1
S5/S8/S2b/S2a-APN: cisco.com
SGi-APN: cisco.com
APN-OI: n/a
Restoration priority level: n/a
traffic flow template: none
IMS Auth Service : IMSGx
active input ipv4 acl: IPV4ACL active output ipv4 acl: IPV4ACL
active input ipv6 acl: active output ipv6 acl:
ECS Rulebase: cisco
Bearer QoS:
QCI: 5
ARP: 0x04
PCI: 0 (Enabled)
PL : 1
PVI: 0 (Enabled)
MBR Uplink(bps): 0 MBR Downlink(bps): 0
GBR Uplink(bps): 0 GBR Downlink(bps): 0
PCRF Authorized Bearer QoS:
QCI: n/a
ARP: n/a
PCI: n/a
PL: n/a
PVI: n/a
MBR uplink (bps): n/a MBR downlink (bps): n/a
GBR uplink (bps): n/a GBR downlink (bps): n/a
Downlink APN AMBR: n/a Uplink APN AMBR: n/a
P-CSCF Address Information:
Primary IPv6 : n/a
Secondary IPv6: n/a
Tertiary IPv6 : n/a
Primary IPv4 : n/a
Secondary IPv4: n/a
Tertiary IPv4 : n/a
Access Point MAC Address: N/A
pgw c-teid: [0x8000002f] 2147483695 pgw u-teid: [0x8000002f] 2147483695
sgw c-teid: [0x50010001] 1342242817 sgw u-teid: [0x60010001] 1610678273
ePDG c-teid: N/A ePDG u-teid: N/A
cgw c-teid: N/A cgw u-teid: N/A
pgw c-addr: 2002::2:101 pgw u-addr: 20.20.20.101 2002::2:101
sgw c-addr: 2002::2:61 sgw u-addr: 2002::2:61
ePDG c-addr: N/A ePDG u-addr: N/A
cgw c-addr: N/A cgw u-addr: N/A
Downlink APN AMBR: 16534000 bps Uplink APN AMBR: 16534000 bps
Mediation context: None Mediation no early PDUs: Disabled
Mediation No Interims: Disabled Mediation Delay PBA: Disabled
input pkts: 0 output pkts: 0
input bytes: 0 output bytes: 0
input bytes dropped: 0 output bytes dropped: 0
input pkts dropped: 0 output pkts dropped: 0
input pkts dropped due to lorc : 0 output pkts dropped due to lorc : 0
input bytes dropped due to lorc : 0
in packet dropped suspended state: 0 out packet dropped suspended state: 0
in bytes dropped suspended state: 0 out bytes dropped suspended state: 0
in packet dropped overcharge protection: 0 out packet dropped overcharge protection: 0
in bytes dropped overcharge protection: 0 out bytes dropped overcharge protection: 0
in packet dropped sgw restoration state: 0 out packet dropped sgw restoration state: 0
in bytes dropped sgw restoration state: 0 out bytes dropped sgw restoration state: 0
pk rate from user(bps): 0 pk rate to user(bps): 0
ave rate from user(bps): 0 ave rate to user(bps): 0
sust rate from user(bps): 0 sust rate to user(bps): 0
pk rate from user(pps): 0 pk rate to user(pps): 0
ave rate from user(pps): 0 ave rate to user(pps): 0
sust rate from user(pps): 0 sust rate to user(pps): 0
link online/active percent: 65
ipv4 bad hdr: 0 ipv4 ttl exceeded: 0
ipv4 fragments sent: 0 ipv4 could not fragment: 0
ipv4 input acl drop: 0 ipv4 output acl drop: 0
ipv4 bad length trim: 0
ipv4 input mcast drop: 0 ipv4 input bcast drop: 0
ipv6 input acl drop: 0 ipv6 output acl drop: 0
ipv4 input css down drop: 0 ipv4 output css down drop: 0
ipv4 input css down drop: 0 ipv4 output css down drop: 0
ipv4 output xoff pkts drop: 0 ipv4 output xoff bytes drop: 0
ipv6 output xoff pkts drop: 0 ipv6 output xoff bytes drop: 0
ipv6 input ehrpd-access drop: 0 ipv6 output ehrpd-access drop: 0
input pkts dropped (0 mbr): 0 output pkts dropped (0 mbr): 0
ip source violations: 0 ipv4 output no-flow drop: 0
ipv6 egress filtered: 0
ipv4 proxy-dns redirect: 0 ipv4 proxy-dns pass-thru: 0
ipv4 proxy-dns drop: 0
ipv4 proxy-dns redirect tcp connection: 0
ipv6 bad hdr: 0 ipv6 bad length trim: 0
ip source violations no acct: 0
ip source violations ignored: 0
dormancy total: 0 handoff total: 0
ipv4 icmp packets dropped: 0
APN AMBR Input Pkts Drop: 0 APN AMBR Output Pkts Drop: 0
APN AMBR Input Bytes Drop: 0 APN AMBR Output Bytes Drop: 0
Monitoring and
Troubleshooting the Routing Behind the Mobile Station
Routing Behind the
Mobile Station Show Command(s) and/or Outputs
show apn name
<apn_name>
...
proxy-mip: Disabled
proxy-mipv6: Disabled
proxy-mip null-username static home address: Disabled
Network Behind Mobile Station: Enabled
Maximum subnets behind Mobile station: 10
Maximum Addresses Behind Mobile Station: 16777214
Tunnel peer load-balancing : random
L3-to-L2 tunnel address-policy no-alloc-validate
tunnel address-policy alloc-validate
NPU QoS Traffic Priority: Derive from packet DSCP