Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

SAEGW Administration Guide, StarOS Release 21.3

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

SAEGW Administration Guide, StarOS Release 21.3

Chapter Title

Routing Behind the Mobile Station on an APN

Results

Updated:
July 28, 2017

Chapter: Routing Behind the Mobile Station on an APN

Routing Behind the Mobile Station on an APN

The routing behind the Mobile Station(MS) feature enables the routing of packets to IPv4 addresses that do not belong to the PDN Session (the MS), but exist behind it. The network address of the destination can be different than the Mobile Station address.

This chapter includes the following topics:

Feature Description

The Framed-Route attribute provides routing information to be configured for the user on the network access server (NAS). The Framed-Route information is returned to the RADIUS server in the Access-Accept message. Framed-Route can work at a context level or VRF level. VRFs can be on per enterprise and each can have its own set of framed-routes. In such configuration, framed routes will be installed in VRF's dedicated for respective enterprise. Association of Framed-Route with VRF will be done based on subscriber IP pool.

Mobile Router enables a router to create a PDN Session which the GGSN authorizes using RADIUS server. The RADIUS server authenticates this router and includes a Framed-Route attribute in the access-accept response packet. Framed-Route attribute also specifies the subnet routing information to be installed in the GGSN for the "mobile router." If the GGSN receives a packet with a destination address matching the Framed-Route, the packet is forwarded to the mobile router through the associated PDN session.

How It Works

Routing Behind the Mobile Station on an APN

The following rules apply:

  • AAA interface of GGSN/P-GW supports receiving "Framed Route AVP" in Radius Access-Accept Message from the Radius Server.
  • AAA interface of GGSN/P-GW supports maximum 16 "Framed Route AVP" in Radius Access-Accept Message
  • GGSN/P-GW does not accept framed route with destination address as 0.0.0.0 and/or netmask as 0.0.0.0.
  • GGSN/P-GW does not accept framed route where gateway address in the route is not matching with the address that would be assigned to Mobile station.
  • GGSN/P-GW ignores duplicate framed routes.
  • GGSN/P-GW supports controlling enabling/disabling of this feature through CLI in APN Configuration.
  • GGSN/P-GW supports controlling number of framed-routes to be installed through this feature.
  • GGSN/P-GW supports controlling number of hosts (addresses) supported behind the mobile station per route.
  • The routing behind an MS is supported only for IPv4 PDP contexts.
  • Packets routed behind the MS share the same 3GPP QoS settings of the MS.

Configuring Routing Behind the Mobile Station

The routing behind the MS feature enables the routing of packets to IPv4 addresses that do not belong to the PDN Session (the MS), but exist behind it. The network address of the destination can be different than the MS address.

Before enabling routing behind the MS, the following requirements must be met:

  • The MS must use RADIUS for authentication and authorization.

  • The Framed-Route (attribute 22) as defined in Internet Engineering Task Force (IETF) standard RFC 2865, must be configured in the profile of a user and contain at least one route, and up to 16 routes for each MS that is to use the routing behind the MS feature.

    When configured, the Framed-Route attribute is automatically downloaded to the GGSN during the RADIUS authentication and authorization phase of the PDN Session creation. If routing behind the MS has not been enabled using the network-behind-mobile command in access-point configuration mode, the GGSN ignores the Framed-Route attribute.

    When the MS session is no longer active, the routes are deleted.

  • Static routes are not configured. The configuration of the routing behind the mobile station feature (Framed Route, attribute 22) and static routes at the same time is not supported.

Configuration Overview

To enable routing behind a Mobile Station perform the following steps:

    Step 1   Create an APN Profile. Refer to Creating an APN Profile.
    Step 2   Enable or disable a Network behind Mobile Station for APN. Refer to Enabling Routing Behind the Mobile Station.

    Creating an APN Profile

    Use the following example to create an APN profile on the P-GW/SAEGW/S-GW: 

    config
   context context_name
      apn apn_name
      end

    Notes:

    • The apn name must be an alphanumeric string from 1 to 64 characters in length.
    • Once you have created an APN profile, you will enter the Access Point Profile Configuration Mode.

    Enabling Routing Behind the Mobile Station

    To enable routing behind an MS, use the following steps command in access-point configuration mode: 

    config
   network-behind-mobile { max-addresses-behind-mobile max_addrs | max-subnets max_subnets }
   { default | no } network-behind-mobile 
 end

    Notes:

    • default

      Enables the default settings for this function. It enables NBMS with max-subnets as 10 and max-addresses-behind-mobile as 16,777,214 default values.

    • no

      Disables the network behind mobile station functionality on the APN.

    • max-addresses-behind-mobile max_addrs

      Configures the maximum number of addresses that are allowed in a single Network/subnet Behind MS.

    • max-subnets max_subnets

      Specifies the maximum number of subnets that can be enabled for a call in the APN.

      max_subnets must be an integer from1 through 16.

      Default: 10

    Verifying the Routing Behind the Mobile Station

    To verify the routing behind the mobile station configuration, use the following show commands. 

    1. Router show ip route vrf vpn_am2
"*" indicates the Best or Used route.  S indicates Stale.
Destination         Nexthop          Protocol   Prec Cost Interface
*17.18.19.20/32      10.7.104.2       bgp        20   0    bgp_neighbour        (nhlfe-ix:3)
*17.18.19.21/32      0.0.0.0          connected  0    0    vpn_am2lb1
*40.40.41.0/24       0.0.0.0          connected  0    0
*41.40.41.0/24       0.0.0.0          connected  0    0
*42.40.41.0/24       0.0.0.0          connected  0    0
*43.40.41.0/24       0.0.0.0          connected  0    0
*44.40.41.0/24       0.0.0.0          connected  0    0
*45.40.41.0/24       0.0.0.0          connected  0    0
*46.40.41.0/24       0.0.0.0          connected  0    0
*47.40.41.0/24       0.0.0.0          connected  0    0
*48.40.41.0/24       0.0.0.0          connected  0    0
*49.40.41.0/24       0.0.0.0          connected  0    0
*106.106.0.0/16      0.0.0.0          connected  0    0    pool pool_test_3 
Total route count : 13
Unique route count: 13
Connected: 12 BGP: 1 
    2. show subscribers pgw-only full all
Username: starent
  Subscriber Type : Visitor
  Status          : Online/Active
  State           : Connected
  Connect Time    : Mon Oct 12 12:23:52 2015
  Auto Delete     : No
  Idle time       : 00h00m50s
  MS TimeZone     : n/a                  Daylight Saving Time: n/a
  Access Type: gtp-pdn-type-ipv4         Network Type: IP
  Access Tech: eUTRAN                    pgw-service-name: PGW21
  Callid: 0db5d3a3                       IMSI: 123456789012345
  Protocol Username: starent             MSISDN: 9326737733
  Interface Type: S5S8GTP                Low Access Priority: N/A
  Emergency Bearer Type: N/A
  IMS-media Bearer: No
  S6b Auth Status: N/A
  Access Peer Profile: default
  Acct-session-id (C1): 141414650F55554B
  ThreeGPP2-correlation-id (C2): 17767C4D / 6SKDhW-2
  Card/Cpu: 12/0                         Sessmgr Instance: 47
  Bearer Type: Default                   Bearer-Id: 5
  Bearer State: Active
  IP allocation type: local pool
  IPv6 allocation type: N/A
  IP address: 106.106.0.5
  Framed Routes:                                  Framed Routes Source: RADIUS
    40.40.41.0      255.255.255.0   106.106.0.5
    41.40.41.0      255.255.255.0   106.106.0.5
    43.40.41.0      255.255.255.0   106.106.0.5
    44.40.41.0      255.255.255.0   106.106.0.5
    45.40.41.0      255.255.255.0   106.106.0.5
    46.40.41.0      255.255.255.0   106.106.0.5
    47.40.41.0      255.255.255.0   106.106.0.5
    48.40.41.0      255.255.255.0   106.106.0.5
    49.40.41.0      255.255.255.0   106.106.0.5
    42.40.41.0      255.255.255.0   106.106.0.5
  ULI:
   TAI-ID:
    MCC: 214  MNC: 365
    TAC: 0x6789
   ECGI-ID:
  MCC: 214 MNC: 365
    ECI: 0x1234567
  Accounting mode: None                  APN Selection Mode: Sent by MS
  MEI: 1122334455667788                  Serving Nw: MCC=123, MNC=765
  charging id: 257250635                    charging chars: normal
  Source context: EPC2                   Destination context: ISP1
 S5/S8/S2b/S2a-APN: cisco.com
  SGi-APN:   cisco.com
  APN-OI:    n/a
  Restoration priority level: n/a
  traffic flow template: none
 IMS Auth Service : IMSGx
  active input ipv4 acl: IPV4ACL         active output ipv4 acl: IPV4ACL
active input ipv6 acl:                 active output ipv6 acl:
ECS Rulebase: cisco
Bearer QoS:
QCI: 5
ARP: 0x04
PCI: 0 (Enabled)
PL : 1
PVI: 0 (Enabled)
MBR Uplink(bps): 0                    MBR Downlink(bps): 0
GBR Uplink(bps): 0                    GBR Downlink(bps): 0
PCRF Authorized Bearer QoS:
QCI: n/a
ARP: n/a
PCI: n/a
PL: n/a
PVI: n/a
MBR uplink (bps): n/a                       MBR downlink (bps): n/a
GBR uplink (bps): n/a                       GBR downlink (bps): n/a
Downlink APN AMBR: n/a                  Uplink APN AMBR: n/a
P-CSCF Address Information:
Primary IPv6  :   n/a
  Secondary IPv6:   n/a
Tertiary IPv6 :   n/a
 Primary IPv4  :   n/a
  Secondary IPv4:   n/a
   Tertiary IPv4 :   n/a
Access Point MAC Address:  N/A
  pgw c-teid: [0x8000002f] 2147483695    pgw u-teid: [0x8000002f] 2147483695
  sgw c-teid: [0x50010001] 1342242817    sgw u-teid: [0x60010001] 1610678273
  ePDG c-teid: N/A                       ePDG u-teid: N/A
  cgw c-teid: N/A                        cgw u-teid: N/A
  pgw c-addr: 2002::2:101                pgw u-addr: 20.20.20.101    2002::2:101
  sgw c-addr: 2002::2:61                 sgw u-addr: 2002::2:61
  ePDG c-addr: N/A                       ePDG u-addr: N/A
  cgw c-addr: N/A                        cgw u-addr: N/A
  Downlink APN AMBR:   16534000 bps    Uplink APN AMBR:   16534000 bps
Mediation context: None                Mediation no early PDUs: Disabled
  Mediation No Interims: Disabled        Mediation Delay PBA: Disabled
  input pkts: 0                                   output pkts: 0
  input bytes: 0                                  output bytes: 0
  input bytes dropped: 0                          output bytes dropped: 0
  input pkts dropped: 0                           output pkts dropped: 0
  input pkts dropped due to lorc    : 0           output pkts dropped due to lorc    : 0
  input bytes dropped due to lorc   : 0
  in packet dropped suspended state: 0            out packet dropped suspended state: 0
 in bytes dropped suspended state: 0             out bytes dropped suspended state: 0
  in packet dropped overcharge protection: 0      out packet dropped overcharge protection: 0
  in bytes dropped overcharge protection: 0       out bytes dropped overcharge protection: 0
  in packet dropped sgw restoration state: 0      out packet dropped sgw restoration state: 0
  in bytes dropped sgw restoration state: 0       out bytes dropped sgw restoration state: 0
 pk rate from user(bps): 0                       pk rate to user(bps): 0
  ave rate from user(bps): 0                      ave rate to user(bps): 0
  sust rate from user(bps): 0                     sust rate to user(bps): 0
  pk rate from user(pps): 0                       pk rate to user(pps): 0
  ave rate from user(pps): 0                      ave rate to user(pps): 0
  sust rate from user(pps): 0                     sust rate to user(pps): 0
  link online/active percent: 65
  ipv4 bad hdr: 0                                 ipv4 ttl exceeded: 0
  ipv4 fragments sent: 0                          ipv4 could not fragment: 0
  ipv4 input acl drop: 0                          ipv4 output acl drop: 0
  ipv4 bad length trim: 0
 ipv4 input mcast drop: 0                        ipv4 input bcast drop: 0
  ipv6 input acl drop: 0                          ipv6 output acl drop: 0
  ipv4 input css down drop: 0                     ipv4 output css down drop: 0
  ipv4 input css down drop: 0                     ipv4 output css down drop: 0
  ipv4 output xoff pkts drop: 0                   ipv4 output xoff bytes drop: 0
  ipv6 output xoff pkts drop: 0                   ipv6 output xoff bytes drop: 0
  ipv6 input ehrpd-access drop: 0                 ipv6 output ehrpd-access drop: 0
input pkts dropped (0 mbr): 0                   output pkts dropped (0 mbr): 0
  ip source violations: 0                         ipv4 output no-flow drop: 0
  ipv6 egress filtered: 0
  ipv4 proxy-dns redirect: 0                      ipv4 proxy-dns pass-thru: 0
  ipv4 proxy-dns drop: 0
  ipv4 proxy-dns redirect tcp connection: 0
  ipv6 bad hdr: 0                                 ipv6 bad length trim: 0
  ip source violations no acct: 0
  ip source violations ignored: 0
  dormancy total: 0                               handoff total: 0
  ipv4 icmp packets dropped: 0
  APN AMBR Input Pkts Drop: 0                     APN AMBR Output Pkts Drop: 0
  APN AMBR Input Bytes Drop: 0                    APN AMBR Output Bytes Drop: 0

    Monitoring and Troubleshooting the Routing Behind the Mobile Station

    Routing Behind the Mobile Station Show Command(s) and/or Outputs

    show apn name <apn_name>

    ...
proxy-mip: Disabled
proxy-mipv6: Disabled
proxy-mip null-username static home address: Disabled
Network Behind Mobile Station: Enabled
Maximum subnets behind Mobile station: 10
Maximum Addresses Behind Mobile Station:  16777214
Tunnel peer load-balancing : random
L3-to-L2 tunnel address-policy no-alloc-validate
tunnel address-policy alloc-validate
NPU QoS Traffic Priority: Derive from packet DSCP

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco