A context is
a logical grouping or mapping of configuration parameters that pertain
to various physical ports, logical IP interfaces, and services.
A context can be thought of as a virtual private network (VPN).
The system supports
the configuration of multiple contexts. Each is configured and operates
independently from the others. Once a context has been created, administrative
users can then configure services, logical IP interfaces, subscribers,
etc.for that context. Administrative users would then bind the logical
interfaces to physical ports.
Contexts can also be
assigned domain aliases, wherein if a subscriber's domain
name matches one of the configured alias names for that context,
then that context is used.
Contexts on the system
can be categorized as follows:
Source context: Also
referred to as the "ingress" context, this context
provides the subscriber's point-of-entry in the system.
It is also the context in which services are configured. For example,
in a GPRS/UMTS network, the radio network containing the
Service GPRS Support Nodes (SGSNs) would communicate with the system
via Gn interfaces configured within the source context as part of
the GGSN service.
Destination context: Also
referred to as the "egress" context, this context
is where a subscriber is provided services (such as access to the
Internet) as defined by access point name (APN) configuration templates.
For example, the system's destination context would be configured
with the interfaces facilitating subscriber data traffic to/from
the Internet, a VPN, or other PDN.
Authentication context: This
context provides authentication functionality for subscriber PDP
contexts and/or administrative user sessions and contains
the policies and logical interfaces for communicating with Remote
Authentication Dial In User Service (RADIUS) authentication servers.
For subscriber authentication,
this functionality must be configured in the same system context
as the APN template(s). Optionally, to simplify the configuration
process, both subscriber RADIUS authentication functionality and
APN templates can be configured in the destination context.Important: To ensure scalability,
authentication functionality for subscriber sessions should not
be configured in the local context.
For administrative
users, authentication functionality can either be configured in
the local context or be authenticated in the same context as subscribers.
The system context
in which accounting functionality is configured depends on the protocol used.
Accounting for subscriber PDP contexts can be performed using either
the GPRS Tunneling Protocol Prime (GTPP) or RADIUS. Accounting for
administrative user sessions is based on RADIUS.
When using GTPP, it
is recommended that accounting functionality be configured in a system
source context along with the GGSN service.
When using RADIUS for
subscriber accounting, it must be configured in the same context as
RADIUS authentication. To simplify the configuration process, RADIUS-based
authentication and accounting can be configured in a destination
context as long as the APN templates are configured there as well.
RADIUS-based accounting
for administrative user sessions can either be configured in the local
context or in the same context used for subscriber accounting.
Important: To ensure scalability,
accounting functionality for subscriber sessions should not be configured
in the local context.