Gateway GPRS Support Node (GGSN) - 4.0 AC-A09 - Gi Configuration
33
10/01/10 11:37 Gateway GPRS Support Node (GGSN) - 4.0 AC-A09 Page 1 of 33 http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493 OPERATION DIRECTIONS 2/1543-AXB 250 02 Uae X Gi Interface Configuration Copyright © Ericsson AB 2003, 2004 - All Rights Reserved Disclaimer The contents of this document are subject to revision without notice due to continued progress in methodology, design, and manufacturing. Ericsson shall have no liability for any errors or damage of any kind resulting from the use of this document. Contents 1 Introduction 1.1 Purpose 1.2 Scope 1.3 Applicability 2 Prerequisites 2.1 Planning 2.2 User 2.3 Equipment 3 Flowchart 4 L1, L2 and IP Layer Configuration 4.1 Hardware Configuration 4.2 IPsec, GRE and Packet Filters Configuration 4.3 Internal Routing Configuration 4.4 External Routing Configuration 5 Access and Authentication Configuration 5.1 APN Configuration 5.2 Outband RADIUS Configuration 6 Additional Configuration 6.1 Deleting a Gi Interface partly or completely 6.2 Modifying a Gi Interface partly or completely 7 Example 7.1 Hardware Configuration Example 7.2 IPsec/GRE and Packet Filters Configuration Example 7.3 Internal Routing Configuration Example 7.4 External Routing Configuration Example 7.5 APN Configuration Example 7.6 Outband RADIUS Configuration Example 7.7 DHCP Configuration Example 8 Related Documents 9 Reference List
Transcript of Gateway GPRS Support Node (GGSN) - 4.0 AC-A09 - Gi Configuration
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 1 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
OPERATION DIRECTIONS 2/1543-AXB 250 02 Uae X
Gi Interface ConfigurationCopyright
© Ericsson AB 2003, 2004 - All Rights Reserved
Disclaimer
The contents of this document are subject to revision without notice due to continued progress inmethodology, design, and manufacturing.
Ericsson shall have no liability for any errors or damage of any kind resulting from the use of thisdocument.
Contents
1 Introduction1.1 Purpose1.2 Scope1.3 Applicability
2 Prerequisites2.1 Planning2.2 User2.3 Equipment
3 Flowchart
4 L1, L2 and IP Layer Configuration4.1 Hardware Configuration4.2 IPsec, GRE and Packet Filters Configuration4.3 Internal Routing Configuration4.4 External Routing Configuration
5 Access and Authentication Configuration5.1 APN Configuration5.2 Outband RADIUS Configuration
6 Additional Configuration6.1 Deleting a Gi Interface partly or completely6.2 Modifying a Gi Interface partly or completely
7 Example7.1 Hardware Configuration Example7.2 IPsec/GRE and Packet Filters Configuration Example7.3 Internal Routing Configuration Example7.4 External Routing Configuration Example7.5 APN Configuration Example7.6 Outband RADIUS Configuration Example7.7 DHCP Configuration Example
8 Related Documents
9 Reference List
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 2 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
1 Introduction
1.1 Purpose
This document describes how to configure the Gi interface on the Gateway GPRS Support Node(GGSN) or the Combined GPRS Support Node (CGSN). It is mainly written for personnel performingfirst-time configuration of the GGSN. It covers GGSN 4.0 and CGSN G 3.0.
CGSN G 3.0 consists of the SGSN and the GGSN software applications running in the same physicalnode. Throughout this document, when read from a CGSN point of view, SGSN/GGSN should be readas "the SGSN/GGSN part of the CGSN". If the CGSN differs from the SGSN/GGSN this will be stated.
1.2 Scope
This document covers the following issues:
Prerequisites to be able to start the configurationFlowchart describing the order in which the interface should be configuredConfiguration procedures for Layer 1 (L1), Layer 2 (L2) and the Internet Protocol (IP) layerConfiguration procedures for access and authorizationAdditional configuration procedures for deletion or modification of the Gi interface partly orcompletelyConfiguration examples
The configuration of the Gi interface is transacted through Command Line Interface (CLI) commandsor by using the Packet Exchange Manager (PXM). For operating instructions of the PXM and moreinformation on the CLI commands used during the configuration, see the reference chapter. TheOperation & Maintenance (O&M) environment, including PXM and CLI, is further described inReference [60].
All descriptions in this document work under the assumption that the configuration is done as if noprevious communication links to the Packet Data Network (PDN) exist. Only some recommendationsregarding the configuration parameters are given in this document, since they can not be known inadvance without a particular PDN at hand.
For a description of the Gi interfaces refer to Reference [50].
1.3 Applicability
This document is intended to personnel performing first-time configuration of the GGSN. It is assumedthat the installation of the GGSN has already been implemented by the site installation personnel.
2 PrerequisitesThis chapter outlines the prerequisites, as they depend on the General Packet Radio Service (GPRS)backbone network and specific setup.
Note: To be able to start the configuration on the basis of this document the GGSN must becompletely installed by the site installation personnel.
No previous communication links may exist.
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 3 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
2.1 Planning
The configuration requires planning, especially of the various communication protocol details.
The planning phase should give information on the following topics:
How to connect the PDN physicallyHow to prepare the GPRS backbone networkHow to obtain the Internet Protocol (IP) addresses supposed to be used by the Mobile Stations(MS)Which mechanism to use when assigning an IP address to an MSAll the low-level communication parameters used by the link to the PDN, depending on thechosen technologyThe usage of IP Routing or Access Point Name (APN) RoutingThe usage of packet filters and Internet Protocol Security (IPsec) or Generic RoutingEncapsulation (GRE)The access configuration and APN parameters, as well as information on Remote AuthenticationDial-In User Service (RADIUS) and Dynamic Host Configuration Protocol (DHCP) serversThe GPRS backbone network configuration and related parametersThe necessary GGSN specific planning parameters, which are listed in Reference [61] for aGGSN or Reference [62] for a CGSN
Note: The details of the communication parameters configured on the various protocollevels depend on the PDN connected to the GGSN.
2.2 User
The person performing configuration and planning should have a solid knowledge and training in:
The area of Transmission Control Protocol/Internet Protocol (TCP/IP) and the various Layer (L1)and Layer 2 (L2) technologies supported by the GGSN, for example Asynchronous TransferMode (ATM), routing protocols and router configuration.The function of the Global System for Mobile communication (GSM) and Wideband Code DivisionMultiple Access (WCDMA) Systems in general. For descriptions of the systems, see Reference[82] for the WCDMA System and Reference [52] for GSM.The function of the O&M system. Refer to Reference [60] for further information.Operation of the GGSNHow to work in PXMHow to work in UNIX
2.3 Equipment
To execute the configuration of the Gi interface the following equipment is needed:
A GSN equipped with GGSN functionsAny of these Work Station setups:
A UNIX Work Station connected, through the O&M network, to the SGSN and GGSNA UNIX Work Station connected to a terminal server, which is directly plugged into theGeneral Processing Board (GPB) serving as the active Node Controller Board (NCB)
3 FlowchartOn a general level, configuring the Gi interface is broken down into separate, partly independent,tasks:
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 4 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
L1, L2 and IP layer configurationAccess and authentication configuration
These steps are broken down into smaller processes described in the workflow, see Figure 1.
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 5 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
Figure 1 Gi Interface Configuration Workflow
4 L1, L2 and IP Layer ConfigurationThis section describes how L1 and L2 are configured to create carrier for an IP layer. First, thehardware is configured, followed by packet filtering, IPsec, GRE and routing. The configuration can beimplemented through using either CLI commands or PXM.
Note: To be able to use the PXM form when configuring the Gi interface, the Gom interfacemust be configured in advance.
The configuration is exemplified in Section 7, in order to clarify all the steps.
The hardware configuration must be executed on every Gi plug-in unit.
4.1 Hardware Configuration
The configuration procedure depends on the hardware, either Ethernet or ATM can be used.
4.1.1 Ethernet Plug-in Unit Configuration
Configure the external IP addresses on the Ethernet GiR plug-in units.
Instructions
Use the Ethernet PXM form or the CLI command connect_eth_ip to implement the following steps:
1. Specify the IP address and the subnet mask to configure the TCP/IP stack.2. Specify the link speed and the desired duplex mode for the Ethernet plug-in unit.3. Enable IP routing by setting the value of the attribute vanilla to true.
Note: Auto negotiate is not supported and cannot be used by any equipment connected to theEthernet link of the GSN. All equipment connected to the Ethernet link of the GSN mustbe explicity configured to use the same speed and duplex settings as configured for theGSN.
Note: Various other Ethernet parameters can also be configured, but it is recommended to usethe default values for most parameters since they effect the internal performance of thehardware.
4.1.2 ATM Plug-in Unit Configuration
When setting up ATM for the Gi interface, initially, each plug-in unit that is going to run ATM must bestarted. One or several Permanent Virtual Circuits (PVC) (made up of a Virtual Path Identifier [VPI]and a Virtual Circuit Identifier [VCI]) are then created on each ATM port and a TCP/IP stack address isconfigured and attached to each PVC.
Also, the peer in the PDN has been associated with an IP address. This IP address maps to the ATMaddress of the peer.
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 6 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
The ATM PVCs can be configured for either IP or APN routed APNs.
Instructions
1. Complete the base ATM routing. Use the ATM Driver tab in the ATM Management PXM formor the CLI command start_atm to define the maximum number of IP instances, the number ofVPIs and VCIs, the switch prefix number and the end system identifier.
Note: It might be necessary to increase this value if all defined instances are already inuse. This can only be done by first stopping the ATM driver, entering the newparameter values and then starting the driver again. Use the ATM Driver tab inthe ATM Management PXM form or the CLI commands stop_atm andstart_atm.
2. Define a PVC. The most likely case is to define a PVC for transmission and reception (Direction= RX/TX), unless there is any reason to support only one direction. Specify the ATM address tothe Network Service Access Point (NSAP) Destination. Normally also the Service Category isspecified. Use the Virtual Circuits tab in the ATM Management PXM form or the CLIcommand create_atm_vc to define a PVC.
3. Specify the IP address, destination IP address and a subnet mask of the TCP/IP interface. Thenattach the TCP/IP stack to the PVC, enable IP routing and state the selector. Use the IP Setuptab in the ATM Management PXM form or the CLI command connect_atm_vc_ip.
4.2 IPsec, GRE and Packet Filters Configuration
Filtering on all logical external IP interfaces should be configured in order to permit inbound andoutbound traffic. IP packets can be either denied, permitted or handled with Internet Protocol Security(IPsec) or Generic Routing Encapsulation (GRE) security policy. If authentication with or withoutencryption is required, an IPsec connection is set up. GRE is a lighter protocol and offers neitherauthentication nor encryption.
Note: The inbound and outbound packet filters are independent, hence both filters must beconfigured.
Permit and deny filters are directly defined, while an IPsec, GRE filter requires to have defined aSecurity Association (SA) or GRE tunnel in advance.
4.2.1 IPsec Security Association
To be able to run IPsec the SAs must be configured. The IPsec SAs are unidirectional, hence one SAfor outgoing and one for incoming traffic is necessary.
To achieve redundancy a virtual IP address, not bound to a certain interface in the GGSN, should bechosen as end point for the IPsec tunnel instead of one of the GiR plug-in units.
Instructions
Use the IPSec Management PXM form or the CLI command create_ipsec_sa to define an SA,implement the steps below:
1. Specify the name and direction of the SA2. Specify the IP address of the local and remote gateway3. Specify the mode of the SA (tunnel or transport mode)
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 7 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
4. State the protocol of the SA and the algorithm(s) resulting from the choice of protocol
4.2.2 GRE Tunnels
GRE tunneling is similar to IPsec in tunnel mode without encryption or authentication. GRE is abidirectional protocol, thus, a single GRE tunnel is used for both incoming and outgoing traffic(compared to the unidirectional IPsec SAs).
To achieve redundancy a virtual IP address, not bound to a certain interface in the GGSN, should bechosen as end point for the GRE tunnel instead of one of the GiR plug-in units.
Instructions
Use the IPSec Management PXM form or the CLI command create_gre_tunnel to create a GREtunnel, implement the steps below:
1. Specify the name of the tunnel2. Specify the IP address of the local and remote gateway3. Specify the session key
4.2.3 Packet Filtering
For outbound filters, it is recommended is to configure rules which only allow outbound packets with acorrect source IP address to leave the GGSN. For inbound filters it is recommended to configure ruleswhich only allow inbound packets with a correct destination IP address to enter the GGSN. A generalrecommendation for both inbound and outbound filters is to configure the allowed traffic to pass thefilter and configure everything else to be discarded.
For configuration of filters that are treating packets with IPsec or GRE functions, see Section 4.2.4.
Instructions
1. Create a set of packet filter policies. Specify the range of IP addresses allowed for inbound andoutbound traffic among other parameters. Use the PXM form Packet Filtering or the CLIcommand create_pf_policy to create a packet filter policy. The range of IP addresses, therouting configuration to the PDN and the filter must match the setup defined in the APN(implemented later). See Section 5.1.
Note: RADIUS requests will come from one of the IP addresses in the allowed IP addressrange, so no special provisioning has to be made for this case.
Note: In the PXM form the value of the attribute name is already set to the name of theinterface and it cannot be modified.
4.2.4 Filter Rules when Using IPsec or GRE
To create a bidirectional IPsec connection, two SAs in each end-point are needed. Since GRE tunnelsare unidirectional just one tunnel is necessary.
Procedure Specific Prerequisites
The following procedure specific prerequisite exists:
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 8 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
A filter treating packet with IPsec or GRE functions requires to have defined SAs or a GREtunnel in advance.
Instructions
1. To create a new policy with the rule Perform IPsec/GRE transformation, specify the IPdestination and the name of the SA or GRE tunnel to be associated with the policy. Use thePacket Filtering PXM form or the CLI command create_pf_policy to bind the SA or GREtunnel to the IP stack.
Note: The inbound filter rule Perform IPSec/GRE does not have to be configured for every SA orGRE tunnel since the IPSec/GRE processing will automaticly find the correct SA/GREtunnel when decapsulating. Therefore, it is enough to configure one filter rule perprotocol number (it means IPSec AH, IPSec ESP and GRE).
Note: The name of the created IPsec or GRE tunnel must be used later to identify the point-to-point connection when the APN is defined.
4.3 Internal Routing Configuration
Open Shortest Path First (OSPF) is the recommended routing protocol for routing internally within theGGSN. Note that the Gi and Gn interfaces should be configured on separate plug-in units, since theGn interface requires configuration of both the internal routing and the Operation & MaintenanceVirtual IP (O&M VIP) address.
The router IDs may not collide with other IDs of routers within an autonomous system.
To achieve full redundancy at link failure, OSPF virtual links must be configured between two GiR plug-in units. The virtual link must be configured cross wise on both GiR plug-in units.
Instructions
1. Enable the internal OSPF routing on the Internal Gi subnetwork (IGi) by specifying the OSPFarea and the attributes retransmission, hello and router intervals. Use the CLI commandset_ospf_igi.
Note: The internal OSPF area may not be set to 0.0.0.0 since this area is to be used onthe external interface.
Note: The internal OSPF routing on the IGi subnetwork can not be enabled from PXM.
2. Set the router identity on each GiR plug-in unit. Use the Router ID tab in the Routing PXMform or the CLI command set_router_id.
3. Configure virtual links on the GiR plug-in units. Use the OSPFv2 Area Customization tab inthe Routing PXM form or the CLI command custom_ospf_area.
4.4 External Routing Configuration
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 9 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
There are several options on how to configure the GiR plug-in units externally. Either static routes ora routing protocol like OSPF, Routing Information Protocol (RIP) or Border Gateway Protocol (BGP) canbe used.
If OSPF is being used internally but not externally the routing information must be exported to theOSPF database. In other words, the information on the GiR plug-in units must be propagated to theGiA plug-in units.
4.4.1 Static Routes
Static routes are used when the setup is not changing. Routing protocols provides more flexibility.
Instructions
1. To configure a static route specify the destination IP address, netmask and the gateway IPaddress. Use the Static Routes tab in the Routing PXM form. Alternatively use the CLIcommand set_static_route.
2. To export the routing information to the GiA plug-in units configure the required destination,source and filter operands. Use the Export tab in the Routing PXM form. Alternatively use theCLI command set_route_export.
4.4.2 OSPF - Routing Within an Autonomous System
Usage of OSPF means that the GGSN and the PDN form one Autonomous System. Within thisAutonomous System the GGSN advertises that it knows a route to the hosts from the APN addressrange.
If OSPF is used internally and externally, exportation rules do not have to be configured.
Instructions
To configure the OSPF use the OSPFv2 tab in the Routing PXM form or the CLI commandset_ospf_if to implement the steps below:
1. Specify the OSPF area ID and the router priority.
Note: The backbone OSPF area should always be set to 0.0.0.0, in order to create anarea border to the IGi subnetwork.
2. Specify the type and IP address of the interface.3. Set the attributes retransmission, hello and router dead interval as well as the cost of the
interface.
4.4.3 RIP - Routing Within an Autonomous System
The usage of RIP as routing protocol should be avoided since it is just suitable for smaller networksand it has some significant technical drawbacks.
RIP is an Interior Gateway Protocol (IGP), hence it is used within an autonomous system.
Instructions
1. To configure RIP use the RIP II tab in the Routing PXM form. Alternatively use the CLIcommand set_rip.
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 10 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
2. To export the routing information to the GiA plug-in units configure the required destination,source and filter operands. Use the Export tab in the Routing PXM form. Alternatively use theCLI command set_route_export.
4.4.4 BGP - Routing Between Autonomous Systems
The BGP configuration distinguishes between Internal BGP (IBGP) and External BGP (EBGP). EBGP isof concern to the Gi interface.
EBGP is an inter-Autonomous System routing protocol, which exchanges network reachabilityinformation with other EBGP systems. For an EBGP session the number of the remote AutonomousSystem (AS) must be configured prior to enabling BGP.
When configuring the BGP routing of the interface, the route exportation rules should ensure that therange of IP addresses used later when configuring the APN, is exported to the peer system. Due tothis, the peers can learn about the MSs and know where to direct traffic.
Instructions
1. To configure the Autonomous System number on a router plug-in unit use the AS tab in theRouting PXM form or the CLI command set_router_as.
2. To configure BGP specify the IP address of the BGP peer, the remote AS number and the typeof session (EBGP). Use the BGP-4 tab in the Routing PXM form or the CLI commandset_bgp_peer.
3. To export the routing information to the GiA plug-in units configure the required destination,source and filter operands. Use the Export tab in the Routing PXM form. Alternatively use theCLI command set_route_export.
5 Access and Authentication ConfigurationThe access is set up in the Access Point Name (APN). The MS IP address can either be staticallyprovided or provided by the GGSN, a Dynamic Host Configuration Protocol (DHCP) server or by aninband or outband RADIUS server. The APN setup also includes authentication of user.
The access and authentication configuration is implemented in the following order:
1. When outband RADIUS is used for authentication, the RADIUS APN must be configured first.This is done in the RADIUS APN PXM form or by using the CLI command create_rapn.
2. Configure the APN and the connection to the RADIUS or DHCP server if either of these aregoing to be used. This is done in the APN PXM form or by using the CLI command create_apn.
The APN configuration requires an IP address to be used by the GGSN when making requests, forexample RADIUS requests to the PDN. This IP address, which is called RADIUS External Protocol IPAddress in the APN PXM form, is one out of the range of the allowed RADIUS addresses.
Note: If a DHCP or RADIUS server is used for IP address allocation, it may not offer an IPaddress that is equal to any of the addresses used for sending messages or makingrequests.
Note: If a DHCP server is used for IP address allocation, it must be configured to have an IPaddress lease time that is at least 60 seconds.
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 11 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
5.1 APN Configuration
Note: If outband RADIUS is going to be used, follow the instructions according to Section 5.2.
Procedure Specific Prerequisites
The following procedure specific prerequisites exist:
The L1, L2 and IP layer configuration must be completed.The RADIUS APN must be configured before the APN configuration if outband RADIUS is going tobe used.
Instructions
The operands used in the instructions below are specified in either the APN PXM form or by using theCLI command create_apn.
The configuration performed in 5.1 step 1 to 5.1 step 7 is mandatory while 5.1 step 8 to 5.1 step 28is optional.
1. Specify the name of the APN by entering a domain name.2. Specify whether User Name Based Selection is going to be used.
Note: To continue without User Name Based Selection go directly to 5.1 step 5.
3. Enter a default APN for User Name Based Selection.4. Enter or choose the APNs to use for User Name Based Selection.5. Specify the start of supported IP addresses to be covered by the PDN. The APN is configured to
contain an IP address range, which covers the IP addresses as controlled by the PDN.
Note: For APNs containing an IP address range with more than 30 KB IP addresses it isrecommended that the IP address range is configured as several ranges. This isdone to improve the internal loadsharing and redundancy in GGSN.
The same could also be done for APNs with smaller IP address ranges, to achieve abetter internal redundancy in GGSN.
6. Specify the IP address to be used by the GGSN when making Internet Control Message Protocol(ICMP) and IP Control Protocol (IPCP) messages, the GGSN IP Address.
7. Enter IP address mask. This is the netmask for the network corresponding to the first and lastsupported IP Segments.
8. Specify performed authentication, inband RADIUS or no authentication.
Note: To continue without the use of inband RADIUS continue at 5.1 step 16.
9. Specify the RADIUS External Protocol IP Address.10. To use an inband RADIUS server to authenticate the MS, specify the Primary RADIUS Server
Address. The GGSN needs to know the IP address of the RADIUS server in the PDN to accessthe RADIUS server.
11. Configure the value of the time-out and retry attributes for messages to the primary RADIUS
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 12 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
server.12. Specify a shared encryption key for the primary RADIUS server. This shared secret is compared
to a password allowing the GGSN to access the primary RADIUS server. The shared secret isused for both accounting and authentication.
13. Specify whether to use a single, constant Source Port for communication with the primaryRADIUS server. This is necessary, if the primary RADIUS server identifies a RADIUS dialog byonly the identifier and not by both identifier and source port. This option, however, limits thenumber of simultaneous RADIUS dialogs to 256.
14. If a second RADIUS server is going to be used, specify it according to 5.1 step 10 to 5.1 step13.
15. For both RADIUS Access-Request and RADIUS Accounting-Request, specify which type of MobileStation Integrated Services Digital Network Number (MSISDN) shall be included in the message.Select one of the following options: No, Dummy, Real. If Dummy is selected, enter a valid valuein the box MSISDN for the appropriate RADIUS message.
16. Indicate in which RADIUS message type to include any of the attributes Full IMSI, MCC +MNC,Selection Mode, Charging Id, GGSN GTP IP Address, and SGSN IP Address.
17. Specify from where the MS is going to get its IP address. Enter Static, GGSN, DHCP, or RADIUS.
Note: To continue without the use of DHCP continue at 5.1 step 19.
18. Enter the DHCP server IP address, and also specify the External Protocol IP Address. If DHCP isused together with inband RADIUS authentication the External Protocol IP Address equals theRADIUS External Protocol IP Address.
19. Indicate if RADIUS is going to be used for accounting and if it is going to be used forauthentication.
20. Specify how the MS is allowed to connect to an APN. Specify one or several ways.21. If ingress filter is applied on all packets sent from the MS, enable ingress filter. The filter will
drop packets where IP spoofing is detected.22. Specify the routing method. Enter IP or Link Layer Forwarding (LLF).
Note: The routing method must be the same as the one chosen during link configuration.
23. If LLF is chosen, select what tunnel or ATM PVC to connect the APN to. Specify name and metricof the tunnel or ATM PVC.
24. Enter primary Domain Name System (DNS) server IP address.25. Enter secondary DNS server IP address. To be able to enter secondary DNS server IP address,
first choose primary DNS server IP address.26. Specify the maximum number of allowed Packet Data Protocol (PDP) contexts for this APN. If
the parameter is not defined, no limit on the number of PDP contexts will exist.27. Specify the default service class to be used.28. Enter IP Filters, URI Filters, WAP Signaling Filters, Filter Associations and Perform Imsi Analysis
if the optional feature Packet Inspection and Service Classification is enabled.
Note: The Packet Inspection and Service Classification feature is license dependent.
29. Enter values for rating vectors and use the checkbox to enable or disable RTC Active.
Note: The RTC feature is license dependent.
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 13 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
5.2 Outband RADIUS Configuration
Implement the configuration below if outband RADIUS is going to be used.
Procedure Specific Prerequisites
The following procedure specific prerequisite exists:
The L1, L2 and IP layer configuration must be completed.
Instructions
The operands used in the instructions below are specified in either the RADIUS APN PXM form or byusing the CLI command create_rapn.
The configurations performed in 5.2 step 1 to 5.2 step 4 and 5.2 step 8 to 5.2 step 14 are mandatorywhile 5.2 step 5 to 5.2 step 7 and 5.2 step 15 to 5.2 step 31 are optional.
1. Specify the name of the RADIUS APN by entering a domain name.2. Specify the RADIUS External Protocol IP Address.3. Specify the Primary Server Address of the RADIUS Server to be used to authenticate the MS.
The GGSN needs to know the IP address of the RADIUS server in the PDN to access theRADIUS server.
4. Configure the value of the time-out and retry attributes for RADIUS access. Also specifywhether to use a single source port. Specify a shared encryption key for the primary RADIUSserver. This shared secret is used for both accounting and authentication.
5. If a second RADIUS server is going to be used, configure its parameters according to 5.2 step 3to 5.2 step 4.
6. Specify the routing method. Enter IP or LLF.7. If LLF is chosen, select what tunnel or ATM PVC to connect the APN to. Specify name and metric
of the tunnel or ATM PVC.
When the configuration of the RADIUS APN is implemented continue with the APN configuration.
The operands used in the instructions below are specified in either the APN PXM form or by using theCLI command create_apn.
8. Specify the name of the APN.9. Specify whether User Name Based Selection is going to be used.
Note: To continue without User Name Based Selection continue at 5.2 step 12.
10. Enter a default APN for User Name Based Selection.11. Enter or choose the APNs to use for User Name Based Selection12. Specify the start of supported IP addresses to be covered by the PDN. The APN is configured to
contain an IP address range, which covers the IP addresses as controlled by the PDN.13. Specify the IP address to be used by the GGSN when making ICMP and IPCP messages, the
GGSN IP Address.14. Enter IP address mask. This is the netmask for the network corresponding to the first and last
supported IP Segments.15. Specify Outband RADIUS authentication as the performed authentication.16. Specify RADIUS APN name by entering a domain name.17. For both RADIUS Access-Request and RADIUS Accounting-Request, specify which type of Mobile
Station Integrated Services Digital Network Number (MSISDN) shall be included in the message.Select one of the following options: No, Dummy, Real. If Dummy is selected, enter a valid valuein the box MSISDN for the appropriate RADIUS message.
18. Indicate in which RADIUS message types to include any of the attributes Full IMSI, MCC +MNC,
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 14 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
Selection Mode, Charging Id, GGSN GTP IP Address, and SGSN IP Address.19. Specify from where the MS is going to get its IP address. Enter Static, GGSN, DHCP or RADIUS.
Note: To continue without the use of DHCP continue at 5.2 step 22.
20. Enter the DHCP server IP address.21. Specify the External Protocol IP Address.22. Indicate if RADIUS is going to be used for accounting and if it is going to be used for
authentication.23. Specify how the MS is allowed to connect to an APN. Specify one or several ways.24. If ingress filter is applied on all packets sent from the MS, enable ingress filter. The filter will
drop packets where IP spoofing is detected.25. Specify the routing method. Enter IP or LLF.
Note: The routing method must be the same as the one chosen during link setup.
26. If LLF is chosen, select what tunnel or ATM PVC to connect the APN to. Specify name and metricof the tunnel or ATM PVC.
27. Enter primary DNS server IP address.28. Enter secondary DNS server IP address. To be able to enter secondary DNS server IP address,
first choose primary DNS server IP address.29. Specify the maximum number of allowed Packet Data Protocol (PDP) contexts for this APN. If
the parameter is not defined, no limit on the number of PDP contexts will exist.30. Specify the default service class to be used.31. Enter IP Filters, URI Filters, WAP Signaling Filters, Filter Associations and Perform Imsi Analysis
if the optional feature Packet Inspection and Service Classification is enabled.
Note: The Packet Inspection and Service Classification feature is license dependent.
32. Enter values for rating vectors and use the checkbox to enable or disable RTC Active.
Note: The RTC feature is license dependent.
6 Additional ConfigurationThis section describes how to delete and modify either the complete Gi interface or selected parts ofit.
6.1 Deleting a Gi Interface partly or completely
Deleting a Gi interface is equivalent to removing a PDN from a GGSN and therefore from the GPRSbackbone network. Removing an PDN from a GGSN involves the reverse execution of the key stepsdescribed in the procedure of creating a Gi interface.
The Gi interface configuration can also be partly deleted by removing, for example, just one RADIUS,a few APNs, one packet filter or the like.
The following steps are for deleting the Gi interface:
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 15 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
APN configurationRADIUS configurationRouting configurationIPsec, GRE and filtering configurationTCP/IP stack attachmentIP layer configurationLink layers configuration
Note: Since the rate of PDP context deactivations is limited, operations on APNs with manyactive PDP contexts should be handled with due care. Otherwise, an APN may be out ofoperation for a long time. All PDP contexts active in an APN will be removed, if the APNis deleted. All PDP contexts active in an APN will be removed, if any of the followingtypes of modifications are made to the APN:
Change of MS APN IP address range (first IP address or netmask).Change of routing method (from normal IP to APN or vice versa).The set of configured LLF links is changed.Change of RADIUS External Protocol IP Address and External Protocol IP Address.Change of a RADIUS server (primary or secondary). This includes change of IPaddress, addition, replacement, or removal.Change of origin of IP Address.GGSN IP address is changed.
6.1.1 Deleting APN and RADIUS Configuration
Removing an APN configuration basically means to reverse the definition of the APN in the GGSN.
Procedure Specific Prerequisites
The following procedure specific prerequisite exists:
The APN entry should be removed from the DNS in the GPRS backbone network, before the APNis deleted. Otherwise, the SGSN will send Create PDP Context requests to the GGSN.
Available Operations
The following operations exist to display and remove APNs and RADIUS APNs:
To display all the RADIUS APNs that can be deleted, use the RADIUS APN PXM form or the CLIcommand list_rapns.To delete a RADIUS APN, use the RADIUS APN PXM form or the CLI command delete_rapn.To display all the APNs that can be deleted, use the APN PXM form or the CLI commandlist_apns.To delete an APN, use the APN PXM form or the CLI command delete_apn.
All subscriber connections to the APN are automatically removed. If the APN uses a RADIUSserver, the connection between APN and the RADIUS server is lost when the APN is deleted. Ifthe RADIUS server has provided the subscribers with dynamic IP addresses, they will beautomatically released when the APN is deleted. The same applies for a DHCP server.
Required Order of Configuration
If an APN is using outband RADIUS the deletion must be implemented in the following order:
1. APN2. RADIUS APN
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 16 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
6.1.2 Reverse Routing Configuration
When a plug-in unit is detached from its IP stack, the routing configuration is not deletedautomatically, hence the routing protocols must be removed prior to the physical link.
When changing router configurations, it should be taken into account that such changes might takesome time to propagate. For example the routing protocols have to pick up the routing changes.
Procedure Specific Prerequisites
The following procedure specific prerequisite exists:
RADIUS and APN connections to the selected router plug-in unit must be deleted.
Available Operations
In order to disable the existing routing configuration on a router plug-in unit the following operationsexist:
To delete the OSPF protocol on an external GiR plug-in unit use the OSPFv2 tab in theRouting PXM form or the CLI command delete_ospf_if.To delete the BGP routing protocol use the BGP-4 tab in the Routing PXM form or the CLIcommands delete_bgp_peer.To delete the RIP routing protocol use the RIP II tab in the Routing PXM form or the CLIcommands delete_rip.To delete the static routes use the Static Routes tab in the Routing PXM form or the CLIcommands delete_static_route.To delete the OSPF protocol internally use the OSPFv2 tab in the Routing PXM form or the CLIcommand delete_ospf_igi.
Note: The internal routing should only be removed if the whole Gi interface is to bedeleted.
To delete policies for exporting routes use the Routing PXM form and the Exports tab or theCLI commands delete_route_export.
Note: The necessary operations must be implemented on every plug-in unit to be configured.
6.1.3 Deleting IPsec, GRE and Packet Filtering Configuration
If packet filter policies or IPsec or GRE connections are defined on a Gi plug-in unit they must beremoved for security reasons. The packet filter policies on an interface must be deleted before theinterface itself.
Available Operations
To remove packet filter policies or IPsec or GRE connections the following operations exist:
To delete the filter policy or set of policies for a router plug-in unit, SA or GRE tunnel, use thePacket Filtering PXM form or the CLI command delete_pf_policy.To delete an SA, use the IPSec Management PXM form or the CLI commanddelete_ipsec_sa. The SAs are deleted one by one. Both SAs of the bidirectional IPsecconnection must be deleted.
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 17 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
To delete a GRE tunnel, use the IPSec Management PXM form or the CLI commanddelete_gre_tunnel. The GRE tunnels are deleted one by one.
Note: The necessary operations must be implemented on every plug-in unit to be configured.
Required Order of Configuration
To delete IPsec SAs or a GRE tunnel with a corresponding set of packet filter policies, the deletionmust be implemented in the following order:
1. Delete the set of packet filters2. Delete the IPsec SAs or GRE tunnel
6.1.4 Deleting Physical Links
The deletion process differs depending on whether the plug-in unit is running Ethernet or ATM.
Deleting an Ethernet Configuration
To disconnect an Ethernet plug-in unit from the TCP/IP stack, follow the instructions bellow.
Procedure Specific Prerequisites
The following procedure specific prerequisite exists:
On the router plug-in unit where Ethernet is going to be disconnected, the routing and packetfiltering configuration must previously be removed.
Available Operations
To remove the Ethernet configuration the following operation exist:
To disconnect the selected Ethernet driver from the TCP/IP stack the Ethernet PXM form or theCLI command disconnect_eth_ip can be used.
Note: The operation must be implemented on every plug-in unit to be configured.
Deleting an ATM Configuration
To disconnect an ATM PVC or to deinitialize the ATM plug-in unit from the TCP/IP stack, follow theinstructions bellow.
Procedure Specific Prerequisites
The following procedure specific prerequisite exists:
On the router plug-in unit where ATM will be disconnected, the routing and packet filteringconfiguration must previously be removed.
Available Operations
To remove the ATM configuration the following operations exist:
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 18 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
To detach the TCP/IP stack from an ATM PVC, use the IP Setup tab in the ATM ManagementPXM form or the CLI command disconnect_atm_vc_ip.To delete the detached ATM PVC use the Virtual Circuits tab in the ATM Management PXMform or the CLI command delete_atm_vc.To deinitialized an ATM plug-in unit use the ATM Driver tab in the ATM Management PXMform or the CLI command stop_atm.
Note: The ATM driver for a plug-in unit may be deinitialized if there are no active PVCsfor this specific plug-in unit.
Note: The necessary operations must be executed on every plug-in unit to be configured.
Required Order of Configuration
To remove an ATM PVC and stop an ATM plug-in unit the operations must be implemented in thefollowing order:
1. Detach the TCP/IP stack from the ATM PVC2. Delete the ATM PVC3. Stop the ATM driver
Note: For every ATM PVC that is going to be deleted, 6.1.4 step 1 and 6.1.4 step 2 need to berepeated. It is possible to delete just one or all of them.
Note: The deinitialization of the ATM plug-in unit, performed by implementing 6.1.4 step 3,should just be executed if all the ATM PVCs, once connected to the plug-in unit, aredisconnected and deleted.
6.2 Modifying a Gi Interface partly or completely
The configuration of the Gi interface can also be modified, partly or completely. To do this theexecution of the key steps described in the procedure of creating a Gi interface are either overwrittenor changed.
The following steps are for modifying the Gi interface:
APN configurationRADIUS configurationRouting configurationIPsec, GRE and filtering configuration
Note: Since the rate of PDP context deactivations is limited, operations on APNs with manyactive PDP contexts should be handled with due care. Otherwise, an APN may be out ofoperation for a long time. All PDP contexts active in an APN will be removed, if the APNis deleted. All PDP contexts active in an APN will be removed, if any of the followingtypes of modifications are made to the APN:
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 19 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
Change of MS APN IP address range (first IP address or netmask).Change of routing method (from normal IP to APN or vice versa).The set of configured LLF links is changed.Change of RADIUS External Protocol IP Address and External Protocol IP Address.Change of a RADIUS server (primary or secondary). This includes change of IPaddress, addition, replacement, or removal.Change of origin of IP Address.GGSN IP address is changed.
6.2.1 Modifying APN and RADIUS Configuration
To view the current data it is possible to display the values of the attributes of a specific APN orRADIUS APN. An optional number of operands of an existing APN or RADIUS APN can be changed.
Note: If the modifications of the APN and RADIUS APN influence on other parts of the system,make sure to change the configuration of these parts too.
Available Operations
The following operations exist to display and modify APNs and RADIUS APNs:
To display the data for a specific RADIUS APN by specifying the name of the RADIUS APN, usethe RADIUS APN PXM form or the CLI command get_rapn.To modify a RADIUS APN, use the RADIUS APN PXM form or the CLI command set_rapn.To display the data for a specific APN by specifying the name of the APN, use the APN PXMform or the CLI command get_apn to display the values of the operands.To modify an APN, use the APN PXM form or the CLI command set_apn.
Note: Only attributes which are entered will be changed. Attributes which are not entered willkeep its previous value.
6.2.2 Modifying Routing Configuration
When changing router configurations, it should be taken into account that such changes might takesome time to propagate. For example, the routing protocols have to pick up the routing changes.
Note: If the modifications of the router configuration influence on other parts of the system,make sure to change the configuration of these parts too.
Available Operations
There are no specific CLI commands to change any of the router attributes. The router configuration isinstead modified by following the instructions outlined in Section 4.4 and Section 4.3. When a CLIcommand is run again the old configuration is overwritten by the new. The Routing PXM form andthe respective tabs can also be utilized to edit the attributes.
6.2.3 Modifying Packet Filtering and IPsec/GRE Configuration
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 20 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
Note: If the modifications of the filter policies, IPsec SAs or GRE tunnels influence on otherparts of the network, make sure to change the configuration of these parts too.
Available Operations
To modify packet filter policies, IPsec or GRE connections the following operations exist:
To change the filter policy, or set of policies, for a router plug-in unit, SA or GRE tunnel, use thePacket Filtering PXM form or the CLI command delete_pf_policy. The CLI command is thesame as the one used when creating the filter, that is to say, the command also changes thefilter data for the interface with the name, traffic direction and equipment specified.To modify an SA, use the IPSec Management PXM form or the CLI command set_ipsec_sa.The SAs are modified one by one. Both SAs of the bidirectional IPsec connection must bemodified.
Note: All the attributes must be specified just as when creating the SA.
To modify a GRE tunnel, use the IPSec Management PXM form or the CLI commandset_gre_tunnel. The GRE tunnels are deleted one by one.
Note: All the attributes must be specified just as when creating the GRE tunnel.
Required Order of Configuration
If modifying a filter that is treating packets with IPsec or GRE functions, implement the configurationin the following order:
1. Define the SA or GRE tunnel2. Attach the SA or GRE tunnel to the IP stack using a packet filter
6.2.4 Modifying Physical Links
The modification process differs depending on whether the plug-in unit is running Ethernet or ATM.
Modifying an Ethernet Configuration
The Ethernet plug-in unit attachment to the TCP/IP stack should not be modified in order to have therest of the system running.
Modifying an ATM Configuration
The ATM driver should not be modified.
ATM PVCs can be modified by deleting the old configuration according to Section 6.1.4, new ATM PVCsare created according to Section 4.1.2.
7 ExampleIn this section the configuration procedure is described on the basis of an example set up. Since theconfiguration can be performed in more than one way several examples explain the different
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 21 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
configuration situations. The examples covers configuration by using CLI commands. The configurationcan also be performed by using PXM. This is, however not described.
Caution!
Every operator should carefully examine what parameters to configure andwhat values to give them. The parameter values in the examples are not
in any way recommended values.
The operator must also take into consideration how the hardware iscompounded.
7.1 Hardware Configuration Example
Either an Ethernet plug-in unit or an ATM plug-in unit can be used as hardware.
7.1.1 Ethernet Example
One external IP address per GiR plug-in unit is set. The configuration must be repeated on each GiRplug-in unit that is running Ethernet.
Example 1 Ethernet Configuration of the GiR External IP Address
connect_eth_ip -eq {2 11 2 1} -unit 0 {-name ETH_2_11_0 -vanilla true -ip 172.28.130.4 -mask 255.255.255.0 -speed 100 -duplex 1}
The O&M port is configured to function as an Ethernet plug-in unit. When using LLF tunnels for theEthernet case, IPsec or GRE are used as external tunnels. Since IPsec and GRE packets are routed asnormal IP packets, normal IP routing will always be used.
Note: When using Ethernet the value of the attribute vanilla should always be set to true.
7.1.2 ATM Example
Initially the ATM driver is setup, then the PVCs are created and given an external IP address. EachGiR plug-in unit can have several PVCs, either for IP routed APNs or for APN routed APNs. Theexamples below cover both cases.
Example 2 Starting Up the ATM Driver
start_atm -eq {2 11 2 1} -unit 1 -sdh true -range "1:11" -esi "00:00:02:00:02:11" -perm false -switch "10:20:30:40:50:60:70:80:90:a0:b0:c0:d0" -mip 50 -rx 900 -tx 16
This procedure is performed once for each GiR plug-in unit that is using ATM.
Example 3 Setting Up a PVC When Using Normal IP Routing
create_atm_vc -eq {2 11 2 1} -unit 1 -vpi 1 -vci 100
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 22 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
-dir 3 -addr "10:20:30:40:50:60:70:80:90:a0:b0:c0:d0:00:00:02:00:02:11:00" -cat VBR -pcr 155000 -scr 100000 -mbs 20
connect_atm_vc_ip -eq {2 11 2 1} -unit 1 -vpi 1 -vci 100 -name ATM_2_11_1_1_100 -vanilla true -sel 0 -ip 172.28.140.2 -mask 255.255.255.0 -dip 172.28.140.10
The configuration above depicts a PVC with an IP interface used for normal IP routing, the value ofthe attribute vanilla is set to true. The commands must be repeated for each PVC used for normal IProuting.
Example 4 Setting Up a PVC When Using APN Routing
create_atm_vc -eq {2 11 2 1} -unit 1 -vpi 1 -vci 101 -dir 3 -addr "10:20:30:40:50:60:70:80:90:a0:b0:c0:d0:00:00:02:00:02:11:01" -cat VBR -pcr 155000 -scr 100000 -mbs 20
connect_atm_vc_ip -eq {2 11 2 1} -unit 1 -vpi 1 -vci 101 -name ATM_2_11_1_1_101 -vanilla false -sel 1 -ip 172.28.150.1 -mask 255.255.255.252 -dip 172.28.150.2
The configuration above depicts a PVC with an IP interface used for APN routing, the value of theattribute vanilla is set to false. The ATM PVC and LLF tunnel bindings are established later in theconfiguration course of events, when creating the APNs, see Section 7.5.2.
The commands must be repeated for each PVC used for APN routing.
In Example 3 and Example 4 the values of the attributes cat, pcr, scr and mbs are optional and whenusing them they must be configured in agreement with the number of PVCs used. The sum of PeakCell Rate (PCR) over the PVCs should be less or equal to 155 000. The same applies for the sum ofSustainable Cell Rate (SCR) over the PVCs. Also, the sum of SCR should be less than the sum of PCR
7.2 IPsec/GRE and Packet Filters Configuration Example
The examples below depicts how to set both inbound and outbound filter rules in different situations.If IPsec or GRE is going to be used the SAs or GRE tunnel must be created first. The filter rules differdepending on whether using ATM PVCs, IPsec or GRE.
7.2.1 IPsec Security Association Example
Example 5 Creating Security Associations
create_ipsec_sa {-name AhTunnelIn1 -dir 1 -mode 2 -proto 51 -spi 551 -aualg 3 -aukey 0x1111111111111111111111111111111111111111 -lip 172.24.250.254 -rip 172.28.132.1 }
create_ipsec_sa {-name AhTunnelOut1 -dir 2 -mode 2 -proto 51 -spi 501 -aualg 3 -aukey 0x1111111111111111111111111111111111111111 -rip 172.28.132.1 -lip 172.24.250.254 }
IPsec tunnels are always configured in pairs. One SA for the outgoing and one for the incoming IPsectunnel should be configured. To achieve redundancy the SAs are automatically created on both GiRplug-in units. The addresses of the SAs on both sides of the tunnel must match to each other and to
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 23 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
fulfil the redundancy the local termination IP address, lip (the endpoint of the tunnel) must be chosenaccording to Section 7.2.3.
The IPsec tunnels will be connected to LLF tunnels. The IPsec and LLF tunnel bindings are establishedlater in the configuration course of events, when creating the APNs, see Section 7.5.2.
7.2.2 GRE Tunnel Example
Example 6 Creating a GRE Tunnel
create_gre_tunnel { -name ISPtunnel1 -gskp true -gskey 801 -lip 172.24.250.254 -rip 172.28.132.1}
GRE tunnels are bidirectional which means that one GRE tunnel is used for both incoming andoutgoing traffic. To achieve redundancy the GRE tunnels are automatically created on both GiR plug-inunits. To fulfil the redundancy the local termination IP address, lip (the endpoint of the tunnel) mustbe chosen according to Section 7.2.3.
The GRE tunnels will be connected to LLF tunnels. The GRE and LLF tunnel bindings are establishedlater in the configuration course of events, when creating the APNs, see Section 7.5.2.
7.2.3 Choosing Gi IPsec/GRE VIP Address Example
To achieve redundancy a virtual IP address, not bound to a certain interface in the GGSN, should bechosen as end point for the IPsec/GRE tunnel instead of one of the GiR plug-in units. To accomplishthis perform the configuration in Example 7. For more information on the configuration of theattribute lip, see Reference [50].
Note: To get a functioning redundancy, routing protocols like OSPF need to be used on theexternal GiR plug-in units.
Example 7 Local Termination IP Address
set_static_route -eq {2 10 2 1 } {-dip 172.24.250.254 -mask 255.255.255.255 -gip 127.0.0.1}set_static_route -eq {2 12 2 1 } {-dip 172.24.250.254 -mask 255.255.255.255 -gip 127.0.0.1}
set_route_export -eq {2 10 2 1} -dst {-proto 3 -src {-proto 5 -filter {-ip 0.0.0.0 -mask 0.0.0.0 -rule 2}}}set_route_export -eq {2 12 2 1} -dst {-proto 3 -src {-proto 5 -filter {-ip 0.0.0.0 -mask 0.0.0.0 -rule 2}}}
Static routes for the virtual IP address are set to a loopback interface on the GiR plug-in units. Thesestatic routes are then exported so that external routers receive routing information about the virtualIP address.
7.2.4 Filter Rules when Using ATM PVCs Example
When using ATM PVCs inbound and outbound filters should be set.
Example 8 Inbound Filter for a PVC Directed to IP Routed APNs
create_pf_policy -eq { 2 11 2 1 } -name ATM_2_11_1_1_100 -dir 1 {-rule 2 -proto 0 -sip 0.0.0.0 -smask 0.0.0.0 -dip
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 24 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
0.0.0.0 -dmask 0.0.0.0 -ipnext 0 -ipnextq 3 -ipopt false -log false }
Example 9 Outbound Filter for a PVC Directed to IP Routed APNs
create_pf_policy -eq { 2 11 2 1 } -name ATM_2_11_1_1_100 -dir 2 {-rule 2 -proto 0 -sip 0.0.0.0 -smask 0.0.0.0 -dip 0.0.0.0 -dmask 0.0.0.0 -ipnext 0 -ipnextq 3 -ipopt false -log false }
These filters allow all incoming and outgoing traffic.
Example 10 Inbound Filter for a PVC Directed to APN Routed APNs
create_pf_policy -eq { 2 11 2 1 } -name ATM_2_11_1_1_101 -dir 1 {-rule 2 -proto 0 -sip 0.0.0.0 -smask 0.0.0.0 -dip 0.0.0.0 -dmask 0.0.0.0 -ipnext 0 -ipnextq 3 -ipopt false -log false }
Example 11 Outbound Filter for a PVC Directed to APN Routed APNs
create_pf_policy -eq { 2 11 2 1 } -name ATM_2_11_1_1_101 -dir 2 {-rule 2 -proto 0 -sip 0.0.0.0 -smask 0.0.0.0 -dip 0.0.0.0 -dmask 0.0.0.0 -ipnext 0 -ipnextq 3 -ipopt false -log false }
These filters allow all incoming and outgoing traffic.
7.2.5 Filter Rules when Using IPsec Example
When using IPsec there are three filters to configure. Since the SAs are automatically configured onboth GiR plug-in units the filters should also be configured on both plug-in units. This must be done byrepeating the commands.
Note: The SAs must be configured prior to the filter settings.
Example 12 Inbound Filter Settings
create_pf_policy -eq {2 11 2 1} -name ETH_2_11_0 -dir 1 {-rule 3 -proto 0 -sip 0.0.0.0 -smask 0.0.0.0 -dip 0.0.0.0 -dmask 0.0.0.0 -ipnext 51 -ipnextq 1 -ipopt false -sa AhTunnelIn1 -log false } {-rule 2 -proto 0 -sip 0.0.0.0 -smask 0.0.0.0 -dip 0.0.0.0 -dmask 0.0.0.0 -ipnext 0 -ipnextq 3 -ipopt false -log false }
This filter uses two rules. One rule catch incoming IPsec packets and sends them for IPsec processing,the other rule allow all incoming packets to enter the GGSN.
Note: The inbound filter rule Perform IPSec/GRE does not have to be configured for every SA orGRE tunnel since the IPSec/GRE processing will automaticly find the correct SA/GREtunnel when decapsulating. Therefore, it is enough to configure one filter rule perprotocol number (it means IPSec AH, IPSec ESP and GRE).
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 25 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
Note: Rule 3 is configured once for each type of tunnel (IPsec AH or IPsec ESP). The values ofthe attributes sip, smask, dip and dmask should be configured with the IP address0.0.0.0. The GSN itself will then automatically direct trafic to any of the tunnels of thattype.
Example 13 Outbound Filter Settings
create_pf_policy -eq {2 11 2 1} -name ETH_2_11_0 -dir 2 {-rule 2 -proto 0 -sip 0.0.0.0 -smask 0.0.0.0 -dip 0.0.0.0 -dmask 0.0.0.0 -ipnext 0 -ipnextq 3 -ipopt false -log false }
This example contains one filter rule that allows all outgoing traffic.
Example 14 Inbound Interface Filter
create_pf_policy -eq { 0.0.0.0 } -name AhTunnelIn1 -dir 1 {-rule 2 -proto 0 -sip 0.0.0.0 -smask 0.0.0.0 -dip 0.0.0.0 -dmask 0.0.0.0 -ipnext 0 -ipnextq 3 -ipopt false -log false}
The incoming traffic is filtered after IPsec treatment. In this example all traffic is allowed. The GGSNitself directs the trafic in this case, hence the equipment identifier is configured to {0 0 0 0}.
Note: The tunnel interface filter is configured to only filter inbound packets.
7.2.6 Filter Rules when Using GRE Example
The only attribute that distinguishes the filter settings for GRE from the ones for IPsec is ipnext,which indicates the protocol number (47 for GRE, 50 for IPsec ESP and 51 for IPsec AH).Consequently the examples below correspond to those in Section 7.2.5.
Since the GRE tunnels are automatically configured on both GiR plug-in units the filters should also beconfigured on both plug-in units. This must be done by repeating the commands.
Note: The GRE tunnel must be configured prior to the filter settings.
Example 15 Inbound Filter Settings
create_pf_policy -eq {2 11 2 1} -name ETH_2_11_0 -dir 1 {-rule 3 -proto 0 -sip 0.0.0.0 -smask 0.0.0.0 -dip 0.0.0.0 -dmask 0.0.0.0 -ipnext 47 -ipnextq 1 -ipopt false -sa ISPtunnel1 -log false } {-rule 2 -proto 0 -sip 0.0.0.0 -smask 0.0.0.0 -dip 0.0.0.0 -dmask 0.0.0.0 -ipnext 0 -ipnextq 3 -ipopt false -log false }
This filter uses two rules. One rule catch incoming GRE packets and sends them for GRE processing,the other rule allows all incoming packets to enter the GGSN.
Note: Rule 3 is configured once for all the GRE tunnels. The values of the attributes sip, smask,
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 26 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
dip and dmask should be configured with the IP address 0.0.0.0. The GSN itself will thenautomatically direct trafic to any of the tunnels of that type.
Example 16 Outbound Filter Settings
create_pf_policy -eq {2 11 2 1} -name ETH_2_11_0 -dir 2 {-rule 2 -proto 0 -sip 0.0.0.0 -smask 0.0.0.0 -dip 0.0.0.0 -dmask 0.0.0.0 -ipnext 0 -ipnextq 3 -ipopt false -log false }
This example contains one filter rule that allows all outgoing traffic.
Example 17 Inbound Interface Filter
create_pf_policy -eq { 0 0 0 0 } -name AhTunnelIn1 -dir 1 {-rule 2 -proto 0 -sip 0.0.0.0 -smask 0.0.0.0 -dip 0.0.0.0 -dmask 0.0.0.0 -ipnext 0 -ipnextq 3 -ipopt false -log false }
This filter processes the packets in the tunnel instead of filtering the tunnel just as in Example 15. Alltraffic is allowed in this situation. The GGSN itself directs the traffic in this case, hence the equipmentidentifier is configured to {0 0 0 0}.
Note: The tunnel interface filter is configured to only filter inbound packets.
7.3 Internal Routing Configuration Example
Example 18 Enable Internal OSPF Routing
set_ospf_igi {-area 0.0.0.4 -retr 5 -hello 10 -rtrd 40}
This example illustrates how to enable routing on the IGi subnetwork, between the GiR and GiA plug-in units. OSPF is the routing protocol that is used internally.
Note: The OSPF area may not be set to 0.0.0.0 since this area is to be used on the externalinterface.
Example 19 Setting Router Identity on a GiR Plug-in Unit
set_router_id -eq {2 11 2 1} -ip 172.28.130.4
Note: The router IDs may not collide with any of the other router IDs within an autonomoussystem.
For example, the IP addresses on two of the normal IP routed interfaces can be used as GiRidentities.
Example 20 Configuring Virtual Links Between two GiR Plug-in Units
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 27 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
custom_ospf_area -eq {2 11 2 1} -area 0.0.0.0 -custom "virtuallink neighborid 172.28.131.4 transitarea 0.0.0.4;"
custom_ospf_area -eq {2 13 2 1} -area 0.0.0.0 -custom "virtuallink neighborid 172.28.130.4 transitarea 0.0.0.4;"
To achieve full redundancy at link failure, OSPF virtual links must be configured between the two GiRplug-in units. The virtual link must be configured cross wise on both GiR plug-in units. In this examplethe opposite GiR plug-in unit is situated in mag <2>, slot <13> and has the router ID 172.28.131.4.
7.4 External Routing Configuration Example
The GiR plug-in units can be configured to use either static routes or to use a routing protocol likeOSPF, RIP or BGP.
If not using OSPF externally the routing information must be exported to the OSPF database, in otherwords, the information on the GiR plug-in units should be propagated to the internal OSPF domain.
7.4.1 Static Routes Example
Example 21 Setting Static Routes on a GiR Plug-in Unit
set_static_route -eq {2 11 2 1} {-dip 172.20.40.0 -mask 255.255.255.0 -gip 172.28.130.10}
Example 22 Exportation of Static Route Information to the OSPF Database
set_route_export -eq {2 11 2 1} -dst {-proto 3 -src {-proto 5 -filter {-ip 0.0.0.0 -mask 0.0.0.0 -rule 2}}}
The configuration is implemented the same way independent on if the plug-in unit is running Ethernetor ATM.
7.4.2 OSPF Routing Externally Example
The configuration of OSPF routing externally, varies a little depending on whether using Ethernet orATM plug-in units. The example below shows the Ethernet situation but the disagreement in the ATMcase is minor.
Example 23 Enable External OSPF Routing on an Ethernet Plug-in Unit
set_ospf_if -eq {2 11 2 1} {-ip 172.28.130.4 -type 1 -area 0.0.0.0 -prio 1 -retr 5 -hello 10 -rtrd 40 -cost 1}
The only attribute that distinguishes the Ethernet and ATM cases are type, which describes theinterface type. An Ethernet plug-in unit is configured to use a broadcast interface while an ATM plug-in unit is using a point-to-point interface.
Note: The OSPF area on the external GiR plug-in units should always be set to 0.0.0.0, in orderto create an area boarder to the IGi subnetwork.
7.4.3 RIP Example
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 28 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
Example 24 Enabling RIP on a GiR Plug-in Unit
set_rip -eq {2 11 2 1} -ip 172.28.130.4
For a point-to-point link (for example ATM) the remote IP address of the interface should be used asthe RIP interface address. Otherwise (for example Ethernet) the local IP address of an interfaceshould be used. Hence the configuration of the IP address differ depending on whether configuring anATM or an Ethernet plug-in unit. The example above illustrates the Ethernet case.
Example 25 Exportation of RIP Information to the OSPF Database
set_route_export -eq {2 11 2 1} -dst {-proto 3 -ip 172.28.130.4 -src {-proto 1 -filter {-ip 0.0.0.0 -mask 0.0.0.0 -rule 2}}}
Also when exporting the RIP information the destination IP address should be chosen according towhether configuring an ATM or an Ethernet plug-in unit.
7.4.4 BGP Example
Only EBGP is relevant on the Gi interface. Since EBGP exchange information with other autonomoussystems the autonomous system number must be known.
Example 26 Setting Autonomous System Number on a GiR Plug-in Unit
set_router_as -eq {2 11 2 1} -as 1
Example 27 Enabling EBGP on a GiR Plug-in Unit
set_bgp_peer -eq {2 11 2 1} {-ip 172.28.130.254 -type 1 -as 2}
The type indicates that EBGP is used.
Example 28 Exportation of BGP Information to the OSPF Database
set_route_export -eq {2 11 2 1} -dst {-proto 3 -as 2 -src {-proto 4 -filter {-ip 0.0.0.0 -mask 0.0.0.0 -rule 2}}}
7.5 APN Configuration Example
This section describes a variety of examples on how to set up an APN.
7.5.1 IP Routed APN Example
Example 29 IP Routed APN
create_apn apn04a.ericsson.se -ubs no -fip 172.24.1.0 -gip 172.24.1.254 -nm 255.255.255.0 -oad GGSN -ssgsn -ssubs -suser -rm IP
Above, the routing method is set to IP. The MS is assigned an IP address provided by the GGSN.
7.5.2 APN Routed APN Example
When APN is used as routing method the attribute llf must be configured. The parameter contains thename (or names) of the external ATM PVCs, IPsec tunnels or GRE tunnels previously created. Thesewill now be connected to the LLF tunnel. The llf attribute also contains a number, metric, that
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 29 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
indicates the priority of the link.
Note: The external tunnels that are connected to the LLF tunnels must be created prior to theAPN configuration.
Example 30 APN Routed APN Connected to One ATM PVC
create_apn apn04c.ericsson.se -ubs no -fip 172.24.3.0 -gip 172.24.3.254 -nm 255.255.255.0 -oad GGSN -ssgsn -ssubs -suser -rm LLF -llf ATM_2_11_1_1_101,20
In this example the LLF tunnel is connected to one ATM PVC. This particular ATM PVC, namedATM_2_11_1_1_101, was created in Example 4. The MS is assigned an IP address provided by theGGSN.
Example 31 APN Routed APN Connected to Two ATM PVCs
create_apn apn04c.ericsson.se -ubs no -fip 172.24.3.0 -gip 172.24.3.254 -nm 255.255.255.0 -oad GGSN -ssgsn -ssubs -suser -rm LLF -llf ATM_2_11_1_1_101,20 ATM_2_13_1_1_101,10
This case describes how to configure the APN routed APN when the LLF tunnel is connected to tworedundant ATM PVCs. The PVC named ATM_2_11_1_1_101 has a higher priority then the one namedATM_2_13_1_1_101, hence traffic will be sent through the first prior to the second. If load sharing isdesired two PVCs with the same metric should be configured.
Also in this case the MS is assigned an IP address provided by the GGSN.
Example 32 APN Routed APN Connected to an IPsec Tunnel
create_apn apn04b.ericsson.se -ubs no -fip 172.24.2.0 -gip 172.24.2.254 -nm 255.255.255.0 -oad GGSN -ssgsn -ssubs -suser -rm LLF -llf AhTunnelIn1,5 AhTunnelOut1,10
Since SAs and GRE tunnels are automatically setup on both GiR plug-in units the LLF tunnel areautomatically setup to both GiR plug-in units. The LLF tunnel is connected to the previously createdIPsec SAs. One IPsec tunnel is used for outbound traffic (AhTunnelOut1) and the other one is forinbound traffic (AhTunnelIn1). The metric must be higher on outgoing traffic then on incoming, in thiscase it has nothing to do with priority.
As above, the MS is assigned an IP address provided by the GGSN.
Example 33 APN Routed APN Connected to a GRE Tunnel, Inband RADIUS Used
create_apn apn04d.ericsson.se -ubs no -fip 172.24.4.0 -gip 172.24.4.254 -nm 255.255.255.0 -ru inband -repi 172.24.4.253 -pip 172.28.131.2 -pqt 2000 -pqr 6 -pek gprs5 -oad RADIUS -ssgsn -ssubs -suser -rm LLF -llf ISPtunnel1,1
The purpose of this example is to describe two important matters. First, the LLF tunnel is linked to aGRE tunnel. Since GRE is a bidirectional protocol just one tunnel is necessary, in contrast to IPsec.Second, inband RADIUS is used for IP address allocation and authentication. Hence, the MS isassigned an IP address provided by the RADIUS.
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 30 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
Example 34 APN Routed APN, with the IP Address Range Configured as Several Ranges
create_apn ericsson1.com -fip "170.17.0.0 170.17.1.0" -gip "170.17.0.254" -nm "255.255.255.0 255.255.255.0" -oad GGSN -rm IP
For APNs containing an IP address range with more than 30 KB IP addresses it is recommended thatthe IP address range is configured as several ranges, according to the example above. This is done toimprove the internal loadsharing and redundancy in GGSN.
The same could also be done for APNs with smaller IP address ranges, to achieve a better internalredundancy in GGSN.
7.6 Outband RADIUS Configuration Example
When using outband RADIUS, a RADIUS APN must be configured prior to the APN configuration.
Example 35 Creation of a RADIUS APN
create_rapn rapn04 -repi 172.34.1.1 -pip 172.28.131.2 -pqt 2000 -pqr 6 -pek gprs5 -rm LLF -llf Radiustunnel1,1
An APN called rapn04, has been created to handle communication between the GGSN and the RADIUSserver. In this case the RADIUS APN is linked to a GRE tunnel. This is no requirement though, it mayas well be connected to either an IPsec tunnel or an ATM PVC or normal IP routing can be used.
Example 36 Creation of an Outband APN Routed RADIUS APN
create_apn apn04e.ericsson.se -ubs no -fip 172.24.5.0 -gip 172.24.5.254 -nm 255.255.255.0 -ru outband -rapn rapn04 -oad RADIUS -ssgsn -ssubs -suser -rm LLF -llf ISPtunnel2,1
Example 37 Creation of another APN Using the Same Outband RADIUS APN
create_apn apn04f.ericsson.se -ubs no -fip 172.24.6.0 -gip 172.24.6.254 -nm 255.255.255.0 -ru outband -rapn rapn04 -oad RADIUS -ssgsn -ssubs -suser -rm LLF -llf ISPtunnel3,1
In both examples above outband RADIUS is used for IP address allocation and authentication. Hence,the MS is assigned an IP address provided by a RADIUS server in another network.
The APNs using the RADIUS APN can be linked to any kind of tunnels, GRE, IPsec or ATM PVCs ornormal IP routing can be used.
7.7 DHCP Configuration Example
The MS can also be assigned an IP address provided by a DHCP server.
Example 38 Creation of an APN Using a DHCP Server for IP Address Allocation
create_apn apn04e.ericsson.se -ubs no -fip 172.24.7.0 -gip 172.24.7.254 -nm 255.255.255.0 -dsaddr 172.24.7.253 -epi 172.24.7.253 -oad DHCP -ssgsn -ssubs -suser -rm LLF -llf ISPtunnel31,1
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 31 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
When communicating with the DHCP server the GGSN uses the External Protocol IP Address in theAPN. In the example above the DHCP server performs the IP address allocation, however, it cannothandle authentication. It is possible to combine DHCP IP address allocation and inband or outbandRADIUS authentication.
8 Related DocumentsGn/Gp and Gom Interface Configuration. See Reference [51].
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 32 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
9 Reference List[1] Activating and Deactivating RIP, OPERATION DIRECTIONS, 4/154 31-CXC 132 0861.[2] Attaching an Ethernet Equipment to the TCP/IP Stack, OPERATION DIRECTIONS, 150/154 31-CXC132 0863.[3] Attaching an IP Interface to an ATM VC, OPERATION DIRECTIONS, 204/154 31-CXC 132 0863.[4] BGP-4 (Border Gateway Protocol) OPERATION DIRECTIONS, 9/154 31-CXC 132 0861.[5] Changing the Settings of a Security Association or GRE Tunnel, OPERATION DIRECTIONS, 2/15431-CXC 132 0868.[6] connect_atm_vc_ip, MANUAL PAGE, 203/190 80-CXC 132 879.[7] connect_eth_ip, MANUAL PAGE, 151/190 80-CXC 132 879.[8] create_apn, MANUAL PAGE, 10/190 80-CRA 250 39.[9] create_atm_vc, MANUAL PAGE, 202/190 80-CXC 132 879.[10] create_gre_tunnel, MANUAL PAGE, 4/190 80-CXC 132 0509.[11] create_ipsec_sa, MANUAL PAGE, 1/190 80-CXC 132 0509.[12] create_pf_policy, MANUAL PAGE, 1/190 80-CXC 132 1157.[13] create_rapn, MANUAL PAGE, 15/190 80-CRA 250 39.[14] Creating an APN, OPERATION DIRECTIONS, 11/154 31-CRA 250 39.[15] Creating a New Policy, OPERATION DIRECTIONS, 4/154 31-CXC 132 0866.[16] Creating a New Security Association or GRE Tunnel, OPERATION DIRECTIONS, 1/154 31-CXC132 0868.[17] Creating a New Virtual Circuit, OPERATION DIRECTIONS, 202/154 31-CXC 132 0863.[18] Creating a RADIUS APN, OPERATION DIRECTIONS, 15/154 31-CRA 250 39.[19] De-initializing the ATM Driver, OPERATION DIRECTIONS, 201/154 31-CXC 132 0863.[20] delete_apn, MANUAL PAGE, 12/190 80-CRA 250 39.[21] delete_atm_vc, MANUAL PAGE, 204/190 80-CXC 132 879.[22] delete_bgp_peer, MANUAL PAGE, 15/190 80-CXC 132 660.[23] delete_gre_tunnel, MANUAL PAGE, 6/190 80-CXC 132 0509.[24] delete_ipsec_sa, MANUAL PAGE, 3/190 80-CXC 132 0509.[25] delete_ospf_if, MANUAL PAGE, 6/190 80-CXC 132 660.[26] delete_ospf_igi, MANUAL PAGE, 10/190 80-CXC 132 660.[27] delete_pf_policy, MANUAL PAGE, 2/190 80-CXC 132 1157.[28] delete_rapn, MANUAL PAGE, 16/190 80-CRA 250 39.[29] delete_rip, MANUAL PAGE, 4/190 80-CXC 132 660.[30] delete_route_export, MANUAL PAGE, 22/190 80-CXC 132 660.[31] delete_static_route, MANUAL PAGE, 18/190 80-CXC 132 660.[32] Deleting All Policies of an Interface or of an SA, OPERATION DIRECTIONS, 3/154 31-CXC 1320866.[33] Deleting an APN, OPERATION DIRECTIONS, 14/154 31-CRA 250 39.[34] Deleting a RADIUS APN, OPERATION DIRECTIONS, 17/154 31-CRA 250 39.[35] Deleting a Security Association or GRE Tunnel, OPERATION DIRECTIONS, 3/154 31-CXC 1320868.[36] Deleting a Selected Policy, OPERATION DIRECTIONS, 2/154 31-CXC 132 0866.[37] Deleting a Virtual Circuit, OPERATION DIRECTIONS, 203/154 31-CXC 132 0863.[38] Detaching an Ethernet Interface from the TCP/IP Stack, OPERATION DIRECTIONS, 151/154 31-CXC 132 0863.[39] Detaching an IP Interface from an ATM VC, OPERATION DIRECTIONS, 205/154 31-CXC 1320863.[40] Disabling OSPF for an Interface, OPERATION DIRECTIONS, 8/154 31-CXC 132 0861.[41] disconnect_atm_vc_ip, MANUAL PAGE, 205/190 80-CXC 132 879.[42] disconnect_eth_ip, MANUAL PAGE, 152/190 80-CXC 132 879.
10/01/10 11:37Gateway GPRS Support Node (GGSN) - 4.0 AC-A09
Page 33 of 33http://digimqalex01.fwi.digicelgroup.local:80/alexserv?id=31493
[43] Displaying the Attributes of an APN, OPERATION DIRECTIONS, 12/154 31-CRA 250 39.[44] Displaying the Attributes of a RADIUS APN, OPERATION DIRECTIONS, 18/154 31-CRA 250 39.[45] Editing the OSPF Settings for an Active Interface, OPERATION DIRECTIONS, 6/154 31-CXC 1320861.[46] Enabling OSPF for an Interface, OPERATION DIRECTIONS, 5/154 31-CXC 132 0861.[47] Exports (Route Exportation Policies) OPERATION DIRECTIONS, 12/154 31-CXC 132 0861.[48] get_apn, MANUAL PAGE, 13/190 80-CRA 250 39.[49] get_rapn, MANUAL PAGE, 18/190 80-CRA 250 39.[50] Gi Interface Description, DESCRIPTION, 2/1551-AXB 250 02.[51] Gn/Gp and Gom Interface Configuration, OPERATION DIRECTIONS, 3/1543-AXB 250 03.[52] GSM GSN System Description, DESCRIPTION, 1551-AXB 250 04.[53] Initializing the ATM Driver, OPERATION DIRECTIONS, 200/154 31-CXC 132 0863.[54] list_apns, MANUAL PAGE, 14/190 80-CRA 250 39.[55] list_rapns, MANUAL PAGE, 19/190 80-CRA 250 39.[56] Modifying the Attributes of an APN, OPERATION DIRECTIONS, 13/154 31-CRA 250 39.[57] Modifying the Attributes of a RADIUS APN, OPERATION DIRECTIONS, 16/154 31-CRA 250 39.[58] Modifying the Order of the Existing Policies, OPERATION DIRECTIONS, 1/154 31-CXC 132 0866.[59] Modifying the Settings of an Existing Policy, OPERATION DIRECTIONS, 5/154 31-CXC 132 0866.[60] Operation and Maintenance Description, DESCRIPTION, 2/1551-AXB 250 04.[61] Parameter Description GGSN 4.0, PARAMETER DESCRIPTION, 1/190 84-AXB 250 02.[62] Parameter Description CGSN G 3.0, PARAMETER DESCRIPTION, 2/190 84-AXB 250 07.[63] Reusing the OSPF Settings of a "Down" Interface, OPERATION DIRECTIONS, 7/154 31-CXC 1320861.[64] Selecting a Security Association, OPERATION DIRECTIONS, 6/154 31-CXC 132 0866.[65] set_apn, MANUAL PAGE, 11/190 80-CRA 250 39.[66] set_bgp_peer, MANUAL PAGE, 14/190 80-CXC 132 660.[67] set_gre_tunnel, MANUAL PAGE, 5/190 80-CXC 132 0509.[68] set_ipsec_sa, MANUAL PAGE, 2/190 80-CXC 132 0509.[69] set_ospf_if, MANUAL PAGE, 5/190 80-CXC 132 660.[70] set_ospf_igi, MANUAL PAGE, 9/190 80-CXC 132 660.[71] set_rapn, MANUAL PAGE, 17/190 80-CRA 250 39.[72] set_rip, MANUAL PAGE, 3/190 80-CXC 132 660.[73] set_route_export, MANUAL PAGE, 21/190 80-CXC 132 660.[74] set_router_as, MANUAL PAGE, 13/190 80-CXC 132 660.[75] set_router_id, MANUAL PAGE, 2/190 80-CXC 132 660.[76] set_static_route, MANUAL PAGE, 17/190 80-CXC 132 660.[77] Specifying the Autonomous System, OPERATION DIRECTIONS, 3/154 31-CXC 132 0861.[78] Specifying the Router ID, OPERATION DIRECTIONS, 2/154 31-CXC 132 0861.[79] start_atm, MANUAL PAGE, 207/190 80 - CXC 132 879.[80] Static Route, OPERATION DIRECTIONS, 10/154 31-CXC 132 0861.[81] stop_atm, MANUAL PAGE, 208/190 80 - CXC 132 879.[82] WCDMA GSN System Description, DESCRIPTION, 1/1551-AXB 250 03.
![Monitoring Mobile Network Traffic (3G/LTE) · PDF fileGPRS Core Network Nodes [2/2] GGSN (Gateway GPRS Support Node) is a node responsible for:! Inter-networking between the GPRS network](https://static.fdocuments.in/doc/165x107/5a7174107f8b9a98538ce6f6/monitoring-mobile-network-traffic-3glte-nbsppdf-filegprs-core-network.jpg)
