Gprs Detailed Ppt
-
Upload
aziz-ur-rehman -
Category
Documents
-
view
11 -
download
0
description
Transcript of Gprs Detailed Ppt
Need for GPRS/Class of Handsets Protocol Links for GPRSGGSN interfaces Transmission Plane Mobility Management-PDP context MS IPv4 Network Host BriefIP UDP structure TCP structureRouter configuration modes MS GPRS/IMSI attach procedureBasics GGSN configuration DNS- Domain Name Server DNS Query Response log GPRS DNS QueryConfiguring Access Point Name APN Parameters GGSN IP address allocation RADIUS featuresAPN n/w selection flow chartPDP Context Activation procedureNSAPI TLLI TUNNEL ID GTP protocol structureGn/Gp GTP messages
RADIUS Message flowGGSN RADIUS WAP gateway flowCreate PDP context request logCreate PDP context response logGTP messages logRA area update for different SGSNGPRS GGSN Roaming GGSN PDP contextGa Charging CDRGGSN customization (GTP & GTP')Concept of Tunnel for SecurityNode Network(IPSec) SecurityWAP ArchitectureGSM a subnet – INTERNETGGSN Summary
GGSN Basics
Why GPRS ? General Packet Radio Service
SGSN
GGSN
IP BACKBONE
GSN
C G
DNSNMS
GPRS MS
Corporate Network
BTS BSCMSC/VLR
HLR
PSTN
InternetGrSS7
Intranet
SMSC
TELaptop
Air IntUm
BSS
GbFrame Relay
ASS7
IP
IP
Border Gateway
Router withAccess Policy
Fire Wall
Other GPRS Networks
AUC
Fire Wall
GTP
GTP’
Private network
IP
GTP
IP
GTP
VPNGTP
Protocol Links for GPRS
Packet switching
Circuitswitching
Bluetooth,IR Serial cable
PCU
Gp
E1 link
BGP
GGSN interfaces
GPRS Transmission Plane
GSM RF
MAC
RLC
LLC
SNDCP
IP / X.25
Application
Layer 1
Layer 2
IP
TCPUDP
GTP
IP / X.25
LLC
SNDCP
GSM RF
MAC
RLC
L1 bis
NetworkService
BSSGP
L1 bis
NetworkService
BSSGP
Layer 1
Layer 2
IP
TCPUDP
GTP
MS BSS SGSN GGSNUm Gb Gn Gi
TLLI (IMSI / PTMSI)
NSAPI ( during PDP )
DLCI
BVCI-cell ID
IP
WAP / HTTP-XML
NSVCI
TID(NSAPI / IMSI)
TFI(TS-TBF)
IDLEIDLE IDLEIDLE
READYREADY READYREADY
STANDBYSTANDBY STANDBYSTANDBY
GPRSGPRSAttachAttach
PDUPDUTransmissionTransmission
Mobile ReachableMobile Reachabletime expirytime expiry
READY Timer expiryREADY Timer expiry
READY Timer expiryREADY Timer expiry
PDUPDUReceptionReception
GPRSGPRSDetachDetach
MOBILEMOBILE SGSNSGSN
GPRSGPRSAttachAttach
GPRSGPRSDetachDetach
IDLESGSN does not know aboutthe location of mobileNo logical PDP context activatedNo network address (IP) registered for the terminalNo routing of external data possible
STANDBYSGSN tracks the mobile (Routing
Area). When downlink data is available, packet paging message is sent to routing areaUpon reception, MS sends it's cell location to the SGSN and enters the ACTIVE state
READYSGSN knows the cell of the MSPDP contexts can be activated/deactivatedMay remain in this state even if no data is transmitted (controlled by timer)
Mobility Management
–GPRS Attach/Detach (towards SGSN/HLR)Makes MS available for SMS over GPRSPaging via SGSNNotification of incoming packet
–PDP Context Activation/DeactivationAssociate with a GGSNObtain PDP address (e.g. IP)
PDP Contexts
Packet Data Protocol (PDP)SessionLogical tunnel between MS and GGSNAnchors SGSN & GGSN for sessionPDP activitiesActivationModificationDeactivation
IP Address as a 32-Bit Binary Number
IP Address Classes
Hosts for Classes of IP Addresses
IP
UDP
TCP
Different Router Modes
Router(config)#
Router>enable
Router#config term
Exit
Ctrl-Z (end)• User EXEC Mode
• Privileged EXEC Mode
• Global Configuration Mode
Configuration Mode Prompt
Interface Router(config-if)#Line Router(config-line)#Router Router(config-router)#Access-list mode Router(access-list)#
The GGSN requires a logical interface called a virtual template to be configured.A virtual template interface is a logical entity—a configuration for an interface but not tied to a physical interface—that can be applied dynamically as needed to facilitate configuration of connections between the GGSN and SGSN, and the GGSN and PDNs
DNS Message Format
HEADER
QUESTIONS
ANSWERS (Resource Records)
AUTHORITY (Resource Records)
ADDITIONAL (Resource Records)
DNS-Domain Name Server
DNS response
APN Parameters
The GGSN uses the Dynamic Host Configuration Protocol (DHCP) to assign IP addresses to mobile station users who need to access the PDN.(Packet Data Networks)The GGSN can use local DHCP services within the Cisco IOS Software or configure the GGSN to use an external DHC P server
Remote Authentication Dial-In User Service
The GGSN uses the RADIUS server for a particular access point to authenticate mobile users for access to a PDN. Security-(AAA) Authentication, Authorization, and AccountingMobile user access.
APN Flow diagram
Tunnel ID creation
An IP address is a Logical address, not a Hardware address-similarly - mapped to
the IMSI or MSISDN of any MS SIM card .
TID -IP addressing is designed to allow a host to communicate with a host on a different network.eg Internet or Inter
PLMN
.
GTP v0 : UDP Port 3386 GPRS Signal + Data GTP v1 : UDP Port 2123 GTP-C UDP Port 2152 GTP-U
Signalling Plane
Tunnel Management messages
Create PDP Context Request Create PDP Context Response Update PDP Context Request Update PDP Context Response Delete PDP Context RequestError Indication PDU Notification Request PDU Notification PDU Notification Reject Request PDU Notification Reject Response
Mobility Management messages
Identification Request Identification ResponseSGSN Context RequestSGSN Context Response SGSN Context Acknowledge
Information elements
CauseInternational Mobile Subscriber Identity (IMSI)Temporary Logical Link Identity (TLLI) Quality of Service (QoS) Profile PDP ContextAccess Point NameMS International PSTN/ISDN Number (MSISDN) Charging IDEnd User AddressProtocol Configuration Options GSN AddressCharging Gateway
Transmission Plane
Protocol StackUsage of the GTP HeaderUsage of the Sequence NumberTunnelling between SGSN and GGSN
Protocol errors Different GTP versionGTP Message too shortUnknown GTP signalling message Unexpected GTP signalling message Missing mandatorily present information element Invalid Length Invalid mandatory information element Invalid optional information element Unknown information element Out of sequence information elements Unexpected information element Repeated information elements Incorrect optional information elements Path failure
Error handling
Path Protocols
UDP /IP UDP HeaderSignalling request messagesSignalling response messagesEncapsulated T-PDUsIP HeaderTCP Header
Gn /Gp GTP Messages
GGSN RADIUS gateway WAP flow
Delete PDP Context Request
Delete PDP Context Response T-PDU
Data Record Transfer Reponse
GPRS Roaming
GGSN MM Records
PDP CONTEXT WITH UNIQUE TUNNEL ID
MOBILITY MANAGEMENT CONTEXT
SGSN GGSN
CG
ISPMS
M-CDR’s
S-CDR’s G-CDR’s
Ga interface –GTP’ protocol CDR overview
gprs default charging-gateway ip address or name (primary secondary)
GGSN customization
gprs maximum-pdp-context-allowed: The maximum number of PDP contexts (mobile sessions) that can be activated on the GGSN
gprs gtp path-echo-interval : The number of seconds that the GGSN waits before sending an echo-request message to check for GTP path failure
gprs gtp n3-requests: The maximum number of times that the GGSN attempts to send a signaling request.
gprs gtp t3-response: The maximum time that the GGSN waits to respond to a signaling request message.
gprs idle-pdp-context purge-timer: The time that the GGSN waits before purging idle mobile sessions .
gprs charging transfer interval : The number of seconds that the GGSN waits before it transfers charging data to the charging gateway
gprs charging cdr-aggregation-limit: The maximum number of call detail records (CDRs) that the GGSN aggregates in a charging data transfer message to a charging gateway.
gprs charging cg-path-requests:The number of minutes that the GGSN waits before trying to establish the TCP/UDP path to the Charging gateway when TCP/UDP is the specified path protocol.
gprs charging cdr-option node-id : The GGSN uses the node ID field in CDRs
gprs charging cdr-option local-record-sequence-number:The local record sequence number field is used in CDRs on the GGSN
GTP
Charging Gateway
GGSN parameters and statistics
Tunnel ID 0
IP adress _._._._/_Source IP _._._._
Destination IP _._._._
Tunnel ID 0
IP adress _._._._/_Source IP _._._._
Destination IP _._._._
Tunnel ID 1
IP adress _._._._/_Source IP _._._._
Destination IP _._._._
Tunnel ID 1
IP adress _._._._/_Source IP _._._._
Destination IP _._._._
GPRS Network
VirtualTemplate
Routes
Network Security User name and Password:secret password enryption (Does not display the username and password plain text –the same is displayed in encrypted form—MD5).(Telnet Console Auxillary)
AAA(authentication-authorization-accounting) RADIUS(Remote Authentication Dial-in User Service) Server implementation
auth-port—Specifies the UDP destination port for authentication requestsacct-port—Specifies the UDP destination port for accounting requestsradius-server key string—Specifies the authentication and encryption key for GGSN and the RADIUS daemon
Access Policy Standard Access List Deny/Permit a particular host or network using the source address .Extended Access List Added value of being Protocol specific for host/network Deny/Permit policyRoute Map policy
Traffic Tunnelling VPN creation using Source and Destination tunnel and a unique Network for each APN.Vlan policy created on Layer3 switch for interface with GGSN which does not permit any other traffic to reach the private network
IPSec Network SecurityIP Security Protocol (IPSec)The IP security protocol is implemented for data authentication, confidentiality, encryption and integrity between the GGSN and another router on the PDN
Configuring an IKE ( Internet Key Exchange )Policy (Required) crypto isakmp policy priority (config-isakmp mode)encryption algorithm * des 56-bit Data Encryption Standard (DES)-Cipher Block Chaining (CBC) -3des 168-bithash algorithm * sha(Secure Hash Algorithm ) md5 Message Digest 5 authentication method * rsa-sig | rsa-encr | pre-shareDiffie-Hellman group identifier * 768-bit or 1024-bit
Configuring Pre-Shared Keys (Required, when pre-shared authentication is configured) crypto isakmp key keystring address peer-address orcrypto isakmp key keystring hostname peer-hostname
Configuring Transform Sets (Optional) A combination of security protocols and algorithms to transform set for protecting a particular data flow during the IPSec security association negotiation. Transform set * crypto ipsec transform-set transform-set-name transform1 (Crypto transform configuration mode) Encapsulation of IP packet * mode [tunnel | transport]
Configuring Crypto Map Entries that Use IKE to Establish Security Associations (Optional)**Defines the settings for IPSec peer negotiation using a crypto map entry.
crypto map map-name seq-num ipsec-isakmp (crypto map configuration mode.)match address access-list-id (The traffic to be protected by IPSec)set peer {hostname | ip-address} ( A remote IPSec peer)set transform-set
WAP access via GGSN
GGSN Summary